Refactored (un)seal methods to throw Exception instead of catching it (#12)

2017-08-26 11:01:48 +02:00 · 2017-08-26 11:01:48 +02:00 · a1784245a3
commit a1784245a3
parent df7de5dd73
4 changed files with 44 additions and 36 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,6 @@
 ## 0.7.0 [work in progress]
-* [feature] Retrieval of health status via `getHealth()`
+* [feature] Retrieval of health status via `getHealth()` (#15)
+* [improvement] `seal()`, `unseal()` are now `void` and throw Exception on error (#12)

 ## 0.6.2 [2017-08-19]
 * [fix] Prevent potential NPE on SecretResponse getter
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@ -211,32 +211,25 @@ public class HTTPVaultConnector implements VaultConnector {
    }

    @Override
-    public final SealResponse sealStatus() {
+    public final SealResponse sealStatus() throws VaultConnectorException {
        try {
            String response = requestGet(PATH_SEAL_STATUS, new HashMap<>());
            return jsonMapper.readValue(response, SealResponse.class);
-        } catch (VaultConnectorException | IOException e) {
-            e.printStackTrace();
-            return null;
+        } catch (IOException e) {
+            throw new InvalidRequestException("Unable to parse response", e);
        } catch (URISyntaxException ignored) {
            /* this should never occur and may leak sensible information */
-            return null;
+            throw new InvalidRequestException("Invalid URI format");
        }
    }

    @Override
-    public final boolean seal() {
-        try {
-            requestPut(PATH_SEAL, new HashMap<>());
-            return true;
-        } catch (VaultConnectorException e) {
-            e.printStackTrace();
-            return false;
-        }
+    public final void seal() throws VaultConnectorException {
+        requestPut(PATH_SEAL, new HashMap<>());
    }

    @Override
-    public final SealResponse unseal(final String key, final Boolean reset) {
+    public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
        Map<String, String> param = new HashMap<>();
        param.put("key", key);
        if (reset != null)
@ -244,9 +237,8 @@ public class HTTPVaultConnector implements VaultConnector {
        try {
            String response = requestPut(PATH_UNSEAL, param);
            return jsonMapper.readValue(response, SealResponse.class);
-        } catch (VaultConnectorException | IOException e) {
-            e.printStackTrace();
-            return null;
+        } catch (IOException e) {
+            throw new InvalidResponseException("Unable to parse response", e);
        }
    }

--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@ -42,32 +42,35 @@ public interface VaultConnector extends AutoCloseable {
     * Retrieve status of vault seal.
     *
     * @return Seal status
+     * @throws VaultConnectorException on error
     */
-    SealResponse sealStatus();
+    SealResponse sealStatus() throws VaultConnectorException;

    /**
     * Seal vault.
     *
-     * @return TRUE on success
+     * @throws VaultConnectorException on error
     */
-    boolean seal();
+    void seal() throws VaultConnectorException;

    /**
     * Unseal vault.
     *
     * @param key   A single master share key
     * @param reset Discard previously provided keys (optional)
-     * @return TRUE on success
+     * @return Response with seal status
+     * @throws VaultConnectorException on error
     */
-    SealResponse unseal(final String key, final Boolean reset);
+    SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;

    /**
     * Unseal vault.
     *
     * @param key A single master share key
-     * @return TRUE on success
+     * @return Response with seal status
+     * @throws VaultConnectorException on error
     */
-    default SealResponse unseal(final String key) {
+    default SealResponse unseal(final String key) throws VaultConnectorException {
        return unseal(key, null);
    }

--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
@ -118,22 +118,30 @@ public class HTTPVaultConnectorTest {
     * Test sealing and unsealing Vault.
     */
    @Test
-    public void sealTest() {
+    public void sealTest() throws VaultConnectorException {
        SealResponse sealStatus = connector.sealStatus();
        assumeFalse(sealStatus.isSealed());

        /* Unauthorized sealing should fail */
-        assertThat("Unauthorized sealing succeeded", connector.seal(), is(false));
-        assertThat("Vault sealed, although sealing failed", sealStatus.isSealed(), is(false));
+        try {
+            connector.seal();
+            fail("Unauthorized sealing succeeded");
+        } catch (VaultConnectorException e) {
+            assertThat("Vault sealed, although sealing failed", sealStatus.isSealed(), is(false));
+        }

        /* Root user should be able to seal */
        authRoot();
        assumeTrue(connector.isAuthorized());
-        assertThat("Sealing failed", connector.seal(), is(true));
-        sealStatus = connector.sealStatus();
-        assertThat("Vault not sealed", sealStatus.isSealed(), is(true));
-        sealStatus = connector.unseal(KEY);
-        assertThat("Vault not unsealed", sealStatus.isSealed(), is(false));
+        try {
+            connector.seal();
+            sealStatus = connector.sealStatus();
+            assertThat("Vault not sealed", sealStatus.isSealed(), is(true));
+            sealStatus = connector.unseal(KEY);
+            assertThat("Vault not unsealed", sealStatus.isSealed(), is(false));
+        } catch (VaultConnectorException e) {
+            fail("Sealing failed");
+        }
    }

    /**
@ -155,9 +163,13 @@ public class HTTPVaultConnectorTest {

        // No seal vault and verify correct status.
        authRoot();
-        connector.seal();
-        assumeTrue(connector.sealStatus().isSealed());
-        connector.resetAuth();  // SHould work unauthenticated
+        try {
+            connector.seal();
+            assumeTrue(connector.sealStatus().isSealed());
+            connector.resetAuth();  // SHould work unauthenticated
+        } catch (VaultConnectorException e) {
+            fail("Unexpected exception on sealing: " + e.getMessage());
+        }
        try {
            res = connector.getHealth();
        } catch (VaultConnectorException e) {