stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 34 Wiki Activity

Compare commits

base: stklcode:v0.6.0
Branches Tags
stklcode:main stklcode:develop stklcode:experimental/jackson3
stklcode:v1.5.1 stklcode:v1.5.0 stklcode:v1.4.0 stklcode:v1.3.1 stklcode:v1.3.0 stklcode:v1.2.0 stklcode:v1.1.5 stklcode:v1.1.4 stklcode:v1.1.3 stklcode:v1.1.2 stklcode:v1.1.1 stklcode:v1.1.0 stklcode:v1.0.1 stklcode:v1.0.0 stklcode:v0.9.5 stklcode:v0.9.4 stklcode:v0.9.3 stklcode:v0.9.2 stklcode:v0.9.1 stklcode:v0.9.0 stklcode:v0.8.2 stklcode:v0.8.1 stklcode:v0.8.0 stklcode:v0.7.1 stklcode:v0.7.0 stklcode:v0.6.2 stklcode:v0.6.1 stklcode:v0.6.0 stklcode:v0.5.0 stklcode:v0.4.1 stklcode:v0.4.0 stklcode:v0.3.0 stklcode:v0.2.0 stklcode:v0.1.1 stklcode:v0.1
..
compare: stklcode:v1.0.1
Branches Tags
stklcode:develop stklcode:main stklcode:experimental/jackson3
stklcode:v1.5.1 stklcode:v1.5.0 stklcode:v1.4.0 stklcode:v1.3.1 stklcode:v1.3.0 stklcode:v1.2.0 stklcode:v1.1.5 stklcode:v1.1.4 stklcode:v1.1.3 stklcode:v1.1.2 stklcode:v1.1.1 stklcode:v1.1.0 stklcode:v1.0.1 stklcode:v1.0.0 stklcode:v0.9.5 stklcode:v0.9.4 stklcode:v0.9.3 stklcode:v0.9.2 stklcode:v0.9.1 stklcode:v0.9.0 stklcode:v0.8.2 stklcode:v0.8.1 stklcode:v0.8.0 stklcode:v0.7.1 stklcode:v0.7.0 stklcode:v0.6.2 stklcode:v0.6.1 stklcode:v0.6.0 stklcode:v0.5.0 stklcode:v0.4.1 stklcode:v0.4.0 stklcode:v0.3.0 stklcode:v0.2.0 stklcode:v0.1.1 stklcode:v0.1

266 Commits
v0.6.0 ... v1.0.1

Author SHA1 Message Date
Stefan Kalscheuer
dbb21f85bf prepare release of v1.0.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-11-21 11:42:16 +01:00
Stefan Kalscheuer
61dcfc79d3 update test and build dependencies
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-11-21 11:37:32 +01:00
Stefan Kalscheuer
63e7af552f make system-lambda dependency test-only (#58)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-11-21 11:36:35 +01:00
Stefan Kalscheuer
5e2d37797e rename test classes
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-11-21 11:20:04 +01:00
Stefan Kalscheuer
b4a822bf10 use failsafe plugin for integration tests instead of "offline" profile 2021-11-21 11:19:08 +01:00
Stefan Kalscheuer
4045b1a4fd test against Vault 1.9.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-11-19 20:19:33 +01:00
Stefan Kalscheuer
6a73bc39d3 connector: remove unused DEFAULT_TLS_VERSION field
All checks were successful
continuous-integration/drone/push Build is passing
Details 
This constant was left over from the RequestHelper refactoring. It is
not used anywhere in our code and likely not used by any downstream
project, so we remove it now.
 2021-10-26 20:05:37 +02:00
Stefan Kalscheuer
75561a0540 passthrough null as port number in builder (#56)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-10-12 20:58:59 +02:00
Stefan Kalscheuer
fdda685f6f prepare release of v1.0.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-10-02 15:46:48 +02:00
Stefan Kalscheuer
6e19e8514f ci: migrate adopt to temruin distribution
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-10-02 15:14:56 +02:00
Stefan Kalscheuer
1c31b7a5fe auto format JavaDocs
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-10-02 15:04:00 +02:00
Stefan Kalscheuer
f918f85d20 Merge branch 'main' into develop 2021-10-02 15:02:00 +02:00
Stefan Kalscheuer
7f153df136 add since and removal flags to deprecation annotations 2021-10-02 14:45:26 +02:00
Stefan Kalscheuer
7793b4fc77 open java.util to unnamed module for testing
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Illegal access permission is no longer available with JDK 17.
To allow System Lambda to mock the environment, we open the java.util
package explicitly for testing.
 2021-10-02 14:40:31 +02:00
Stefan Kalscheuer
7701f9f768 test against Vault 1.8.3 and JDK 17
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-10-02 14:16:47 +02:00
Stefan Kalscheuer
c60580481b update dependencies to Jackson 2.13
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-10-02 14:12:56 +02:00
Stefan Kalscheuer
bbceee35f2 test against Vault 1.8.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-07-28 19:38:06 +02:00
Stefan Kalscheuer
3a920fe960 prepare release 0.9.5
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-07-28 19:34:48 +02:00
Stefan Kalscheuer
eed61c4569 minor dependency updates
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-07-27 21:25:20 +02:00
Stefan Kalscheuer
1cd1b63f8d minor dependency updates
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-07-10 15:08:33 +02:00
Stefan Kalscheuer
e81dd87fe1 clean up assertions and messages in unit tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-16 20:20:09 +02:00
Stefan Kalscheuer
f6037e31bb introduce modularity (#55) 2021-06-15 21:44:16 +02:00
Stefan Kalscheuer
74092bba9a use plain JUnit for test assertions
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Hamcrest is a beautiful library, but we try to keep things simple here
and switch to plain JUnit 5 assertions for testing.
 2021-06-12 13:10:11 +02:00
Stefan Kalscheuer
3c11fe912b enforce use of builder to create a new HTTPVaultConnector (#54)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Remove constructors of HTTPVaultConnector and make the builder
constructor package-private to enforce use of .builder()....build()

For convenience we add direct builder constructors with a full URI
argument to allow a one-line initialization if necessary.
 2021-06-12 12:01:52 +02:00
Stefan Kalscheuer
53d954ea12 deprecate all convenience methods to interact with "secret/" mount
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Follow-up deprecation for the not yet deprecated wrapper methods.
 2021-06-12 10:46:10 +02:00
Stefan Kalscheuer
71564e87e8 remove convenience methods to interact with "secret/" mount (#53)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-12 10:44:41 +02:00
Stefan Kalscheuer
e578591a49 deprecate convenience methods to interact with "secret/" mount (#52)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-11 21:33:59 +02:00
Stefan Kalscheuer
de17f48be2 move builder into main package, introduce new invocation method (#51)
Some checks failed
continuous-integration/drone/push Build is failing
Details 
The builder is target of major refactoring in the 1.0 development branch
so we introduce some delegate classes and methods to prepare migration.
 2021-06-11 21:15:49 +02:00
Stefan Kalscheuer
ce24de7347 move builder class into main package, deprecate interface
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-11 20:49:38 +02:00
Stefan Kalscheuer
f783286909 pass builder as constructor parameter directly 
With increasing number of options the constructors become quite overloaded.
We now pass the builder as only argument instead.
 2021-06-11 20:49:38 +02:00
Stefan Kalscheuer
9ef709e3eb specify version and removal flag for remaining deprecations 2021-06-08 18:35:01 +02:00
Stefan Kalscheuer
ce28b8eb60 use local variable type inference where reasonable 
Local variables with obvious type on both sides of their declaration
use type inference now for more concise code. Some variable names are
given a more precise name though.
 2021-06-08 18:24:19 +02:00
Stefan Kalscheuer
587c6cde0a add CONTRIBUTING.md [skip ci] 2021-06-06 15:05:21 +02:00
Stefan Kalscheuer
dab42816a7 add CONTRIBUTING.md [skip ci] 2021-06-06 15:02:47 +02:00
Stefan Kalscheuer
9346619237 remove deprecated SecretResponse#getValue() convenience method
All checks were successful
continuous-integration/drone/push Build is passing
Details 
This method was deprecated since 0.5 and is basically a wrapper for
the more generic get("value").
 2021-06-06 14:47:56 +02:00
Stefan Kalscheuer
df466a4dd2 remove deprecated AppRole- and TokenBuilder
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-06 12:56:36 +02:00
Stefan Kalscheuer
258a852f5c Merge branch 'main' into develop
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-06 12:34:42 +02:00
Stefan Kalscheuer
5f9950e048 prepare release 0.9.4
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-06 12:22:13 +02:00
Stefan Kalscheuer
e2c439379e switch to "main" as default branch name
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-06 12:09:28 +02:00
Stefan Kalscheuer
ce33d37396 minor dependency updates; test against Vault 1.7.2
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-06 12:07:02 +02:00
Stefan Kalscheuer
bdf4fc4b83 fix typo in method AppRole.Builder#wit0hTokenPeriod (#49) 2021-06-06 12:02:01 +02:00
Stefan Kalscheuer
0f3ebc0bde remove deprecated builder-style methods in InvalidResponseException
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-03 14:08:10 +02:00
Stefan Kalscheuer
ec4fbc5d3f remove deprecated factory classes (#46)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
VaultConnectorFactory and its implementation have been deprecated since
0.8 in favor of VaultConnectorBuilder. Finally remove the old classes.
 2021-06-03 11:46:24 +02:00
Stefan Kalscheuer
4e2b8857e9 use GitHub actions for CI (#48)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-03 11:40:09 +02:00
Stefan Kalscheuer
3485839553 plugin and dependency updates
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-01 20:47:58 +02:00
Stefan Kalscheuer
36102326db use WireMock for offline tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-06-01 18:54:16 +02:00
Stefan Kalscheuer
60d94fc5bb use immutable Map.of() for fixed-size payloads 2021-06-01 18:54:16 +02:00
Stefan Kalscheuer
8dfcf02a0a refactor RequestHelper use Java 11 instead of Apache HTTPClient 2021-06-01 18:54:16 +02:00
Stefan Kalscheuer
c45dbf014e raise language level to Java 11 2021-06-01 18:54:16 +02:00
Stefan Kalscheuer
f7d6f9384d switch to "main" as default branch name
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-05-01 19:48:33 +02:00
Stefan Kalscheuer
50d485fab8 clean up unused imports
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-04-02 11:27:24 +02:00
Stefan Kalscheuer
5b508374d9 prepare release 0.9.3
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-04-02 11:16:04 +02:00
Stefan Kalscheuer
fbc61e065f fix argline for JDK 1.8 unit tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-03-29 21:13:34 +02:00
Stefan Kalscheuer
56a52cb22a fix argline for JDK 16 unit tests
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-03-29 20:50:16 +02:00
Stefan Kalscheuer
c43ec190ca use SystemLambda instead of custom environment mocks 2021-03-29 20:49:44 +02:00
Stefan Kalscheuer
639d0e3c5b Jackson 2.12.2, test against Vault 1.7.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-03-29 18:56:24 +02:00
Stefan Kalscheuer
8e97f3c1dd build with JDK 16, test against Vault 1.6.3
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-03-20 12:13:19 +01:00
Stefan Kalscheuer
c04d940a80 test: close static mocks
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-02-28 13:03:25 +01:00
Stefan Kalscheuer
76a5ea4fe9 test: use assertThrows instead of try-catch blocks
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-02-28 12:59:06 +01:00
Stefan Kalscheuer
2b0f458da3 use pre-sized maps for fixed-size payloads
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-02-28 10:52:36 +01:00
Stefan Kalscheuer
63278c09c8 constructors of abstract VaultConnectorException protected
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-24 14:57:14 +01:00
Stefan Kalscheuer
600f3d0d0f test classes package-private; use mockStatic()
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-24 14:52:48 +01:00
Stefan Kalscheuer
1a19eaa87d release 0.9.2
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-24 12:26:29 +01:00
Stefan Kalscheuer
a2dde38348 Jackson 2.12.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-24 12:24:09 +01:00
Stefan Kalscheuer
dfb6d0a37c only initialize trust managers if CA certificate is provided (#43)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-24 12:20:45 +01:00
Stefan Kalscheuer
b46b59e4a0 update copyright notice to 2021
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-03 11:56:33 +01:00
Stefan Kalscheuer
79ec536876 prepare release of v0.9.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-03 11:48:51 +01:00
Stefan Kalscheuer
00d4e9acef test against Vault 1.6.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
2021-01-03 11:46:40 +01:00
Stefan Kalscheuer
48eccedad0 introduce maven profile for dependency analysis 2021-01-03 11:44:34 +01:00
Stefan Kalscheuer
ec4c4ac868 rework Travis CI configuration 
Separate stages do not work as intended.
Add LTS and latest JDK (8, 11, 15) to build roster and run analysis with JDK 11 only.
 2020-12-12 11:52:43 +01:00
Stefan Kalscheuer
90835aea92 dependency updates
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Jackson 2.12, HTTPClient 4.5.13 and some test dependencies
 2020-12-12 11:18:17 +01:00
Stefan Kalscheuer
32eed75de8 use batch mode in CI builds
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Do not bloat the log with progress output.
 2020-12-02 10:14:16 +01:00
Stefan Kalscheuer
c8ca5c4091 test against Vault 1.6.0
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-11-12 19:48:08 +01:00
Stefan Kalscheuer
4ba81492d5 docs: update Travis CI badge
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-08 21:28:16 +02:00
Stefan Kalscheuer
84b9877ca9 test against Vault 1.5.0 2020-07-26 14:12:13 +02:00
Stefan Kalscheuer
b5c9a3b35b minor CI configuration adjustments
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-04-29 16:44:55 +02:00
Stefan Kalscheuer
9d7f501b1a Merge branch 'release/0.9.0' 2020-04-29 15:53:06 +02:00
Stefan Kalscheuer
aab76273a5 last minute JavaDoc corrections 2020-04-29 15:47:20 +02:00
Stefan Kalscheuer
4fb63f0977 prepare release 0.9.0 2020-04-29 15:24:16 +02:00
Stefan Kalscheuer
1d5db0c365 add missing fields to Token model and builder (#41) 
* explicit_max_ttl
* period
* entity_alias
 2020-04-26 18:04:35 +02:00
Stefan Kalscheuer
9f80a7dada typo fixes 2020-04-25 13:04:39 +02:00
Stefan Kalscheuer
46461f482a add coverage profile to maven project 2020-04-25 12:33:22 +02:00
Stefan Kalscheuer
be7aa865d8 rework CI configuration for multi-stage job 2020-04-25 11:39:50 +02:00
Stefan Kalscheuer
fa7036921a move builders into model classes and deprecate constructors 
Enforces use of builder pattern in future releases. Builder API is
unchanged despite the class itself.
 2020-04-15 17:29:50 +02:00
Stefan Kalscheuer
e0cbe34881 minor JavaDoc correction 
[skip ci]
 2020-04-15 16:29:42 +02:00
Stefan Kalscheuer
dcb8d6067a update AppRole model and builder to current API 
Add missing JSON fields and remove unprefixed, already deprecated fields
 2020-04-15 16:28:14 +02:00
Stefan Kalscheuer
fc9e429bd1 add support for token roles (#27) (#37) 2020-04-13 17:12:55 +02:00
Stefan Kalscheuer
94d1d2c80b test against Vault 1.4.0 2020-04-08 14:25:16 +02:00
Stefan Kalscheuer
edb9194153 Update copyright notice to 2020 
Better late than never, at least before the next release... [skip ci]
 2020-04-08 14:23:48 +02:00
Stefan Kalscheuer
c0708bd288 implement methods for token role handling (#27) 
Create, update, read, delete and list token roles is now possible.
 2020-04-06 18:36:42 +02:00
Stefan Kalscheuer
f54ba38cf5 implement TokenRole metamodel and corresponding builder 2020-04-06 17:58:11 +02:00
Stefan Kalscheuer
8f10bbfed7 add missing fields to token data 
* entity_id
* expire_time
* explicit_max_ttl
* issue_time
* renewable
* type
 2020-03-29 14:29:06 +02:00
Stefan Kalscheuer
a4a0e13904 add missing fields to auth response 
* token_policies
* entity_id
* token_type
* orphan
 2020-03-29 14:29:06 +02:00
Stefan Kalscheuer
df696e9f17 add token type to model and builder classes 2020-03-29 14:29:06 +02:00
Stefan Kalscheuer
83a05fcd40 correctly map token policies on lookup (close #35) 
Remove superfluous "role" flag and add "policies" list instead.
 2020-03-29 13:59:06 +02:00
Stefan Kalscheuer
d564ba9365 update dependencies and plugins for JDK 14 build environments 2020-03-29 13:01:25 +02:00
Stefan Kalscheuer
071eeda423 correclty map token meta in lookup response (fix #34) 2020-03-29 12:56:06 +02:00
Stefan Kalscheuer
4788fa7272 Test against Vault 1.4.0-rc1 2020-03-25 10:21:10 +01:00
Stefan Kalscheuer
21d544c2c7 Test against Vault 1.3.0 2019-11-20 09:43:44 +01:00
Stefan Kalscheuer
a944fce6c5 Test against Vault 1.3.0 2019-11-20 09:43:11 +01:00
Stefan Kalscheuer
9710d59821 prepare release of v0.8.2 2019-10-20 14:04:47 +02:00
Stefan Kalscheuer
30d426303e add distribution profiles to POM 2019-10-20 14:04:47 +02:00
Stefan Kalscheuer
ca9da6bd0f minor dependency updated and cleanup 2019-10-20 13:49:14 +02:00
Stefan Kalscheuer
9fedb3f88b replace legacy JUnit 4 rule for system mock by custom helper 2019-10-20 13:48:41 +02:00
Stefan Kalscheuer
596a097707 fix API endpoint for token lookup 2019-10-16 18:00:45 +02:00
Stefan Kalscheuer
d51421cb14 update Jackson dependency to 2.10 2019-10-03 11:45:08 +02:00
Stefan Kalscheuer
ffea9bfbfe update test environment for JDK 13 builds 2019-10-03 11:42:14 +02:00
Stefan Kalscheuer
ffdc0f6a27 Test against Vault 1.2.2 2019-10-03 11:09:39 +02:00
Stefan Kalscheuer
9b5c537e55 fix SonarCloud link in ReadMe [skip ci] 2019-08-17 14:57:24 +02:00
Stefan Kalscheuer
a9f1eb63c2 use curl instead of wget for Drone CI builds 2019-08-16 20:16:23 +02:00
Stefan Kalscheuer
fd749b19e5 prepare 0.8.1 release 2019-08-16 20:01:48 +02:00
Stefan Kalscheuer
0cca2de1aa Set correct test scope for JUnit migration support lib (fix #30) 2019-08-16 19:59:09 +02:00
Stefan Kalscheuer
8b278f67fe Update Jackson dependency 2019-08-16 19:54:46 +02:00
Stefan Kalscheuer
8f3462b22a Test against Vault 1.2.2 2019-08-16 19:51:37 +02:00
Stefan Kalscheuer
a394cb7f0d Test against Vault 1.2.0 2019-07-30 21:11:13 +02:00
Stefan Kalscheuer
50d0b2fe56 Fix test exclusions for offline CI using JUnit tags 2019-07-27 15:07:36 +02:00
Stefan Kalscheuer
e2bb09d50f minor dependency updates 2019-07-26 19:39:36 +02:00
Stefan Kalscheuer
4a2b40a4cf fix Javadoc generation with JDK11+ 2019-07-26 19:28:18 +02:00
Stefan Kalscheuer
bed9c868f6 Test against 1.1.3; update Drone CI config; minor test cleanup 2019-06-17 19:11:26 +02:00
Stefan Kalscheuer
7a45af8856 Update dependencies 2019-06-01 20:05:08 +02:00
Stefan Kalscheuer
4bafcec012 Test against 1.1.2 2019-06-01 16:39:41 +02:00
Stefan Kalscheuer
4ca150a0cb Prepare 0.8.0 release 2019-03-24 11:53:45 +01:00
Stefan Kalscheuer
efb0aba7cd Clean up imports of factory class 2019-03-24 11:51:19 +01:00
Stefan Kalscheuer
17f1ee79db Change artifact id to jvault-connector (closes #28) 2019-03-24 11:41:59 +01:00
Stefan Kalscheuer
d8b9c2b373 Add static builder() method to AppRole class 2019-03-23 21:18:23 +01:00
Stefan Kalscheuer
04d530a5ed Use Token.builder() in unit tests 2019-03-23 21:13:53 +01:00
Stefan Kalscheuer
b134b5a605 Group HTTP connector tests into nested test suites 
We're using JUnit 5 so leverage some new features to make reasonable
test groups.
 2019-03-23 19:18:05 +01:00
Stefan Kalscheuer
f8ff93fa6c Update ReadMe to builder and replace deprecated examples [skip ci] 2019-03-23 11:12:17 +01:00
Stefan Kalscheuer
5bd6a90f25 Add static builder() method to Token class 2019-03-23 11:07:03 +01:00
Stefan Kalscheuer
92cfc3a597 Update missing test data 2019-03-22 19:16:29 +01:00
Stefan Kalscheuer
3f47da6134 Do not reuse surefire forks for testing 
The offline test messes up with the online test if executed in advance
because of the static HTTP mock. With no guaranteed execution order
all online tests may be skipped. To prevent this, run each test in its
own fork.
 2019-03-22 19:10:19 +01:00
Stefan Kalscheuer
3446d1590e Add some messages to test assumptions 
Tests are skipped for some reason in CI environment. This might help to
debug the cause.
 2019-03-22 18:01:50 +01:00
Stefan Kalscheuer
a24ddf65a5 Migrate TemporaryFolder rule to JUnit 5.4 TempDir annotation 2019-03-22 17:13:16 +01:00
Stefan Kalscheuer
d6f422e0ec Back to future [skip ci] 
Some source files have lived in a feature branch since 2018 and did not
receive the update to 2019...
 2019-03-22 17:08:28 +01:00
Stefan Kalscheuer
fbaa560551 Update dependencies 2019-03-22 16:49:28 +01:00
Stefan Kalscheuer
42c2869675 Minor JavaDoc adjustments 2019-03-22 16:45:16 +01:00
Stefan Kalscheuer
eabc458176 Add missing parameters to JavaDoc [skip ci] 2019-03-22 15:01:21 +01:00
Stefan Kalscheuer
dee7ec0b23 Implement update of KV v2 metadata (#16) 2019-03-22 14:40:27 +01:00
Stefan Kalscheuer
ab33325b8e Implement writing of KV v2 secret data (#16) 2019-03-22 14:27:30 +01:00
Stefan Kalscheuer
e4cf8a1dde Move 204 empty checks into request helper and make Error class private 2019-03-22 10:19:06 +01:00
Stefan Kalscheuer
22a48d4a90 Move parsing of JSON response into RequestHelper 
The pattern is always the same, issue request, parse String response
into target class and catch exceptions. Bundle these blocks in the
helper class for GET, POST and PUT methods to reduce overhead in the
actual connector.
 2019-03-22 10:03:49 +01:00
Stefan Kalscheuer
7020d3701c Default test against Vault 1.1.0 2019-03-21 20:22:38 +01:00
Stefan Kalscheuer
51e54d9870 Extract request methods and error codes into separate classes. 
To clean up the actual connector class all HTTP wrappers are now bundled
within the RequestHelper class.
 2019-03-21 20:17:04 +01:00
Stefan Kalscheuer
b103d6e804 Bundle authorization check in method to reduce repetition 2019-03-21 20:13:50 +01:00
Stefan Kalscheuer
1aade2882b Clean up imports and move common parameters into constants 2019-03-17 15:15:35 +01:00
Stefan Kalscheuer
7909a6772d Minor CI adjustments 
Trusty is default in Travis and no need to encorce Xenial environment.

Correct pipeline name for Drone build, "java8" is no longer applicable.
 2019-03-17 15:15:35 +01:00
Stefan Kalscheuer
5f391286e5 KV v2 and mount points in changelog 2019-03-17 15:15:35 +01:00
Stefan Kalscheuer
068f961454 Introduce "mount" parameter for KV v2 methods (#25) 
The backend can be mounted on an arbitrary path, so this path can now be
passed as an arugment along with the corresponding method call.
 2019-03-17 15:15:35 +01:00
Stefan Kalscheuer
ad2986195d Merge branch 'feature/16-kv_v2_support' into develop 2019-03-17 14:05:56 +01:00
Stefan Kalscheuer
487070bcd2 Test against 1.0.3 2019-03-17 12:18:11 +01:00
Stefan Kalscheuer
646379a69a Migrate unit tests to builder instead of factory 2019-03-17 12:17:28 +01:00
Stefan Kalscheuer
5e143e9f36 Switch to JDK 11 for CI builds 2019-01-14 20:32:18 +01:00
Stefan Kalscheuer
19f9a97422 Update dependencies 
Most notable update is Jackson 2.9.8 that fixes several vulnerabilities.
Beyond that just some minor test dependency updates.
 2019-01-14 20:24:40 +01:00
Stefan Kalscheuer
aca5443bdd Test against 1.0.1 2019-01-14 20:15:37 +01:00
Stefan Kalscheuer
e59073cf00 Update copyright notice to 2019 [skip ci] 
Happy new year!
 2019-01-08 19:11:18 +01:00
Stefan Kalscheuer
7032bd4b2b Test against 1.0.0 2018-12-10 18:12:25 +01:00
Stefan Kalscheuer
263669362f Code style: add curly braces to all one-line if-else blocks 2018-11-20 14:36:29 +01:00
Stefan Kalscheuer
3b2a3dd70a Add unit tests for CredentialsResponse and SecretListResponse models 2018-11-20 14:12:35 +01:00
Stefan Kalscheuer
d1876c88aa Add unit tests for secret metadata models and fixed JSON property name 2018-11-20 13:50:28 +01:00
Stefan Kalscheuer
c2bd54ca22 Extend unit test to new KV v2 methods [skip ci] 
This test does not yet work without changes, because KV v2 is mounted on
 non-standard path and this is not yet supported (see #25).
 2018-11-20 12:11:37 +01:00
Stefan Kalscheuer
493bed55f0 Add method to read specific secret version 2018-11-20 12:08:58 +01:00
Stefan Kalscheuer
e41a61f33b Add methods to delete, undelete and destroy KV v2 secret versions 2018-11-20 11:59:15 +01:00
Stefan Kalscheuer
e3f2193df2 Add capability to pass options map when writing to Vault 
This is required to create or update KV v2 secrets. The existing write
method delegates to the new one with null-value for the options map.
 2018-11-20 11:26:02 +01:00
Stefan Kalscheuer
068a87d915 Add methods for reading KV v2 data and metadata 2018-11-20 11:09:58 +01:00
Stefan Kalscheuer
04e92626bd Add response models for KV v2 API 
Secret response is now split in data and metadata. Pure metadata queries
return the new SecretMetadata class.
 2018-11-20 11:09:54 +01:00
Stefan Kalscheuer
c8aeb1396d Merge branch 'develop' 2018-11-20 10:52:57 +01:00
Stefan Kalscheuer
12083df14b Token creation test correction for Vault 1.0 
Token creation with custom ID now raises a warning that causes the Unit
test to fail.
 2018-11-20 10:51:39 +01:00
Stefan Kalscheuer
2e0d79424f Reformat changelog [skip ci] 2018-11-19 15:36:42 +01:00
Stefan Kalscheuer
9caeac4cba Support secret_id_bound_cidrs replacing bound_cidr_list for AppRole (#24) 
The latter parameter is deprecated in Vault. The connector now supports
both while the former one is deprecated and will be removed when it is
removed from Vault.
 2018-11-19 15:21:19 +01:00
Stefan Kalscheuer
c1ec929147 Re-build test data using Vault 0.11 
In preparations for 1.0 compatibility and some later features the test
data generated with 0.5 becomes more of a problem without intermediate
updates, so it is now rebuilt from scratch.

As part of this change the unseal key is now split in 3 parts with a
threshold of 2 instead of the former 1/1,
 2018-11-19 15:00:23 +01:00
Stefan Kalscheuer
96fd377db2 Moved Vault version to test into environment variable 2018-11-14 18:00:25 +01:00
Stefan Kalscheuer
46cb33fd7d Test against 0.11.5 2018-11-14 17:47:32 +01:00
Stefan Kalscheuer
384cc77de2 Add Drone CI configuration 2018-11-13 12:35:45 +01:00
Stefan Kalscheuer
2ca4473481 Test against 0.11.4 2018-10-24 09:25:03 +02:00
Stefan Kalscheuer
b6d36fbc5c Test against 0.11.4 2018-10-24 09:22:25 +02:00
Stefan Kalscheuer
c869a640a9 Test against 0.11.3 2018-10-10 14:17:38 +02:00
Stefan Kalscheuer
874341ddf7 Removed abstract methods defined in builder interface from factory 2018-10-06 14:28:58 +02:00
Stefan Kalscheuer
c111a6aff0 Enforce TLS 1.2 by default with option to override (#22) 
The TLS version can be explicitly set in builder or constructor. If not
given, the connector will only use 1.2 as Vault does by default, too.
 2018-10-06 14:24:06 +02:00
Stefan Kalscheuer
13793dc9ce Add replication flags to HealthResponse (closes #21) 2018-10-06 10:58:43 +02:00
Stefan Kalscheuer
44858edb76 Add missing flags to SealResponse (closes #20) 2018-10-05 20:31:59 +02:00
Stefan Kalscheuer
8287be48b9 Merge branch 'master' into develop 2018-10-05 19:41:36 +02:00
Stefan Kalscheuer
51d118786a Test against 0.11.2 2018-10-05 19:37:37 +02:00
Stefan Kalscheuer
0193bebf0b Fixed Sonarcloud quality gate badge [skip ci] 2018-09-09 14:57:12 +02:00
Stefan Kalscheuer
493e22e46b Update dependencies 2018-09-09 14:43:13 +02:00
Stefan Kalscheuer
6b1211d90f Modified test mocks for compatibility with JDK 10 build environments 2018-09-09 14:39:52 +02:00
Stefan Kalscheuer
ee9a6530d3 Test against 0.11.1 2018-09-09 14:01:31 +02:00
Stefan Kalscheuer
3db73a913a Test against 0.11.0 2018-08-29 11:45:37 +02:00
Stefan Kalscheuer
ce9cd9bbf1 Test against 0.10.4 2018-07-26 20:10:06 +02:00
Stefan Kalscheuer
9e50190c02 Test against 0.10.3 2018-06-22 20:26:42 +02:00
Stefan Kalscheuer
4dea8a1c5f Test against 0.10.2 2018-06-10 20:37:26 +02:00
Stefan Kalscheuer
47e7a3f4b0 Test against 0.10.1 2018-04-26 20:44:52 +02:00
Stefan Kalscheuer
a5a708895e Test against 0.10.0 2018-04-19 20:24:49 +02:00
Stefan Kalscheuer
810073cb3b Add issue numbers to 0.8.0 changelog 2018-04-10 19:01:27 +02:00
Stefan Kalscheuer
bc1223e1a3 Test against 0.10.0 2018-04-10 18:21:52 +02:00
Stefan Kalscheuer
4d46f2c6d1 Modified test mocks for compatibility with JDK 10 build environments 2018-03-28 17:39:30 +02:00
Stefan Kalscheuer
d2aaea1938 Clean up after migration to Builder 
* Corrected implementation of Builder interface instead of the abstract Factory class

* Removed withSslContext() which is already deprecated in the factory
 2018-03-25 17:45:59 +02:00
Stefan Kalscheuer
e996ff157a Minor logo modifications 
Replaced circles of the "J" with squares
 2018-03-25 17:11:16 +02:00
Stefan Kalscheuer
065f662b95 Add package-info and overview.html for more Javadoc output 2018-03-25 14:57:07 +02:00
Stefan Kalscheuer
44c1a685a6 Added more details from distribution version to POM 2018-03-24 14:08:04 +01:00
Stefan Kalscheuer
b02d06f1dd Added sources and javadoc profiles to POM 2018-03-24 14:08:00 +01:00
Stefan Kalscheuer
23fbc7a6d3 Replaced VaultConnectorFactory with VaultConnectorBuilder 
The class is more a builder than a factory, so is has been renamed.
The factory delegates to the builder for now to ease migration, but will
be removed with the next major release.
 2018-03-24 13:59:22 +01:00
Stefan Kalscheuer
1a18f9f6b7 Refactored custom trusted CA strategy 
The connector no longer stores the final SSLContext, but the trusted
X509Certificate object and creates a SSLSocketFactory as required.
 2018-03-24 13:43:27 +01:00
Stefan Kalscheuer
0c23f47bd5 Test against 0.9.6 2018-03-21 11:48:27 +01:00
Stefan Kalscheuer
aa2619b1b0 Bump version to 0.7.1 2018-03-17 14:01:55 +01:00
Stefan Kalscheuer
88d49bc9f7 Added automatic module name for JPMS compatibility 2018-03-15 19:54:18 +01:00
Stefan Kalscheuer
27e7a2dffc Test against 0.9.5 2018-02-27 18:07:23 +01:00
Stefan Kalscheuer
41c15f285c Test against 0.9.4 2018-02-24 10:58:45 +01:00
Stefan Kalscheuer
5f419e3f9b Updated test dependencies 
* JUnit 5.1.0
* Mockito 2.15.0
 2018-02-20 19:25:44 +01:00
Stefan Kalscheuer
9362e245ee Minor test changes 
Changed Thread.sleep() to TimeUnit.SECONDS.sleep()
 2018-02-20 19:25:07 +01:00
Stefan Kalscheuer
b2082925d5 Copy Vault data directory to temp location before each test 
To avoid the annoying clean before each test run (because Vault data has
been modified by previous run), the data is now copied from resource
directory to temporary location.
 2018-02-04 20:04:47 +01:00
Stefan Kalscheuer
38a7d4952d Minor dependency updates 
* httpcore 4.4.9
* httpclient 4.5.5
* jackon 2.9.4
 2018-01-29 16:34:28 +01:00
Stefan Kalscheuer
23cea38da6 Test against 0.9.3 2018-01-29 16:30:51 +01:00
Stefan Kalscheuer
bf2da210ba Test against 0.9.2 2018-01-28 10:35:19 +01:00
Stefan Kalscheuer
91fb012acc Update copyright notice to 2018 2018-01-01 17:22:02 +01:00
Stefan Kalscheuer
61e1f3f745 Test against 0.9.1 2017-12-22 16:40:15 +01:00
Stefan Kalscheuer
50cd400ba3 Migrated tests to JUnit5 and removed PowerMock 
* Unit tests are using JUnit Jupiter framework
 * Enabled support for legacy rules for now
 * Replaced PowerMock with custom ByteBuddy redefinition for the offline test
 2017-11-26 18:17:13 +01:00
Stefan Kalscheuer
470dcb48ba Test framework migrated to Mockito/Powermock 2 
This simple migration with the bare minimum of changes necessary solves
compatibility issues with Java 9 build environments.
 2017-11-25 18:43:25 +01:00
Stefan Kalscheuer
736f23c19a Tested against 0.9.0 2017-11-16 20:34:52 +01:00
Stefan Kalscheuer
ed2b9d62a3 Preparations for 0.7.0 release 2017-10-03 17:39:03 +02:00
Stefan Kalscheuer
007b523295 Extracted nested try-blocks from response handling into new methods. 2017-10-03 17:29:11 +02:00
Stefan Kalscheuer
061c1e9743 Minor CleanUp 
Reworked some JavaDoc comments and optimized imports.
 2017-10-03 17:12:03 +02:00
Stefan Kalscheuer
6904ed6817 Added tests for parse exceptions. 2017-09-27 20:23:14 +02:00
Stefan Kalscheuer
1ed5d8d992 Added tests for unexpected 200 responses. 
Some methods do expect code 204 (successful without result), those are now covered by tested.
 2017-09-27 20:07:12 +02:00
Stefan Kalscheuer
f70fc084be Override toString() on ErrorResponse 
Partially reverts last commit that added first error message to exception
without checking for presence of such.
 2017-09-25 20:48:36 +02:00
Stefan Kalscheuer
4b14ab3f4b Offline tests with mocked Vault server 
Added some tests that do not require an actual Vault server to test constructors and exceptional behavior.
 2017-09-25 20:39:13 +02:00
Stefan Kalscheuer
29776f459e Fixed Exception class on invalid response during sealStatus() 2017-09-25 20:35:37 +02:00
Stefan Kalscheuer
4ca8aa56d2 Test constructors and exceptions on sealStatus 2017-09-24 13:23:13 +02:00
Stefan Kalscheuer
32ab9f4bb1 Updated dependencies 2017-09-24 11:39:26 +02:00
Stefan Kalscheuer
e002fc749a Adaptation to Vault 0.8 endpoints for renew and revoke leases (#11) 
Breaking backwards compatibility with Vault 0.7 and below.
 2017-09-24 11:08:00 +02:00
Stefan Kalscheuer
b9ad2d1551 Test against 0.8.3 
Minor test adaptation, because default policy is no longer added to AppRole by default.
 2017-09-23 14:46:41 +02:00
Stefan Kalscheuer
35a8c2e0fa Test constants made constant 2017-09-09 20:32:56 +02:00
Stefan Kalscheuer
89f7581d17 Test against 0.8.2 2017-09-08 19:21:41 +02:00
Stefan Kalscheuer
43511dc20b AppRole path generation with pre-formatted String 2017-08-29 09:04:04 +02:00
Stefan Kalscheuer
05b44759c0 Bundled common error messages in static inner class 2017-08-29 08:56:30 +02:00
Stefan Kalscheuer
ba17286ab3 Add Slack notification to Travis 2017-08-29 08:25:31 +02:00
Stefan Kalscheuer
51e505313a Removed deprecated method listAppRoleSecretss (#14) 
Has been deprecated because of a typo in the method name in v0.6.2.
As of 0.7 it is now removed. Please use listAppRoleSecrets() instead.
 2017-08-29 08:18:10 +02:00
Stefan Kalscheuer
a1784245a3 Refactored (un)seal methods to throw Exception instead of catching it (#12) 2017-08-28 19:24:52 +02:00
Stefan Kalscheuer
df7de5dd73 Health status query and response model implemented (#15) 2017-08-28 17:50:24 +02:00
Stefan Kalscheuer
23419e94f1 Preparations for 0.6.2 release 2017-08-19 12:27:20 +02:00
Stefan Kalscheuer
5b34cfcc27 Refactored extraction of auth backends 
Changed iteration over keys ot iteration over entries.
Implemented unit test as part of this process.
 2017-08-19 12:16:57 +02:00
Stefan Kalscheuer
b1c78b50d2 Added unit tests for response classes with embedded functionality 
AppRoleResponse, AuthResponse, SecretResponse, TokenResponse
 2017-08-19 11:28:04 +02:00
Stefan Kalscheuer
238ac8bd10 Do not print stacktrace in response models (#13) 2017-08-18 21:09:40 +02:00
Stefan Kalscheuer
c8a2e0784f Do not print stacktrace on PUT request (#13) 2017-08-18 20:58:57 +02:00
Stefan Kalscheuer
23f98f190b Fix typo in method name listAppRoleSecrets (#14) 2017-08-18 20:45:47 +02:00
Stefan Kalscheuer
745ab7a24c More connector unit tests 
Listing of AppRole roles and secrets, seal-unseal roundtrip, closing
 2017-08-18 20:27:06 +02:00
Stefan Kalscheuer
71f68f088f Unit tests for custom exceptions 
... for the sake of coverage.
 2017-08-18 18:28:36 +02:00
Stefan Kalscheuer
52a1abfb87 Fields of InvalidResposneException made final 
Deprecated pseudo-builder methods withStatusCode() and withResponse() in
favor of additional constructor arguments to enforce fixed state.
 2017-08-18 17:47:55 +02:00
Stefan Kalscheuer
4bf9df5f73 Quality Gate badge in ReadMe 2017-08-18 17:07:22 +02:00
Stefan Kalscheuer
8ae4dccdd6 Throw more speaking Exception when parsing body failed 
Removed the fall-through behavior in code 200 exception.
 2017-08-18 17:01:30 +02:00
Stefan Kalscheuer
7ac550230f Prevent potential NPE on SecretResponse getter 2017-08-18 16:58:33 +02:00
Stefan Kalscheuer
c1d519826c Add SonarCloud to Travis 2017-08-18 13:57:10 +02:00
Stefan Kalscheuer
a727ed960b Test against Vault 0.8.1 2017-08-16 19:41:38 +02:00
Stefan Kalscheuer
c685ec82a0 Test against Vault 0.8.0 2017-08-11 16:16:05 +02:00
Stefan Kalscheuer
934628f382 Test against Vault 0.8.0-rc1 2017-08-04 08:46:33 +02:00
Stefan Kalscheuer
ce90f9fba2 Readme 0.6.1 2017-08-04 08:37:03 +02:00
Stefan Kalscheuer
6b25113b9f Bump version to 0.6.1 2017-08-02 17:50:20 +02:00
Stefan Kalscheuer
63dc329857 Revert Travis test to Vault 0.7,3 
Partially reverts e9663ef (commented out), because fixes should be released before 0.8 compatibility is finally required.
 2017-08-02 17:46:56 +02:00
Stefan Kalscheuer
42094101a3 Code style 
A number of style corrections in main source files.
Trimmed lines to 120 characters, added some spaces and line breaks.
Removed unused imports
 2017-08-02 17:46:56 +02:00
Stefan Kalscheuer
259747afae JavaDoc fixes 
Added various JavaDoc blocks for public methods in model classes and some minor style corrections.
 2017-08-02 17:46:56 +02:00
Stefan Kalscheuer
d7365dcaf1 Fix typo in TokenData.getCreationTtl() 
The method getCreatinTtl() has been renamed to getCreatoinTtl(),
 2017-08-02 17:46:56 +02:00
Stefan Kalscheuer
c24d1cae0b Fix CredentialsPassword model 2017-08-02 17:46:56 +02:00
Stefan Kalscheuer
af7b99587f Model classes and various method parameters declared final. 
As the model classes are not designed for inheritance, they are now explicitly declared final.
Same for various input parameters, as thes should be immutable in most methods.
 2017-08-02 17:46:55 +02:00
Stefan Kalscheuer
13c2cce162 Bump Jackson to 2.9.0 2017-07-31 20:46:15 +02:00
Stefan Kalscheuer
e9663ef794 Fix token creation test for compatibiltiy with Vault 0.8.0 (#10) 
As of Vault 0.8.0 specifying the same token ID twice is prohibited. Adapted the unit test to match this behavior.
 2017-07-31 20:38:54 +02:00
Stefan Kalscheuer
3fd74a7fd2 Jackson dependency Update 
Updated Jackson libraries to 2.9.0.pr4 to evaluate compatibility with upcoming release
 2017-07-18 11:12:56 +02:00
Stefan Kalscheuer
21943896c7 Test against 0.7.3 2017-06-08 21:18:50 +02:00
167 changed files with 9147 additions and 3334 deletions
Expand all files Collapse all files

39
.drone.yml Normal file
View File

@ -0,0 +1,39 @@
kind: pipeline
name: default
steps:
- name: compile
image: maven:3-jdk-11
commands:
- mvn -B clean compile
when:
branch:
- main
- develop
- feature/*
- fix/*
- release/*
- name: unit-tests
image: maven:3-jdk-11
commands:
- mvn -B test
when:
branch:
- develop
- feature/*
- fix/*
- name: unit-integration-tests
image: maven:3-jdk-11
environment:
VAULT_VERSION: 1.9.0
commands:
- curl -s -o vault_1.9.0_linux_amd64.zip https://releases.hashicorp.com/vault/1.9.0/vault_1.9.0_linux_amd64.zip
- curl -s https://releases.hashicorp.com/vault/1.9.0/vault_1.9.0_SHA256SUMS | grep linux_amd64 | sha256sum -c
- unzip vault_1.9.0_linux_amd64.zip
- rm vault_1.9.0_linux_amd64.zip
- mv vault /bin/
- mvn -B -P integration-test verify
when:
branch:
- main
- release/*

51
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,51 @@
name: CI
on: [ push, pull_request ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
jdk: [ 11, 17 ]
vault: [ '1.9.0' ]
include:
- jdk: 11
vault: '1.9.0'
analysis: true
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Java
uses: actions/setup-java@v2
with:
java-version: ${{ matrix.jdk }}
distribution: 'temurin'
- name: Compile
run: mvn -B clean compile
- name: Set up Vault
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
run: |
wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
unzip "vault_${{ matrix.vault }}_linux_amd64.zip"
rm "vault_${{ matrix.vault }}_linux_amd64.zip"
sudo mv vault /usr/bin/vault
- name: Test (Unit & Integration)
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
env:
VAULT_VERSION: ${{ matrix.vault }}
run: mvn -B -P coverage -P integration-test verify
- name: Test (Unit)
if: github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release/')
run: mvn -B -P coverage verify
- name: Analysis
if: matrix.analysis && github.event_name == 'push'
run: >
mvn -B sonar:sonar
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.organization=stklcode-github
-Dsonar.login=$SONAR_TOKEN
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

13
.travis.yml
View File

@ -1,13 +0,0 @@
branches:
only:
- master
language: java
jdk:
- oraclejdk8
dist: trusty
env:
- PATH=$PATH:.
before_script:
- wget https://releases.hashicorp.com/vault/0.7.2/vault_0.7.2_linux_amd64.zip
- unzip vault_0.7.2_linux_amd64.zip
- rm vault_0.7.2_linux_amd64.zip

310
CHANGELOG.md
View File

@ -1,42 +1,286 @@
## 0.6.0 [2017-05-12]
* [feature] Initialization from environment variables using `fromEnv()` in factory (#8)
* [feature] Automatic authentication with `buildAndAuth()`
* [feature] Custom timeout and number of retries (#9)
* [feature] Connector implements `AutoCloseable`
* [fix] `SecretResponse` does not throw NPE on `get(key)` and `getData()`
* [test] Tested against Vault 0.7.2
## 1.0.1 (2021-11-21)
### Fix
* Make `HTTPVaultConnectorBuilder#withPort(Integer)` null-safe (#56)
* Make system-lambda dependency test-only (#58)
### Test
* Tested against Vault 1.9.0
## 1.0.0 (2021-10-02)
### Breaking
* Requires Java 11 or later
* Builder invocation has changed, use `HTTPVaultConnector.builder()....build()`
### Removal
* Remove deprecated `VaultConnectorFactory` in favor of `VaultConnectorBuilder` with identical API
* Remove deprecated `AppRoleBuilder` and `TokenBuilder` in favor of `AppRole.Builder` and `Token.Builder`
* Remove deprecated `Period`, `Policy` and `Policies` methods from `AppRole` in favor of `Token`-prefixed versions
* Remove deprecated `SecretResponse#getValue()` method, use `get("value")` instead
* Remove deprecated convenience methods for interaction with "secret" mount
### Improvements
* Use pre-sized map objects for fixed-size payloads
* Remove Apache HTTP Client dependency in favor of Java 11 HTTP
* Introduce Java module descriptor
### Test
* Tested against Vault 1.8.3
## 0.9.5 (2021-07-28)
### Deprecations
* Deprecate ` {read,write,delete}Secret()` convenience methods. Use `{read,write,delete}("secret/...")` instead (#52)
* Deprecated builder invocation `VaultConnectorBuilder.http()` in favor of `HTTPVaultConnector.builder()` (#51)
* Deprecated `de.stklcode.jvault.connector.builder.HTTPVaultConnectorBuilder` in favor of `de.stklcode.jvault.connector.HTTPVaultConnectorBuilder` (only package changed) (#51)
Old builders will be removed in 1.0
### Improvements
* Minor dependency updates
### Test
* Tested against Vault 1.8.0
## 0.9.4 (2021-06-06)
### Deprecations
* `AppRole.Builder#wit0hTokenPeriod()` is deprecated in favor of `#withTokenPeriod()` (#49)
### Improvements
* Minor dependency updates
### Test
* Tested against Vault 1.7.2
## 0.9.3 (2021-04-02)
### Improvements
* Use pre-sized map objects for fixed-size payloads
* Minor dependency updates
* Unit test adjustments for JDK 16 build environments
### Test
* Tested against Vault 1.7.0
## 0.9.2 (2021-01-24)
### Fixes
* Only initialize custom trust managers, if CA certificate is actually provided (#43)
### Improvements
* Minor dependency updates
## 0.9.1 (2021-01-03)
### Improvements
* Dependency updates
### Test
* Tested against Vault 1.6.1
## 0.9.0 (2020-04-29)
### Fixes
* Correctly parse Map field for token metadata (#34)
* Correctly map token policies on token lookup (#35)
### Features
* Support for token types (#26)
* Support for token role handling (#27) (#37)
### Improvements
* Added `entity_id`, `token_policies`, `token_type` and `orphan` flags to auth response
* Added `entity_id`, `expire_time`, `explicit_max_ttl`, `issue_time`, `renewable` and `type` flags to token data
* Added `explicit_max_ttl`, `period` and `entity_alias` flags to _Token_ model (#41)
* Added `enable_local_secret_ids`, `token_bound_cidrs`, `token_explicit_max_ttl`, `token_no_default_policy`,
`token_num_uses`, `token_period` and `token_type` flags to _AppRole_ model
* Minor dependency updates
### Deprecations
* `AppRole#getPolicies()` and `#setPolicies()` are deprecated in favor of `#getTokenPolicies()` and `#setTokenPolicies()`
* `AppRole#getPeriod()` is deprecated in favor of `#getTokenPeriod()`
* `AppRoleBuilder` and `TokenBuilder` in favor of `AppRole.Builder` and `Token.Builder`
* All-arg constructors of `AppRole` and `Token` in favor of `.builder()....build()` introduced in 0.8
### Removals
* Deprecated methods `AppRole#getBoundCidrList()`, `#setBoundCidrList()` and `getBoundCidrListString()` have been removed.
### Test
* Tested against Vault 1.4.0
## 0.8.2 (2019-10-20)
### Fixes
* Fixed token lookup (#31)
### Improvements
* Updated dependencies
## 0.8.1 (2019-08-16)
### Fixes
* Removed compile dependency to JUnit library (#30)
### Improvements
* Updated dependencies
### Test
* Tested against Vault 1.2.2
## 0.8.0 (2019-03-24)
### Breaking
* Moved Maven artifact to `de.stklcode.jvault:jvault-connector` (#28)
* Removed support for `HTTPVaultConnectorFactory#withSslContext()` in favor of `#withTrustedCA()` due to
### Features
* Support for KV version 2 secret engine (#16)
* Ability to pass custom mount point to KV v2 read/write methods (#25)
### Improvements
* refactoring of the internal SSL handling (#17)
* `VaultConnector` extends `java.io.Serializable` (#19)
* Added missing flags to `SealResponse` (#20)
* Added replication flags to `HealthResponse` (#21)
* Enforce TLS 1.2 by default with option to override (#22)
* Build environment and tests now compatible with Java 10
* Updated dependencies to fix vulnerabilities (i.e. CVE-2018-7489)
* New static method `Token.builder()` to get token builder instance
* New static method `AppRole.builder()` to get AppRole builder instance
### Deprecation
* `VaultConnectorFactory` is deprecated in favor of `VaultConnectorBuilder` with identical API (#18)
* `AppRoleBuilder#withBoundCidrList(List)` is deprecated in favor of `AppRoleBuilder#withSecretIdBoundCidrs(List)` (#24)
## 0.7.1 (2018-03-17)
### Improvements
* Added automatic module name for JPMS compatibility
* Minor dependency updates
### Test
* Tested against Vault 0.9.5
## 0.7.0 (2017-10-03)
### Features
* Retrieval of health status via `getHealth()` (#15)
### Improvements
* `seal()`, `unseal()` are now `void` and throw Exception on error (#12)
* Adaptation to Vault 0.8 endpoints for `renew` and `revoke`, **breaking** 0.7 compatibility (#11)
### Removed
* Removed deprecated `listAppRoleSecretss()` (use `listAppRoleSecrets()`) (#14)
### Test
* Tested against Vault 0.8.3
## 0.6.2 [2017-08-19]
### Fixes
* Prevent potential NPE on SecretResponse getter
* Removed stack traces on PUT request and response deserialization (#13)
### Improvements
* Fields of InvalidResposneException made final
### Deprecation
* `listAppRoleSecretss()` in favor of `listAppRoleSecrets()` (#14)
### Test
* Tested against Vault 0.8.1, increased coverage
## 0.6.1 (2017-08-02)
### Fixes
* `TokenModel.getPassword()` returned username instead of password
* `TokenModel.getUsername()` and `getPassword()` could produce NPE in multithreaded environments
* `TokenData.getCreatinTtl()` renamed to `getCreationTtl()` (typo fix)
### Test
* Tested against Vault 0.7.3
## 0.6.0 (2017-05-12)
### Features
* Initialization from environment variables using `fromEnv()` in factory (#8)
* Automatic authentication with `buildAndAuth()`
* Custom timeout and number of retries (#9)
* Connector implements `AutoCloseable`
### Fixes
* `SecretResponse` does not throw NPE on `get(key)` and `getData()`
### Test
* Tested against Vault 0.7.2
## 0.5.0 (2017-03-18)
### Features
* Convenience methods for DB credentials (#7)
### Fixes
* Minor bugfix in TokenBuilder
### Deprecation
* `SecretResponse.getValue()` deprecated
### Test
* Tested against Vault 0.7.0
## 0.5.0 [2017-03-18]
* [feature] Convenience methods for DB credentials (#7)
* [fix] Minor bugfix in TokenBuilder
* [deprecation] `SecretResponse.getValue()` deprecated
* [test] Tested against Vault 0.7.0
## 0.4.1 [2016-12-24]
* [fix] Factory Null-tolerant for trusted certificate (#6)
* [test] StackTraces tested for secret leaks
* [test] Tested against Vault 0.6.4
### Fixes
* Factory Null-tolerant for trusted certificate (#6)
## 0.4.0 [2016-11-06]
* [feature] Option to provide a trusted CA certificate (#2)
* [feature] Deletion, revocation and renewal of secrets (#3)
* [feature] Token creation (#4)
* [feature] AppRole auth backend supported (#5)
* [improvement] Support for complex secrets
* [deprecation] App-ID backend marked as deprecated
### Test
* StackTraces tested for secret leaks
* Tested against Vault 0.6.4
## 0.3.0 [2016-10-07]
* [feature] Retrieval of JSON objects (#1)
* [test] Tested against Vault 0.6.2
## 0.2.0 [2016-09-01]
## 0.4.0 (2016-11-06)
### Features
* Option to provide a trusted CA certificate (#2)
* Deletion, revocation and renewal of secrets (#3)
* Token creation (#4)
* AppRole auth backend supported (#5)
### Improvements
* Support for complex secrets
### Deprecation
* App-ID backend marked as deprecated
## 0.3.0 (2016-10-07)
### Features
* Retrieval of JSON objects (#1)
### Test
* Tested against Vault 0.6.2
## 0.2.0 (2016-09-01)
### Improvements
* Dependecies updated and CommonsIO removed
* [fix] Fixed auth backend detection for Vault 0.6.1
* [test] Tested against Vault 0.6.1
## 0.1.1 [2016-06-20]
* [fix] Check for "permission denied" without status code 400 instead of 403
* [test] Tested against Vault 0.6.0
### Fixes
* Fixed auth backend detection for Vault 0.6.1
## 0.1.0 [2016-03-29]
* First release
### Test
* Tested against Vault 0.6.1
## 0.1.1 (2016-06-20)
### Fixes
* Check for "permission denied" without status code 400 instead of 403
### Test
* Tested against Vault 0.6.0
## 0.1.0 (2016-03-29)
* First release

112
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,112 @@
# How to contribute
As for all great Open Source projects, contributions in form of bug reports and code are welcome and important to keep the project alive.
In general, this project follows the [GitHub Flow](https://guides.github.com/introduction/flow/).
Fork the project, commit your changes to your branch, open a pull request and it will probably be merged.
However, to ensure maintainability and quality of the code, there are some guidelines you might be more or less familiar with.
For that purpose, this document describes the important points.
## Opening an Issue
If you experience any issues with the library or the code, don't hesitate to file an issue.
### Bug Reports
Think you found a bug?
Please clearly state what happens and describe your environment to help tracking down the issue.
* Which version of the connector are you running?
* Which version of Java (architecture and OS if relevant)?
* Which version of Vault?
### Feature Requests
Missing a feature or like to have certain functionality enhanced?
No problem, please open an issue and describe what and why you think this change is required.
## Pull Requests
If you want to contribute your code to solve an issue or implement a desired feature yourself, you might open a pull request.
If the changes introduce new functionality or affect major parts of existing code, please consider opening an issue for discussion first.
Extending or adapting JUnit test cases would be nice (no hard criterion though).
The `main` branch also be target for most pull requests.
However, if it features new functionality you might want to target the `develop` branch instead (see next section for details on branches).
### Branches
The `main` branch represents the current, more or less stable state of development.
Please ensure your initial code is up to date with it at the time you start development.
In addition, this project features a `develop` branch, which holds bleeding edge developments, not necessarily considered stable or even compatible.
Do not expect this code to run smoothly, but you might have a look into the history to see if some work on an issue has already been started there.
For fixes and features, there might be additional branches, likely prefixed by `fix/` or `feature/` followed by an issue number (if applicable) and/or a title.
Feel free to adapt this naming scheme to your forks.
### Merge Requirements
To be merged into the main branch, your code has to pass the automated continuous integration tests, to ensure compatibility.
In addition, your code has to be approved by a project member.
#### What if my code fails the tests?
Don't worry, you can submit your PR anyway.
The reviewing process might help you to solve remaining issues.
### Commit messages
Please use speaking titles and messages for your commits, to ensure a transparent history.
If your patch fixes an issue, reference the ID in the first line.
If you feel like you have to _briefly_ explain your changes, do it (for long explanations and discussion, consider opening an issue or describe in the PR).
**Example commit:**
```text
Fix nasty bug from #1337
This example commit fixes the issue that some people write non-speaking commit messages like 'done magic'.
A short description is helpful sometimes.
```
You might sign your work, although that's no must.
### When will it be merged?
Short answer: When it makes sense.
Bugfixes should be merged in time - assuming they pass the above criteria.
New features might be assigned to a certain milestone and as a result of this be scheduled according to the planned release cycle.
## Compatibility
To ensure usability for a wide range of users, please take note on the software requirements stated in the `README`.
This includes especially Java versions and a minimum version of _Vault_.
If you are unsure if your code matches these versions, the test will probably tell you.
In case you think, your change is more important than maintaining backwards compatibility, please start a discussion to see,
if we might increase the minimum version or find a workaround for legacy systems.
## Build Environment
All you need to start off - besides your favorite IDE and a JDK of course - is [Maven](https://maven.apache.org/).
## Unit Tests
The code is tested by JUnit tests.
For standalone testing against mocked APIs the _Maven_ profile `offline-test` should be used.
Otherwise, there is a test suite that requires an actual _Vault_ binary in the executable path to start a real server instance.
## Continuous Integration
Automated tests are run using [GitHub Actions](https://github.com/features/actions) for every commit including pull requests.
Tests usually run against the minimal supported version, all supported LTS versions and the latest version of Java.
There is an automated code quality analysis pushing results to [SonarCloud](https://sonarcloud.io/dashboard?id=de.stklcode.jvault%3Ajvault-connector).
## Still Open Questions?
If anything is still left unanswered and you're unsure if you got it right, don't hesitate to contact a team member.
In any case you might submit your request/issue anyway, we won't refuse good code only for formal reasons.

82
README.md
View File

@ -1,26 +1,27 @@
# Java Vault Connector
[![Build Status](https://travis-ci.org/stklcode/jvaultconnector.svg?branch=master)](https://travis-ci.org/stklcode/jvaultconnector)
[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/master/LICENSE.txt)
[![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22connector%22)
[![CI Status](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml/badge.svg)](https://github.com/stklcode/jvaultconnector/actions/workflows/ci.yml)
[![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=de.stklcode.jvault%3Ajvault-connector&metric=alert_status)](https://sonarcloud.io/dashboard?id=de.stklcode.jvault%3Ajvault-connector)
[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/main/LICENSE.txt)
[![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/jvault-connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22jvault-connector%22)
![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/master/assets/logo.png)
![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/main/assets/logo.png)
Java Vault Connector is a connector library for [Vault](https://www.vaultproject.io) by [Hashicorp](https://www.hashicorp.com) written in Java. The connector allows simple usage of Vault's secret store in own applications.
## Features:
* HTTP(S) backend connector
* Ability to provide or enforce custom CA certificate
* Ability to provide or enforce custom CA certificate
* Optional initialization from environment variables
* Authorization methods
* Token
* Username/Password
* AppID (register and authenticate) [_deprecated_]
* AppRole (register and authenticate)
* AppID (register and authenticate) [_deprecated_]
* Tokens
* Creation and lookup of tokens
* TokenBuilder for speaking creation of complex configuraitons
* Creation and lookup of tokens and token roles
* TokenBuilder for speaking creation of complex configurations
* Secrets
* Read secrets
* Write secrets
@ -29,16 +30,17 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
* Renew/revoke leases
* Raw secret content or JSON decoding
* SQL secret handling
* KV v1 and v2 support
* Connector Factory with builder pattern
* Tested against Vault 0.7.2
* Tested against Vault 1.9.0
## Maven Artifact
```
```xml
<dependency>
<groupId>de.stklcode.jvault</groupId>
<artifactId>connector</artifactId>
<version>0.6.0</version>
<artifactId>jvault-connector</artifactId>
<version>1.0.1</version>
</dependency>
```
@ -48,21 +50,19 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
```java
// Instantiate using builder pattern style factory (TLS enabled by default)
VaultConnector vault = VaultConnectorFactory.httpFactory()
VaultConnector vault = HTTPVaultConnector.builder()
.withHost("127.0.0.1")
.withPort(8200)
.withTLS()
.build();
// Instantiate with custom SSL context
VaultConnector vault = VaultConnectorFactory.httpFactory()
.withHost("example.com")
.withPort(8200)
VaultConnector vault = HTTPVaultConnector.builder("https://example.com:8200/v1/")
.withTrustedCA(Paths.get("/path/to/CA.pem"))
.build();
// Initialization from environment variables
VaultConnector vault = VaultConnectorFactory.httpFactory()
VaultConnector vault = HTTPVaultConnector.builder()
.fromEnv()
.build();
```
@ -70,44 +70,45 @@ VaultConnector vault = VaultConnectorFactory.httpFactory()
### Authentication
```java
// Authenticate with token
// Authenticate with token.
vault.authToken("01234567-89ab-cdef-0123-456789abcdef");
// Authenticate with username and password
// Authenticate with username and password.
vault.authUserPass("username", "p4ssw0rd");
// Authenticate with AppID (secret - 2nd argument - is optional)
vault.authAppId("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
// Authenticate with AppRole (secret - 2nd argument - is optional).
vault.authAppRole("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
```
### Secret read & write
```java
// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
String secret = vault.readSecret("some/secret/key").getValue();
String secret = vault.read("secret/some/key").get("value", String.class);
// Complex secret
Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();
// Complex secret.
Map<String, Object> secretData = vault.read("secret/another/key").getData();
// Write simple secret
vault.writeSecret("new/secret/key", "secret value");
// Write simple secret.
vault.write("secret/new/key", "secret value");
// Write complex data to arbitraty path
Map<String, Object> map = [...]
vault.write("any/path/to/write", map);
// Write complex data.
Map<String, Object> map = ...;
vault.write("path/to/write", map);
// Delete secret
vault.delete("any/path/to/write");
// Delete secret.
vault.delete("path/to/delete");
```
### Token and role creation
```java
// Create token using TokenBuilder
Token token = new TokenBuilder().withId("token id")
.withDisplayName("new test token")
.withPolicies("pol1", "pol2")
.build();
Token token = Token.builder()
.withId("token id")
.withDisplayName("new test token")
.withPolicies("pol1", "pol2")
.build();
vault.createToken(token);
// Create AppRole credentials
@ -117,15 +118,10 @@ AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
## Links
[Project Page](http://jvault.stklcode.de)
[Project Page](https://jvault.stklcode.de)
[JavaDoc API](http://jvault.stklcode.de/apidocs/)
## Planned features
* Creation and modification of policies
* Implement more authentication methods
[JavaDoc API](https://jvault.stklcode.de/apidocs/)
## License
The project is licensed under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0).
The project is licensed under [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0).

BIN
assets/logo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.4 KiB

After

Width:  |  Height:  |  Size: 1.1 KiB

16
assets/logo.svg
View File

@ -2,11 +2,11 @@
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128">
<path d="M4,12 l60,104 l60,-104 z" stroke="none" fill="#000000" />
<circle cx="78" cy="24" r="6" stroke="none" fill="#00a9c7" />
<circle cx="78" cy="38" r="6" stroke="none" fill="#00a9c7" />
<circle cx="78" cy="52" r="6" stroke="none" fill="#00a9c7" />
<circle cx="78" cy="66" r="6" stroke="none" fill="#00a9c7" />
<circle cx="72" cy="78" r="6" stroke="none" fill="#00a9c7" />
<circle cx="58" cy="78" r="6" stroke="none" fill="#00a9c7" />
<circle cx="52" cy="66" r="6" stroke="none" fill="#00a9c7" />
</svg>
<rect x="74" y="20" width="8" height="8" stroke="none" fill="#00abe0" />
<rect x="74" y="34" width="8" height="8" stroke="none" fill="#00abe0" />
<rect x="74" y="48" width="8" height="8" stroke="none" fill="#00abe0" />
<rect x="74" y="62" width="8" height="8" stroke="none" fill="#00abe0" />
<rect x="68" y="74" width="8" height="8" stroke="none" fill="#00abe0" />
<rect x="54" y="74" width="8" height="8" stroke="none" fill="#00abe0" />
<rect x="48" y="62" width="8" height="8" stroke="none" fill="#00abe0" />
</svg>

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 759 B

After

Width:  |  Height:  |  Size: 837 B

316
pom.xml
View File

@ -3,80 +3,336 @@
<modelVersion>4.0.0</modelVersion>
<groupId>de.stklcode.jvault</groupId>
<artifactId>connector</artifactId>
<version>0.6.0</version>
<artifactId>jvault-connector</artifactId>
<version>1.0.1</version>
<packaging>jar</packaging>
<name>jVaultConnector</name>
<description>Connector artifact for Hashicorp's Vault secret management</description>
<url>https://jvault.stklcode.de</url>
<inceptionYear>2016</inceptionYear>
<licenses>
<license>
<name>Apache License 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
<url>https://www.apache.org/licenses/LICENSE-2.0.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<argLine></argLine>
</properties>
<developers>
<developer>
<name>Stefan Kalscheuer</name>
<email>stefan@stklcode.de</email>
<timezone>+1</timezone>
</developer>
</developers>
<scm>
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
<url>https://github.com/stklcode/jvaultconnector</url>
</scm>
<issueManagement>
<system>GitHub Issues</system>
<url>https://github.com/stklcode/jvaultconnector/issues</url>
</issueManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<version>3.8.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<source>11</source>
<target>11</target>
</configuration>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.2.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.2.0</version>
<configuration>
<archive>
<manifestEntries>
<Automatic-Module-Name>de.stklcode.jvault.connector</Automatic-Module-Name>
</manifestEntries>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version>
<configuration>
<argLine>
@{argLine}
--add-opens java.base/java.util=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.exception=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
</argLine>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<dependencies>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.4.6</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.8.8</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.8.1</version>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>5.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-junit</artifactId>
<version>2.0.0.0</version>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>4.1.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.stefanbirkner</groupId>
<artifactId>system-rules</artifactId>
<version>1.16.0</version>
<artifactId>system-lambda</artifactId>
<version>1.2.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock</artifactId>
<version>2.27.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.11.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.9.1.2184</version>
</dependency>
</dependencies>
</dependencyManagement>
<profiles>
<profile>
<id>sources</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>javadoc</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.3.1</version>
<configuration>
<source>11</source>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>sign</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<keyname>${gpg.keyname}</keyname>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>coverage</id>
<build>
<plugins>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.7</version>
<executions>
<execution>
<id>default-prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>default-report</id>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>integration-test</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.22.2</version>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>dependency-check</id>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.5.0</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>sonatype</id>
<distributionManagement>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
</profile>
<profile>
<id>local</id>
<distributionManagement>
<repository>
<id>stklcode</id>
<url>${dist.repo.local}</url>
</repository>
<snapshotRepository>
<id>stklcode</id>
<url>${dist.repo.local.snapshot}</url>
</snapshotRepository>
</distributionManagement>
</profile>
</profiles>
</project>

1074
src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
View File

File diff suppressed because it is too large Load Diff

416
src/main/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilder.java Normal file
View File

@ -0,0 +1,416 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Objects;
/**
* Vault Connector Builder implementation for HTTP Vault connectors.
*
* @author Stefan Kalscheuer
* @since 0.8.0
* @since 0.9.5 Package {@link de.stklcode.jvault.connector}
*/
public final class HTTPVaultConnectorBuilder {
private static final String ENV_VAULT_ADDR = "VAULT_ADDR";
private static final String ENV_VAULT_CACERT = "VAULT_CACERT";
private static final String ENV_VAULT_TOKEN = "VAULT_TOKEN";
private static final String ENV_VAULT_MAX_RETRIES = "VAULT_MAX_RETRIES";
public static final String DEFAULT_HOST = "127.0.0.1";
public static final Integer DEFAULT_PORT = 8200;
public static final boolean DEFAULT_TLS = true;
public static final String DEFAULT_TLS_VERSION = "TLSv1.2";
public static final String DEFAULT_PREFIX = "/v1/";
public static final int DEFAULT_NUMBER_OF_RETRIES = 0;
private String host;
private Integer port;
private boolean tls;
private String tlsVersion;
private String prefix;
private X509Certificate trustedCA;
private int numberOfRetries;
private Integer timeout;
private String token;
/**
* Default empty constructor.
* Initializes factory with default values.
*/
HTTPVaultConnectorBuilder() {
host = DEFAULT_HOST;
port = DEFAULT_PORT;
tls = DEFAULT_TLS;
tlsVersion = DEFAULT_TLS_VERSION;
prefix = DEFAULT_PREFIX;
numberOfRetries = DEFAULT_NUMBER_OF_RETRIES;
}
/**
* Set base URL, e.g. "protocol://host:port/prefix".
*
* @param baseURL Base URL
* @return self
* @throws URISyntaxException Invalid URI syntax.
* @since 1.0
*/
public HTTPVaultConnectorBuilder withBaseURL(final String baseURL) throws URISyntaxException {
return withBaseURL(new URI(baseURL));
}
/**
* Set base URL, e.g. "protocol://host:port/prefix".
*
* @param baseURL Base URL
* @return self
* @since 1.0
*/
public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
.withHost(baseURL.getHost())
.withPort(baseURL.getPort())
.withPrefix(baseURL.getPath());
}
/**
* Set hostname (default: 127.0.0.1).
*
* @param host Hostname or IP address
* @return self
*/
public HTTPVaultConnectorBuilder withHost(final String host) {
this.host = host;
return this;
}
/**
* Get hostname.
*
* @return Hostname or IP address
*/
String getHost() {
return this.host;
}
/**
* Set port (default: 8200).
* A value of {@code null} or {@code -1} indicates that no port is specified, i.e. the protocol default is used.
* Otherwise, a valid port number between 1 and 65535 is expected.
*
* @param port Vault TCP port
* @return self
*/
public HTTPVaultConnectorBuilder withPort(final Integer port) {
if (port == null || port < 0) {
this.port = null;
} else if (port < 1 || port > 65535) {
throw new IllegalArgumentException("Port number " + port + " out of range");
} else {
this.port = port;
}
return this;
}
/**
* Set port..
*
* @return Vault TCP port
*/
Integer getPort() {
return this.port;
}
/**
* Set TLS usage (default: TRUE).
*
* @param useTLS use TLS or not
* @return self
*/
public HTTPVaultConnectorBuilder withTLS(final boolean useTLS) {
this.tls = useTLS;
return this;
}
/**
* Get TLS usage flag.
*
* @return use TLS or not
*/
boolean isWithTLS() {
return this.tls;
}
/**
* Get TLS version.
*
* @return TLS version.
*/
String getTlsVersion() {
return this.tlsVersion;
}
/**
* Set TLS usage (default: TRUE).
*
* @param useTLS Use TLS or not.
* @param version Supported TLS version ({@code TLSv1.2}, {@code TLSv1.1}, {@code TLSv1.0}, {@code TLS}).
* @return self
* @since 0.8 Added version parameter (#22).
*/
public HTTPVaultConnectorBuilder withTLS(final boolean useTLS, final String version) {
this.tls = useTLS;
this.tlsVersion = version;
return this;
}
/**
* Convenience Method for TLS usage (enabled by default).
*
* @param version Supported TLS version ({@code TLSv1.2}, {@code TLSv1.1}, {@code TLSv1.0}, {@code TLS}).
* @return self
* @since 0.8 Added version parameter (#22).
*/
public HTTPVaultConnectorBuilder withTLS(final String version) {
return withTLS(true, version);
}
/**
* Convenience Method for TLS usage (enabled by default).
*
* @return self
*/
public HTTPVaultConnectorBuilder withTLS() {
return withTLS(true);
}
/**
* Convenience Method for NOT using TLS.
*
* @return self
*/
public HTTPVaultConnectorBuilder withoutTLS() {
return withTLS(false);
}
/**
* Set API prefix. Default is "/v1/" and changes should not be necessary for current state of development.
*
* @param prefix Vault API prefix (default: "/v1/")
* @return self
*/
public HTTPVaultConnectorBuilder withPrefix(final String prefix) {
this.prefix = prefix;
return this;
}
/**
* Get API prefix.
*
* @return Vault API prefix.
*/
String getPrefix() {
return this.prefix;
}
/**
* Add a trusted CA certificate for HTTPS connections.
*
* @param cert path to certificate file
* @return self
* @throws VaultConnectorException on error
* @since 0.4.0
*/
public HTTPVaultConnectorBuilder withTrustedCA(final Path cert) throws VaultConnectorException {
if (cert != null) {
return withTrustedCA(certificateFromFile(cert));
} else {
this.trustedCA = null;
}
return this;
}
/**
* Add a trusted CA certificate for HTTPS connections.
*
* @param cert path to certificate file
* @return self
* @since 0.8.0
*/
public HTTPVaultConnectorBuilder withTrustedCA(final X509Certificate cert) {
this.trustedCA = cert;
return this;
}
/**
* Get the trusted CA certificate for HTTPS connections.
*
* @return path to certificate file, if specified.
*/
X509Certificate getTrustedCA() {
return this.trustedCA;
}
/**
* Set token for automatic authentication, using {@link #buildAndAuth()}.
*
* @param token Vault token
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorBuilder withToken(final String token) {
this.token = token;
return this;
}
/**
* Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
*
* @return self
* @throws VaultConnectorException if Vault address from environment variables is malformed
* @since 0.6.0
*/
public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
/* Parse URL from environment variable */
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
try {
var url = new URL(System.getenv(ENV_VAULT_ADDR));
this.host = url.getHost();
this.port = url.getPort();
this.tls = url.getProtocol().equals("https");
} catch (MalformedURLException e) {
throw new ConnectionException("URL provided in environment variable malformed", e);
}
}
/* Read number of retries */
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
try {
numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
} catch (NumberFormatException ignored) {
/* Ignore malformed values. */
}
}
/* Read token */
token = System.getenv(ENV_VAULT_TOKEN);
/* Parse certificate, if set */
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
}
return this;
}
/**
* Define the number of retries to attempt on 5xx errors.
*
* @param numberOfRetries The number of retries to attempt on 5xx errors (default: 0)
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorBuilder withNumberOfRetries(final int numberOfRetries) {
this.numberOfRetries = numberOfRetries;
return this;
}
/**
* Get the number of retries to attempt on 5xx errors.
*
* @return The number of retries to attempt on 5xx errors (default: 0)
*/
int getNumberOfRetries() {
return this.numberOfRetries;
}
/**
* Define a custom timeout for the HTTP connection.
*
* @param milliseconds Timeout value in milliseconds.
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorBuilder withTimeout(final int milliseconds) {
this.timeout = milliseconds;
return this;
}
/**
* Get custom timeout for the HTTP connection.
*
* @return Timeout value in milliseconds.
*/
Integer getTimeout() {
return this.timeout;
}
/**
* Build command, produces connector after initialization.
*
* @return Vault Connector instance.
*/
public HTTPVaultConnector build() {
return new HTTPVaultConnector(this);
}
/**
* Build connector and authenticate with token set in factory or from environment.
*
* @return Authenticated Vault connector instance.
* @throws VaultConnectorException if authentication failed
* @since 0.6.0
*/
public HTTPVaultConnector buildAndAuth() throws VaultConnectorException {
if (token == null) {
throw new ConnectionException("No vault token provided, unable to authenticate.");
}
HTTPVaultConnector con = build();
con.authToken(token);
return con;
}
/**
* Read given certificate file to X.509 certificate.
*
* @param certFile Path to certificate file
* @return X.509 Certificate object
* @throws TlsException on error
* @since 0.4.0
*/
private X509Certificate certificateFromFile(final Path certFile) throws TlsException {
try (var is = Files.newInputStream(certFile)) {
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
} catch (IOException | CertificateException e) {
throw new TlsException("Unable to read certificate.", e);
}
}
}

380
src/main/java/de/stklcode/jvault/connector/VaultConnector.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -16,12 +16,15 @@
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.InvalidRequestException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.*;
import de.stklcode.jvault.connector.model.response.*;
import java.util.*;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
/**
* Vault Connector interface.
@ -30,8 +33,7 @@ import java.util.*;
* @author Stefan Kalscheuer
* @since 0.1
*/
public interface VaultConnector extends AutoCloseable {
String PATH_SECRET = "secret";
public interface VaultConnector extends AutoCloseable, Serializable {
/**
* Reset authorization information.
@ -42,37 +44,49 @@ public interface VaultConnector extends AutoCloseable {
* Retrieve status of vault seal.
*
* @return Seal status
* @throws VaultConnectorException on error
*/
SealResponse sealStatus();
SealResponse sealStatus() throws VaultConnectorException;
/**
* Seal vault.
*
* @return TRUE on success
* @throws VaultConnectorException on error
*/
boolean seal();
void seal() throws VaultConnectorException;
/**
* Unseal vault.
*
* @param key A single master share key
* @param reset Discard previously provided keys (optional)
* @return TRUE on success
* @return Response with seal status
* @throws VaultConnectorException on error
*/
SealResponse unseal(final String key, final Boolean reset);
SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
/**
* Unseal vault.
*
* @param key A single master share key
* @return TRUE on success
* @return Response with seal status
* @throws VaultConnectorException on error
*/
default SealResponse unseal(final String key) {
default SealResponse unseal(final String key) throws VaultConnectorException {
return unseal(key, null);
}
/**
* Get all availale authentication backends.
* Query server health information.
*
* @return Health information.
* @throws VaultConnectorException on error
* @since 0.7.0
*/
HealthResponse getHealth() throws VaultConnectorException;
/**
* Get all available authentication backends.
*
* @return List of backends
* @throws VaultConnectorException on error
@ -103,18 +117,18 @@ public interface VaultConnector extends AutoCloseable {
*
* @param appID The App ID
* @param userID The User ID
* @return TRUE on success
* @return The {@link AuthResponse}
* @throws VaultConnectorException on error
* @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #authAppRole} instead.
*/
@Deprecated
@Deprecated(since = "0.4", forRemoval = false)
AuthResponse authAppId(final String appID, final String userID) throws VaultConnectorException;
/**
* Authorize to Vault using AppRole method without secret ID.
*
* @param roleID The role ID
* @return TRUE on success
* @return The {@link AuthResponse}
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -127,7 +141,7 @@ public interface VaultConnector extends AutoCloseable {
*
* @param roleID The role ID
* @param secretID The secret ID
* @return TRUE on success
* @return The {@link AuthResponse}
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -139,18 +153,19 @@ public interface VaultConnector extends AutoCloseable {
* @param appID The unique App-ID
* @param policy The policy to associate with
* @param displayName Arbitrary name to display
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRole} instead.
*/
@Deprecated
boolean registerAppId(final String appID, final String policy, final String displayName) throws VaultConnectorException;
@Deprecated(since = "0.4", forRemoval = false)
boolean registerAppId(final String appID, final String policy, final String displayName)
throws VaultConnectorException;
/**
* Register a new AppRole role from given metamodel.
*
* @param role The role
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -160,7 +175,7 @@ public interface VaultConnector extends AutoCloseable {
* Register new AppRole role with default policy.
*
* @param roleName The role name
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -173,7 +188,7 @@ public interface VaultConnector extends AutoCloseable {
*
* @param roleName The role name
* @param policies The policies to associate with
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -186,7 +201,7 @@ public interface VaultConnector extends AutoCloseable {
*
* @param roleName The role name
* @param roleID A custom role ID
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -200,19 +215,20 @@ public interface VaultConnector extends AutoCloseable {
* @param roleName The role name
* @param policies The policies to associate with
* @param roleID A custom role ID
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID) throws VaultConnectorException {
return createAppRole(new AppRoleBuilder(roleName).withPolicies(policies).withId(roleID).build());
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
throws VaultConnectorException {
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
}
/**
* Delete AppRole role from Vault.
*
* @param roleName The role anme
* @return TRUE on succevss
* @param roleName The role name
* @return {@code true} on success
* @throws VaultConnectorException on error
*/
boolean deleteAppRole(final String roleName) throws VaultConnectorException;
@ -242,7 +258,7 @@ public interface VaultConnector extends AutoCloseable {
*
* @param roleName The role name
* @param roleID The role ID
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
@ -269,7 +285,8 @@ public interface VaultConnector extends AutoCloseable {
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException {
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException {
return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
}
@ -282,7 +299,8 @@ public interface VaultConnector extends AutoCloseable {
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) throws VaultConnectorException;
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException;
/**
* Lookup an AppRole secret.
@ -293,7 +311,8 @@ public interface VaultConnector extends AutoCloseable {
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException;
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException;
/**
* Destroy an AppRole secret.
@ -321,18 +340,19 @@ public interface VaultConnector extends AutoCloseable {
* @return List of roles
* @throws VaultConnectorException on error
*/
List<String> listAppRoleSecretss(final String roleName) throws VaultConnectorException;
List<String> listAppRoleSecrets(final String roleName) throws VaultConnectorException;
/**
* Register User-ID with App-ID
* Register User-ID with App-ID.
*
* @param appID The App-ID
* @param userID The User-ID
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole. Consider using {@link #createAppRoleSecret} instead.
* @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
* Consider using {@link #createAppRoleSecret} instead.
*/
@Deprecated
@Deprecated(since = "0.4", forRemoval = false)
boolean registerUserId(final String appID, final String userID) throws VaultConnectorException;
/**
@ -342,17 +362,20 @@ public interface VaultConnector extends AutoCloseable {
* @param policy The policy to associate with
* @param displayName Arbitrary name to display
* @param userID The User-ID
* @return TRUE on success
* @return {@code true} on success
* @throws VaultConnectorException on error
* @deprecated As of Vault 0.6.1 App-ID is superseded by AppRole.
*/
@Deprecated
default boolean registerAppUserId(final String appID, final String policy, final String displayName, final String userID) throws VaultConnectorException {
@Deprecated(since = "0.4", forRemoval = false)
default boolean registerAppUserId(final String appID,
final String policy,
final String displayName,
final String userID) throws VaultConnectorException {
return registerAppId(appID, policy, userID) && registerUserId(appID, userID);
}
/**
* Get authorization status
* Get authorization status.
*
* @return TRUE, if successfully authorized
*/
@ -369,17 +392,98 @@ public interface VaultConnector extends AutoCloseable {
SecretResponse read(final String key) throws VaultConnectorException;
/**
* Retrieve secret from Vault.
* Prefix "secret/" is automatically added to key.
* Retrieve the latest secret data for specific version from Vault.
* <br>
* Path {@code <mount>/data/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param key Secret identifier
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @return Secret response
* @throws VaultConnectorException on error
* @since 0.8
*/
default SecretResponse readSecret(final String key) throws VaultConnectorException {
return read(PATH_SECRET + "/" + key);
default SecretResponse readSecretData(final String mount, final String key) throws VaultConnectorException {
return readSecretVersion(mount, key, null);
}
/**
* Write secret to Vault.
* <br>
* Path {@code <mount>/data/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param data Secret content. Value must be be JSON serializable.
* @return Metadata for the created/updated secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
default SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data) throws VaultConnectorException {
return writeSecretData(mount, key, data, null);
}
/**
* Write secret to Vault.
* <br>
* Path {@code <mount>/data/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param data Secret content. Value must be be JSON serializable.
* @param cas Use Check-And-Set operation, i.e. only allow writing if current version matches this value.
* @return Metadata for the created/updated secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data, final Integer cas) throws VaultConnectorException;
/**
* Retrieve secret data from Vault.
* <br>
* Path {@code <mount>/data/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param version Version to read. If {@code null} or zero, the latest version will be returned.
* @return Secret response.
* @throws VaultConnectorException on error
* @since 0.8
*/
SecretResponse readSecretVersion(final String mount, final String key, final Integer version) throws VaultConnectorException;
/**
* Retrieve secret metadata from Vault.
* <br>
* Path {@code <mount>/metadata/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @return Metadata response
* @throws VaultConnectorException on error
* @since 0.8
*/
MetadataResponse readSecretMetadata(final String mount, final String key) throws VaultConnectorException;
/**
* Update secret metadata.
* <br>
* Path {@code <mount>/metadata/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
* @param casRequired Specify if Check-And-Set is required for this secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
void updateSecretMetadata(final String mount, final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException;
/**
* List available nodes from Vault.
*
@ -390,18 +494,6 @@ public interface VaultConnector extends AutoCloseable {
*/
List<String> list(final String path) throws VaultConnectorException;
/**
* List available secrets from Vault.
* Prefix "secret/" is automatically added to path.
*
* @param path Root path to search
* @return List of secret keys
* @throws VaultConnectorException on error
*/
default List<String> listSecrets(final String path) throws VaultConnectorException {
return list(PATH_SECRET + "/" + path);
}
/**
* Write simple value to Vault.
*
@ -411,9 +503,7 @@ public interface VaultConnector extends AutoCloseable {
* @since 0.5.0
*/
default void write(final String key, final String value) throws VaultConnectorException {
Map<String, Object> param = new HashMap<>();
param.put("value", value);
write(key, param);
write(key, Collections.singletonMap("value", value));
}
/**
@ -424,36 +514,20 @@ public interface VaultConnector extends AutoCloseable {
* @throws VaultConnectorException on error
* @since 0.5.0
*/
void write(final String key, final Map<String, Object> data) throws VaultConnectorException;
/**
* Write secret to Vault.
* Prefix "secret/" is automatically added to path.
*
* @param key Secret path
* @param value Secret value
* @throws VaultConnectorException on error
*/
default void writeSecret(final String key, final String value) throws VaultConnectorException {
Map<String, Object> param = new HashMap<>();
param.put("value", value);
writeSecret(key, param);
default void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
write(key, data, null);
}
/**
* Write secret to Vault.
* Prefix "secret/" is automatically added to path.
* Write value to Vault.
*
* @param key Secret path
* @param data Secret content. Value must be be JSON serializable.
* @param key Secret path
* @param data Secret content. Value must be be JSON serializable.
* @param options Secret options (optional).
* @throws VaultConnectorException on error
* @since 0.5.0
* @since 0.8 {@code options} parameter added
*/
default void writeSecret(final String key, final Map<String, Object> data) throws VaultConnectorException {
if (key == null || key.isEmpty())
throw new InvalidRequestException("Secret path must not be empty.");
write(PATH_SECRET + "/" + key, data);
}
void write(final String key, final Map<String, Object> data, final Map<String, Object> options) throws VaultConnectorException;
/**
* Delete key from Vault.
@ -465,15 +539,66 @@ public interface VaultConnector extends AutoCloseable {
void delete(final String key) throws VaultConnectorException;
/**
* Delete secret from Vault.
* Prefix "secret/" is automatically added to path.
* Delete latest version of a secret from Vault.
* <br>
* Only available for KV v2 stores.
*
* @param key Secret path
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @throws VaultConnectorException on error
* @since 0.8
*/
default void deleteSecret(final String key) throws VaultConnectorException {
delete(PATH_SECRET + "/" + key);
}
void deleteLatestSecretVersion(final String mount, final String key) throws VaultConnectorException;
/**
* Delete latest version of a secret from Vault.
* <br>
* Prefix {@code secret/} is automatically added to path.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteAllSecretVersions(final String mount, final String key) throws VaultConnectorException;
/**
* Delete secret versions from Vault.
* <br>
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to delete.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
/**
* Undelete (restore) secret versions from Vault.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to undelete.
* @throws VaultConnectorException on error
* @since 0.8
*/
void undeleteSecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
/**
* Destroy secret versions from Vault.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to destroy.
* @throws VaultConnectorException on error
* @since 0.8
*/
void destroySecretVersions(final String mount, final String key, final int... versions) throws VaultConnectorException;
/**
* Revoke given lease immediately.
@ -543,9 +668,61 @@ public interface VaultConnector extends AutoCloseable {
TokenResponse lookupToken(final String token) throws VaultConnectorException;
/**
* Read credentials for MySQL backend at default mount point
* Create a new or update an existing token role.
*
* @param role the role name
* @param role the role entity (name must be set)
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
default boolean createOrUpdateTokenRole(final TokenRole role) throws VaultConnectorException {
return createOrUpdateTokenRole(role.getName(), role);
}
/**
* Create a new or update an existing token role.
*
* @param name the role name (overrides name possibly set in role entity)
* @param role the role entity
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
boolean createOrUpdateTokenRole(final String name, final TokenRole role) throws VaultConnectorException;
/**
* Lookup token information.
*
* @param name the role name
* @return the result response
* @throws VaultConnectorException on error
* @since 0.9
*/
TokenRoleResponse readTokenRole(final String name) throws VaultConnectorException;
/**
* List available token roles from Vault.
*
* @return List of token roles
* @throws VaultConnectorException on error
* @since 0.9
*/
List<String> listTokenRoles() throws VaultConnectorException;
/**
* Delete a token role.
*
* @param name the role name to delete
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
boolean deleteTokenRole(final String name) throws VaultConnectorException;
/**
* Read credentials for MySQL backend at default mount point.
*
* @param role the role name
* @return the credentials response
* @throws VaultConnectorException on error
* @since 0.5.0
@ -555,9 +732,9 @@ public interface VaultConnector extends AutoCloseable {
}
/**
* Read credentials for PostgreSQL backend at default mount point
* Read credentials for PostgreSQL backend at default mount point.
*
* @param role the role name
* @param role the role name
* @return the credentials response
* @throws VaultConnectorException on error
* @since 0.5.0
@ -567,9 +744,9 @@ public interface VaultConnector extends AutoCloseable {
}
/**
* Read credentials for MSSQL backend at default mount point
* Read credentials for MSSQL backend at default mount point.
*
* @param role the role name
* @param role the role name
* @return the credentials response
* @throws VaultConnectorException on error
* @since 0.5.0
@ -579,9 +756,9 @@ public interface VaultConnector extends AutoCloseable {
}
/**
* Read credentials for MSSQL backend at default mount point
* Read credentials for MSSQL backend at default mount point.
*
* @param role the role name
* @param role the role name
* @return the credentials response
* @throws VaultConnectorException on error
* @since 0.5.0
@ -599,7 +776,8 @@ public interface VaultConnector extends AutoCloseable {
* @throws VaultConnectorException on error
* @since 0.5.0
*/
default CredentialsResponse readDbCredentials(final String role, final String mount) throws VaultConnectorException {
default CredentialsResponse readDbCredentials(final String role, final String mount)
throws VaultConnectorException {
return (CredentialsResponse) read(mount + "/creds/" + role);
}
}

6
src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,8 +19,8 @@ package de.stklcode.jvault.connector.exception;
/**
* Exception thrown trying to do a request without any authorization handles.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public class AuthorizationRequiredException extends VaultConnectorException {
}

31
src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,22 +19,41 @@ package de.stklcode.jvault.connector.exception;
/**
* Exception thrown on problems with connection to Vault backend.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public class ConnectionException extends VaultConnectorException {
/**
* Constructs a new empty exception.
*/
public ConnectionException() {
}
public ConnectionException(String message) {
/**
* Constructs a new exception with the specified detail message.
*
* @param message the detail message
*/
public ConnectionException(final String message) {
super(message);
}
public ConnectionException(Throwable cause) {
/**
* Constructs a new exception with the specified cause.
*
* @param cause the cause
*/
public ConnectionException(final Throwable cause) {
super(cause);
}
public ConnectionException(String message, Throwable cause) {
/**
* Constructs a new exception with the specified detail message and cause.
*
* @param message the detail message
* @param cause the cause
*/
public ConnectionException(final String message, final Throwable cause) {
super(message, cause);
}
}

31
src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,22 +19,41 @@ package de.stklcode.jvault.connector.exception;
/**
* Exception thrown when trying to send malformed request.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public class InvalidRequestException extends VaultConnectorException {
/**
* Constructs a new empty exception.
*/
public InvalidRequestException() {
}
public InvalidRequestException(String message) {
/**
* Constructs a new exception with the specified detail message.
*
* @param message the detail message
*/
public InvalidRequestException(final String message) {
super(message);
}
public InvalidRequestException(Throwable cause) {
/**
* Constructs a new exception with the specified cause.
*
* @param cause the cause
*/
public InvalidRequestException(final Throwable cause) {
super(cause);
}
public InvalidRequestException(String message, Throwable cause) {
/**
* Constructs a new exception with the specified detail message and cause.
*
* @param message the detail message
* @param cause the cause
*/
public InvalidRequestException(final String message, final Throwable cause) {
super(message, cause);
}
}

120
src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,42 +20,136 @@ package de.stklcode.jvault.connector.exception;
* Exception thrown when response from vault returned with erroneous status code or payload could not be parsed
* to entity class.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public class InvalidResponseException extends VaultConnectorException {
private Integer statusCode;
private String response;
public final class InvalidResponseException extends VaultConnectorException {
private final Integer statusCode;
private final String response;
/**
* Constructs a new empty exception.
*/
public InvalidResponseException() {
this.statusCode = null;
this.response = null;
}
public InvalidResponseException(String message) {
/**
* Constructs a new exception with the specified detail message.
*
* @param message The detail message
*/
public InvalidResponseException(final String message) {
super(message);
this.statusCode = null;
this.response = null;
}
public InvalidResponseException(Throwable cause) {
/**
* Constructs a new exception with the specified cause.
*
* @param cause The cause
*/
public InvalidResponseException(final Throwable cause) {
super(cause);
this.statusCode = null;
this.response = null;
}
public InvalidResponseException(String message, Throwable cause) {
/**
* Constructs a new exception with the specified detail message and cause.
*
* @param message The detail message
* @param cause The cause
*/
public InvalidResponseException(final String message, final Throwable cause) {
super(message, cause);
this.statusCode = null;
this.response = null;
}
public InvalidResponseException withStatusCode(Integer statusCode) {
/**
* Constructs a new exception with the specified detail message and status code.
* <p>
* The HTTP status code can be retrieved by {@link #getStatusCode()} later.
*
* @param message The detail message
* @param statusCode Status code of the HTTP response
* @since 0.6.2
*/
public InvalidResponseException(final String message, final Integer statusCode) {
super(message);
this.statusCode = statusCode;
return this;
this.response = null;
}
public InvalidResponseException withResponse(String response) {
/**
* Constructs a new exception with the specified detail message, cause and status code.
* <p>
* The HTTP status code can be retrieved by {@link #getStatusCode()} later.
*
* @param message The detail message
* @param statusCode Status code of the HTTP response
* @param cause The cause
* @since 0.6.2
*/
public InvalidResponseException(final String message, final Integer statusCode, final Throwable cause) {
this(message, statusCode, null, cause);
}
/**
* Constructs a new exception with the specified detail message, cause and status code.
* <p>
* The HTTP status code can be retrieved by {@link #getStatusCode()} later.
*
* @param message The detail message
* @param statusCode Status code of the HTTP response
* @param response HTTP response string
* @since 0.6.2
*/
public InvalidResponseException(final String message,
final Integer statusCode,
final String response) {
super(message);
this.statusCode = statusCode;
this.response = response;
return this;
}
/**
* Constructs a new exception with the specified detail message, cause and status code.
* <p>
* The HTTP status code can be retrieved by {@link #getStatusCode()} later.
*
* @param message The detail message
* @param statusCode Status code of the HTTP response
* @param response HTTP response string
* @param cause The cause
* @since 0.6.2
*/
public InvalidResponseException(final String message,
final Integer statusCode,
final String response,
final Throwable cause) {
super(message, cause);
this.statusCode = statusCode;
this.response = response;
}
/**
* Retrieve the HTTP status code.
*
* @return The status code or {@code null} if none specified.
*/
public Integer getStatusCode() {
return statusCode;
}
/**
* Retrieve the response text.
*
* @return The response text or {@code null} if none specified.
*/
public String getResponse() {
return response;
}

31
src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,23 +19,42 @@ package de.stklcode.jvault.connector.exception;
/**
* Exception thrown when trying to access a path the current user/token does not have permission to access.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public class PermissionDeniedException extends VaultConnectorException {
/**
* Constructs a new empty exception.
*/
public PermissionDeniedException() {
super("Permission denied");
}
public PermissionDeniedException(String message) {
/**
* Constructs a new exception with the specified detail message.
*
* @param message the detail message
*/
public PermissionDeniedException(final String message) {
super(message);
}
public PermissionDeniedException(Throwable cause) {
/**
* Constructs a new exception with the specified cause.
*
* @param cause the cause
*/
public PermissionDeniedException(final Throwable cause) {
super(cause);
}
public PermissionDeniedException(String message, Throwable cause) {
/**
* Constructs a new exception with the specified detail message and cause.
*
* @param message the detail message
* @param cause the cause
*/
public PermissionDeniedException(final String message, final Throwable cause) {
super(message, cause);
}
}

31
src/main/java/de/stklcode/jvault/connector/exception/TlsException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,22 +19,41 @@ package de.stklcode.jvault.connector.exception;
/**
* Exception thrown on errors with TLS connection.
*
* @author Stefan Kalscheuer
* @since 0.4.0
* @author Stefan Kalscheuer
* @since 0.4.0
*/
public class TlsException extends VaultConnectorException {
/**
* Constructs a new empty exception.
*/
public TlsException() {
}
public TlsException(String message) {
/**
* Constructs a new exception with the specified detail message.
*
* @param message the detail message
*/
public TlsException(final String message) {
super(message);
}
public TlsException(Throwable cause) {
/**
* Constructs a new exception with the specified cause.
*
* @param cause the cause
*/
public TlsException(final Throwable cause) {
super(cause);
}
public TlsException(String message, Throwable cause) {
/**
* Constructs a new exception with the specified detail message and cause.
*
* @param message the detail message
* @param cause the cause
*/
public TlsException(final String message, final Throwable cause) {
super(message, cause);
}
}

33
src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,22 +19,41 @@ package de.stklcode.jvault.connector.exception;
/**
* Abstract Exception class for Vault Connector internal exceptions.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public abstract class VaultConnectorException extends Exception {
public VaultConnectorException() {
/**
* Constructs a new empty exception.
*/
protected VaultConnectorException() {
}
public VaultConnectorException(String message) {
/**
* Constructs a new exception with the specified detail message.
*
* @param message the detail message
*/
protected VaultConnectorException(final String message) {
super(message);
}
public VaultConnectorException(Throwable cause) {
/**
* Constructs a new exception with the specified cause.
*
* @param cause the cause
*/
protected VaultConnectorException(final Throwable cause) {
super(cause);
}
public VaultConnectorException(String message, Throwable cause) {
/**
* Constructs a new exception with the specified detail message and cause.
*
* @param message the detail message
* @param cause the cause
*/
protected VaultConnectorException(final String message, final Throwable cause) {
super(message, cause);
}
}

20
src/main/java/de/stklcode/jvault/connector/exception/package-info.java Normal file
View File

@ -0,0 +1,20 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Some custom exceptions for error handling.
*/
package de.stklcode.jvault.connector.exception;

311
src/main/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactory.java
View File

@ -1,311 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.factory;
import de.stklcode.jvault.connector.HTTPVaultConnector;
import de.stklcode.jvault.connector.VaultConnector;
import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/**
* Vault Connector Factory implementation for HTTP Vault connectors.
*
* @author Stefan Kalscheuer
* @since 0.1
*/
public class HTTPVaultConnectorFactory extends VaultConnectorFactory {
private static final String ENV_VAULT_ADDR = "VAULT_ADDR";
private static final String ENV_VAULT_CACERT = "VAULT_CACERT";
private static final String ENV_VAULT_TOKEN = "VAULT_TOKEN";
private static final String ENV_VAULT_MAX_RETRIES = "VAULT_MAX_RETRIES";
public static final String DEFAULT_HOST = "127.0.0.1";
public static final Integer DEFAULT_PORT = 8200;
public static final boolean DEFAULT_TLS = true;
public static final String DEFAULT_PREFIX = "/v1/";
public static final int DEFAULT_NUMBER_OF_RETRIES = 0;
private String host;
private Integer port;
private boolean tls;
private String prefix;
private SSLContext sslContext;
private int numberOfRetries;
private Integer timeout;
private String token;
/**
* Default empty constructor.
* Initializes factory with default values.
*/
public HTTPVaultConnectorFactory() {
host = DEFAULT_HOST;
port = DEFAULT_PORT;
tls = DEFAULT_TLS;
prefix = DEFAULT_PREFIX;
numberOfRetries = DEFAULT_NUMBER_OF_RETRIES;
}
/**
* Set hostname (default: 127.0.0.1)
*
* @param host Hostname or IP address
* @return self
*/
public HTTPVaultConnectorFactory withHost(String host) {
this.host = host;
return this;
}
/**
* Set port (default: 8200)
*
* @param port Vault TCP port
* @return self
*/
public HTTPVaultConnectorFactory withPort(Integer port) {
this.port = port;
return this;
}
/**
* Set TLS usage (default: TRUE)
*
* @param useTLS use TLS or not
* @return self
*/
public HTTPVaultConnectorFactory withTLS(boolean useTLS) {
this.tls = useTLS;
return this;
}
/**
* Convenience Method for TLS usage (enabled by default)
*
* @return self
*/
public HTTPVaultConnectorFactory withTLS() {
return withTLS(true);
}
/**
* Convenience Method for NOT using TLS
*
* @return self
*/
public HTTPVaultConnectorFactory withoutTLS() {
return withTLS(false);
}
/**
* Set API prefix. Default is "/v1/" and changes should not be necessary for current state of development.
*
* @param prefix Vault API prefix (default: "/v1/"
* @return self
*/
public HTTPVaultConnectorFactory withPrefix(String prefix) {
this.prefix = prefix;
return this;
}
/**
* Add a trusted CA certifiate for HTTPS connections.
*
* @param cert path to certificate file
* @return self
* @throws VaultConnectorException on error
* @since 0.4.0
*/
public HTTPVaultConnectorFactory withTrustedCA(Path cert) throws VaultConnectorException {
if (cert != null)
return withSslContext(createSslContext(cert));
return this;
}
/**
* Add a custom SSL context.
* Overwrites certificates set by {@link #withTrustedCA}.
*
* @param sslContext the SSL context
* @return self
* @since 0.4.0
*/
public HTTPVaultConnectorFactory withSslContext(SSLContext sslContext) {
this.sslContext = sslContext;
return this;
}
/**
* Set token for automatic authentication, using {@link #buildAndAuth()}.
*
* @param token Vault token
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorFactory withToken(String token) throws VaultConnectorException {
this.token = token;
return this;
}
/**
* Build connector based on the {@code }VAULT_ADDR} and {@code VAULT_CACERT} (optional) environment variables.
*
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorFactory fromEnv() throws VaultConnectorException {
/* Parse URL from environment variable */
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
try {
URL url = new URL(System.getenv(ENV_VAULT_ADDR));
this.host = url.getHost();
this.port = url.getPort();
this.tls = url.getProtocol().equals("https");
} catch (MalformedURLException e) {
throw new ConnectionException("URL provided in environment variable malformed", e);
}
}
/* Read number of retries */
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
try {
numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
} catch (NumberFormatException ignored) {
}
}
/* Read token */
token = System.getenv(ENV_VAULT_TOKEN);
/* Parse certificate, if set */
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
}
return this;
}
/**
* Define the number of retries to attempt on 5xx errors.
*
* @param numberOfRetries The number of retries to attempt on 5xx errors (default: 0)
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorFactory withNumberOfRetries(int numberOfRetries) {
this.numberOfRetries = numberOfRetries;
return this;
}
/**
* Define a custom timeout for the HTTP connection.
*
* @param milliseconds Timeout value in milliseconds.
* @return self
* @since 0.6.0
*/
public HTTPVaultConnectorFactory withTimeout(int milliseconds) {
this.timeout = milliseconds;
return this;
}
@Override
public HTTPVaultConnector build() {
return new HTTPVaultConnector(host, tls, port, prefix, sslContext, numberOfRetries, timeout);
}
@Override
public HTTPVaultConnector buildAndAuth() throws VaultConnectorException {
if (token == null)
throw new ConnectionException("No vault token provided, unable to authenticate.");
HTTPVaultConnector con = new HTTPVaultConnector(host, tls, port, prefix, sslContext, numberOfRetries, timeout);
con.authToken(token);
return con;
}
/**
* Create SSL Context trusting only provided certificate.
*
* @param trustedCert Path to trusted CA certificate
* @return SSL context
* @throws TlsException on errors
* @since 0.4.0
*/
private SSLContext createSslContext(Path trustedCert) throws TlsException {
try {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, createTrustManager(trustedCert), new SecureRandom());
return context;
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new TlsException("Unable to intialize SSLContext", e);
}
}
/**
* Create a custom TrustManager for given CA certificate file.
*
* @param trustedCert Path to trusted CA certificate
* @return TrustManger
* @throws TlsException on error
* @since 0.4.0
*/
private TrustManager[] createTrustManager(Path trustedCert) throws TlsException {
try {
/* Create Keystore with trusted certificate */
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("trustedCert", certificateFromFile(trustedCert));
/* Initialize TrustManager */
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
return tmf.getTrustManagers();
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
throw new TlsException("Unable to initialize TrustManager", e);
}
}
/**
* Read given certificate file to X.509 certificate.
*
* @param certFile Path to certificate file
* @return X.509 Certificate object
* @throws TlsException on error
* @since 0.4.0
*/
private X509Certificate certificateFromFile(Path certFile) throws TlsException {
try (InputStream is = Files.newInputStream(certFile)) {
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
} catch (IOException | CertificateException e) {
throw new TlsException("Unable to read certificate.", e);
}
}
}

53
src/main/java/de/stklcode/jvault/connector/factory/VaultConnectorFactory.java
View File

@ -1,53 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.factory;
import de.stklcode.jvault.connector.VaultConnector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
/**
* Abstract Vault Connector Factory interface.
* Provides builder pattern style factory for Vault connectors.
*
* @author Stefan Kalscheuer
* @since 0.1
*/
public abstract class VaultConnectorFactory {
/**
* Get Factory implementation for HTTP Vault Connector
*
* @return HTTP Connector Factory
*/
public static HTTPVaultConnectorFactory httpFactory() {
return new HTTPVaultConnectorFactory();
}
/**
* Build command, produces connector after initialization.
*
* @return Vault Connector instance.
*/
public abstract VaultConnector build();
/**
* Build connector and authenticate with token set in factory or from environment.
*
* @return Authenticated Vault connector instance.
* @since 0.6.0
*/
public abstract VaultConnector buildAndAuth() throws VaultConnectorException;
}

39
src/main/java/de/stklcode/jvault/connector/internal/Error.java Normal file
View File

@ -0,0 +1,39 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.internal;
/**
* Utility class to bundle common error messages.
*
* @author Stefan Kalscheuer
* @since 0.8 Extracted from static inner class.
*/
final class Error {
static final String READ_RESPONSE = "Unable to read response";
static final String PARSE_RESPONSE = "Unable to parse response";
static final String UNEXPECTED_RESPONSE = "Received response where none was expected";
static final String URI_FORMAT = "Invalid URI format";
static final String RESPONSE_CODE = "Invalid response code";
static final String INIT_SSL_CONTEXT = "Unable to initialize SSLContext";
static final String CONNECTION = "Unable to connect to Vault server";
/**
* Constructor hidden, this class should not be instantiated.
*/
private Error() {
}
}

430
src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java Normal file
View File

@ -0,0 +1,430 @@
package de.stklcode.jvault.connector.internal;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.*;
import de.stklcode.jvault.connector.model.response.ErrorResponse;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.*;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Map;
import java.util.concurrent.CompletionException;
import java.util.stream.Collectors;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Helper class to bundle Vault HTTP requests.
*
* @author Stefan Kalscheuer
* @since 0.8 Extracted methods from {@link de.stklcode.jvault.connector.HTTPVaultConnector}.
*/
public final class RequestHelper implements Serializable {
private static final String HEADER_VAULT_TOKEN = "X-Vault-Token";
private final String baseURL; // Base URL of Vault.
private final Integer timeout; // Timeout in milliseconds.
private final int retries; // Number of retries on 5xx errors.
private final String tlsVersion; // TLS version (#22).
private final X509Certificate trustedCaCert; // Trusted CA certificate.
private final ObjectMapper jsonMapper;
/**
* Constructor of the request helper.
*
* @param baseURL The URL
* @param retries Number of retries on 5xx errors
* @param timeout Timeout for HTTP requests (milliseconds)
* @param tlsVersion TLS Version.
* @param trustedCaCert Trusted CA certificate
*/
public RequestHelper(final String baseURL,
final int retries,
final Integer timeout,
final String tlsVersion,
final X509Certificate trustedCaCert) {
this.baseURL = baseURL + (baseURL.endsWith("/") ? "" : "/");
this.retries = retries;
this.timeout = timeout;
this.tlsVersion = tlsVersion;
this.trustedCaCert = trustedCaCert;
this.jsonMapper = new ObjectMapper();
}
/**
* Execute HTTP request using POST method.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8 Added {@code token} parameter.
*/
public String post(final String path, final Object payload, final String token) throws VaultConnectorException {
// Initialize POST.
var req = HttpRequest.newBuilder(URI.create(baseURL + path));
// Generate JSON from payload.
try {
req.POST(HttpRequest.BodyPublishers.ofString(jsonMapper.writeValueAsString(payload), UTF_8));
} catch (JsonProcessingException e) {
throw new InvalidRequestException(Error.PARSE_RESPONSE, e);
}
req.setHeader("Content-Type", "application/json; charset=utf-8");
// Set X-Vault-Token header.
if (token != null) {
req.setHeader(HEADER_VAULT_TOKEN, token);
}
return request(req, retries);
}
/**
* Execute HTTP request using POST method and parse JSON result.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @param target Target class.
* @param <T> Target type.
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8
*/
public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
throws VaultConnectorException {
try {
String response = post(path, payload, token);
return jsonMapper.readValue(response, target);
} catch (IOException e) {
throw new InvalidResponseException(Error.PARSE_RESPONSE, e);
}
}
/**
* Execute HTTP request using POST method and expect empty (204) response.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @throws VaultConnectorException on connection error
* @since 0.8
*/
public void postWithoutResponse(final String path, final Object payload, final String token) throws VaultConnectorException {
if (!post(path, payload, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
}
}
/**
* Execute HTTP request using PUT method.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8 Added {@code token} parameter.
*/
public String put(final String path, final Map<String, String> payload, final String token) throws VaultConnectorException {
// Initialize PUT.
var req = HttpRequest.newBuilder(URI.create(baseURL + path));
// Generate JSON from payload.
try {
req.PUT(HttpRequest.BodyPublishers.ofString(jsonMapper.writeValueAsString(payload), UTF_8));
} catch (JsonProcessingException e) {
throw new InvalidRequestException("Payload serialization failed", e);
}
req.setHeader("Content-Type", "application/json; charset=utf-8");
// Set X-Vault-Token header.
if (token != null) {
req.setHeader(HEADER_VAULT_TOKEN, token);
}
return request(req, retries);
}
/**
* Execute HTTP request using PUT method and parse JSON result.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @param target Target class.
* @param <T> Target type.
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8
*/
public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
throws VaultConnectorException {
try {
String response = put(path, payload, token);
return jsonMapper.readValue(response, target);
} catch (IOException e) {
throw new InvalidResponseException(Error.PARSE_RESPONSE, e);
}
}
/**
* Execute HTTP request using PUT method and expect empty (204) response.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @throws VaultConnectorException on connection error
* @since 0.8
*/
public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException {
if (!put(path, payload, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
}
}
/**
* Execute HTTP request using DELETE method.
*
* @param path URL path (relative to base).
* @param token Vault token (may be {@code null}).
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8 Added {@code token} parameter.
*/
public String delete(final String path, final String token) throws VaultConnectorException {
// Initialize DELETE.
HttpRequest.Builder req = HttpRequest.newBuilder(URI.create(baseURL + path)).DELETE();
// Set X-Vault-Token header.
if (token != null) {
req.setHeader(HEADER_VAULT_TOKEN, token);
}
return request(req, retries);
}
/**
* Execute HTTP request using DELETE method and expect empty (204) response.
*
* @param path URL path (relative to base).
* @param token Vault token (may be {@code null}).
* @throws VaultConnectorException on connection error
* @since 0.8
*/
public void deleteWithoutResponse(final String path, final String token) throws VaultConnectorException {
if (!delete(path, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
}
}
/**
* Execute HTTP request using GET method.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8 Added {@code token} parameter.
*/
public String get(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException {
// Add parameters to URI.
var uriBuilder = new StringBuilder(baseURL + path);
if (!payload.isEmpty()) {
uriBuilder.append("?").append(
payload.entrySet().stream().map(
par -> URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
).collect(Collectors.joining("&"))
);
}
// Initialize GET.
try {
var req = HttpRequest.newBuilder(new URI(uriBuilder.toString()));
// Set X-Vault-Token header.
if (token != null) {
req.setHeader(HEADER_VAULT_TOKEN, token);
}
return request(req, retries);
} catch (URISyntaxException e) {
/* this should never occur and may leak sensible information */
throw new InvalidRequestException(Error.URI_FORMAT);
}
}
/**
* Execute HTTP request using GET method and parse JSON result to target class.
*
* @param path URL path (relative to base).
* @param payload Map of payload values (will be converted to JSON).
* @param token Vault token (may be {@code null}).
* @param target Target class.
* @param <T> Target type.
* @return HTTP response
* @throws VaultConnectorException on connection error
* @since 0.8
*/
public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
throws VaultConnectorException {
try {
String response = get(path, payload, token);
return jsonMapper.readValue(response, target);
} catch (IOException e) {
throw new InvalidResponseException(Error.PARSE_RESPONSE, e);
}
}
/**
* Execute prepared HTTP request and return result.
*
* @param requestBuilder Prepared request.
* @param retries Number of retries.
* @return HTTP response
* @throws VaultConnectorException on connection error
*/
private String request(final HttpRequest.Builder requestBuilder, final int retries) throws VaultConnectorException {
// Set JSON Header.
requestBuilder.setHeader("accept", "application/json");
var clientBuilder = HttpClient.newBuilder();
// Set custom timeout, if defined.
if (this.timeout != null) {
clientBuilder.connectTimeout(Duration.ofMillis(timeout));
}
// Set custom SSL context.
clientBuilder.sslContext(createSSLContext());
HttpClient client = clientBuilder.build();
// Execute request.
try {
HttpResponse<InputStream> response = client.sendAsync(
requestBuilder.build(),
HttpResponse.BodyHandlers.ofInputStream()
).join();
/* Check if response is valid */
if (response == null) {
throw new InvalidResponseException("Response unavailable");
}
switch (response.statusCode()) {
case 200:
return handleResult(response);
case 204:
return "";
case 403:
throw new PermissionDeniedException();
default:
if (response.statusCode() >= 500 && response.statusCode() < 600 && retries > 0) {
// Retry on 5xx errors.
return request(requestBuilder, retries - 1);
} else {
// Fail on different error code and/or no retries left.
handleError(response);
// Throw exception without details, if response entity is empty.
throw new InvalidResponseException(Error.RESPONSE_CODE, response.statusCode());
}
}
} catch (CompletionException e) {
throw new ConnectionException(Error.CONNECTION, e.getCause());
}
}
/**
* Create a custom SSL context from trusted CA certificate.
*
* @return The context.
* @throws TlsException An error occurred during initialization of the SSL context.
* @since 0.8.0
* @since 0.10 Generate {@link SSLContext} instead of Apache {@code SSLConnectionSocketFactory}
*/
private SSLContext createSSLContext() throws TlsException {
try {
// Create context.
var sslContext = SSLContext.getInstance(tlsVersion);
if (trustedCaCert != null) {
// Create Keystore with trusted certificate.
var keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("trustedCert", trustedCaCert);
// Initialize TrustManager.
var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
sslContext.init(null, tmf.getTrustManagers(), null);
} else {
sslContext.init(null, null, null);
}
return sslContext;
} catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
throw new TlsException(Error.INIT_SSL_CONTEXT, e);
}
}
/**
* Handle successful result.
*
* @param response The raw HTTP response (assuming status code 200)
* @return Complete response body as String
* @throws InvalidResponseException on reading errors
*/
private String handleResult(final HttpResponse<InputStream> response) throws InvalidResponseException {
try (var reader = new BufferedReader(new InputStreamReader(response.body()))) {
return reader.lines().collect(Collectors.joining("\n"));
} catch (IOException ignored) {
throw new InvalidResponseException(Error.READ_RESPONSE, 200);
}
}
/**
* Handle unsuccessful response. Throw detailed exception if possible.
*
* @param response The raw HTTP response (assuming status code 5xx)
* @throws VaultConnectorException Expected exception with details to throw
*/
private void handleError(final HttpResponse<InputStream> response) throws VaultConnectorException {
if (response.body() != null) {
try (var reader = new BufferedReader(new InputStreamReader(response.body()))) {
var responseString = reader.lines().collect(Collectors.joining("\n"));
ErrorResponse er = jsonMapper.readValue(responseString, ErrorResponse.class);
/* Check for "permission denied" response */
if (!er.getErrors().isEmpty() && er.getErrors().get(0).equals("permission denied")) {
throw new PermissionDeniedException();
}
throw new InvalidResponseException(Error.RESPONSE_CODE, response.statusCode(), er.toString());
} catch (IOException ignored) {
// Exception ignored.
}
}
}
}

552
src/main/java/de/stklcode/jvault/connector/model/AppRole.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -17,8 +17,8 @@
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.annotation.*;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import java.util.ArrayList;
import java.util.List;
/**
@ -28,7 +28,18 @@ import java.util.List;
* @since 0.4.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AppRole {
public final class AppRole {
/**
* Get {@link Builder} instance.
*
* @param name Role name.
* @return AppRole Builder.
* @since 0.8
*/
public static Builder builder(final String name) {
return new Builder(name);
}
@JsonProperty("role_name")
private String name;
@ -40,9 +51,7 @@ public class AppRole {
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean bindSecretId;
private List<String> boundCidrList;
private List<String> policies;
private List<String> secretIdBoundCidrs;
@JsonProperty("secret_id_num_uses")
@JsonInclude(JsonInclude.Include.NON_NULL)
@ -52,6 +61,10 @@ public class AppRole {
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer secretIdTtl;
@JsonProperty("enable_local_secret_ids")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean enableLocalSecretIds;
@JsonProperty("token_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenTtl;
@ -60,90 +73,549 @@ public class AppRole {
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenMaxTtl;
@JsonProperty("period")
private List<String> tokenPolicies;
@JsonProperty("token_bound_cidrs")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer period;
private List<String> tokenBoundCidrs;
@JsonProperty("token_explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenExplicitMaxTtl;
@JsonProperty("token_no_default_policy")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean tokenNoDefaultPolicy;
@JsonProperty("token_num_uses")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenNumUses;
@JsonProperty("token_period")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenPeriod;
@JsonProperty("token_type")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String tokenType;
/**
* Construct empty {@link AppRole} object.
*/
public AppRole() {
}
public AppRole(String name, String id, Boolean bindSecretId, List<String> boundCidrList, List<String> policies, Integer secretIdNumUses, Integer secretIdTtl, Integer tokenTtl, Integer tokenMaxTtl, Integer period) {
this.name = name;
this.id = id;
this.bindSecretId = bindSecretId;
this.boundCidrList = boundCidrList;
this.policies = policies;
this.secretIdNumUses = secretIdNumUses;
this.secretIdTtl = secretIdTtl;
this.tokenTtl = tokenTtl;
this.tokenMaxTtl = tokenMaxTtl;
this.period = period;
/**
* Construct {@link AppRole} object from {@link AppRole.Builder}.
*
* @param builder AppRole builder.
*/
public AppRole(final Builder builder) {
this.name = builder.name;
this.id = builder.id;
this.bindSecretId = builder.bindSecretId;
this.secretIdBoundCidrs = builder.secretIdBoundCidrs;
this.secretIdNumUses = builder.secretIdNumUses;
this.secretIdTtl = builder.secretIdTtl;
this.enableLocalSecretIds = builder.enableLocalSecretIds;
this.tokenTtl = builder.tokenTtl;
this.tokenMaxTtl = builder.tokenMaxTtl;
this.tokenPolicies = builder.tokenPolicies;
this.tokenBoundCidrs = builder.tokenBoundCidrs;
this.tokenExplicitMaxTtl = builder.tokenExplicitMaxTtl;
this.tokenNoDefaultPolicy = builder.tokenNoDefaultPolicy;
this.tokenNumUses = builder.tokenNumUses;
this.tokenPeriod = builder.tokenPeriod;
this.tokenType = builder.tokenType != null ? builder.tokenType.value() : null;
}
/**
* @return the role name
*/
public String getName() {
return name;
}
/**
* @return the role ID
*/
public String getId() {
return id;
}
/**
* @return bind secret ID
*/
public Boolean getBindSecretId() {
return bindSecretId;
}
public List<String> getBoundCidrList() {
return boundCidrList;
/**
* @return list of bound CIDR subnets of associated tokens
* @since 0.9
*/
public List<String> getTokenBoundCidrs() {
return tokenBoundCidrs;
}
@JsonSetter("bound_cidr_list")
public void setBoundCidrList(List<String> boundCidrList) {
this.boundCidrList = boundCidrList;
/**
* @param boundCidrList list of subnets in CIDR notation to bind role to
* @since 0.9
*/
@JsonSetter("token_bound_cidrs")
public void setBoundCidrs(final List<String> boundCidrList) {
this.tokenBoundCidrs = boundCidrList;
}
@JsonGetter("bound_cidr_list")
/**
* @return list of subnets in CIDR notation as comma-separated {@link String}
* @since 0.9
*/
@JsonGetter("token_bound_cidrs")
@JsonInclude(JsonInclude.Include.NON_EMPTY)
public String getBoundCidrListString() {
if (boundCidrList == null || boundCidrList.isEmpty())
public String getTokenBoundCidrsString() {
if (tokenBoundCidrs == null || tokenBoundCidrs.isEmpty()) {
return "";
return String.join(",", boundCidrList);
}
return String.join(",", tokenBoundCidrs);
}
public List<String> getPolicies() {
return policies;
/**
* @return list of bound CIDR subnets
* @since 0.8 replaces {@code getBoundCidrList()}
*/
public List<String> getSecretIdBoundCidrs() {
return secretIdBoundCidrs;
}
@JsonSetter("policies")
public void setPolicies(List<String> policies) {
this.policies = policies;
/**
* @param secretIdBoundCidrs List of subnets in CIDR notation to bind secrets of this role to.
* @since 0.8 replaces {@code setBoundCidrList(List)}
*/
@JsonSetter("secret_id_bound_cidrs")
public void setSecretIdBoundCidrs(final List<String> secretIdBoundCidrs) {
this.secretIdBoundCidrs = secretIdBoundCidrs;
}
@JsonGetter("policies")
/**
* @return List of subnets in CIDR notation as comma-separated {@link String}
* @since 0.8 replaces {@code getBoundCidrListString()} ()}
*/
@JsonGetter("secret_id_bound_cidrs")
@JsonInclude(JsonInclude.Include.NON_EMPTY)
public String getPoliciesString() {
if (policies == null || policies.isEmpty())
public String getSecretIdBoundCidrsString() {
if (secretIdBoundCidrs == null || secretIdBoundCidrs.isEmpty()) {
return "";
return String.join(",", policies);
}
return String.join(",", secretIdBoundCidrs);
}
/**
* @return list of token policies
* @since 0.9
*/
public List<String> getTokenPolicies() {
return tokenPolicies;
}
/**
* @param tokenPolicies list of token policies
* @since 0.9
*/
@JsonSetter("token_policies")
public void setTokenPolicies(final List<String> tokenPolicies) {
this.tokenPolicies = tokenPolicies;
}
/**
* @return list of policies as comma-separated {@link String}
* @since 0.9
*/
@JsonGetter("token_policies")
@JsonInclude(JsonInclude.Include.NON_EMPTY)
public String getTokenPoliciesString() {
if (tokenPolicies == null || tokenPolicies.isEmpty()) {
return "";
}
return String.join(",", tokenPolicies);
}
/**
* @return maximum number of uses per secret
*/
public Integer getSecretIdNumUses() {
return secretIdNumUses;
}
/**
* @return maximum TTL in seconds for secrets
*/
public Integer getSecretIdTtl() {
return secretIdTtl;
}
/**
* @return Enable local secret IDs?
* @since 0.9
*/
public Boolean getEnableLocalSecretIds() {
return enableLocalSecretIds;
}
/**
* @return token TTL in seconds
*/
public Integer getTokenTtl() {
return tokenTtl;
}
/**
* @return maximum token TTL in seconds, including renewals
*/
public Integer getTokenMaxTtl() {
return tokenMaxTtl;
}
public Integer getPeriod() {
return period;
/**
* @return explicit maximum token TTL in seconds, including renewals
* @since 0.9
*/
public Integer getTokenExplicitMaxTtl() {
return tokenExplicitMaxTtl;
}
/**
* @return enable default policy for token?
* @since 0.9
*/
public Boolean getTokenNoDefaultPolicy() {
return tokenNoDefaultPolicy;
}
/**
* @return number of uses for token
* @since 0.9
*/
public Integer getTokenNumUses() {
return tokenNumUses;
}
/**
* @return duration in seconds, if specified
* @since 0.9
*/
public Integer getTokenPeriod() {
return tokenPeriod;
}
/**
* @return duration in seconds, if specified
* @since 0.9
*/
public String getTokenType() {
return tokenType;
}
/**
* A builder for vault AppRole roles..
*
* @author Stefan Kalscheuer
* @since 0.4.0
* @since 0.9 Moved into subclass of {@link AppRole}.
*/
public static final class Builder {
private String name;
private String id;
private Boolean bindSecretId;
private List<String> secretIdBoundCidrs;
private List<String> tokenPolicies;
private Integer secretIdNumUses;
private Integer secretIdTtl;
private Boolean enableLocalSecretIds;
private Integer tokenTtl;
private Integer tokenMaxTtl;
private List<String> tokenBoundCidrs;
private Integer tokenExplicitMaxTtl;
private Boolean tokenNoDefaultPolicy;
private Integer tokenNumUses;
private Integer tokenPeriod;
private Token.Type tokenType;
/**
* Construct {@link Builder} with only the role name set.
*
* @param name Role name
*/
public Builder(final String name) {
this.name = name;
}
/**
* Add role name.
*
* @param name Role name
* @return self
*/
public Builder withName(final String name) {
this.name = name;
return this;
}
/**
* Add custom role ID. (optional)
*
* @param id the ID
* @return self
*/
public Builder withId(final String id) {
this.id = id;
return this;
}
/**
* Set if role is bound to secret ID.
*
* @param bindSecretId the display name
* @return self
*/
public Builder withBindSecretID(final Boolean bindSecretId) {
this.bindSecretId = bindSecretId;
return this;
}
/**
* Bind role to secret ID.
* Convenience method for {@link #withBindSecretID(Boolean)}
*
* @return self
*/
public Builder withBindSecretID() {
return withBindSecretID(true);
}
/**
* Do not bind role to secret ID.
* Convenience method for {@link #withBindSecretID(Boolean)}
*
* @return self
*/
public Builder withoutBindSecretID() {
return withBindSecretID(false);
}
/**
* Set bound CIDR blocks.
*
* @param secretIdBoundCidrs List of CIDR blocks which can perform login
* @return self
* @since 0.8 replaces {@code withBoundCidrList(List)}
*/
public Builder withSecretIdBoundCidrs(final List<String> secretIdBoundCidrs) {
if (this.secretIdBoundCidrs == null) {
this.secretIdBoundCidrs = new ArrayList<>();
}
this.secretIdBoundCidrs.addAll(secretIdBoundCidrs);
return this;
}
/**
* Add a CIDR block to list of bound blocks for secret.
*
* @param secretBoundCidr the CIDR block
* @return self
* @since 0.9
*/
public Builder withSecretBoundCidr(final String secretBoundCidr) {
if (secretIdBoundCidrs == null) {
secretIdBoundCidrs = new ArrayList<>();
}
secretIdBoundCidrs.add(secretBoundCidr);
return this;
}
/**
* Add given policies.
*
* @param tokenPolicies the token policies
* @return self
* @since 0.9
*/
public Builder withTokenPolicies(final List<String> tokenPolicies) {
if (this.tokenPolicies == null) {
this.tokenPolicies = new ArrayList<>();
}
this.tokenPolicies.addAll(tokenPolicies);
return this;
}
/**
* Add a single policy.
*
* @param tokenPolicy the token policy
* @return self
* @since 0.9
*/
public Builder withTokenPolicy(final String tokenPolicy) {
if (this.tokenPolicies == null) {
this.tokenPolicies = new ArrayList<>();
}
tokenPolicies.add(tokenPolicy);
return this;
}
/**
* Set number of uses for sectet IDs.
*
* @param secretIdNumUses the number of uses
* @return self
*/
public Builder withSecretIdNumUses(final Integer secretIdNumUses) {
this.secretIdNumUses = secretIdNumUses;
return this;
}
/**
* Set default sectet ID TTL in seconds.
*
* @param secretIdTtl the TTL
* @return self
*/
public Builder withSecretIdTtl(final Integer secretIdTtl) {
this.secretIdTtl = secretIdTtl;
return this;
}
/**
* Enable or disable local secret IDs.
*
* @param enableLocalSecretIds Enable local secret IDs?
* @return self
* @since 0.9
*/
public Builder withEnableLocalSecretIds(final Boolean enableLocalSecretIds) {
this.enableLocalSecretIds = enableLocalSecretIds;
return this;
}
/**
* Set default token TTL in seconds.
*
* @param tokenTtl the TTL
* @return self
*/
public Builder withTokenTtl(final Integer tokenTtl) {
this.tokenTtl = tokenTtl;
return this;
}
/**
* Set maximum token TTL in seconds.
*
* @param tokenMaxTtl the TTL
* @return self
*/
public Builder withTokenMaxTtl(final Integer tokenMaxTtl) {
this.tokenMaxTtl = tokenMaxTtl;
return this;
}
/**
* Set bound CIDR blocks for associated tokens.
*
* @param tokenBoundCidrs List of CIDR blocks which can perform login
* @return self
* @since 0.9
*/
public Builder withTokenBoundCidrs(final List<String> tokenBoundCidrs) {
if (this.tokenBoundCidrs == null) {
this.tokenBoundCidrs = new ArrayList<>();
}
this.tokenBoundCidrs.addAll(tokenBoundCidrs);
return this;
}
/**
* Add a CIDR block to list of bound blocks for token.
*
* @param tokenBoundCidr the CIDR block
* @return self
* @since 0.9
*/
public Builder withTokenBoundCidr(final String tokenBoundCidr) {
if (tokenBoundCidrs == null) {
tokenBoundCidrs = new ArrayList<>();
}
tokenBoundCidrs.add(tokenBoundCidr);
return this;
}
/**
* Set explicit maximum token TTL in seconds.
*
* @param tokenExplicitMaxTtl the TTL
* @return self
*/
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this;
}
/**
* Enable or disable default policy for generated token.
*
* @param tokenNoDefaultPolicy Enable default policy for token?
* @return self
* @since 0.9
*/
public Builder withTokenNoDefaultPolicy(final Boolean tokenNoDefaultPolicy) {
this.tokenNoDefaultPolicy = tokenNoDefaultPolicy;
return this;
}
/**
* Set number of uses for generated tokens.
*
* @param tokenNumUses number of uses for tokens
* @return self
* @since 0.9
*/
public Builder withTokenNumUses(final Integer tokenNumUses) {
this.tokenNumUses = tokenNumUses;
return this;
}
/**
* Set renewal period for generated token in seconds.
*
* @param tokenPeriod period in seconds
* @return self
* @since 0.9
*/
public Builder withTokenPeriod(final Integer tokenPeriod) {
this.tokenPeriod = tokenPeriod;
return this;
}
/**
* Set type of generated token.
*
* @param tokenType token type
* @return self
* @since 0.9
*/
public Builder withTokenType(final Token.Type tokenType) {
this.tokenType = tokenType;
return this;
}
/**
* Build the AppRole role based on given parameters.
*
* @return the role
*/
public AppRole build() {
return new AppRole(this);
}
}
}

209
src/main/java/de/stklcode/jvault/connector/model/AppRoleBuilder.java
View File

@ -1,209 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import java.util.ArrayList;
import java.util.List;
/**
* A builder for vault AppRole roles..
*
* @author Stefan Kalscheuer
* @since 0.4.0
*/
public class AppRoleBuilder {
private String name;
private String id;
private Boolean bindSecretId;
private List<String> boundCidrList;
private List<String> policies;
private Integer secretIdNumUses;
private Integer secretIdTtl;
private Integer tokenTtl;
private Integer tokenMaxTtl;
private Integer period;
public AppRoleBuilder(String name) {
this.name = name;
}
/**
* Add custom role ID (optional)
*
* @param id the ID
* @return self
*/
public AppRoleBuilder withId(final String id) {
this.id = id;
return this;
}
/**
* Set if role is bound to secret ID
*
* @param bindSecretId the display name
* @return self
*/
public AppRoleBuilder withBindSecretID(final Boolean bindSecretId) {
this.bindSecretId = bindSecretId;
return this;
}
/**
* Bind role to secret ID.
* Convenience method for {@link #withBindSecretID(Boolean)}
*
* @return self
*/
public AppRoleBuilder withBindSecretID() {
return withBindSecretID(true);
}
/**
* Do not bind role to secret ID.
* Convenience method for {@link #withBindSecretID(Boolean)}
*
* @return self
*/
public AppRoleBuilder withoutBindSecretID() {
return withBindSecretID(false);
}
/**
* Set bound CIDR blocks.
*
* @param boundCidrList List of CIDR blocks which can perform login
* @return self
*/
public AppRoleBuilder withBoundCidrList(final List<String> boundCidrList) {
this.boundCidrList = boundCidrList;
return this;
}
/**
* Add a CIDR block to list of bound blocks.
*
* @param cidrBlock the CIDR block
* @return self
*/
public AppRoleBuilder withCidrBlock(final String cidrBlock) {
if (boundCidrList == null)
boundCidrList = new ArrayList<>();
boundCidrList.add(cidrBlock);
return this;
}
/**
* Add given policies
*
* @param policies the policies
* @return self
*/
public AppRoleBuilder withPolicies(final List<String> policies) {
if (this.policies == null)
this.policies = new ArrayList<>();
this.policies.addAll(policies);
return this;
}
/**
* Add a single policy.
*
* @param policy the policy
* @return self
*/
public AppRoleBuilder withPolicy(final String policy) {
if (this.policies == null)
this.policies = new ArrayList<>();
policies.add(policy);
return this;
}
/**
* Set number of uses for sectet IDs.
*
* @param secredIdNumUses the number of uses
* @return self
*/
public AppRoleBuilder withSecretIdNumUses(final Integer secredIdNumUses) {
this.secretIdNumUses = secredIdNumUses;
return this;
}
/**
* Set default sectet ID TTL in seconds.
*
* @param secredIdTtl the TTL
* @return self
*/
public AppRoleBuilder withSecretIdTtl(final Integer secredIdTtl) {
this.secretIdTtl = secredIdTtl;
return this;
}
/**
* Set default token TTL in seconds.
*
* @param tokenTtl the TTL
* @return self
*/
public AppRoleBuilder withTokenTtl(final Integer tokenTtl) {
this.tokenTtl = tokenTtl;
return this;
}
/**
* Set maximum token TTL in seconds.
*
* @param tokenMaxTtl the TTL
* @return self
*/
public AppRoleBuilder withTokenMaxTtl(final Integer tokenMaxTtl) {
this.tokenMaxTtl = tokenMaxTtl;
return this;
}
/**
* Set renewal period for generated token in seconds.
*
* @param period period in seconds
* @return self
*/
public AppRoleBuilder withPeriod(final Integer period) {
this.period = period;
return this;
}
/**
* Build the AppRole role based on given parameters.
*
* @return the role
*/
public AppRole build() {
return new AppRole(name,
id,
bindSecretId,
boundCidrList,
policies,
secretIdNumUses,
secretIdTtl,
tokenTtl,
tokenMaxTtl,
period);
}
}

63
src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -18,7 +18,6 @@ package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.annotation.*;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
@ -29,7 +28,7 @@ import java.util.Map;
* @since 0.4.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AppRoleSecret {
public final class AppRoleSecret {
@JsonProperty("secret_id")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String id;
@ -58,64 +57,112 @@ public class AppRoleSecret {
@JsonProperty(value = "secret_id_ttl", access = JsonProperty.Access.WRITE_ONLY)
private Integer ttl;
/**
* Construct empty {@link AppRoleSecret} object.
*/
public AppRoleSecret() {
}
public AppRoleSecret(String id) {
/**
* Construct {@link AppRoleSecret} with secret ID.
*
* @param id Secret ID
*/
public AppRoleSecret(final String id) {
this.id = id;
}
public AppRoleSecret(String id, Map<String, Object> metadata, List<String> cidrList) {
/**
* Construct {@link AppRoleSecret} with ID and metadata.
*
* @param id Secret ID
* @param metadata Secret metadata
* @param cidrList List of subnets in CIDR notation, the role is bound to
*/
public AppRoleSecret(final String id, final Map<String, Object> metadata, final List<String> cidrList) {
this.id = id;
this.metadata = metadata;
this.cidrList = cidrList;
}
/**
* @return Secret ID
*/
public String getId() {
return id;
}
/**
* @return Secret accessor
*/
public String getAccessor() {
return accessor;
}
/**
* @return Secret metadata
*/
public Map<String, Object> getMetadata() {
return metadata;
}
/**
* @return List of bound subnets in CIDR notation
*/
public List<String> getCidrList() {
return cidrList;
}
/**
* @param cidrList List of subnets in CIDR notation
*/
@JsonSetter("cidr_list")
public void setCidrList(List<String> cidrList) {
public void setCidrList(final List<String> cidrList) {
this.cidrList = cidrList;
}
/**
* @return List of bound subnets in CIDR notation as comma-separated {@link String}
*/
@JsonGetter("cidr_list")
public String getCidrListString() {
if (cidrList == null || cidrList.isEmpty())
if (cidrList == null || cidrList.isEmpty()) {
return "";
}
return String.join(",", cidrList);
}
/**
* @return Creation time
*/
public String getCreationTime() {
return creationTime;
}
/**
* @return Expiration time
*/
public String getExpirationTime() {
return expirationTime;
}
/**
* @return Time of last update
*/
public String getLastUpdatedTime() {
return lastUpdatedTime;
}
/**
* @return Number of uses
*/
public Integer getNumUses() {
return numUses;
}
/**
* @return Time-to-live
*/
public Integer getTtl() {
return ttl;
}

28
src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,26 +19,40 @@ package de.stklcode.jvault.connector.model;
/**
* Currently supported authentication backends.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public enum AuthBackend {
TOKEN("token"),
APPID("app-id"),
APPROLE("approle"),
USERPASS("userpass"),
GITHUB("github"), // Not supported yet.
UNKNOWN("");
private final String type;
AuthBackend(String type) {
/**
* Construct {@link AuthBackend} of given type.
*
* @param type Backend type
*/
AuthBackend(final String type) {
this.type = type;
}
public static AuthBackend forType(String type) {
for (AuthBackend v : values())
if (v.type.equalsIgnoreCase(type))
/**
* Retrieve {@link AuthBackend} value for given type string.
*
* @param type Type string
* @return Auth backend value
*/
public static AuthBackend forType(final String type) {
for (AuthBackend v : values()) {
if (v.type.equalsIgnoreCase(type)) {
return v;
}
}
return UNKNOWN;
}
}

432
src/main/java/de/stklcode/jvault/connector/model/Token.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,8 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.List;
import java.util.Map;
import java.util.*;
/**
* Vault Token metamodel.
@ -30,11 +29,25 @@ import java.util.Map;
* @since 0.4.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class Token {
public final class Token {
/**
* Get {@link Builder} instance.
*
* @return Token Builder.
* @since 0.8
*/
public static Builder builder() {
return new Builder();
}
@JsonProperty("id")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String id;
@JsonProperty("type")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String type;
@JsonProperty("display_name")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String displayName;
@ -51,6 +64,10 @@ public class Token {
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer ttl;
@JsonProperty("explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer explicitMaxTtl;
@JsonProperty("num_uses")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer numUses;
@ -67,51 +84,438 @@ public class Token {
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean renewable;
public Token(String id, String displayName, Boolean noParent, Boolean noDefaultPolicy, Integer ttl, Integer numUses, List<String> policies, Map<String, String> meta, Boolean renewable) {
this.id = id;
this.displayName = displayName;
this.ttl = ttl;
this.numUses = numUses;
this.noParent = noParent;
this.noDefaultPolicy = noDefaultPolicy;
this.policies = policies;
this.meta = meta;
this.renewable = renewable;
@JsonProperty("period")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer period;
@JsonProperty("entity_alias")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String entityAlias;
/**
* Construct empty {@link Token} object.
*/
public Token() {
}
/**
* Construct {@link Token} object from {@link Builder}.
*
* @param builder Token builder.
*/
public Token(final Builder builder) {
this.id = builder.id;
this.type = builder.type != null ? builder.type.value() : null;
this.displayName = builder.displayName;
this.noParent = builder.noParent;
this.noDefaultPolicy = builder.noDefaultPolicy;
this.ttl = builder.ttl;
this.explicitMaxTtl = builder.explicitMaxTtl;
this.numUses = builder.numUses;
this.policies = builder.policies;
this.meta = builder.meta;
this.renewable = builder.renewable;
this.period = builder.period;
this.entityAlias = builder.entityAlias;
}
/**
* @return Token ID
*/
public String getId() {
return id;
}
/**
* @return Token type
* @since 0.9
*/
public String getType() {
return type;
}
/**
* @return Token display name
*/
public String getDisplayName() {
return displayName;
}
/**
* @return Token has no parent
*/
public Boolean getNoParent() {
return noParent;
}
/**
* @return Token has no default policy
*/
public Boolean getNoDefaultPolicy() {
return noDefaultPolicy;
}
/**
* @return Time-to-live in seconds
*/
public Integer getTtl() {
return ttl;
}
/**
* @return Explicit maximum time-to-live in seconds
* @since 0.9
*/
public Integer getExplicitMaxTtl() {
return explicitMaxTtl;
}
/**
* @return Number of uses
*/
public Integer getNumUses() {
return numUses;
}
/**
* @return List of policies
*/
public List<String> getPolicies() {
return policies;
}
/**
* @return Metadata
*/
public Map<String, String> getMeta() {
return meta;
}
/**
* @return Token is renewable
*/
public Boolean isRenewable() {
return renewable;
}
/**
* @return Token period.
* @since 0.9
*/
public Integer getPeriod() {
return period;
}
/**
* @return Token entity alias.
* @since 0.9
*/
public String getEntityAlias() {
return entityAlias;
}
/**
* Constants for token types.
*/
public enum Type {
DEFAULT("default"),
BATCH("batch"),
SERVICE("service"),
DEFAULT_SERVICE("default-service"),
DEFAULT_BATCH("default-batch");
private final String value;
Type(String value) {
this.value = value;
}
public String value() {
return value;
}
}
/**
* A builder for vault tokens.
*
* @author Stefan Kalscheuer
* @since 0.4.0
* @since 0.9 Moved into subclass of {@link Token}.
*/
public static final class Builder {
private String id;
private Type type;
private String displayName;
private Boolean noParent;
private Boolean noDefaultPolicy;
private Integer ttl;
private Integer explicitMaxTtl;
private Integer numUses;
private List<String> policies;
private Map<String, String> meta;
private Boolean renewable;
private Integer period;
private String entityAlias;
/**
* Add token ID. (optional)
*
* @param id the ID
* @return self
*/
public Builder withId(final String id) {
this.id = id;
return this;
}
/**
* Specify token type.
*
* @param type the type
* @return self
* @since 0.9
*/
public Builder withType(final Token.Type type) {
this.type = type;
return this;
}
/**
* Add display name.
*
* @param displayName the display name
* @return self
*/
public Builder withDisplayName(final String displayName) {
this.displayName = displayName;
return this;
}
/**
* Set desired time to live.
*
* @param ttl the ttl
* @return self
*/
public Builder withTtl(final Integer ttl) {
this.ttl = ttl;
return this;
}
/**
* Set desired explicit maximum time to live.
*
* @param explicitMaxTtl the explicit max. TTL
* @return self
*/
public Builder withExplicitMaxTtl(final Integer explicitMaxTtl) {
this.explicitMaxTtl = explicitMaxTtl;
return this;
}
/**
* Set desired number of uses.
*
* @param numUses the number of uses
* @return self
*/
public Builder withNumUses(final Integer numUses) {
this.numUses = numUses;
return this;
}
/**
* Set TRUE if the token should be created without parent.
*
* @param noParent if TRUE, token is created as orphan
* @return self
*/
public Builder withNoParent(final boolean noParent) {
this.noParent = noParent;
return this;
}
/**
* Create token without parent.
* Convenience method for withNoParent()
*
* @return self
*/
public Builder asOrphan() {
return withNoParent(true);
}
/**
* Create token with parent.
* Convenience method for withNoParent()
*
* @return self
*/
public Builder withParent() {
return withNoParent(false);
}
/**
* Set TRUE if the default policy should not be part of this token.
*
* @param noDefaultPolicy if TRUE, default policy is not attached
* @return self
*/
public Builder withNoDefaultPolicy(final boolean noDefaultPolicy) {
this.noDefaultPolicy = noDefaultPolicy;
return this;
}
/**
* Attach default policy to token.
* Convenience method for withNoDefaultPolicy()
*
* @return self
*/
public Builder withDefaultPolicy() {
return withNoDefaultPolicy(false);
}
/**
* Do not attach default policy to token.
* Convenience method for withNoDefaultPolicy()
*
* @return self
*/
public Builder withoutDefaultPolicy() {
return withNoDefaultPolicy(true);
}
/**
* Add given policies.
*
* @param policies the policies
* @return self
* @since 0.5.0
*/
public Builder withPolicies(final String... policies) {
return withPolicies(Arrays.asList(policies));
}
/**
* Add given policies.
*
* @param policies the policies
* @return self
*/
public Builder withPolicies(final List<String> policies) {
if (this.policies == null) {
this.policies = new ArrayList<>();
}
this.policies.addAll(policies);
return this;
}
/**
* Add a single policy.
*
* @param policy the policy
* @return self
*/
public Builder withPolicy(final String policy) {
if (this.policies == null) {
this.policies = new ArrayList<>();
}
policies.add(policy);
return this;
}
/**
* Add meta data.
*
* @param meta the metadata
* @return self
*/
public Builder withMeta(final Map<String, String> meta) {
if (this.meta == null) {
this.meta = new HashMap<>();
}
this.meta.putAll(meta);
return this;
}
/**
* Add meta data.
*
* @param key the key
* @param value the value
* @return self
*/
public Builder withMeta(final String key, final String value) {
if (this.meta == null) {
this.meta = new HashMap<>();
}
this.meta.put(key, value);
return this;
}
/**
* Set if token is renewable.
*
* @param renewable TRUE, if renewable
* @return self
*/
public Builder withRenewable(final Boolean renewable) {
this.renewable = renewable;
return this;
}
/**
* Set token to be renewable.
* Convenience method for withRenewable()
*
* @return self
*/
public Builder renewable() {
return withRenewable(true);
}
/**
* Set token to be not renewable.
* Convenience method for withRenewable()
*
* @return self
*/
public Builder notRenewable() {
return withRenewable(false);
}
/**
* Set token period (former lease time).
*
* @param period Period in seconds.
* @return self
*/
public Builder withPeriod(final Integer period) {
this.period = period;
return this;
}
/**
* Set entity alias for token.
* Only works in combination with an associated token role.
*
* @param entityAlias Entity alias.
* @return self
*/
public Builder withEntityAlias(final String entityAlias) {
this.entityAlias = entityAlias;
return this;
}
/**
* Build the token based on given parameters.
*
* @return the token
*/
public Token build() {
return new Token(this);
}
}
}

255
src/main/java/de/stklcode/jvault/connector/model/TokenBuilder.java
View File

@ -1,255 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.*;
/**
* A builder for vault tokens.
*
* @author Stefan Kalscheuer
* @since 0.4.0
*/
public class TokenBuilder {
private String id;
private String displayName;
private Boolean noParent;
private Boolean noDefaultPolicy;
private Integer ttl;
private Integer numUses;
private List<String> policies;
private Map<String, String> meta;
private Boolean renewable;
/**
* Add token ID (optional)
*
* @param id the ID
* @return self
*/
public TokenBuilder withId(final String id) {
this.id = id;
return this;
}
/**
* Add display name
*
* @param displayName the display name
* @return self
*/
public TokenBuilder withDisplayName(final String displayName) {
this.displayName = displayName;
return this;
}
/**
* Set desired time to live.
* @param ttl the ttl
* @return self
*/
public TokenBuilder withTtl(final Integer ttl) {
this.ttl = ttl;
return this;
}
/**
* Set desired number of uses.
* @param numUses the number of uses
* @return self
*/
public TokenBuilder withNumUses(final Integer numUses) {
this.numUses = numUses;
return this;
}
/**
* Set TRUE if the token should be created without parent
*
* @param noParent if TRUE, token is created as orphan
* @return self
*/
public TokenBuilder withNoParent(final boolean noParent) {
this.noParent = noParent;
return this;
}
/**
* Create token without parent.
* Convenience method for withNoParent()
*
* @return self
*/
public TokenBuilder asOrphan() {
return withNoParent(true);
}
/**
* Create token with parent.
* Convenience method for withNoParent()
*
* @return self
*/
public TokenBuilder withParent() {
return withNoParent(false);
}
/**
* Set TRUE if the default policy should not be part of this token.
*
* @param noDefaultPolicy if TRUE, default policy is not attached
* @return self
*/
public TokenBuilder withNoDefaultPolicy(final boolean noDefaultPolicy) {
this.noDefaultPolicy = noDefaultPolicy;
return this;
}
/**
* Attach default policy to token.
* Convenience method for withNoDefaultPolicy()
*
* @return self
*/
public TokenBuilder withDefaultPolicy() {
return withNoDefaultPolicy(false);
}
/**
* Do not attach default policy to token.
* Convenience method for withNoDefaultPolicy()
*
* @return self
*/
public TokenBuilder withoutDefaultPolicy() {
return withNoDefaultPolicy(true);
}
/**
* Add given policies
*
* @param policies the policies
* @return self
* @since 0.5.0
*/
public TokenBuilder withPolicies(final String... policies) {
return withPolicies(Arrays.asList(policies));
}
/**
* Add given policies
*
* @param policies the policies
* @return self
*/
public TokenBuilder withPolicies(final List<String> policies) {
if (this.policies == null)
this.policies = new ArrayList<>();
this.policies.addAll(policies);
return this;
}
/**
* Add a single policy.
*
* @param policy the policy
* @return self
*/
public TokenBuilder withPolicy(final String policy) {
if (this.policies == null)
this.policies = new ArrayList<>();
policies.add(policy);
return this;
}
/**
* Add meta data.
*
* @param meta the metadata
* @return self
*/
public TokenBuilder withMeta(final Map<String, String> meta) {
if (this.meta == null)
this.meta = new HashMap<>();
this.meta.putAll(meta);
return this;
}
/**
* Add meta data.
*
* @param key the key
* @param value the value
* @return self
*/
public TokenBuilder withMeta(final String key, final String value) {
if (this.meta == null)
this.meta = new HashMap<>();
this.meta.put(key, value);
return this;
}
/**
* Set if token is renewable.
*
* @param renewable TRUE, if renewable
* @return self
*/
public TokenBuilder withRenewable(final Boolean renewable) {
this.renewable = renewable;
return this;
}
/**
* Set token to be renewable.
* Convenience method for withRenewable()
*
* @return self
*/
public TokenBuilder renewable() {
return withRenewable(true);
}
/**
* Set token to be not renewable.
* Convenience method for withRenewable()
*
* @return self
*/
public TokenBuilder notRenewable() {
return withRenewable(false);
}
/**
* Build the token based on given parameters.
*
* @return the token
*/
public Token build() {
return new Token(id,
displayName,
noParent,
noDefaultPolicy,
ttl,
numUses,
policies,
meta,
renewable);
}
}

465
src/main/java/de/stklcode/jvault/connector/model/TokenRole.java Normal file
View File

@ -0,0 +1,465 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.ArrayList;
import java.util.List;
/**
* Vault Token Role metamodel.
*
* @author Stefan Kalscheuer
* @since 0.9
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public final class TokenRole {
/**
* Get {@link Builder} instance.
*
* @return Token Role Builder.
*/
public static Builder builder() {
return new Builder();
}
@JsonProperty("name")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String name;
@JsonProperty("allowed_policies")
@JsonInclude(JsonInclude.Include.NON_NULL)
private List<String> allowedPolicies;
@JsonProperty("disallowed_policies")
@JsonInclude(JsonInclude.Include.NON_NULL)
private List<String> disallowedPolicies;
@JsonProperty("orphan")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean orphan;
@JsonProperty("renewable")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean renewable;
@JsonProperty("path_suffix")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String pathSuffix;
@JsonProperty("allowed_entity_aliases")
@JsonInclude(JsonInclude.Include.NON_NULL)
private List<String> allowedEntityAliases;
@JsonProperty("token_bound_cidrs")
@JsonInclude(JsonInclude.Include.NON_NULL)
private List<String> tokenBoundCidrs;
@JsonProperty("token_explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenExplicitMaxTtl;
@JsonProperty("token_no_default_policy")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Boolean tokenNoDefaultPolicy;
@JsonProperty("token_num_uses")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenNumUses;
@JsonProperty("token_period")
@JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenPeriod;
@JsonProperty("token_type")
@JsonInclude(JsonInclude.Include.NON_NULL)
private String tokenType;
/**
* Construct empty {@link TokenRole} object.
*/
public TokenRole() {
}
public TokenRole(final Builder builder) {
this.name = builder.name;
this.allowedPolicies = builder.allowedPolicies;
this.disallowedPolicies = builder.disallowedPolicies;
this.orphan = builder.orphan;
this.renewable = builder.renewable;
this.pathSuffix = builder.pathSuffix;
this.allowedEntityAliases = builder.allowedEntityAliases;
this.tokenBoundCidrs = builder.tokenBoundCidrs;
this.tokenExplicitMaxTtl = builder.tokenExplicitMaxTtl;
this.tokenNoDefaultPolicy = builder.tokenNoDefaultPolicy;
this.tokenNumUses = builder.tokenNumUses;
this.tokenPeriod = builder.tokenPeriod;
this.tokenType = builder.tokenType != null ? builder.tokenType.value() : null;
}
/**
* @return Token Role name
*/
public String getName() {
return name;
}
/**
* @return List of allowed policies
*/
public List<String> getAllowedPolicies() {
return allowedPolicies;
}
/**
* @return List of disallowed policies
*/
public List<String> getDisallowedPolicies() {
return disallowedPolicies;
}
/**
* @return Is Token Role orphan?
*/
public Boolean getOrphan() {
return orphan;
}
/**
* @return Is Token Role renewable?
*/
public Boolean getRenewable() {
return renewable;
}
/**
* @return Path suffix
*/
public String getPathSuffix() {
return pathSuffix;
}
/**
* @return List of allowed entity aliases
*/
public List<String> getAllowedEntityAliases() {
return allowedEntityAliases;
}
/**
* @return Token bound CIDR blocks
*/
public List<String> getTokenBoundCidrs() {
return tokenBoundCidrs;
}
/**
* @return Token explicit maximum TTL
*/
public Integer getTokenExplicitMaxTtl() {
return tokenExplicitMaxTtl;
}
/**
* @return Token without default policy?
*/
public Boolean getTokenNoDefaultPolicy() {
return tokenNoDefaultPolicy;
}
/**
* @return Token number of uses
*/
public Integer getTokenNumUses() {
return tokenNumUses;
}
/**
* @return Token period
*/
public Integer getTokenPeriod() {
return tokenPeriod;
}
/**
* @return Token type
*/
public String getTokenType() {
return tokenType;
}
/**
* A builder for vault token roles.
*
* @author Stefan Kalscheuer
* @since 0.9
*/
public static final class Builder {
private String name;
private List<String> allowedPolicies;
private List<String> disallowedPolicies;
private Boolean orphan;
private Boolean renewable;
private String pathSuffix;
private List<String> allowedEntityAliases;
private List<String> tokenBoundCidrs;
private Integer tokenExplicitMaxTtl;
private Boolean tokenNoDefaultPolicy;
private Integer tokenNumUses;
private Integer tokenPeriod;
private Token.Type tokenType;
/**
* Add token role name.
*
* @param name role name
* @return self
*/
public Builder forName(final String name) {
this.name = name;
return this;
}
/**
* Add an allowed policy.
*
* @param allowedPolicy allowed policy to add
* @return self
*/
public Builder withAllowedPolicy(final String allowedPolicy) {
if (allowedPolicy != null) {
if (this.allowedPolicies == null) {
this.allowedPolicies = new ArrayList<>();
}
this.allowedPolicies.add(allowedPolicy);
}
return this;
}
/**
* Add allowed policies.
*
* @param allowedPolicies list of allowed policies
* @return self
*/
public Builder withAllowedPolicies(final List<String> allowedPolicies) {
if (allowedPolicies != null) {
if (this.allowedPolicies == null) {
this.allowedPolicies = new ArrayList<>();
}
this.allowedPolicies.addAll(allowedPolicies);
}
return this;
}
/**
* Add a disallowed policy.
*
* @param disallowedPolicy disallowed policy to add
* @return self
*/
public Builder withDisallowedPolicy(final String disallowedPolicy) {
if (disallowedPolicy != null) {
if (this.disallowedPolicies == null) {
this.disallowedPolicies = new ArrayList<>();
}
this.disallowedPolicies.add(disallowedPolicy);
}
return this;
}
/**
* Add disallowed policies.
*
* @param disallowedPolicies list of disallowed policies
* @return self
*/
public Builder withDisallowedPolicies(final List<String> disallowedPolicies) {
if (disallowedPolicies != null) {
if (this.disallowedPolicies == null) {
this.disallowedPolicies = new ArrayList<>();
}
this.disallowedPolicies.addAll(disallowedPolicies);
}
return this;
}
/**
* Set TRUE if the token role should be created orphan.
*
* @param orphan if TRUE, token role is created as orphan
* @return self
*/
public Builder orphan(final Boolean orphan) {
this.orphan = orphan;
return this;
}
/**
* Set TRUE if the token role should be created renewable.
*
* @param renewable if TRUE, token role is created renewable
* @return self
*/
public Builder renewable(final Boolean renewable) {
this.renewable = renewable;
return this;
}
/**
* Set token role path suffix.
*
* @param pathSuffix path suffix to use
* @return self
*/
public Builder withPathSuffix(final String pathSuffix) {
this.pathSuffix = pathSuffix;
return this;
}
/**
* Add an allowed entity alias.
*
* @param allowedEntityAlias allowed entity alias to add
* @return self
*/
public Builder withAllowedEntityAlias(final String allowedEntityAlias) {
if (allowedEntityAlias != null) {
if (this.allowedEntityAliases == null) {
this.allowedEntityAliases = new ArrayList<>();
}
this.allowedEntityAliases.add(allowedEntityAlias);
}
return this;
}
/**
* Add allowed entity aliases.
*
* @param allowedEntityAliases list of allowed entity aliases to add
* @return self
*/
public Builder withAllowedEntityAliases(final List<String> allowedEntityAliases) {
if (allowedEntityAliases != null) {
if (this.allowedEntityAliases == null) {
this.allowedEntityAliases = new ArrayList<>();
}
this.allowedEntityAliases.addAll(allowedEntityAliases);
}
return this;
}
/**
* Add a single bound CIDR.
*
* @param tokenBoundCidr bound CIDR to add
* @return self
*/
public Builder withTokenBoundCidr(final String tokenBoundCidr) {
if (tokenBoundCidr != null) {
if (this.tokenBoundCidrs == null) {
this.tokenBoundCidrs = new ArrayList<>();
}
this.tokenBoundCidrs.add(tokenBoundCidr);
}
return this;
}
/**
* Add a list of bound CIDRs.
*
* @param tokenBoundCidrs list of bound CIDRs to add
* @return self
*/
public Builder withTokenBoundCidrs(final List<String> tokenBoundCidrs) {
if (tokenBoundCidrs != null) {
if (this.tokenBoundCidrs == null) {
this.tokenBoundCidrs = new ArrayList<>();
}
this.tokenBoundCidrs.addAll(tokenBoundCidrs);
}
return this;
}
/**
* Set explicit max. TTL for token.
*
* @param tokenExplicitMaxTtl explicit maximum TTL
* @return self
*/
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this;
}
/**
* Set TRUE if the token role should be created renewable.
*
* @param tokenNoDefaultPolicy if TRUE, token is created without default policy.
* @return self
*/
public Builder withTokenNoDefaultPolicy(final Boolean tokenNoDefaultPolicy) {
this.tokenNoDefaultPolicy = tokenNoDefaultPolicy;
return this;
}
/**
* Set number of uses for tokens.
*
* @param tokenNumUses number of uses for associated tokens.
* @return self
*/
public Builder withTokenNumUses(final Integer tokenNumUses) {
this.tokenNumUses = tokenNumUses;
return this;
}
/**
* Set token period.
*
* @param tokenPeriod token period
* @return self
*/
public Builder withTokenPeriod(final Integer tokenPeriod) {
this.tokenPeriod = tokenPeriod;
return this;
}
/**
* Set token type.
*
* @param tokenType token type
* @return self
*/
public Builder withTokenType(final Token.Type tokenType) {
this.tokenType = tokenType;
return this;
}
/**
* Build the token based on given parameters.
*
* @return the token
*/
public TokenRole build() {
return new TokenRole(this);
}
}
}

20
src/main/java/de/stklcode/jvault/connector/model/package-info.java Normal file
View File

@ -0,0 +1,20 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Model classes for communication with the Vault API.
*/
package de.stklcode.jvault.connector.model;

29
src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,33 +24,38 @@ import de.stklcode.jvault.connector.model.AppRole;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
/**
* Vault response for AppRole lookup.
*
* @author Stefan Kalscheuer
* @since 0.4.0
* @author Stefan Kalscheuer
* @since 0.4.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AppRoleResponse extends VaultDataResponse {
public final class AppRoleResponse extends VaultDataResponse {
private AppRole role;
@Override
public void setData(Map<String, Object> data) throws InvalidResponseException {
ObjectMapper mapper = new ObjectMapper();
public void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
/* null empty strings on list objects */
Map<String, Object> filteredData = new HashMap<>();
data.forEach((k,v) -> { if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k,v); });
Map<String, Object> filteredData = new HashMap<>(data.size(), 1);
data.forEach((k, v) -> {
if (!(v instanceof String && ((String) v).isEmpty())) {
filteredData.put(k, v);
}
});
this.role = mapper.readValue(mapper.writeValueAsString(filteredData), AppRole.class);
} catch (IOException e) {
e.printStackTrace();
throw new InvalidResponseException();
throw new InvalidResponseException("Failed deserializing response", e);
}
}
/**
* @return The role
*/
public AppRole getRole() {
return role;
}
}
}

29
src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,7 +19,6 @@ package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.AppRole;
import de.stklcode.jvault.connector.model.AppRoleSecret;
import java.io.IOException;
@ -29,28 +28,34 @@ import java.util.Map;
/**
* Vault response for AppRole lookup.
*
* @author Stefan Kalscheuer
* @since 0.4.0
* @author Stefan Kalscheuer
* @since 0.4.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AppRoleSecretResponse extends VaultDataResponse {
public final class AppRoleSecretResponse extends VaultDataResponse {
private AppRoleSecret secret;
@Override
public void setData(Map<String, Object> data) throws InvalidResponseException {
ObjectMapper mapper = new ObjectMapper();
public void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
/* null empty strings on list objects */
Map<String, Object> filteredData = new HashMap<>();
data.forEach((k,v) -> { if (!(v instanceof String && ((String) v).isEmpty())) filteredData.put(k,v); });
Map<String, Object> filteredData = new HashMap<>(data.size(), 1);
data.forEach((k, v) -> {
if (!(v instanceof String && ((String) v).isEmpty())) {
filteredData.put(k, v);
}
});
this.secret = mapper.readValue(mapper.writeValueAsString(filteredData), AppRoleSecret.class);
} catch (IOException e) {
e.printStackTrace();
throw new InvalidResponseException();
throw new InvalidResponseException("Failed deserializing response", e);
}
}
/**
* @return The secret
*/
public AppRoleSecret getSecret() {
return secret;
}
}
}

23
src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -28,29 +28,36 @@ import java.util.Map;
/**
* Authentication method response.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AuthMethodsResponse extends VaultDataResponse {
public final class AuthMethodsResponse extends VaultDataResponse {
private Map<String, AuthMethod> supportedMethods;
/**
* Construct empty {@link AuthMethodsResponse} object.
*/
public AuthMethodsResponse() {
this.supportedMethods = new HashMap<>();
}
@Override
public void setData(Map<String, Object> data) throws InvalidResponseException {
ObjectMapper mapper = new ObjectMapper();
for (String path : data.keySet()) {
public void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
for (Map.Entry<String, Object> entry : data.entrySet()) {
try {
this.supportedMethods.put(path, mapper.readValue(mapper.writeValueAsString(data.get(path)), AuthMethod.class));
this.supportedMethods.put(entry.getKey(),
mapper.readValue(mapper.writeValueAsString(entry.getValue()), AuthMethod.class));
} catch (IOException e) {
throw new InvalidResponseException();
}
}
}
/**
* @return Supported authentication methods
*/
public Map<String, AuthMethod> getSupportedMethods() {
return supportedMethods;
}

29
src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -28,35 +28,46 @@ import java.util.Map;
/**
* Vault response for authentication providing auth info in {@link AuthData} field.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AuthResponse extends VaultDataResponse {
public final class AuthResponse extends VaultDataResponse {
private Map<String, Object> data;
private AuthData auth;
/**
* Set authentication data. The input will be mapped to the {@link AuthData} model.
*
* @param auth Raw authentication data
* @throws InvalidResponseException on mapping errors
*/
@JsonProperty("auth")
public void setAuth(Map<String, Object> auth) throws InvalidResponseException {
ObjectMapper mapper = new ObjectMapper();
public void setAuth(final Map<String, Object> auth) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
this.auth = mapper.readValue(mapper.writeValueAsString(auth), AuthData.class);
} catch (IOException e) {
e.printStackTrace();
throw new InvalidResponseException();
throw new InvalidResponseException("Failed deserializing response", e);
}
}
@Override
public void setData(Map<String, Object> data) {
public void setData(final Map<String, Object> data) {
this.data = data;
}
/**
* @return Raw data
*/
public Map<String, Object> getData() {
return data;
}
/**
* @return Authentication data
*/
public AuthData getAuth() {
return auth;
}

33
src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -17,32 +17,35 @@
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.TokenData;
import java.io.IOException;
import java.util.Map;
/**
* Vault response from credentials lookup. Simple wrapper for data objects containing username and password fields.
*
* @author Stefan Kalscheuer
* @since 0.5.0
* @author Stefan Kalscheuer
* @since 0.5.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class CredentialsResponse extends SecretResponse {
public final class CredentialsResponse extends SecretResponse {
/**
* @return Username
*/
public String getUsername() {
if (get("username") != null)
return get("username").toString();
Object username = get("username");
if (username != null) {
return username.toString();
}
return null;
}
/**
* @return Password
*/
public String getPassword() {
if (get("username") != null)
return get("username").toString();
Object password = get("password");
if (password != null) {
return password.toString();
}
return null;
}
}

24
src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,15 +24,27 @@ import java.util.List;
/**
* Vault response in case of errors.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class ErrorResponse implements VaultResponse {
public final class ErrorResponse implements VaultResponse {
@JsonProperty("errors")
private List<String> errors;
public List<String > getErrors() {
/**
* @return List of errors
*/
public List<String> getErrors() {
return errors;
}
}
@Override
public String toString() {
if (errors == null || errors.isEmpty()) {
return "error response";
} else {
return errors.get(0);
}
}
}

132
src/main/java/de/stklcode/jvault/connector/model/response/HealthResponse.java Normal file
View File

@ -0,0 +1,132 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
/**
* Vault response for health query.
*
* @author Stefan Kalscheuer
* @since 0.7.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public final class HealthResponse implements VaultResponse {
@JsonProperty("cluster_id")
private String clusterID;
@JsonProperty("cluster_name")
private String clusterName;
@JsonProperty("version")
private String version;
@JsonProperty("server_time_utc")
private Long serverTimeUTC;
@JsonProperty("standby")
private Boolean standby;
@JsonProperty("sealed")
private Boolean sealed;
@JsonProperty("initialized")
private Boolean initialized;
@JsonProperty("replication_perf_mode")
private String replicationPerfMode;
@JsonProperty("replication_dr_mode")
private String replicationDrMode;
@JsonProperty("performance_standby")
private Boolean performanceStandby;
/**
* @return The Cluster ID.
*/
public String getClusterID() {
return clusterID;
}
/**
* @return The Cluster name.
*/
public String getClusterName() {
return clusterName;
}
/**
* @return Vault version.
*/
public String getVersion() {
return version;
}
/**
* @return Server time UTC (timestamp).
*/
public Long getServerTimeUTC() {
return serverTimeUTC;
}
/**
* @return Server standby status.
*/
public Boolean isStandby() {
return standby;
}
/**
* @return Server seal status.
*/
public Boolean isSealed() {
return sealed;
}
/**
* @return Server initialization status.
*/
public Boolean isInitialized() {
return initialized;
}
/**
* @return Replication performance mode of the active node (since Vault 0.9.2).
* @since 0.8 (#21)
*/
public String getReplicationPerfMode() {
return replicationPerfMode;
}
/**
* @return Replication DR mode of the active node (since Vault 0.9.2).
* @since 0.8 (#21)
*/
public String getReplicationDrMode() {
return replicationDrMode;
}
/**
* @return Performance standby status.
* @since 0.8 (#21)
*/
public Boolean isPerformanceStandby() {
return performanceStandby;
}
}

13
src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -22,15 +22,18 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* Vault response for help request.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class HelpResponse implements VaultResponse {
public final class HelpResponse implements VaultResponse {
@JsonProperty("help")
private String help;
/**
* @return Help text
*/
public String getHelp() {
return help;
}
}
}

56
src/main/java/de/stklcode/jvault/connector/model/response/MetadataResponse.java Normal file
View File

@ -0,0 +1,56 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.SecretMetadata;
import java.io.IOException;
import java.util.Map;
/**
* Vault response for secret metadata (KV v2).
*
* @author Stefan Kalscheuer
* @since 0.8
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class MetadataResponse extends VaultDataResponse {
private SecretMetadata metadata;
@Override
public final void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
this.metadata = mapper.readValue(mapper.writeValueAsString(data), SecretMetadata.class);
} catch (IOException e) {
throw new InvalidResponseException("Failed deserializing response", e);
}
}
/**
* Get the actual metadata.
*
* @return Metadata.
*/
public SecretMetadata getMetadata() {
return metadata;
}
}

13
src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -23,18 +23,21 @@ import java.util.Map;
/**
* Simple Vault data response.
*
* @author Stefan Kalscheuer
* @since 0.4.0
* @author Stefan Kalscheuer
* @since 0.4.0
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class RawDataResponse extends VaultDataResponse {
public final class RawDataResponse extends VaultDataResponse {
private Map<String, Object> data;
@Override
public void setData(Map<String, Object> data) {
public void setData(final Map<String, Object> data) {
this.data = data;
}
/**
* @return Raw data {@link Map}
*/
public Map<String, Object> getData() {
return data;
}

86
src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -22,14 +22,20 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* Vault response for seal status or unseal request.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class SealResponse implements VaultResponse {
public final class SealResponse implements VaultResponse {
@JsonProperty("type")
private String type;
@JsonProperty("sealed")
private boolean sealed;
@JsonProperty("initialized")
private boolean initialized;
@JsonProperty("t")
private Integer threshold;
@ -39,19 +45,91 @@ public class SealResponse implements VaultResponse {
@JsonProperty("progress")
private Integer progress;
@JsonProperty("version")
private String version;
@JsonProperty("nonce")
private String nonce;
@JsonProperty("cluster_name")
private String clusterName;
@JsonProperty("cluster_id")
private String clusterId;
/**
* @return Seal type.
* @since 0.8
*/
public String getType() {
return type;
}
/**
* @return Seal status
*/
public boolean isSealed() {
return sealed;
}
/**
* @return Vault initialization status (since Vault 0.11.2).
* @since 0.8
*/
public boolean isInitialized() {
return initialized;
}
/**
* @return Required threshold of secret shares
*/
public Integer getThreshold() {
return threshold;
}
/**
* @return Number of secret shares
*/
public Integer getNumberOfShares() {
return numberOfShares;
}
/**
* @return Current unseal progress (remaining required shares)
*/
public Integer getProgress() {
return progress;
}
/**
* @return Vault version.
* @since 0.8
*/
public String getVersion() {
return version;
}
/**
* @return A random nonce.
* @since 0.8
*/
public String getNonce() {
return nonce;
}
/**
* @return Vault cluster name (only if unsealed).
* @since 0.8
*/
public String getClusterName() {
return clusterName;
}
/**
* @return Vault cluster ID (only if unsealed).
* @since 0.8
*/
public String getClusterId() {
return clusterId;
}
}

24
src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,23 +26,31 @@ import java.util.Map;
/**
* Vault response for secret list request.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class SecretListResponse extends VaultDataResponse {
public final class SecretListResponse extends VaultDataResponse {
private List<String> keys;
/**
* Set data. Extracts list of keys from raw response data.
*
* @param data Raw data
* @throws InvalidResponseException on parsing errors
*/
@JsonProperty("data")
public void setData(Map<String, Object> data) throws InvalidResponseException {
public void setData(final Map<String, Object> data) throws InvalidResponseException {
try {
this.keys = (List<String>)data.get("keys");
}
catch (ClassCastException e) {
this.keys = (List<String>) data.get("keys");
} catch (ClassCastException e) {
throw new InvalidResponseException("Keys could not be parsed from data.", e);
}
}
/**
* @return List of secret keys
*/
public List<String> getKeys() {
return keys;
}

96
src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,9 +19,10 @@ package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
import java.io.IOException;
import java.util.HashMap;
import java.util.Collections;
import java.util.Map;
/**
@ -32,11 +33,29 @@ import java.util.Map;
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class SecretResponse extends VaultDataResponse {
private static final String KEY_DATA = "data";
private static final String KEY_METADATA = "metadata";
private Map<String, Object> data;
private VersionMetadata metadata;
@Override
public void setData(Map<String, Object> data) throws InvalidResponseException {
this.data = data;
public final void setData(final Map<String, Object> data) throws InvalidResponseException {
if (data.size() == 2
&& data.containsKey(KEY_DATA) && data.get(KEY_DATA) instanceof Map
&& data.containsKey(KEY_METADATA) && data.get(KEY_METADATA) instanceof Map) {
var mapper = new ObjectMapper();
try {
// This is apparently a KV v2 value.
this.data = (Map<String, Object>) data.get(KEY_DATA);
this.metadata = mapper.readValue(mapper.writeValueAsString(data.get(KEY_METADATA)), VersionMetadata.class);
} catch (ClassCastException | IOException e) {
throw new InvalidResponseException("Failed deserializing response", e);
}
} else {
// For KV v1 without metadata just store the data map.
this.data = data;
}
}
/**
@ -45,69 +64,56 @@ public class SecretResponse extends VaultDataResponse {
* @return data map
* @since 0.4.0
*/
public Map<String, Object> getData() {
if (data == null)
return new HashMap<>();
public final Map<String, Object> getData() {
if (data == null) {
return Collections.emptyMap();
}
return data;
}
/**
* Get secret metadata. This is only available for KV v2 secrets.
*
* @return Metadata of the secret.
* @since 0.8
*/
public final VersionMetadata getMetadata() {
return metadata;
}
/**
* Get a single value for given key.
*
* @param key the key
* @return the value or NULL if absent
* @return the value or {@code null} if absent
* @since 0.4.0
*/
public Object get(String key) {
if (data == null)
public final Object get(final String key) {
if (data == null) {
return null;
}
return getData().get(key);
}
/**
* Get data element for key "value".
* Method for backwards compatibility in case of simple secrets.
*
* @return the value
* @deprecated Deprecated artifact, will be removed at latest at v1.0.0
*/
@Deprecated
public String getValue() {
if (get("value") == null)
return null;
return get("value").toString();
}
/**
* Get response parsed as JSON
* Get response parsed as JSON.
*
* @param key the key
* @param type Class to parse response
* @param <T> Class to parse response
* @return Parsed object
* @throws InvalidResponseException on parsing error
* @since 0.3
* @deprecated Deprecated artifact, will be removed at latest at v1.0.0
*/
@Deprecated
public <T> T getValue(Class<T> type) throws InvalidResponseException {
return get("value", type);
}
/**
* Get response parsed as JSON
*
* @param key the key
* @param type Class to parse response
* @param <T> Class to parse response
* @return Parsed object
* @return Parsed object or {@code null} if absent
* @throws InvalidResponseException on parsing error
* @since 0.4.0
*/
public <T> T get(String key, Class<T> type) throws InvalidResponseException {
public final <T> T get(final String key, final Class<T> type) throws InvalidResponseException {
try {
return new ObjectMapper().readValue(get(key).toString(), type);
Object rawValue = get(key);
if (rawValue == null) {
return null;
}
return new ObjectMapper().readValue(rawValue.toString(), type);
} catch (IOException e) {
throw new InvalidResponseException("Unable to parse response payload: " + e.getMessage());
}
}
}
}

56
src/main/java/de/stklcode/jvault/connector/model/response/SecretVersionResponse.java Normal file
View File

@ -0,0 +1,56 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
import java.io.IOException;
import java.util.Map;
/**
* Vault response for a single secret version metadata, i.e. after update (KV v2).
*
* @author Stefan Kalscheuer
* @since 0.8
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class SecretVersionResponse extends VaultDataResponse {
private VersionMetadata metadata;
@Override
public final void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
this.metadata = mapper.readValue(mapper.writeValueAsString(data), VersionMetadata.class);
} catch (IOException e) {
throw new InvalidResponseException("Failed deserializing response", e);
}
}
/**
* Get the actual metadata.
*
* @return Metadata.
*/
public VersionMetadata getMetadata() {
return metadata;
}
}

24
src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -28,27 +28,35 @@ import java.util.Map;
/**
* Vault response from token lookup providing Token information in {@link TokenData} field.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class TokenResponse extends VaultDataResponse {
public final class TokenResponse extends VaultDataResponse {
private TokenData data;
@JsonProperty("auth")
private Boolean auth;
/**
* Set data. Parses response data map to {@link TokenData}.
*
* @param data Raw response data
* @throws InvalidResponseException on parsing errors
*/
@Override
public void setData(Map<String, Object> data) throws InvalidResponseException {
ObjectMapper mapper = new ObjectMapper();
public void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
this.data = mapper.readValue(mapper.writeValueAsString(data), TokenData.class);
} catch (IOException e) {
e.printStackTrace();
throw new InvalidResponseException();
throw new InvalidResponseException("Failed deserializing response", e);
}
}
/**
* @return Token data
*/
public TokenData getData() {
return data;
}

60
src/main/java/de/stklcode/jvault/connector/model/response/TokenRoleResponse.java Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.TokenRole;
import de.stklcode.jvault.connector.model.response.embedded.TokenData;
import java.io.IOException;
import java.util.Map;
/**
* Vault response from token role lookup providing Token information in {@link TokenData} field.
*
* @author Stefan Kalscheuer
* @since 0.9
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public final class TokenRoleResponse extends VaultDataResponse {
private TokenRole data;
/**
* Set data. Parses response data map to {@link TokenRole}.
*
* @param data Raw response data
* @throws InvalidResponseException on parsing errors
*/
@Override
public void setData(final Map<String, Object> data) throws InvalidResponseException {
var mapper = new ObjectMapper();
try {
this.data = mapper.readValue(mapper.writeValueAsString(data), TokenRole.class);
} catch (IOException e) {
throw new InvalidResponseException("Failed deserializing response", e);
}
}
/**
* @return TokenRole data
*/
public TokenRole getData() {
return data;
}
}

34
src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,8 +25,8 @@ import java.util.Map;
/**
* Abstract Vault response with default payload fields.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public abstract class VaultDataResponse implements VaultResponse {
@JsonProperty("lease_id")
@ -41,22 +41,40 @@ public abstract class VaultDataResponse implements VaultResponse {
@JsonProperty("warnings")
private List<String> warnings;
/**
* Set data. To be implemented in the specific subclasses, as data can be of arbitrary structure.
*
* @param data Raw response data
* @throws InvalidResponseException on parsing errors
*/
@JsonProperty("data")
public abstract void setData(Map<String, Object> data) throws InvalidResponseException;
public abstract void setData(final Map<String, Object> data) throws InvalidResponseException;
public String getLeaseId() {
/**
* @return Lease ID
*/
public final String getLeaseId() {
return leaseId;
}
public boolean isRenewable() {
/**
* @return Lease is renewable
*/
public final boolean isRenewable() {
return renewable;
}
public Integer getLeaseDuration() {
/**
* @return Lease duration
*/
public final Integer getLeaseDuration() {
return leaseDuration;
}
public List<String> getWarnings() {
/**
* @return List of warnings
*/
public final List<String> getWarnings() {
return warnings;
}
}

6
src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,8 +19,8 @@ package de.stklcode.jvault.connector.model.response;
/**
* Marker interface for responses from Vault backend.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public interface VaultResponse {
}

76
src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,11 +25,11 @@ import java.util.Map;
/**
* Embedded authorization information inside Vault response.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AuthData {
public final class AuthData {
@JsonProperty("client_token")
private String clientToken;
@ -39,6 +39,9 @@ public class AuthData {
@JsonProperty("policies")
private List<String> policies;
@JsonProperty("token_policies")
private List<String> tokenPolicies;
@JsonProperty("metadata")
private Map<String, Object> metadata;
@ -48,27 +51,86 @@ public class AuthData {
@JsonProperty("renewable")
private boolean renewable;
@JsonProperty("entity_id")
private String entityId;
@JsonProperty("token_type")
private String tokenType;
@JsonProperty("orphan")
private boolean orphan;
/**
* @return Client token
*/
public String getClientToken() {
return clientToken;
}
public String getAccessor() {
return accessor;
/**
* @return Token type
* @since 0.9
*/
public String getTokenType() {
return tokenType;
}
/**
* @return List of policies
*/
public List<String> getPolicies() {
return policies;
}
/**
* @return List of policies associated with the token
* @since 0.9
*/
public List<String> getTokenPolicies() {
return tokenPolicies;
}
/**
* @return Metadata
*/
public Map<String, Object> getMetadata() {
return metadata;
}
/**
* @return Lease duration
*/
public Integer getLeaseDuration() {
return leaseDuration;
}
/**
* @return Lease is renewable
*/
public boolean isRenewable() {
return renewable;
}
}
/**
* @return Entity ID
* @since 0.9
*/
public String getEntityId() {
return entityId;
}
/**
* @return Token accessor
*/
public String getAccessor() {
return accessor;
}
/**
* @return Token is orphan
* @since 0.9
*/
public boolean isOrphan() {
return orphan;
}
}

28
src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,11 +26,11 @@ import java.util.Map;
/**
* Embedded authentication method response.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class AuthMethod {
public final class AuthMethod {
private AuthBackend type;
private String rawType;
@ -43,28 +43,46 @@ public class AuthMethod {
@JsonProperty("local")
private boolean local;
/**
* @param type Backend type, passed to {@link AuthBackend#forType(String)}
*/
@JsonSetter("type")
public void setType(String type) {
public void setType(final String type) {
this.rawType = type;
this.type = AuthBackend.forType(type);
}
/**
* @return Backend type
*/
public AuthBackend getType() {
return type;
}
/**
* @return Raw backend type string
*/
public String getRawType() {
return rawType;
}
/**
* @return Description
*/
public String getDescription() {
return description;
}
/**
* @return Configuration data
*/
public Map<String, String> getConfig() {
return config;
}
/**
* @return Is local backend
*/
public boolean isLocal() {
return local;
}

127
src/main/java/de/stklcode/jvault/connector/model/response/embedded/SecretMetadata.java Normal file
View File

@ -0,0 +1,127 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response.embedded;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
import java.util.Map;
/**
* Embedded metadata for Key-Value v2 secrets.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public final class SecretMetadata {
private static final DateTimeFormatter TIME_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSX");
@JsonProperty("created_time")
private String createdTimeString;
@JsonProperty("current_version")
private Integer currentVersion;
@JsonProperty("max_versions")
private Integer maxVersions;
@JsonProperty("oldest_version")
private Integer oldestVersion;
@JsonProperty("updated_time")
private String updatedTime;
@JsonProperty("versions")
private Map<Integer, VersionMetadata> versions;
/**
* @return Time of secret creation as raw string representation.
*/
public String getCreatedTimeString() {
return createdTimeString;
}
/**
* @return Time of secret creation.
*/
public ZonedDateTime getCreatedTime() {
if (createdTimeString != null && !createdTimeString.isEmpty()) {
try {
return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
} catch (DateTimeParseException e) {
// Ignore.
}
}
return null;
}
/**
* @return Current version number.
*/
public Integer getCurrentVersion() {
return currentVersion;
}
/**
* @return Maximum number of versions.
*/
public Integer getMaxVersions() {
return maxVersions;
}
/**
* @return Oldest available version number.
*/
public Integer getOldestVersion() {
return oldestVersion;
}
/**
* @return Time of secret update as raw string representation.
*/
public String getUpdatedTimeString() {
return updatedTime;
}
/**
* @return Time of secret update..
*/
public ZonedDateTime getUpdatedTime() {
if (updatedTime != null && !updatedTime.isEmpty()) {
try {
return ZonedDateTime.parse(updatedTime, TIME_FORMAT);
} catch (DateTimeParseException e) {
// Ignore.
}
}
return null;
}
/**
* @return Version of the entry.
*/
public Map<Integer, VersionMetadata> getVersions() {
return versions;
}
}

156
src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,14 +19,18 @@ package de.stklcode.jvault.connector.model.response.embedded;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.time.ZonedDateTime;
import java.util.List;
import java.util.Map;
/**
* Embedded token information inside Vault response.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class TokenData {
public final class TokenData {
@JsonProperty("accessor")
private String accessor;
@ -34,16 +38,28 @@ public class TokenData {
private Integer creationTime;
@JsonProperty("creation_ttl")
private Integer creatinTtl;
private Integer creationTtl;
@JsonProperty("display_name")
private String name;
@JsonProperty("entity_id")
private String entityId;
@JsonProperty("expire_time")
private String expireTime;
@JsonProperty("explicit_max_ttl")
private Integer explicitMaxTtl;
@JsonProperty("id")
private String id;
@JsonProperty("issue_time")
private String issueTime;
@JsonProperty("meta")
private String meta;
private Map<String, Object> meta;
@JsonProperty("num_uses")
private Integer numUses;
@ -54,53 +70,165 @@ public class TokenData {
@JsonProperty("path")
private String path;
@JsonProperty("role")
private String role;
@JsonProperty("policies")
private List<String> policies;
@JsonProperty("renewable")
private boolean renewable;
@JsonProperty("ttl")
private Integer ttl;
@JsonProperty("type")
private String type;
/**
* @return Token accessor
*/
public String getAccessor() {
return accessor;
}
/**
* @return Creation time
*/
public Integer getCreationTime() {
return creationTime;
}
public Integer getCreatinTtl() {
return creatinTtl;
/**
* @return Creation TTL (in seconds)
*/
public Integer getCreationTtl() {
return creationTtl;
}
/**
* @return Token name
*/
public String getName() {
return name;
}
/**
* @return Entity ID
* @since 0.9
*/
public String getEntityId() {
return entityId;
}
/**
* @return Expire time as raw string value
* @since 0.9
*/
public String getExpireTimeString() {
return expireTime;
}
/**
* @return Expire time (parsed)
* @since 0.9
*/
public ZonedDateTime getExpireTime() {
if (expireTime == null) {
return null;
} else {
return ZonedDateTime.parse(expireTime);
}
}
/**
* @return Explicit maximum TTL
* @since 0.9
*/
public Integer getExplicitMaxTtl() {
return explicitMaxTtl;
}
/**
* @return Token ID
*/
public String getId() {
return id;
}
/**
* @return Issue time as raw string value
* @since 0.9
*/
public String getIssueTimeString() {
return issueTime;
}
/**
* @return Expire time (parsed)
* @since 0.9
*/
public ZonedDateTime getIssueTime() {
if (issueTime == null) {
return null;
} else {
return ZonedDateTime.parse(issueTime);
}
}
/**
* @return Token type
* @since 0.9
*/
public String getType() {
return type;
}
/**
* @return Number of uses
*/
public Integer getNumUses() {
return numUses;
}
/**
* @return Token is orphan
*/
public boolean isOrphan() {
return orphan;
}
/**
* @return Token path
*/
public String getPath() {
return path;
}
public String getRole() {
return role;
/**
* @return Token policies
* @since 0.9
*/
public List<String> getPolicies() {
return policies;
}
/**
* @return Token is renewable
* @since 0.9
*/
public boolean isRenewable() {
return renewable;
}
/**
* @return Token TTL (in seconds)
*/
public Integer getTtl() {
return ttl;
}
public String getMeta() {
/**
* @return Metadata
*/
public Map<String, Object> getMeta() {
return meta;
}
}
}

106
src/main/java/de/stklcode/jvault/connector/model/response/embedded/VersionMetadata.java Normal file
View File

@ -0,0 +1,106 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response.embedded;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
/**
* Embedded metadata for a single Key-Value v2 version.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public final class VersionMetadata {
private static final DateTimeFormatter TIME_FORMAT = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSSSSSSSSX");
@JsonProperty("created_time")
private String createdTimeString;
@JsonProperty("deletion_time")
private String deletionTimeString;
@JsonProperty("destroyed")
private boolean destroyed;
@JsonProperty("version")
private Integer version;
/**
* @return Time of secret creation as raw string representation.
*/
public String getCreatedTimeString() {
return createdTimeString;
}
/**
* @return Time of secret creation.
*/
public ZonedDateTime getCreatedTime() {
if (createdTimeString != null && !createdTimeString.isEmpty()) {
try {
return ZonedDateTime.parse(createdTimeString, TIME_FORMAT);
} catch (DateTimeParseException e) {
// Ignore.
}
}
return null;
}
/**
* @return Time for secret deletion as raw string representation.
*/
public String getDeletionTimeString() {
return deletionTimeString;
}
/**
* @return Time for secret deletion.
*/
public ZonedDateTime getDeletionTime() {
if (deletionTimeString != null && !deletionTimeString.isEmpty()) {
try {
return ZonedDateTime.parse(deletionTimeString, TIME_FORMAT);
} catch (DateTimeParseException e) {
// Ignore.
}
}
return null;
}
/**
* @return Whether the secret is destroyed.
*/
public boolean isDestroyed() {
return destroyed;
}
/**
* @return Version of the entry.
*/
public Integer getVersion() {
return version;
}
}

20
src/main/java/de/stklcode/jvault/connector/model/response/embedded/package-info.java Normal file
View File

@ -0,0 +1,20 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Embedded data classes for responses from the Vault API.
*/
package de.stklcode.jvault.connector.model.response.embedded;

20
src/main/java/de/stklcode/jvault/connector/model/response/package-info.java Normal file
View File

@ -0,0 +1,20 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Model classes for responses from the Vault API.
*/
package de.stklcode.jvault.connector.model.response;

21
src/main/java/de/stklcode/jvault/connector/package-info.java Normal file
View File

@ -0,0 +1,21 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Java Vault Connector base package - contains {@link de.stklcode.jvault.connector.VaultConnector} interface and
* default implementation.
*/
package de.stklcode.jvault.connector;

36
src/main/java/module-info.java Normal file
View File

@ -0,0 +1,36 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* JVaultConnector module.
*
* @author Stefan Kalscheuer
*/
module de.stklcode.jvault.connector {
exports de.stklcode.jvault.connector;
exports de.stklcode.jvault.connector.exception;
exports de.stklcode.jvault.connector.model;
exports de.stklcode.jvault.connector.model.response;
exports de.stklcode.jvault.connector.model.response.embedded;
opens de.stklcode.jvault.connector.model to com.fasterxml.jackson.databind;
opens de.stklcode.jvault.connector.model.response to com.fasterxml.jackson.databind;
opens de.stklcode.jvault.connector.model.response.embedded to com.fasterxml.jackson.databind;
requires java.base;
requires java.net.http;
requires com.fasterxml.jackson.databind;
}

13
src/main/javadoc/overview.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>API Overview</title>
</head>
<body>
<p>Java Vault Connector is a connector library for Vault by Hashicorp written in Java.</p>
<p>The connector allows simple usage of Vault's secret store in own applications.</p>
<p>It features a default implementation for the HTTP(S) interface and supports various authorization methods including
AppRole, token and secret handling.</p>
</body>
</html>

189
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorBuilderTest.java Normal file
View File

@ -0,0 +1,189 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import com.github.stefanbirkner.systemlambda.SystemLambda;
import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.TlsException;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import java.io.File;
import java.lang.reflect.Field;
import java.net.URISyntaxException;
import java.nio.file.NoSuchFileException;
import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit test for HTTP Vault connector factory
*
* @author Stefan Kalscheuer
* @since 0.8.0
*/
class HTTPVaultConnectorBuilderTest {
private static final String VAULT_ADDR = "https://localhost:8201";
private static final Integer VAULT_MAX_RETRIES = 13;
private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@TempDir
File tempDir;
/**
* Test the builder.
*/
@Test
void builderTest() throws Exception {
// Minimal configuration.
HTTPVaultConnector connector = HTTPVaultConnector.builder().withHost("vault.example.com").build();
assertEquals("https://vault.example.com:8200/v1/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
assertNull(getRequestHelperPrivate(connector, "trustedCaCert"), "Trusted CA cert set when no cert provided");
assertEquals(0, getRequestHelperPrivate(connector, "retries"), "Number of retries unexpectedly set");
// Specify all options.
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
.withHost("vault2.example.com")
.withoutTLS()
.withPort(1234)
.withPrefix("/foo/")
.withTimeout(5678)
.withNumberOfRetries(9);
connector = builder.build();
assertEquals("http://vault2.example.com:1234/foo/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
assertNull(getRequestHelperPrivate(connector, "trustedCaCert"), "Trusted CA cert set when no cert provided");
assertEquals(9, getRequestHelperPrivate(connector, "retries"), "Unexpected number of retries");
assertEquals(5678, getRequestHelperPrivate(connector, "timeout"), "Number timeout value");
assertThrows(ConnectionException.class, builder::buildAndAuth, "Immediate authentication should throw exception without token");
// Initialization from URL.
assertThrows(
URISyntaxException.class,
() -> HTTPVaultConnector.builder().withBaseURL("foo:/\\1nv4l1d_UrL"),
"Initialization from invalid URL should fail"
);
connector = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().withBaseURL("https://vault3.example.com:5678/bar/").build(),
"Initialization from valid URL should not fail"
);
assertEquals("https://vault3.example.com:5678/bar/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
// Port numbers.
assertThrows(IllegalArgumentException.class, () -> HTTPVaultConnector.builder().withPort(65536), "Too large port number should throw an exception");
assertThrows(IllegalArgumentException.class, () -> HTTPVaultConnector.builder().withPort(0), "Port number 0 should throw an exception");
builder = assertDoesNotThrow(() -> HTTPVaultConnector.builder().withPort(-1), "Port number -1 should not throw an exception");
assertNull(builder.getPort(), "Port number -1 should be omitted");
builder = assertDoesNotThrow(() -> HTTPVaultConnector.builder().withPort(null), "Port number NULL should not throw an exception");
assertNull(builder.getPort(), "Port number NULL should be passed through");
}
/**
* Test building from environment variables
*/
@Test
void testFromEnv() throws Exception {
// Provide address only should be enough.
withVaultEnv(VAULT_ADDR, null, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed"
);
HTTPVaultConnector connector = builder.build();
assertEquals(VAULT_ADDR + "/v1/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
assertNull(getRequestHelperPrivate(connector, "trustedCaCert"), "Trusted CA cert set when no cert provided");
assertEquals(0, getRequestHelperPrivate(connector, "retries"), "Non-default number of retries, when none set");
return null;
});
// Provide address and number of retries.
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from environment failed"
);
HTTPVaultConnector connector = builder.build();
assertEquals(VAULT_ADDR + "/v1/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
assertNull(getRequestHelperPrivate(connector, "trustedCaCert"), "Trusted CA cert set when no cert provided");
assertEquals(VAULT_MAX_RETRIES, getRequestHelperPrivate(connector, "retries"), "Number of retries not set correctly");
return null;
});
// Provide CA certificate.
String VAULT_CACERT = tempDir.toString() + "/doesnotexist";
withVaultEnv(VAULT_ADDR, VAULT_CACERT, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
TlsException e = assertThrows(
TlsException.class,
() -> HTTPVaultConnector.builder().fromEnv(),
"Creation with unknown cert path failed"
);
assertTrue(e.getCause() instanceof NoSuchFileException);
assertEquals(VAULT_CACERT, ((NoSuchFileException) e.getCause()).getFile());
return null;
});
// Automatic authentication.
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed"
);
assertEquals(VAULT_TOKEN, getPrivate(builder, "token"), "Token not set correctly");
return null;
});
// Invalid URL.
withVaultEnv("This is not a valid URL!", null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
assertThrows(
ConnectionException.class,
() -> HTTPVaultConnector.builder().fromEnv(),
"Invalid URL from environment should raise an exception"
);
return null;
});
}
private SystemLambda.WithEnvironmentVariables withVaultEnv(String vault_addr, String vault_cacert, String vault_max_retries, String vault_token) {
return withEnvironmentVariable("VAULT_ADDR", vault_addr)
.and("VAULT_CACERT", vault_cacert)
.and("VAULT_MAX_RETRIES", vault_max_retries)
.and("VAULT_TOKEN", vault_token);
}
private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {
return getPrivate(getPrivate(connector, "request"), fieldName);
}
private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
Field field = target.getClass().getDeclaredField(fieldName);
if (field.canAccess(target)) {
return field.get(target);
}
field.setAccessible(true);
Object value = field.get(target);
field.setAccessible(false);
return value;
}
}

1304
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java Normal file
View File

File diff suppressed because it is too large Load Diff

1021
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

File diff suppressed because it is too large Load Diff

152
src/test/java/de/stklcode/jvault/connector/exception/VaultConnectorExceptionTest.java Normal file
View File

@ -0,0 +1,152 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.exception;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
/**
* Common JUnit test for Exceptions extending {@link VaultConnectorException}.
*
* @author Stefan Kalscheuer
* @since 0.6.2
*/
class VaultConnectorExceptionTest {
private static final String MSG = "This is a test exception!";
private static final Throwable CAUSE = new Exception("Test-Cause");
private static final Integer STATUS_CODE = 1337;
private static final String RESPONSE = "Dummy response";
@Test
void authorizationRequiredExceptionTest() {
assertEmptyConstructor(new AuthorizationRequiredException());
}
@Test
void connectionExceptionTest() {
assertEmptyConstructor(new ConnectionException());
assertMsgConstructor(new ConnectionException(MSG));
assertCauseConstructor(new ConnectionException(CAUSE));
assertMsgCauseConstructor(new ConnectionException(MSG, CAUSE));
}
@Test
void invalidRequestExceptionTest() {
assertEmptyConstructor(new InvalidRequestException());
assertMsgConstructor(new InvalidRequestException(MSG));
assertCauseConstructor(new InvalidRequestException(CAUSE));
assertMsgCauseConstructor(new InvalidRequestException(MSG, CAUSE));
}
@Test
void invalidResponseExceptionTest() {
assertEmptyConstructor(new InvalidResponseException());
assertMsgConstructor(new InvalidResponseException(MSG));
assertCauseConstructor(new InvalidResponseException(CAUSE));
assertMsgCauseConstructor(new InvalidResponseException(MSG, CAUSE));
// Constructor with message and status code.
InvalidResponseException e = new InvalidResponseException(MSG, STATUS_CODE);
assertEquals(MSG, e.getMessage());
assertNull(e.getCause());
assertEquals(STATUS_CODE, e.getStatusCode());
assertNull(e.getResponse());
// Constructor with message, status code and cause.
e = new InvalidResponseException(MSG, STATUS_CODE, CAUSE);
assertEquals(MSG, e.getMessage());
assertEquals(CAUSE, e.getCause());
assertEquals(STATUS_CODE, e.getStatusCode());
assertNull(e.getResponse());
// Constructor with message, status code and response.
e = new InvalidResponseException(MSG, STATUS_CODE, RESPONSE);
assertEquals(MSG, e.getMessage());
assertNull(e.getCause());
assertEquals(STATUS_CODE, e.getStatusCode());
assertEquals(RESPONSE, e.getResponse());
// Constructor with message, status code, response and cause.
e = new InvalidResponseException(MSG, STATUS_CODE, RESPONSE, CAUSE);
assertEquals(MSG, e.getMessage());
assertEquals(CAUSE, e.getCause());
assertEquals(STATUS_CODE, e.getStatusCode());
assertEquals(RESPONSE, e.getResponse());
}
@Test
void permissionDeniedExceptionTest() {
// Default message overwritten.
PermissionDeniedException e = new PermissionDeniedException();
assertEquals("Permission denied", e.getMessage());
assertNull(e.getCause());
assertMsgConstructor(new PermissionDeniedException(MSG));
assertCauseConstructor(new PermissionDeniedException(CAUSE));
assertMsgCauseConstructor(new PermissionDeniedException(MSG, CAUSE));
}
@Test
void tlsExceptionTest() {
assertEmptyConstructor(new TlsException());
assertMsgConstructor(new TlsException(MSG));
assertCauseConstructor(new TlsException(CAUSE));
assertMsgCauseConstructor(new TlsException(MSG, CAUSE));
}
/**
* Assertions for empty constructor.
*
* @param e the exception
*/
private void assertEmptyConstructor(VaultConnectorException e) {
assertNull(e.getMessage());
assertNull(e.getCause());
}
/**
* Assertions for constructor with message.
*
* @param e the exception
*/
private void assertMsgConstructor(VaultConnectorException e) {
assertEquals(MSG, e.getMessage());
assertNull(e.getCause());
}
/**
* Assertions for constructor with cause.
*
* @param e the exception
*/
private void assertCauseConstructor(VaultConnectorException e) {
assertEquals(CAUSE.toString(), e.getMessage());
assertEquals(CAUSE, e.getCause());
}
/**
* Assertions for constructor with message and cause.
*
* @param e the exception
*/
private void assertMsgCauseConstructor(VaultConnectorException e) {
assertEquals(MSG, e.getMessage());
assertEquals(CAUSE, e.getCause());
}
}

127
src/test/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactoryTest.java
View File

@ -1,127 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.factory;
import de.stklcode.jvault.connector.HTTPVaultConnector;
import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import org.junit.Rule;
import org.junit.Test;
import org.junit.contrib.java.lang.system.EnvironmentVariables;
import org.junit.rules.TemporaryFolder;
import java.io.IOException;
import java.lang.reflect.Field;
import java.nio.file.NoSuchFileException;
import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;
/**
* JUnit test for HTTP Vault connector factory
*
* @author Stefan Kalscheuer
* @since 0.6.0
*/
public class HTTPVaultConnectorFactoryTest {
private static String VAULT_ADDR = "https://localhost:8201";
private static Integer VAULT_MAX_RETRIES = 13;
private static String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@Rule
public TemporaryFolder tmpDir = new TemporaryFolder();
@Rule
public final EnvironmentVariables environment = new EnvironmentVariables();
/**
* Test building from environment variables
*/
@Test
public void testFromEnv() throws NoSuchFieldException, IllegalAccessException, IOException {
/* Provide address only should be enough */
setenv(VAULT_ADDR, null, null, null);
HTTPVaultConnectorFactory factory = null;
HTTPVaultConnector connector;
try {
factory = VaultConnectorFactory.httpFactory().fromEnv();
} catch (VaultConnectorException e) {
fail("Factory creation from minimal environment failed");
}
connector = factory.build();
assertThat("URL nor set correctly", getPrivate(connector, "baseURL"), is(equalTo(VAULT_ADDR + "/v1/")));
assertThat("SSL context set when no cert provided", getPrivate(connector, "sslContext"), is(nullValue()));
assertThat("Non-default number of retries, when none set", getPrivate(connector, "retries"), is(0));
/* Provide address and number of retries */
setenv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null);
try {
factory = VaultConnectorFactory.httpFactory().fromEnv();
} catch (VaultConnectorException e) {
fail("Factory creation from environment failed");
}
connector = factory.build();
assertThat("URL nor set correctly", getPrivate(connector, "baseURL"), is(equalTo(VAULT_ADDR + "/v1/")));
assertThat("SSL context set when no cert provided", getPrivate(connector, "sslContext"), is(nullValue()));
assertThat("Number of retries not set correctly", getPrivate(connector, "retries"), is(VAULT_MAX_RETRIES));
/* Provide CA certificate */
String VAULT_CACERT = tmpDir.newFolder().toString() + "/doesnotexist";
setenv(VAULT_ADDR, VAULT_CACERT, VAULT_MAX_RETRIES.toString(), null);
try {
VaultConnectorFactory.httpFactory().fromEnv();
fail("Creation with unknown cert path failed.");
} catch (VaultConnectorException e) {
assertThat(e, is(instanceOf(TlsException.class)));
assertThat(e.getCause(), is(instanceOf(NoSuchFileException.class)));
assertThat(((NoSuchFileException)e.getCause()).getFile(), is(VAULT_CACERT));
}
/* Automatic authentication */
setenv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN);
try {
factory = VaultConnectorFactory.httpFactory().fromEnv();
} catch (VaultConnectorException e) {
fail("Factory creation from minimal environment failed");
}
assertThat("Token nor set correctly", getPrivate(factory, "token"), is(equalTo(VAULT_TOKEN)));
}
private void setenv(String vault_addr, String vault_cacert, String vault_max_retries, String vault_token) {
environment.set("VAULT_ADDR", vault_addr);
environment.set("VAULT_CACERT", vault_cacert);
environment.set("VAULT_MAX_RETRIES", vault_max_retries);
environment.set("VAULT_TOKEN", vault_token);
}
private Object getPrivate(Object target, String fieldName) throws NoSuchFieldException, IllegalAccessException {
Field field = target.getClass().getDeclaredField(fieldName);
if (field.isAccessible())
return field.get(target);
field.setAccessible(true);
Object value = field.get(target);
field.setAccessible(false);
return value;
}
}

148
src/test/java/de/stklcode/jvault/connector/model/AppRoleBuilderTest.java
View File

@ -1,148 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.BeforeClass;
import org.junit.Test;
import java.util.*;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.assertThat;
/**
* JUnit Test for AppRole Builder.
*
* @author Stefan Kalscheuer
* @since 0.4.0
*/
public class AppRoleBuilderTest {
private static final String NAME = "TestRole";
private static final String ID = "test-id";
private static final Boolean BIND_SECRET_ID = true;
private static final List<String> BOUND_CIDR_LIST = new ArrayList<>();
private static final String CIDR_1 = "192.168.1.0/24";
private static final String CIDR_2 = "172.16.0.0/16";
private static final List<String> POLICIES = new ArrayList<>();
private static final String POLICY = "policy";
private static final String POLICY_2 = "policy2";
private static final Integer SECRET_ID_NUM_USES = 10;
private static final Integer SECRET_ID_TTL = 7200;
private static final Integer TOKEN_TTL = 4800;
private static final Integer TOKEN_MAX_TTL = 9600;
private static final Integer PERIOD = 1234;
private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"bound_cidr_list\":\"%s\",\"policies\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"token_ttl\":%d,\"token_max_ttl\":%d,\"period\":%d}",
NAME, ID, BIND_SECRET_ID, CIDR_1, POLICY, SECRET_ID_NUM_USES, SECRET_ID_TTL, TOKEN_TTL, TOKEN_MAX_TTL, PERIOD);
@BeforeClass
public static void init() {
BOUND_CIDR_LIST.add(CIDR_1);
POLICIES.add(POLICY);
}
/**
* Build role with only a name.
*/
@Test
public void buildDefaultTest() throws JsonProcessingException {
AppRole role = new AppRoleBuilder(NAME).build();
assertThat(role.getId(), is(nullValue()));
assertThat(role.getBindSecretId(), is(nullValue()));
assertThat(role.getBoundCidrList(), is(nullValue()));
assertThat(role.getPolicies(), is(nullValue()));
assertThat(role.getSecretIdNumUses(), is(nullValue()));
assertThat(role.getSecretIdTtl(), is(nullValue()));
assertThat(role.getTokenTtl(), is(nullValue()));
assertThat(role.getTokenMaxTtl(), is(nullValue()));
assertThat(role.getPeriod(), is(nullValue()));
/* optional fields should be ignored, so JSON string should only contain role_name */
assertThat(new ObjectMapper().writeValueAsString(role), is(JSON_MIN));
}
/**
* Build token without all parameters set.
*/
@Test
public void buildFullTest() throws JsonProcessingException {
AppRole role = new AppRoleBuilder(NAME)
.withId(ID)
.withBindSecretID(BIND_SECRET_ID)
.withBoundCidrList(BOUND_CIDR_LIST)
.withPolicies(POLICIES)
.withSecretIdNumUses(SECRET_ID_NUM_USES)
.withSecretIdTtl(SECRET_ID_TTL)
.withTokenTtl(TOKEN_TTL)
.withTokenMaxTtl(TOKEN_MAX_TTL)
.withPeriod(PERIOD)
.build();
assertThat(role.getName(), is(NAME));
assertThat(role.getId(), is(ID));
assertThat(role.getBindSecretId(), is(BIND_SECRET_ID));
assertThat(role.getBoundCidrList(), is(BOUND_CIDR_LIST));
assertThat(role.getPolicies(), is(POLICIES));
assertThat(role.getSecretIdNumUses(), is(SECRET_ID_NUM_USES));
assertThat(role.getSecretIdTtl(), is(SECRET_ID_TTL));
assertThat(role.getTokenTtl(), is(TOKEN_TTL));
assertThat(role.getTokenMaxTtl(), is(TOKEN_MAX_TTL));
assertThat(role.getPeriod(), is(PERIOD));
/* Verify that all parameters are included in JSON string */
assertThat(new ObjectMapper().writeValueAsString(role), is(JSON_FULL));
}
/**
* Test convenience methods
*/
@Test
public void convenienceMethodsTest() {
/* bind_secret_id */
AppRole role = new AppRoleBuilder(NAME).build();
assertThat(role.getBindSecretId(), is(nullValue()));
role = new AppRoleBuilder(NAME).withBindSecretID().build();
assertThat(role.getBindSecretId(), is(true));
role = new AppRoleBuilder(NAME).withoutBindSecretID().build();
assertThat(role.getBindSecretId(), is(false));
/* Add single CIDR subnet */
role = new AppRoleBuilder(NAME).withCidrBlock(CIDR_2).build();
assertThat(role.getBoundCidrList(), hasSize(1));
assertThat(role.getBoundCidrList(), contains(CIDR_2));
role = new AppRoleBuilder(NAME)
.withBoundCidrList(BOUND_CIDR_LIST)
.withCidrBlock(CIDR_2)
.build();
assertThat(role.getBoundCidrList(), hasSize(2));
assertThat(role.getBoundCidrList(), contains(CIDR_1, CIDR_2));
/* Add single policy */
role = new AppRoleBuilder(NAME).withPolicy(POLICY_2).build();
assertThat(role.getPolicies(), hasSize(1));
assertThat(role.getPolicies(), contains(POLICY_2));
role = new AppRoleBuilder(NAME)
.withPolicies(POLICIES)
.withPolicy(POLICY_2)
.build();
assertThat(role.getPolicies(), hasSize(2));
assertThat(role.getPolicies(), contains(POLICY, POLICY_2));
}
}

207
src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -16,25 +16,18 @@
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Test;
import org.junit.jupiter.api.Test;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.hamcrest.Matchers.emptyString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.junit.MatcherAssume.assumeThat;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.junit.jupiter.api.Assertions.*;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
/**
* JUnit Test for AppRoleSecret model.
@ -42,8 +35,7 @@ import static org.junit.Assert.fail;
* @author Stefan Kalscheuer
* @since 0.5.0
*/
public class AppRoleSecretTest {
class AppRoleSecretTest {
private static final String TEST_ID = "abc123";
private static final Map<String, Object> TEST_META = new HashMap<>();
private static final List<String> TEST_CIDR = Arrays.asList("203.0.113.0/24", "198.51.100.0/24");
@ -57,145 +49,124 @@ public class AppRoleSecretTest {
* Test constructors.
*/
@Test
public void constructorTest() {
/* Empty constructor */
void constructorTest() {
// Empty constructor.
AppRoleSecret secret = new AppRoleSecret();
assertThat(secret.getId(), is(nullValue()));
assertThat(secret.getAccessor(), is(nullValue()));
assertThat(secret.getMetadata(), is(nullValue()));
assertThat(secret.getCidrList(), is(nullValue()));
assertThat(secret.getCidrListString(), is(emptyString()));
assertThat(secret.getCreationTime(), is(nullValue()));
assertThat(secret.getExpirationTime(), is(nullValue()));
assertThat(secret.getLastUpdatedTime(), is(nullValue()));
assertThat(secret.getNumUses(), is(nullValue()));
assertThat(secret.getTtl(), is(nullValue()));
assertNull(secret.getId());
assertNull(secret.getAccessor());
assertNull(secret.getMetadata());
assertNull(secret.getCidrList());
assertEquals("", secret.getCidrListString());
assertNull(secret.getCreationTime());
assertNull(secret.getExpirationTime());
assertNull(secret.getLastUpdatedTime());
assertNull(secret.getNumUses());
assertNull(secret.getTtl());
/* Constructor with ID */
// Constructor with ID.
secret = new AppRoleSecret(TEST_ID);
assertThat(secret.getId(), is(TEST_ID));
assertThat(secret.getAccessor(), is(nullValue()));
assertThat(secret.getMetadata(), is(nullValue()));
assertThat(secret.getCidrList(), is(nullValue()));
assertThat(secret.getCidrListString(), is(emptyString()));
assertThat(secret.getCreationTime(), is(nullValue()));
assertThat(secret.getExpirationTime(), is(nullValue()));
assertThat(secret.getLastUpdatedTime(), is(nullValue()));
assertThat(secret.getNumUses(), is(nullValue()));
assertThat(secret.getTtl(), is(nullValue()));
assertEquals(TEST_ID, secret.getId());
assertNull(secret.getAccessor());
assertNull(secret.getMetadata());
assertNull(secret.getCidrList());
assertEquals("", secret.getCidrListString());
assertNull(secret.getCreationTime());
assertNull(secret.getExpirationTime());
assertNull(secret.getLastUpdatedTime());
assertNull(secret.getNumUses());
assertNull(secret.getTtl());
/* Constructor with Metadata and CIDR bindings */
// Constructor with Metadata and CIDR bindings.
secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
assertThat(secret.getId(), is(TEST_ID));
assertThat(secret.getAccessor(), is(nullValue()));
assertThat(secret.getMetadata(), is(TEST_META));
assertThat(secret.getCidrList(), is(TEST_CIDR));
assertThat(secret.getCidrListString(), is(String.join(",", TEST_CIDR)));
assertThat(secret.getCreationTime(), is(nullValue()));
assertThat(secret.getExpirationTime(), is(nullValue()));
assertThat(secret.getLastUpdatedTime(), is(nullValue()));
assertThat(secret.getNumUses(), is(nullValue()));
assertThat(secret.getTtl(), is(nullValue()));
assertEquals(TEST_ID, secret.getId());
assertNull(secret.getAccessor());
assertEquals(TEST_META, secret.getMetadata());
assertEquals(TEST_CIDR, secret.getCidrList());
assertEquals(String.join(",", TEST_CIDR), secret.getCidrListString());
assertNull(secret.getCreationTime());
assertNull(secret.getExpirationTime());
assertNull(secret.getLastUpdatedTime());
assertNull(secret.getNumUses());
assertNull(secret.getTtl());
}
/**
* Test setter.
*/
@Test
public void setterTest() {
void setterTest() {
AppRoleSecret secret = new AppRoleSecret(TEST_ID);
assertThat(secret.getCidrList(), is(nullValue()));
assertThat(secret.getCidrListString(), is(emptyString()));
assertNull(secret.getCidrList());
assertEquals("", secret.getCidrListString());
secret.setCidrList(TEST_CIDR);
assertThat(secret.getCidrList(), is(TEST_CIDR));
assertThat(secret.getCidrListString(), is(String.join(",", TEST_CIDR)));
assertEquals(TEST_CIDR, secret.getCidrList());
assertEquals(String.join(",", TEST_CIDR), secret.getCidrListString());
secret.setCidrList(null);
assertThat(secret.getCidrList(), is(nullValue()));
assertThat(secret.getCidrListString(), is(emptyString()));
assertNull(secret.getCidrList());
assertEquals("", secret.getCidrListString());
}
/**
* Test JSON (de)serialization.
*/
@Test
public void jsonTest() throws NoSuchFieldException, IllegalAccessException {
void jsonTest() throws NoSuchFieldException, IllegalAccessException {
ObjectMapper mapper = new ObjectMapper();
/* A simple roundtrip first. All set fields should be present afterwards. */
// A simple roundtrip first. All set fields should be present afterwards..
AppRoleSecret secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
String secretJson = "";
try {
secretJson = mapper.writeValueAsString(secret);
} catch (JsonProcessingException e) {
e.printStackTrace();
fail("Serialization failed");
}
/* CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list */
secretJson = commaSeparatedToList(secretJson);
String secretJson = assertDoesNotThrow(() -> mapper.writeValueAsString(secret), "Serialization failed");
// CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list.
String secretJson2 = commaSeparatedToList(secretJson);
AppRoleSecret secret2;
try {
secret2 = mapper.readValue(secretJson, AppRoleSecret.class);
assertThat(secret.getId(), is(secret2.getId()));
assertThat(secret.getMetadata(), is(secret2.getMetadata()));
assertThat(secret.getCidrList(), is(secret2.getCidrList()));
} catch (IOException e) {
e.printStackTrace();
fail("Deserialization failed");
}
AppRoleSecret secret2 = assertDoesNotThrow(
() -> mapper.readValue(secretJson2, AppRoleSecret.class),
"Deserialization failed"
);
assertEquals(secret2.getId(), secret.getId());
assertEquals(secret2.getMetadata(), secret.getMetadata());
assertEquals(secret2.getCidrList(), secret.getCidrList());
/* Test fields, that should not be written to JSON */
// Test fields, that should not be written to JSON.
setPrivateField(secret, "accessor", "TEST_ACCESSOR");
assumeThat(secret.getAccessor(), is("TEST_ACCESSOR"));
assumeTrue("TEST_ACCESSOR".equals(secret.getAccessor()));
setPrivateField(secret, "creationTime", "TEST_CREATION");
assumeThat(secret.getCreationTime(), is("TEST_CREATION"));
assumeTrue("TEST_CREATION".equals(secret.getCreationTime()));
setPrivateField(secret, "expirationTime", "TEST_EXPIRATION");
assumeThat(secret.getExpirationTime(), is("TEST_EXPIRATION"));
assumeTrue("TEST_EXPIRATION".equals(secret.getExpirationTime()));
setPrivateField(secret, "lastUpdatedTime", "TEST_UPDATETIME");
assumeThat(secret.getLastUpdatedTime(), is("TEST_UPDATETIME"));
assumeTrue("TEST_UPDATETIME".equals(secret.getLastUpdatedTime()));
setPrivateField(secret, "numUses", 678);
assumeThat(secret.getNumUses(), is(678));
assumeTrue(secret.getNumUses() == 678);
setPrivateField(secret, "ttl", 12345);
assumeThat(secret.getTtl(), is(12345));
try {
secretJson = mapper.writeValueAsString(secret);
} catch (JsonProcessingException e) {
e.printStackTrace();
fail("Serialization failed");
}
try {
secret2 = mapper.readValue(commaSeparatedToList(secretJson), AppRoleSecret.class);
assertThat(secret.getId(), is(secret2.getId()));
assertThat(secret.getMetadata(), is(secret2.getMetadata()));
assertThat(secret.getCidrList(), is(secret2.getCidrList()));
assertThat(secret2.getAccessor(), is(nullValue()));
assertThat(secret2.getCreationTime(), is(nullValue()));
assertThat(secret2.getExpirationTime(), is(nullValue()));
assertThat(secret2.getLastUpdatedTime(), is(nullValue()));
assertThat(secret2.getNumUses(), is(nullValue()));
assertThat(secret2.getTtl(), is(nullValue()));
} catch (IOException e) {
e.printStackTrace();
fail("Deserialization failed");
}
assumeTrue(secret.getTtl() == 12345);
String secretJson3 = assertDoesNotThrow(() -> mapper.writeValueAsString(secret), "Serialization failed");
secret2 = assertDoesNotThrow(
() -> mapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class),
"Deserialization failed"
);
assertEquals(secret2.getId(), secret.getId());
assertEquals(secret2.getMetadata(), secret.getMetadata());
assertEquals(secret2.getCidrList(), secret.getCidrList());
assertNull(secret2.getAccessor());
assertNull(secret2.getCreationTime());
assertNull(secret2.getExpirationTime());
assertNull(secret2.getLastUpdatedTime());
assertNull(secret2.getNumUses());
assertNull(secret2.getTtl());
/* Those fields should be deserialized from JSON though */
secretJson = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
// Those fields should be deserialized from JSON though.
String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
"\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
"\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
"\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
try {
secret2 = mapper.readValue(secretJson, AppRoleSecret.class);
assertThat(secret2.getAccessor(), is("TEST_ACCESSOR"));
assertThat(secret2.getCreationTime(), is("TEST_CREATION"));
assertThat(secret2.getExpirationTime(), is("TEST_EXPIRATION"));
assertThat(secret2.getLastUpdatedTime(), is("TEST_LASTUPDATE"));
assertThat(secret2.getNumUses(), is(678));
assertThat(secret2.getTtl(), is(12345));
} catch (IOException e) {
e.printStackTrace();
fail("Deserialization failed");
}
secret2 = assertDoesNotThrow(() -> mapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
assertEquals("TEST_ACCESSOR", secret2.getAccessor());
assertEquals("TEST_CREATION", secret2.getCreationTime());
assertEquals("TEST_EXPIRATION", secret2.getExpirationTime());
assertEquals("TEST_LASTUPDATE", secret2.getLastUpdatedTime());
assertEquals(678, secret2.getNumUses());
assertEquals(12345, secret2.getTtl());
}

175
src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java Normal file
View File

@ -0,0 +1,175 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import java.util.ArrayList;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link AppRole} and {@link AppRole.Builder}.
*
* @author Stefan Kalscheuer
* @since 0.4.0
*/
class AppRoleTest {
private static final String NAME = "TestRole";
private static final String ID = "test-id";
private static final Boolean BIND_SECRET_ID = true;
private static final List<String> BOUND_CIDR_LIST = new ArrayList<>();
private static final String CIDR_1 = "192.168.1.0/24";
private static final String CIDR_2 = "172.16.0.0/16";
private static final List<String> POLICIES = new ArrayList<>();
private static final String POLICY = "policy";
private static final String POLICY_2 = "policy2";
private static final Integer SECRET_ID_NUM_USES = 10;
private static final Integer SECRET_ID_TTL = 7200;
private static final Boolean ENABLE_LOCAL_SECRET_IDS = false;
private static final Integer TOKEN_TTL = 4800;
private static final Integer TOKEN_MAX_TTL = 9600;
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
private static final Integer TOKEN_NUM_USES = 42;
private static final Integer TOKEN_PERIOD = 1234;
private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"enable_local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, ENABLE_LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
@BeforeAll
static void init() {
BOUND_CIDR_LIST.add(CIDR_1);
POLICIES.add(POLICY);
}
/**
* Build role with only a name.
*/
@Test
void buildDefaultTest() throws JsonProcessingException {
AppRole role = AppRole.builder(NAME).build();
assertNull(role.getId());
assertNull(role.getBindSecretId());
assertNull(role.getSecretIdBoundCidrs());
assertNull(role.getTokenPolicies());
assertNull(role.getSecretIdNumUses());
assertNull(role.getSecretIdTtl());
assertNull(role.getEnableLocalSecretIds());
assertNull(role.getTokenTtl());
assertNull(role.getTokenMaxTtl());
assertNull(role.getTokenBoundCidrs());
assertNull(role.getTokenExplicitMaxTtl());
assertNull(role.getTokenNoDefaultPolicy());
assertNull(role.getTokenNumUses());
assertNull(role.getTokenPeriod());
assertNull(role.getTokenType());
// Optional fields should be ignored, so JSON string should only contain role_name.
assertEquals(JSON_MIN, new ObjectMapper().writeValueAsString(role));
}
/**
* Build token without all parameters set.
*/
@Test
void buildFullTest() throws JsonProcessingException {
AppRole role = AppRole.builder(NAME)
.withId(ID)
.withBindSecretID(BIND_SECRET_ID)
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
.withTokenPolicies(POLICIES)
.withSecretIdNumUses(SECRET_ID_NUM_USES)
.withSecretIdTtl(SECRET_ID_TTL)
.withEnableLocalSecretIds(ENABLE_LOCAL_SECRET_IDS)
.withTokenTtl(TOKEN_TTL)
.withTokenMaxTtl(TOKEN_MAX_TTL)
.withTokenBoundCidrs(BOUND_CIDR_LIST)
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
.withTokenNumUses(TOKEN_NUM_USES)
.withTokenPeriod(TOKEN_PERIOD)
.withTokenType(TOKEN_TYPE)
.build();
assertEquals(NAME, role.getName());
assertEquals(ID, role.getId());
assertEquals(BIND_SECRET_ID, role.getBindSecretId());
assertEquals(BOUND_CIDR_LIST, role.getSecretIdBoundCidrs());
assertEquals(POLICIES, role.getTokenPolicies());
assertEquals(SECRET_ID_NUM_USES, role.getSecretIdNumUses());
assertEquals(SECRET_ID_TTL, role.getSecretIdTtl());
assertEquals(ENABLE_LOCAL_SECRET_IDS, role.getEnableLocalSecretIds());
assertEquals(TOKEN_TTL, role.getTokenTtl());
assertEquals(TOKEN_MAX_TTL, role.getTokenMaxTtl());
assertEquals(BOUND_CIDR_LIST, role.getTokenBoundCidrs());
assertEquals(TOKEN_EXPLICIT_MAX_TTL, role.getTokenExplicitMaxTtl());
assertEquals(TOKEN_NO_DEFAULT_POLICY, role.getTokenNoDefaultPolicy());
assertEquals(TOKEN_NUM_USES, role.getTokenNumUses());
assertEquals(TOKEN_PERIOD, role.getTokenPeriod());
assertEquals(TOKEN_TYPE.value(), role.getTokenType());
// Verify that all parameters are included in JSON string.
assertEquals(JSON_FULL, new ObjectMapper().writeValueAsString(role));
}
/**
* Test convenience methods
*/
@Test
void convenienceMethodsTest() {
// bind_secret_id.
AppRole role = AppRole.builder(NAME).build();
assertNull(role.getBindSecretId());
role = AppRole.builder(NAME).withBindSecretID().build();
assertEquals(true, role.getBindSecretId());
role = AppRole.builder(NAME).withoutBindSecretID().build();
assertEquals(false, role.getBindSecretId());
// Add single CIDR subnet.
role = AppRole.builder(NAME).withSecretBoundCidr(CIDR_2).withTokenBoundCidr(CIDR_2).build();
assertEquals(1, role.getSecretIdBoundCidrs().size());
assertEquals(CIDR_2, role.getSecretIdBoundCidrs().get(0));
assertEquals(1, role.getTokenBoundCidrs().size());
assertEquals(CIDR_2, role.getTokenBoundCidrs().get(0));
role = AppRole.builder(NAME)
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
.withSecretBoundCidr(CIDR_2)
.withTokenBoundCidrs(BOUND_CIDR_LIST)
.withTokenBoundCidr(CIDR_2)
.build();
assertEquals(2, role.getSecretIdBoundCidrs().size());
assertTrue(role.getSecretIdBoundCidrs().containsAll(List.of(CIDR_1, CIDR_2)));
assertEquals(2, role.getTokenBoundCidrs().size());
assertTrue(role.getSecretIdBoundCidrs().containsAll(List.of(CIDR_1, CIDR_2)));
// Add single policy.
role = AppRole.builder(NAME).withTokenPolicy(POLICY_2).build();
assertEquals(1, role.getTokenPolicies().size());
assertEquals(POLICY_2, role.getTokenPolicies().get(0));
role = AppRole.builder(NAME)
.withTokenPolicies(POLICIES)
.withTokenPolicy(POLICY_2)
.build();
assertEquals(2, role.getTokenPolicies().size());
assertTrue(role.getTokenPolicies().containsAll(List.of(POLICY, POLICY_2)));
}
}

24
src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -16,10 +16,10 @@
package de.stklcode.jvault.connector.model;
import org.junit.Test;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.assertThat;
/**
* JUnit Test for AuthBackend model.
@ -27,18 +27,18 @@ import static org.junit.Assert.assertThat;
* @author Stefan Kalscheuer
* @since 0.4.0
*/
public class AuthBackendTest {
class AuthBackendTest {
/**
* Test forType() method.
*/
@Test
public void forTypeTest() {
assertThat(AuthBackend.forType("token"), is(AuthBackend.TOKEN));
assertThat(AuthBackend.forType("app-id"), is(AuthBackend.APPID));
assertThat(AuthBackend.forType("userpass"), is(AuthBackend.USERPASS));
assertThat(AuthBackend.forType(""), is(AuthBackend.UNKNOWN));
assertThat(AuthBackend.forType("foobar"), is(AuthBackend.UNKNOWN));
void forTypeTest() {
assertEquals(AuthBackend.TOKEN, AuthBackend.forType("token"));
assertEquals(AuthBackend.APPID, AuthBackend.forType("app-id"));
assertEquals(AuthBackend.USERPASS, AuthBackend.forType("userpass"));
assertEquals(AuthBackend.GITHUB, AuthBackend.forType("github"));
assertEquals(AuthBackend.UNKNOWN, AuthBackend.forType(""));
assertEquals(AuthBackend.UNKNOWN, AuthBackend.forType("foobar"));
}
}

161
src/test/java/de/stklcode/jvault/connector/model/TokenBuilderTest.java
View File

@ -1,161 +0,0 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.BeforeClass;
import org.junit.Test;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.assertThat;
/**
* JUnit Test for Token Builder.
*
* @author Stefan Kalscheuer
* @since 0.4.0
*/
public class TokenBuilderTest {
private static final String ID = "test-id";
private static final String DISPLAY_NAME = "display-name";
private static final Boolean NO_PARENT = false;
private static final Boolean NO_DEFAULT_POLICY = false;
private static final Integer TTL = 123;
private static final Integer NUM_USES = 4;
private static final List<String> POLICIES = new ArrayList<>();
private static final String POLICY = "policy";
private static final String POLICY_2 = "policy2";
private static final String POLICY_3 = "policy3";
private static final Map<String, String> META = new HashMap<>();
private static final String META_KEY = "key";
private static final String META_VALUE = "value";
private static final String META_KEY_2 = "key2";
private static final String META_VALUE_2 = "value2";
private static final Boolean RENEWABLE = true;
private static final String JSON_FULL = "{\"id\":\"test-id\",\"display_name\":\"display-name\",\"no_parent\":false,\"no_default_policy\":false,\"ttl\":123,\"num_uses\":4,\"policies\":[\"policy\"],\"meta\":{\"key\":\"value\"},\"renewable\":true}";
@BeforeClass
public static void init() {
POLICIES.add(POLICY);
META.put(META_KEY, META_VALUE);
}
/**
* Build token without any parameters.
*/
@Test
public void buildDefaultTest() throws JsonProcessingException {
Token token = new TokenBuilder().build();
assertThat(token.getId(), is(nullValue()));
assertThat(token.getDisplayName(), is(nullValue()));
assertThat(token.getNoParent(), is(nullValue()));
assertThat(token.getNoDefaultPolicy(), is(nullValue()));
assertThat(token.getTtl(), is(nullValue()));
assertThat(token.getNumUses(), is(nullValue()));
assertThat(token.getPolicies(), is(nullValue()));
assertThat(token.getMeta(), is(nullValue()));
assertThat(token.isRenewable(), is(nullValue()));
/* optional fields should be ignored, so JSON string should be empty */
assertThat(new ObjectMapper().writeValueAsString(token), is("{}"));
}
/**
* Build token without all parameters set.
*/
@Test
public void buildFullTest() throws JsonProcessingException {
Token token = new TokenBuilder()
.withId(ID)
.withDisplayName(DISPLAY_NAME)
.withNoParent(NO_PARENT)
.withNoDefaultPolicy(NO_DEFAULT_POLICY)
.withTtl(TTL)
.withNumUses(NUM_USES)
.withPolicies(POLICIES)
.withMeta(META)
.withRenewable(RENEWABLE)
.build();
assertThat(token.getId(), is(ID));
assertThat(token.getDisplayName(), is(DISPLAY_NAME));
assertThat(token.getNoParent(), is(NO_PARENT));
assertThat(token.getNoDefaultPolicy(), is(NO_DEFAULT_POLICY));
assertThat(token.getTtl(), is(TTL));
assertThat(token.getNumUses(), is(NUM_USES));
assertThat(token.getPolicies(), is(POLICIES));
assertThat(token.getMeta(), is(META));
assertThat(token.isRenewable(), is(RENEWABLE));
/* Verify that all parameters are included in JSON string */
assertThat(new ObjectMapper().writeValueAsString(token), is(JSON_FULL));
}
/**
* Test convenience methods
*/
@Test
public void convenienceMethodsTest() {
/* Parent */
Token token = new TokenBuilder().asOrphan().build();
assertThat(token.getNoParent(), is(true));
token = new TokenBuilder().withParent().build();
assertThat(token.getNoParent(), is(false));
/* Default policy */
token = new TokenBuilder().withDefaultPolicy().build();
assertThat(token.getNoDefaultPolicy(), is(false));
token = new TokenBuilder().withoutDefaultPolicy().build();
assertThat(token.getNoDefaultPolicy(), is(true));
/* Renewability */
token = new TokenBuilder().renewable().build();
assertThat(token.isRenewable(), is(true));
token = new TokenBuilder().notRenewable().build();
assertThat(token.isRenewable(), is(false));
/* Add single policy */
token = new TokenBuilder().withPolicy(POLICY_2).build();
assertThat(token.getPolicies(), hasSize(1));
assertThat(token.getPolicies(), contains(POLICY_2));
token = new TokenBuilder()
.withPolicies(POLICY, POLICY_2)
.withPolicy(POLICY_3)
.build();
assertThat(token.getPolicies(), hasSize(3));
assertThat(token.getPolicies(), contains(POLICY, POLICY_2, POLICY_3));
/* Add single metadata */
token = new TokenBuilder().withMeta(META_KEY_2, META_VALUE_2).build();
assertThat(token.getMeta().size(), is(1));
assertThat(token.getMeta().keySet(), contains(META_KEY_2));
assertThat(token.getMeta().get(META_KEY_2), is(META_VALUE_2));
token = new TokenBuilder()
.withMeta(META)
.withMeta(META_KEY_2, META_VALUE_2)
.build();
assertThat(token.getMeta().size(), is(2));
assertThat(token.getMeta().get(META_KEY), is(META_VALUE));
assertThat(token.getMeta().get(META_KEY_2), is(META_VALUE_2));
}
}

183
src/test/java/de/stklcode/jvault/connector/model/TokenRoleBuilderTest.java Normal file
View File

@ -0,0 +1,183 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import java.util.Arrays;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
/**
* Unit Test for {@link Token.Builder}
*
* @author Stefan Kalscheuer
* @since 0.9
*/
class TokenRoleBuilderTest {
private static final String NAME = "test-role";
private static final String ALLOWED_POLICY_1 = "apol-1";
private static final String ALLOWED_POLICY_2 = "apol-2";
private static final String ALLOWED_POLICY_3 = "apol-3";
private static final List<String> ALLOWED_POLICIES = Arrays.asList(ALLOWED_POLICY_1, ALLOWED_POLICY_2);
private static final String DISALLOWED_POLICY_1 = "dpol-1";
private static final String DISALLOWED_POLICY_2 = "dpol-2";
private static final String DISALLOWED_POLICY_3 = "dpol-3";
private static final List<String> DISALLOWED_POLICIES = Arrays.asList(DISALLOWED_POLICY_2, DISALLOWED_POLICY_3);
private static final Boolean ORPHAN = false;
private static final Boolean RENEWABLE = true;
private static final String PATH_SUFFIX = "ps";
private static final String ALLOWED_ENTITY_ALIAS_1 = "alias-1";
private static final String ALLOWED_ENTITY_ALIAS_2 = "alias-2";
private static final String ALLOWED_ENTITY_ALIAS_3 = "alias-3";
private static final List<String> ALLOWED_ENTITY_ALIASES = Arrays.asList(ALLOWED_ENTITY_ALIAS_1, ALLOWED_ENTITY_ALIAS_3);
private static final String TOKEN_BOUND_CIDR_1 = "192.0.2.0/24";
private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 1234;
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
private static final Integer TOKEN_NUM_USES = 5;
private static final Integer TOKEN_PERIOD = 2345;
private static final Token.Type TOKEN_TYPE = Token.Type.SERVICE;
private static final String JSON_FULL = "{" +
"\"name\":\"" + NAME + "\"," +
"\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," +
"\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," +
"\"orphan\":" + ORPHAN + "," +
"\"renewable\":" + RENEWABLE + "," +
"\"path_suffix\":\"" + PATH_SUFFIX + "\"," +
"\"allowed_entity_aliases\":[\"" + ALLOWED_ENTITY_ALIAS_1 + "\",\"" + ALLOWED_ENTITY_ALIAS_3 + "\",\"" + ALLOWED_ENTITY_ALIAS_2 + "\"]," +
"\"token_bound_cidrs\":[\"" + TOKEN_BOUND_CIDR_3 + "\",\"" + TOKEN_BOUND_CIDR_2 + "\",\"" + TOKEN_BOUND_CIDR_1 + "\"]," +
"\"token_explicit_max_ttl\":" + TOKEN_EXPLICIT_MAX_TTL + "," +
"\"token_no_default_policy\":" + TOKEN_NO_DEFAULT_POLICY + "," +
"\"token_num_uses\":" + TOKEN_NUM_USES + "," +
"\"token_period\":" + TOKEN_PERIOD + "," +
"\"token_type\":\"" + TOKEN_TYPE.value() + "\"}";
/**
* Build token without any parameters.
*/
@Test
void buildDefaultTest() throws JsonProcessingException {
TokenRole role = TokenRole.builder().build();
assertNull(role.getAllowedPolicies());
assertNull(role.getDisallowedPolicies());
assertNull(role.getOrphan());
assertNull(role.getRenewable());
assertNull(role.getAllowedEntityAliases());
assertNull(role.getTokenBoundCidrs());
assertNull(role.getTokenExplicitMaxTtl());
assertNull(role.getTokenNoDefaultPolicy());
assertNull(role.getTokenNumUses());
assertNull(role.getTokenPeriod());
assertNull(role.getTokenType());
// Optional fields should be ignored, so JSON string should be empty.
assertEquals("{}", new ObjectMapper().writeValueAsString(role));
}
/**
* Build token without all parameters NULL.
*/
@Test
void buildNullTest() throws JsonProcessingException {
TokenRole role = TokenRole.builder()
.forName(null)
.withAllowedPolicies(null)
.withAllowedPolicy(null)
.withDisallowedPolicy(null)
.withDisallowedPolicies(null)
.orphan(null)
.renewable(null)
.withPathSuffix(null)
.withAllowedEntityAliases(null)
.withAllowedEntityAlias(null)
.withTokenBoundCidr(null)
.withTokenBoundCidrs(null)
.withTokenExplicitMaxTtl(null)
.withTokenNoDefaultPolicy(null)
.withTokenNumUses(null)
.withTokenPeriod(null)
.withTokenType(null)
.build();
assertNull(role.getAllowedPolicies());
assertNull(role.getDisallowedPolicies());
assertNull(role.getOrphan());
assertNull(role.getRenewable());
assertNull(role.getAllowedEntityAliases());
assertNull(role.getTokenBoundCidrs());
assertNull(role.getTokenExplicitMaxTtl());
assertNull(role.getTokenNoDefaultPolicy());
assertNull(role.getTokenNumUses());
assertNull(role.getTokenPeriod());
assertNull(role.getTokenType());
// Optional fields should be ignored, so JSON string should be empty.
assertEquals("{}", new ObjectMapper().writeValueAsString(role));
}
/**
* Build token without all parameters set.
*/
@Test
void buildFullTest() throws JsonProcessingException {
TokenRole role = TokenRole.builder()
.forName(NAME)
.withAllowedPolicies(ALLOWED_POLICIES)
.withAllowedPolicy(ALLOWED_POLICY_3)
.withDisallowedPolicy(DISALLOWED_POLICY_1)
.withDisallowedPolicies(DISALLOWED_POLICIES)
.orphan(ORPHAN)
.renewable(RENEWABLE)
.withPathSuffix(PATH_SUFFIX)
.withAllowedEntityAliases(ALLOWED_ENTITY_ALIASES)
.withAllowedEntityAlias(ALLOWED_ENTITY_ALIAS_2)
.withTokenBoundCidr(TOKEN_BOUND_CIDR_3)
.withTokenBoundCidrs(TOKEN_BOUND_CIDRS)
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
.withTokenNumUses(TOKEN_NUM_USES)
.withTokenPeriod(TOKEN_PERIOD)
.withTokenType(TOKEN_TYPE)
.build();
assertEquals(NAME, role.getName());
assertEquals(ALLOWED_POLICIES.size() + 1, role.getAllowedPolicies().size());
assertTrue(role.getAllowedPolicies().containsAll(List.of(ALLOWED_POLICY_1, ALLOWED_POLICY_2, ALLOWED_POLICY_3)));
assertEquals(DISALLOWED_POLICIES.size() + 1, role.getDisallowedPolicies().size());
assertTrue(role.getDisallowedPolicies().containsAll(List.of(DISALLOWED_POLICY_1, DISALLOWED_POLICY_2, DISALLOWED_POLICY_3)));
assertEquals(ORPHAN, role.getOrphan());
assertEquals(RENEWABLE, role.getRenewable());
assertEquals(PATH_SUFFIX, role.getPathSuffix());
assertEquals(ALLOWED_ENTITY_ALIASES.size() + 1, role.getAllowedEntityAliases().size());
assertTrue(role.getAllowedEntityAliases().containsAll(List.of(ALLOWED_ENTITY_ALIAS_1, ALLOWED_ENTITY_ALIAS_2, ALLOWED_ENTITY_ALIAS_3)));
assertEquals(TOKEN_BOUND_CIDRS.size() + 1, role.getTokenBoundCidrs().size());
assertTrue(role.getTokenBoundCidrs().containsAll(List.of(TOKEN_BOUND_CIDR_1, TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_3)));
assertEquals(TOKEN_NO_DEFAULT_POLICY, role.getTokenNoDefaultPolicy());
assertEquals(TOKEN_NUM_USES, role.getTokenNumUses());
assertEquals(TOKEN_PERIOD, role.getTokenPeriod());
assertEquals(TOKEN_TYPE.value(), role.getTokenType());
// Verify that all parameters are included in JSON string.
assertEquals(JSON_FULL, new ObjectMapper().writeValueAsString(role));
}
}

170
src/test/java/de/stklcode/jvault/connector/model/TokenTest.java Normal file
View File

@ -0,0 +1,170 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import java.util.*;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link Token} and {@link Token.Builder}.
*
* @author Stefan Kalscheuer
* @since 0.4.0
*/
class TokenTest {
private static final String ID = "test-id";
private static final String DISPLAY_NAME = "display-name";
private static final Boolean NO_PARENT = false;
private static final Boolean NO_DEFAULT_POLICY = false;
private static final Integer TTL = 123;
private static final Integer EXPLICIT_MAX_TTL = 456;
private static final Integer NUM_USES = 4;
private static final List<String> POLICIES = new ArrayList<>();
private static final String POLICY = "policy";
private static final String POLICY_2 = "policy2";
private static final String POLICY_3 = "policy3";
private static final Map<String, String> META = new HashMap<>();
private static final String META_KEY = "key";
private static final String META_VALUE = "value";
private static final String META_KEY_2 = "key2";
private static final String META_VALUE_2 = "value2";
private static final Boolean RENEWABLE = true;
private static final Integer PERIOD = 3600;
private static final String ENTITY_ALIAS = "alias-value";
private static final String JSON_FULL = "{\"id\":\"test-id\",\"type\":\"service\",\"display_name\":\"display-name\",\"no_parent\":false,\"no_default_policy\":false,\"ttl\":123,\"explicit_max_ttl\":456,\"num_uses\":4,\"policies\":[\"policy\"],\"meta\":{\"key\":\"value\"},\"renewable\":true,\"period\":3600,\"entity_alias\":\"alias-value\"}";
@BeforeAll
static void init() {
POLICIES.add(POLICY);
META.put(META_KEY, META_VALUE);
}
/**
* Build token without any parameters.
*/
@Test
void buildDefaultTest() throws JsonProcessingException {
Token token = Token.builder().build();
assertNull(token.getId());
assertNull(token.getType());
assertNull(token.getDisplayName());
assertNull(token.getNoParent());
assertNull(token.getNoDefaultPolicy());
assertNull(token.getTtl());
assertNull(token.getExplicitMaxTtl());
assertNull(token.getNumUses());
assertNull(token.getPolicies());
assertNull(token.getMeta());
assertNull(token.isRenewable());
assertNull(token.getPeriod());
assertNull(token.getEntityAlias());
// Optional fields should be ignored, so JSON string should be empty.
assertEquals("{}", new ObjectMapper().writeValueAsString(token));
}
/**
* Build token without all parameters set.
*/
@Test
void buildFullTest() throws JsonProcessingException {
Token token = Token.builder()
.withId(ID)
.withType(Token.Type.SERVICE)
.withDisplayName(DISPLAY_NAME)
.withNoParent(NO_PARENT)
.withNoDefaultPolicy(NO_DEFAULT_POLICY)
.withTtl(TTL)
.withExplicitMaxTtl(EXPLICIT_MAX_TTL)
.withNumUses(NUM_USES)
.withPolicies(POLICIES)
.withMeta(META)
.withRenewable(RENEWABLE)
.withPeriod(PERIOD)
.withEntityAlias(ENTITY_ALIAS)
.build();
assertEquals(ID, token.getId());
assertEquals(Token.Type.SERVICE.value(), token.getType());
assertEquals(DISPLAY_NAME, token.getDisplayName());
assertEquals(NO_PARENT, token.getNoParent());
assertEquals(NO_DEFAULT_POLICY, token.getNoDefaultPolicy());
assertEquals(TTL, token.getTtl());
assertEquals(EXPLICIT_MAX_TTL, token.getExplicitMaxTtl());
assertEquals(NUM_USES, token.getNumUses());
assertEquals(POLICIES, token.getPolicies());
assertEquals(META, token.getMeta());
assertEquals(RENEWABLE, token.isRenewable());
assertEquals(PERIOD, token.getPeriod());
// Verify that all parameters are included in JSON string.
assertEquals(JSON_FULL, new ObjectMapper().writeValueAsString(token));
}
/**
* Test convenience methods
*/
@Test
void convenienceMethodsTest() {
// Parent.
Token token = Token.builder().asOrphan().build();
assertEquals(true, token.getNoParent());
token = Token.builder().withParent().build();
assertEquals(false, token.getNoParent());
// Default policy.
token = Token.builder().withDefaultPolicy().build();
assertEquals(false, token.getNoDefaultPolicy());
token = Token.builder().withoutDefaultPolicy().build();
assertEquals(true, token.getNoDefaultPolicy());
// Renewability.
token = Token.builder().renewable().build();
assertEquals(true, token.isRenewable());
token = Token.builder().notRenewable().build();
assertEquals(false, token.isRenewable());
// Add single policy.
token = Token.builder().withPolicy(POLICY_2).build();
assertEquals(1, token.getPolicies().size());
assertEquals(List.of(POLICY_2), token.getPolicies());
token = Token.builder()
.withPolicies(POLICY, POLICY_2)
.withPolicy(POLICY_3)
.build();
assertEquals(3, token.getPolicies().size());
assertTrue(token.getPolicies().containsAll(List.of(POLICY, POLICY_2, POLICY_3)));
// Add single metadata.
token = Token.builder().withMeta(META_KEY_2, META_VALUE_2).build();
assertEquals(1, token.getMeta().size());
assertEquals(Set.of(META_KEY_2), token.getMeta().keySet());
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
token = Token.builder()
.withMeta(META)
.withMeta(META_KEY_2, META_VALUE_2)
.build();
assertEquals(2, token.getMeta().size());
assertEquals(META_VALUE, token.getMeta().get(META_KEY));
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
}
}

112
src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java Normal file
View File

@ -0,0 +1,112 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.AppRole;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link AppRoleResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.6.2
*/
class AppRoleResponseTest {
private static final Integer ROLE_TOKEN_TTL = 1200;
private static final Integer ROLE_TOKEN_MAX_TTL = 1800;
private static final Integer ROLE_SECRET_TTL = 600;
private static final Integer ROLE_SECRET_NUM_USES = 40;
private static final String ROLE_POLICY = "default";
private static final Integer ROLE_PERIOD = 0;
private static final Boolean ROLE_BIND_SECRET = true;
private static final String RES_JSON = "{\n" +
" \"auth\": null,\n" +
" \"warnings\": null,\n" +
" \"wrap_info\": null,\n" +
" \"data\": {\n" +
" \"token_ttl\": " + ROLE_TOKEN_TTL + ",\n" +
" \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
" \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
" \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
" \"token_policies\": [\n" +
" \"" + ROLE_POLICY + "\"\n" +
" ],\n" +
" \"token_period\": " + ROLE_PERIOD + ",\n" +
" \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
" \"bound_cidr_list\": \"\"\n" +
" },\n" +
" \"lease_duration\": 0,\n" +
" \"renewable\": false,\n" +
" \"lease_id\": \"\"\n" +
"}";
private static final Map<String, Object> INVALID_DATA = new HashMap<>();
static {
INVALID_DATA.put("token_policies", "fancy-policy");
}
/**
* Test getter, setter and get-methods for response data.
*/
@Test
void getDataRoundtrip() {
// Create empty Object.
AppRoleResponse res = new AppRoleResponse();
assertNull(res.getRole(), "Initial data should be empty");
// Parsing invalid auth data map should fail.
assertThrows(
InvalidResponseException.class,
() -> res.setData(INVALID_DATA),
"Parsing invalid data succeeded"
);
}
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
AppRoleResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_JSON, AppRoleResponse.class),
"AuthResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
// Extract role data.
AppRole role = res.getRole();
assertNotNull(role, "Role data is NULL");
assertEquals(ROLE_TOKEN_TTL, role.getTokenTtl(), "Incorrect token TTL");
assertEquals(ROLE_TOKEN_MAX_TTL, role.getTokenMaxTtl(), "Incorrect token max TTL");
assertEquals(ROLE_SECRET_TTL, role.getSecretIdTtl(), "Incorrect secret ID TTL");
assertEquals(ROLE_SECRET_NUM_USES, role.getSecretIdNumUses(), "Incorrect secret ID umber of uses");
assertEquals(List.of(ROLE_POLICY), role.getTokenPolicies(), "Incorrect policies");
assertEquals(ROLE_PERIOD, role.getTokenPeriod(), "Incorrect role period");
assertEquals(ROLE_BIND_SECRET, role.getBindSecretId(), "Incorrect role bind secret ID flag");
assertNull(role.getTokenBoundCidrs(), "Incorrect bound CIDR list");
assertEquals("", role.getTokenBoundCidrsString(), "Incorrect bound CIDR list string");
}
}

125
src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java Normal file
View File

@ -0,0 +1,125 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
import org.junit.jupiter.api.Test;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link AuthMethodsResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.6.2
*/
class AuthMethodsResponseTest {
private static final String GH_PATH = "github/";
private static final String GH_TYPE = "github";
private static final String GH_DESCR = "GitHub auth";
private static final String TK_PATH = "token/";
private static final String TK_TYPE = "token";
private static final String TK_DESCR = "token based credentials";
private static final Integer TK_LEASE_TTL = 0;
private static final Integer TK_MAX_LEASE_TTL = 0;
private static final String RES_JSON = "{\n" +
" \"data\": {" +
" \"" + GH_PATH + "\": {\n" +
" \"type\": \"" + GH_TYPE + "\",\n" +
" \"description\": \"" + GH_DESCR + "\"\n" +
" },\n" +
" \"" + TK_PATH + "\": {\n" +
" \"config\": {\n" +
" \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
" \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + "\n" +
" },\n" +
" \"description\": \"" + TK_DESCR + "\",\n" +
" \"type\": \"" + TK_TYPE + "\"\n" +
" }\n" +
" }\n" +
"}";
private static final Map<String, Object> INVALID_DATA = new HashMap<>();
static {
INVALID_DATA.put("dummy/", new Dummy());
}
/**
* Test getter, setter and get-methods for response data.
*/
@Test
void getDataRoundtrip() {
// Create empty Object.
AuthMethodsResponse res = new AuthMethodsResponse();
assertEquals(Collections.emptyMap(), res.getSupportedMethods(), "Initial method map should be empty");
// Parsing invalid data map should fail.
assertThrows(
InvalidResponseException.class,
() -> res.setData(INVALID_DATA),
"Parsing invalid data succeeded"
);
}
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
AuthMethodsResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_JSON, AuthMethodsResponse.class),
"AuthResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
// Extract auth data.
Map<String, AuthMethod> supported = res.getSupportedMethods();
assertNotNull(supported, "Auth data is NULL");
assertEquals(2, supported.size(), "Incorrect number of supported methods");
assertTrue(supported.keySet().containsAll(Set.of(GH_PATH, TK_PATH)), "Incorrect method paths");
// Verify first method.
AuthMethod method = supported.get(GH_PATH);
assertEquals(GH_TYPE, method.getRawType(), "Incorrect raw type for GitHub");
assertEquals(AuthBackend.GITHUB, method.getType(), "Incorrect parsed type for GitHub");
assertEquals(GH_DESCR, method.getDescription(), "Incorrect description for GitHub");
assertNull(method.getConfig(), "Unexpected config for GitHub");
// Verify first method.
method = supported.get(TK_PATH);
assertEquals(TK_TYPE, method.getRawType(), "Incorrect raw type for Token");
assertEquals(AuthBackend.TOKEN, method.getType(), "Incorrect parsed type for Token");
assertEquals(TK_DESCR, method.getDescription(), "Incorrect description for Token");
assertNotNull(method.getConfig(), "Missing config for Token");
assertEquals(2, method.getConfig().size(), "Unexpected config size for Token");
assertEquals(TK_LEASE_TTL.toString(), method.getConfig().get("default_lease_ttl"), "Incorrect lease TTL config");
assertEquals(TK_MAX_LEASE_TTL.toString(), method.getConfig().get("max_lease_ttl"), "Incorrect max lease TTL config");
}
private static class Dummy {
}
}

125
src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java Normal file
View File

@ -0,0 +1,125 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.AuthData;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link AuthResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.6.2
*/
class AuthResponseTest {
private static final String AUTH_ACCESSOR = "2c84f488-2133-4ced-87b0-570f93a76830";
private static final String AUTH_CLIENT_TOKEN = "ABCD";
private static final String AUTH_POLICY_1 = "web";
private static final String AUTH_POLICY_2 = "stage";
private static final String AUTH_META_KEY = "user";
private static final String AUTH_META_VALUE = "armon";
private static final Integer AUTH_LEASE_DURATION = 3600;
private static final Boolean AUTH_RENEWABLE = true;
private static final String AUTH_ENTITY_ID = "";
private static final String AUTH_TOKEN_TYPE = "service";
private static final Boolean AUTH_ORPHAN = false;
private static final String RES_JSON = "{\n" +
" \"auth\": {\n" +
" \"accessor\": \"" + AUTH_ACCESSOR + "\",\n" +
" \"client_token\": \"" + AUTH_CLIENT_TOKEN + "\",\n" +
" \"policies\": [\n" +
" \"" + AUTH_POLICY_1 + "\", \n" +
" \"" + AUTH_POLICY_2 + "\"\n" +
" ],\n" +
" \"token_policies\": [\n" +
" \"" + AUTH_POLICY_2 + "\",\n" +
" \"" + AUTH_POLICY_1 + "\" \n" +
" ],\n" +
" \"metadata\": {\n" +
" \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
" },\n" +
" \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
" \"renewable\": " + AUTH_RENEWABLE + ",\n" +
" \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
" \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
" \"orphan\": " + AUTH_ORPHAN + "\n" +
" }\n" +
"}";
private static final Map<String, Object> INVALID_AUTH_DATA = new HashMap<>();
static {
INVALID_AUTH_DATA.put("policies", "fancy-policy");
}
/**
* Test getter, setter and get-methods for response data.
*/
@Test
void getDataRoundtrip() {
// Create empty Object.
AuthResponse res = new AuthResponse();
assertNull(res.getData(), "Initial data should be empty");
// Parsing invalid auth data map should fail.
assertThrows(
InvalidResponseException.class,
() -> res.setAuth(INVALID_AUTH_DATA),
"Parsing invalid auth data succeeded"
);
// Data method should be agnostic.
res.setData(INVALID_AUTH_DATA);
assertEquals(INVALID_AUTH_DATA, res.getData(), "Data not passed through");
}
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
AuthResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_JSON, AuthResponse.class),
"AuthResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
// Extract auth data.
AuthData data = res.getAuth();
assertNotNull(data, "Auth data is NULL");
assertEquals(AUTH_ACCESSOR, data.getAccessor(), "Incorrect auth accessor");
assertEquals(AUTH_CLIENT_TOKEN, data.getClientToken(), "Incorrect auth client token");
assertEquals(AUTH_LEASE_DURATION, data.getLeaseDuration(), "Incorrect auth lease duration");
assertEquals(AUTH_RENEWABLE, data.isRenewable(), "Incorrect auth renewable flag");
assertEquals(AUTH_ORPHAN, data.isOrphan(), "Incorrect auth orphan flag");
assertEquals(AUTH_TOKEN_TYPE, data.getTokenType(), "Incorrect auth token type");
assertEquals(AUTH_ENTITY_ID, data.getEntityId(), "Incorrect auth entity id");
assertEquals(2, data.getPolicies().size(), "Incorrect number of policies");
assertTrue(data.getPolicies().containsAll(Set.of(AUTH_POLICY_1, AUTH_POLICY_2)));
assertEquals(2, data.getTokenPolicies().size(), "Incorrect number of token policies");
assertTrue(data.getTokenPolicies().containsAll(Set.of(AUTH_POLICY_2, AUTH_POLICY_1)), "Incorrect token policies");
assertEquals(Map.of(AUTH_META_KEY, AUTH_META_VALUE), data.getMetadata(), "Incorrect auth metadata");
}
}

62
src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java Normal file
View File

@ -0,0 +1,62 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
/**
* JUnit Test for {@link CredentialsResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
class CredentialsResponseTest {
private static final Map<String, Object> DATA = new HashMap<>();
private static final String VAL_USER = "testUserName";
private static final String VAL_PASS = "5up3r5ecr3tP455";
static {
DATA.put("username", VAL_USER);
DATA.put("password", VAL_PASS);
}
/**
* Test getter, setter and get-methods for response data.
*
* @throws InvalidResponseException Should not occur
*/
@Test
@SuppressWarnings("unchecked")
void getCredentialsTest() throws InvalidResponseException {
// Create empty Object.
CredentialsResponse res = new CredentialsResponse();
assertNull(res.getUsername(), "Username not present in data map should not return anything");
assertNull(res.getPassword(), "Password not present in data map should not return anything");
// Fill data map.
res.setData(DATA);
assertEquals(VAL_USER, res.getUsername(), "Incorrect username");
assertEquals(VAL_PASS, res.getPassword(), "Incorrect password");
}
}

76
src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link AuthResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.7.0
*/
class HealthResponseTest {
private static final String CLUSTER_ID = "c9abceea-4f46-4dab-a688-5ce55f89e228";
private static final String CLUSTER_NAME = "vault-cluster-5515c810";
private static final String VERSION = "0.9.2";
private static final Long SERVER_TIME_UTC = 1469555798L;
private static final Boolean STANDBY = false;
private static final Boolean SEALED = false;
private static final Boolean INITIALIZED = true;
private static final Boolean PERF_STANDBY = false;
private static final String REPL_PERF_MODE = "disabled";
private static final String REPL_DR_MODE = "disabled";
private static final String RES_JSON = "{\n" +
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
" \"version\": \"" + VERSION + "\",\n" +
" \"server_time_utc\": " + SERVER_TIME_UTC + ",\n" +
" \"standby\": " + STANDBY + ",\n" +
" \"sealed\": " + SEALED + ",\n" +
" \"initialized\": " + INITIALIZED + ",\n" +
" \"replication_perf_mode\": \"" + REPL_PERF_MODE + "\",\n" +
" \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
" \"performance_standby\": " + PERF_STANDBY + "\n" +
"}";
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
HealthResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_JSON, HealthResponse.class),
"Health deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID");
assertEquals(CLUSTER_NAME, res.getClusterName(), "Incorrect cluster name");
assertEquals(VERSION, res.getVersion(), "Incorrect version");
assertEquals(SERVER_TIME_UTC, res.getServerTimeUTC(), "Incorrect server time");
assertEquals(STANDBY, res.isStandby(), "Incorrect standby state");
assertEquals(SEALED, res.isSealed(), "Incorrect seal state");
assertEquals(INITIALIZED, res.isInitialized(), "Incorrect initialization state");
assertEquals(PERF_STANDBY, res.isPerformanceStandby(), "Incorrect performance standby state");
assertEquals(REPL_PERF_MODE, res.getReplicationPerfMode(), "Incorrect replication perf mode");
assertEquals(REPL_DR_MODE, res.getReplicationDrMode(), "Incorrect replication DR mode");
}
}

91
src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java Normal file
View File

@ -0,0 +1,91 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link MetadataResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
class MetadataResponseTest {
private static final String V1_TIME = "2018-03-22T02:24:06.945319214Z";
private static final String V3_TIME = "2018-03-22T02:36:43.986212308Z";
private static final String V2_TIME = "2018-03-22T02:36:33.954880664Z";
private static final Integer CURRENT_VERSION = 3;
private static final Integer MAX_VERSIONS = 0;
private static final Integer OLDEST_VERSION = 1;
private static final String META_JSON = "{\n" +
" \"data\": {\n" +
" \"created_time\": \"" + V1_TIME + "\",\n" +
" \"current_version\": " + CURRENT_VERSION + ",\n" +
" \"max_versions\": " + MAX_VERSIONS + ",\n" +
" \"oldest_version\": " + OLDEST_VERSION + ",\n" +
" \"updated_time\": \"" + V3_TIME + "\",\n" +
" \"versions\": {\n" +
" \"1\": {\n" +
" \"created_time\": \"" + V1_TIME + "\",\n" +
" \"deletion_time\": \"" + V2_TIME + "\",\n" +
" \"destroyed\": true\n" +
" },\n" +
" \"2\": {\n" +
" \"created_time\": \"" + V2_TIME + "\",\n" +
" \"deletion_time\": \"\",\n" +
" \"destroyed\": false\n" +
" },\n" +
" \"3\": {\n" +
" \"created_time\": \"" + V3_TIME + "\",\n" +
" \"deletion_time\": \"\",\n" +
" \"destroyed\": false\n" +
" }\n" +
" }\n" +
" }\n" +
"}";
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
MetadataResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(META_JSON, MetadataResponse.class),
"MetadataResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
assertEquals(V1_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
assertNotNull(res.getMetadata().getCreatedTime(), "Parting created time failed");
assertEquals(CURRENT_VERSION, res.getMetadata().getCurrentVersion(), "Incorrect current version");
assertEquals(MAX_VERSIONS, res.getMetadata().getMaxVersions(), "Incorrect max versions");
assertEquals(OLDEST_VERSION, res.getMetadata().getOldestVersion(), "Incorrect oldest version");
assertEquals(V3_TIME, res.getMetadata().getUpdatedTimeString(), "Incorrect updated time");
assertNotNull(res.getMetadata().getUpdatedTime(), "Parting updated time failed");
assertEquals(3, res.getMetadata().getVersions().size(), "Incorrect number of versions");
assertEquals(V2_TIME, res.getMetadata().getVersions().get(1).getDeletionTimeString(), "Incorrect version 1 delete time");
assertNotNull(res.getMetadata().getVersions().get(1).getDeletionTime(), "Parsing version delete time failed");
assertTrue(res.getMetadata().getVersions().get(1).isDestroyed(), "Incorrect version 1 destroyed state");
assertEquals(V2_TIME, res.getMetadata().getVersions().get(2).getCreatedTimeString(), "Incorrect version 2 created time");
assertNotNull(res.getMetadata().getVersions().get(2).getCreatedTime(), "Parsing version created failed");
assertFalse(res.getMetadata().getVersions().get(3).isDestroyed(), "Incorrect version 3 destroyed state");
}
}

106
src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java Normal file
View File

@ -0,0 +1,106 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link SealResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
class SealResponseTest {
private static final String TYPE = "shamir";
private static final Integer THRESHOLD = 3;
private static final Integer SHARES = 5;
private static final Integer PROGRESS_SEALED = 2;
private static final Integer PROGRESS_UNSEALED = 0;
private static final String VERSION = "0.11.2";
private static final String CLUSTER_NAME = "vault-cluster-d6ec3c7f";
private static final String CLUSTER_ID = "3e8b3fec-3749-e056-ba41-b62a63b997e8";
private static final String NONCE = "ef05d55d-4d2c-c594-a5e8-55bc88604c24";
private static final String RES_SEALED = "{\n" +
" \"type\": \"" + TYPE + "\",\n" +
" \"sealed\": true,\n" +
" \"initialized\": true,\n" +
" \"t\": " + THRESHOLD + ",\n" +
" \"n\": " + SHARES + ",\n" +
" \"progress\": " + PROGRESS_SEALED + ",\n" +
" \"nonce\": \"\",\n" +
" \"version\": \"" + VERSION + "\"\n" +
"}";
private static final String RES_UNSEALED = "{\n" +
" \"type\": \"" + TYPE + "\",\n" +
" \"sealed\": false,\n" +
" \"initialized\": true,\n" +
" \"t\": " + THRESHOLD + ",\n" +
" \"n\": " + SHARES + ",\n" +
" \"progress\": " + PROGRESS_UNSEALED + ",\n" +
" \"version\": \"" + VERSION + "\",\n" +
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
" \"nonce\": \"" + NONCE + "\"\n" +
"}";
/**
* Test creation from JSON value as returned by Vault when sealed (JSON example close to Vault documentation).
*/
@Test
void jsonRoundtripSealed() {
// First test sealed Vault's response.
SealResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_SEALED, SealResponse.class),
"TokenResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals(TYPE, res.getType(), "Incorrect seal type");
assertTrue(res.isSealed(), "Incorrect seal status");
assertTrue(res.isInitialized(), "Incorrect initialization status");
assertEquals(THRESHOLD, res.getThreshold(), "Incorrect threshold");
assertEquals(SHARES, res.getNumberOfShares(), "Incorrect number of shares");
assertEquals(PROGRESS_SEALED, res.getProgress(), "Incorrect progress");
assertEquals("", res.getNonce(), "Nonce not empty");
assertEquals(VERSION, res.getVersion(), "Incorrect version");
// And the fields, that should not be filled.
assertNull(res.getClusterName(), "Cluster name should not be populated");
assertNull(res.getClusterId(), "Cluster ID should not be populated");
// Not test unsealed Vault's response.
res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_UNSEALED, SealResponse.class),
"TokenResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals(TYPE, res.getType(), "Incorrect seal type");
assertFalse(res.isSealed(), "Incorrect seal status");
assertTrue(res.isInitialized(), "Incorrect initialization status");
assertEquals(THRESHOLD, res.getThreshold(), "Incorrect threshold");
assertEquals(SHARES, res.getNumberOfShares(), "Incorrect number of shares");
assertEquals(PROGRESS_UNSEALED, res.getProgress(), "Incorrect progress");
assertEquals(NONCE, res.getNonce(), "Incorrect nonce");
assertEquals(VERSION, res.getVersion(), "Incorrect version");
assertEquals(CLUSTER_NAME, res.getClusterName(), "Incorrect cluster name");
assertEquals(CLUSTER_ID, res.getClusterId(), "Incorrect cluster ID");
}
}

68
src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java Normal file
View File

@ -0,0 +1,68 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import org.junit.jupiter.api.Test;
import java.util.*;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link SecretListResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
class SecretListResponseTest {
private static final Map<String, Object> DATA = new HashMap<>();
private static final String KEY1 = "key1";
private static final String KEY2 = "key-2";
private static final List<String> KEYS = Arrays.asList(KEY1, KEY2);
static {
DATA.put("keys", KEYS);
}
/**
* Test getter, setter and get-methods for response data.
*
* @throws InvalidResponseException Should not occur
*/
@Test
void getKeysTest() throws InvalidResponseException {
// Create empty Object.
SecretListResponse res = new SecretListResponse();
assertNull(res.getKeys(), "Keys should be null without initialization");
// Provoke internal ClassCastException.
Map<String, Object> invalidData = new HashMap<>();
invalidData.put("keys", "some string");
assertThrows(
InvalidResponseException.class,
() -> res.setData(invalidData),
"Setting incorrect class succeeded"
);
// Fill correct data.
res.setData(DATA);
assertNotNull(res.getKeys(), "Keys should be filled here");
assertEquals(2, res.getKeys().size(), "Unexpected number of keys");
assertTrue(res.getKeys().containsAll(Set.of(KEY1, KEY2)), "Unexpected keys");
}
}

201
src/test/java/de/stklcode/jvault/connector/model/response/SecretResponseTest.java Normal file
View File

@ -0,0 +1,201 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link SecretResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.6.2
*/
class SecretResponseTest {
private static final Map<String, Object> DATA = new HashMap<>();
private static final String KEY_UNKNOWN = "unknown";
private static final String KEY_STRING = "test1";
private static final String VAL_STRING = "testvalue";
private static final String KEY_INTEGER = "test2";
private static final Integer VAL_INTEGER = 42;
private static final String KEY_LIST = "list";
private static final String VAL_LIST = "[\"first\",\"second\"]";
private static final String SECRET_REQUEST_ID = "68315073-6658-e3ff-2da7-67939fb91bbd";
private static final String SECRET_LEASE_ID = "";
private static final Integer SECRET_LEASE_DURATION = 2764800;
private static final boolean SECRET_RENEWABLE = false;
private static final String SECRET_DATA_K1 = "excited";
private static final String SECRET_DATA_V1 = "yes";
private static final String SECRET_DATA_K2 = "value";
private static final String SECRET_DATA_V2 = "world";
private static final String SECRET_META_CREATED = "2018-03-22T02:24:06.945319214Z";
private static final String SECRET_META_DELETED = "2018-03-23T03:25:07.056420325Z";
private static final List<String> SECRET_WARNINGS = null;
private static final String SECRET_JSON = "{\n" +
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
" \"data\": {\n" +
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
" },\n" +
" \"warnings\": " + SECRET_WARNINGS + "\n" +
"}";
private static final String SECRET_JSON_V2 = "{\n" +
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
" \"data\": {\n" +
" \"data\": {\n" +
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
" },\n" +
" \"metadata\": {\n" +
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
" \"deletion_time\": \"\",\n" +
" \"destroyed\": false,\n" +
" \"version\": 1\n" +
" }\n" +
" },\n" +
" \"warnings\": " + SECRET_WARNINGS + "\n" +
"}";
private static final String SECRET_JSON_V2_2 = "{\n" +
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
" \"data\": {\n" +
" \"data\": {\n" +
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
" },\n" +
" \"metadata\": {\n" +
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
" \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
" \"destroyed\": true,\n" +
" \"version\": 2\n" +
" }\n" +
" },\n" +
" \"warnings\": " + SECRET_WARNINGS + "\n" +
"}";
static {
DATA.put(KEY_STRING, VAL_STRING);
DATA.put(KEY_INTEGER, VAL_INTEGER);
DATA.put(KEY_LIST, VAL_LIST);
}
/**
* Test getter, setter and get-methods for response data.
*
* @throws InvalidResponseException Should not occur
*/
@Test
@SuppressWarnings("unchecked")
void getDataRoundtrip() throws InvalidResponseException {
// Create empty Object.
SecretResponse res = new SecretResponse();
assertNotNull(res.getData(), "Initial data should be Map");
assertTrue(res.getData().isEmpty(), "Initial data should be empty");
assertNull(res.get(KEY_STRING), "Getter should return NULL on empty data map");
// Fill data map.
res.setData(DATA);
assertEquals(DATA, res.getData(), "Data setter/getter not transparent");
assertEquals(DATA.size(), res.getData().keySet().size(), "Data size modified");
assertTrue(res.getData().keySet().containsAll(Set.of(KEY_STRING, KEY_INTEGER, KEY_LIST)), "Data keys not passed correctly");
assertEquals(VAL_STRING, res.get(KEY_STRING), "Data values not passed correctly");
assertEquals(VAL_INTEGER, res.get(KEY_INTEGER), "Data values not passed correctly");
assertNull(res.get(KEY_UNKNOWN), "Non-Null returned on unknown key");
// Try explicit JSON conversion.
final List<?> list = res.get(KEY_LIST, List.class);
assertNotNull(list, "JSON parsing of list failed");
assertEquals(2, list.size(), "JSON parsing of list returned incorrect size");
assertTrue(list.containsAll(List.of("first", "second")), "JSON parsing of list returned incorrect elements");
assertNull(res.get(KEY_UNKNOWN, Object.class), "Non-Null returned on unknown key");
// Requesting invalid class should result in Exception.
assertThrows(
InvalidResponseException.class,
() -> res.get(KEY_LIST, Double.class),
"JSON parsing to incorrect type succeeded"
);
}
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
SecretResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(SECRET_JSON, SecretResponse.class),
"SecretResponse deserialization failed"
);
assertSecretData(res);
// KV v2 secret.
res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(SECRET_JSON_V2, SecretResponse.class),
"SecretResponse deserialization failed"
);
assertSecretData(res);
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
assertEquals("", res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
assertNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
assertEquals(false, res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
assertEquals(1, res.getMetadata().getVersion(), "Incorrect secret version");
// Deleted KV v2 secret.
res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(SECRET_JSON_V2_2, SecretResponse.class),
"SecretResponse deserialization failed"
);
assertSecretData(res);
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
assertEquals(SECRET_META_CREATED, res.getMetadata().getCreatedTimeString(), "Incorrect creation date string");
assertNotNull(res.getMetadata().getCreatedTime(), "Creation date parsing failed");
assertEquals(SECRET_META_DELETED, res.getMetadata().getDeletionTimeString(), "Incorrect deletion date string");
assertNotNull(res.getMetadata().getDeletionTime(), "Incorrect deletion date");
assertEquals(true, res.getMetadata().isDestroyed(), "Secret destroyed when not expected");
assertEquals(2, res.getMetadata().getVersion(), "Incorrect secret version");
}
private void assertSecretData(SecretResponse res) {
assertNotNull(res, "Parsed response is NULL");
assertEquals(SECRET_LEASE_ID, res.getLeaseId(), "Incorrect lease ID");
assertEquals(SECRET_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
assertEquals(SECRET_RENEWABLE, res.isRenewable(), "Incorrect renewable status");
assertEquals(SECRET_WARNINGS, res.getWarnings(), "Incorrect warnings");
assertEquals(SECRET_DATA_V1, res.get(SECRET_DATA_K1), "Response does not contain correct data");
assertEquals(SECRET_DATA_V2, res.get(SECRET_DATA_K2), "Response does not contain correct data");
}
}

60
src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link SecretVersionResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.8
*/
class SecretVersionResponseTest {
private static final String CREATION_TIME = "2018-03-22T02:24:06.945319214Z";
private static final String DELETION_TIME = "2018-03-22T02:36:43.986212308Z";
private static final Integer VERSION = 42;
private static final String META_JSON = "{\n" +
" \"data\": {\n" +
" \"created_time\": \"" + CREATION_TIME + "\",\n" +
" \"deletion_time\": \"" + DELETION_TIME + "\",\n" +
" \"destroyed\": false,\n" +
" \"version\": " + VERSION + "\n" +
" }\n" +
"}";
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
SecretVersionResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(META_JSON, SecretVersionResponse.class),
"SecretVersionResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
assertEquals(CREATION_TIME, res.getMetadata().getCreatedTimeString(), "Incorrect created time");
assertEquals(DELETION_TIME, res.getMetadata().getDeletionTimeString(), "Incorrect deletion time");
assertEquals(false, res.getMetadata().isDestroyed(), "Incorrect destroyed state");
assertEquals(VERSION, res.getMetadata().getVersion(), "Incorrect version");
}
}

152
src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java Normal file
View File

@ -0,0 +1,152 @@
/*
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.TokenData;
import org.junit.jupiter.api.Test;
import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link TokenResponse} model.
*
* @author Stefan Kalscheuer
* @since 0.6.2
*/
class TokenResponseTest {
private static final Integer TOKEN_CREATION_TIME = 1457533232;
private static final Integer TOKEN_TTL = 2764800;
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 0;
private static final String TOKEN_DISPLAY_NAME = "token";
private static final String TOKEN_META_KEY = "foo";
private static final String TOKEN_META_VALUE = "bar";
private static final Integer TOKEN_NUM_USES = 0;
private static final Boolean TOKEN_ORPHAN = false;
private static final Boolean TOKEN_RENEWABLE = true;
private static final String TOKEN_PATH = "auth/token/create";
private static final String TOKEN_POLICY_1 = "default";
private static final String TOKEN_POLICY_2 = "web";
private static final Boolean RES_RENEWABLE = false;
private static final Integer RES_TTL = 2591976;
private static final Integer RES_LEASE_DURATION = 0;
private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
private static final String TOKEN_EXPIRE_TIME = "2018-05-19T11:35:54.466476215-04:00";
private static final String TOKEN_ID = "my-token";
private static final String TOKEN_ISSUE_TIME = "2018-04-17T11:35:54.466476078-04:00";
private static final String TOKEN_TYPE = "service";
private static final String RES_JSON = "{\n" +
" \"lease_id\": \"\",\n" +
" \"renewable\": " + RES_RENEWABLE + ",\n" +
" \"lease_duration\": " + RES_LEASE_DURATION + ",\n" +
" \"data\": {\n" +
" \"accessor\": \"" + TOKEN_ACCESSOR + "\",\n" +
" \"creation_time\": " + TOKEN_CREATION_TIME + ",\n" +
" \"creation_ttl\": " + TOKEN_TTL + ",\n" +
" \"display_name\": \"" + TOKEN_DISPLAY_NAME + "\",\n" +
" \"entity_id\": \"" + TOKEN_ENTITY_ID + "\",\n" +
" \"expire_time\": \"" + TOKEN_EXPIRE_TIME + "\",\n" +
" \"explicit_max_ttl\": \"" + TOKEN_EXPLICIT_MAX_TTL + "\",\n" +
" \"id\": \"" + TOKEN_ID + "\",\n" +
" \"issue_time\": \"" + TOKEN_ISSUE_TIME + "\",\n" +
" \"meta\": {\n" +
" \"" + TOKEN_META_KEY + "\": \"" + TOKEN_META_VALUE + "\"\n" +
" },\n" +
" \"num_uses\": " + TOKEN_NUM_USES + ",\n" +
" \"orphan\": " + TOKEN_ORPHAN + ",\n" +
" \"path\": \"" + TOKEN_PATH + "\",\n" +
" \"policies\": [\n" +
" \"" + TOKEN_POLICY_1 + "\", \n" +
" \"" + TOKEN_POLICY_2 + "\"\n" +
" ],\n" +
" \"renewable\": " + TOKEN_RENEWABLE + ",\n" +
" \"ttl\": " + RES_TTL + ",\n" +
" \"type\": \"" + TOKEN_TYPE + "\"\n" +
" },\n" +
" \"warnings\": null,\n" +
" \"auth\": null\n" +
"}";
private static final Map<String, Object> INVALID_TOKEN_DATA = new HashMap<>();
static {
INVALID_TOKEN_DATA.put("num_uses", "fourtytwo");
}
/**
* Test getter, setter and get-methods for response data.
*/
@Test
void getDataRoundtrip() {
// Create empty Object.
TokenResponse res = new TokenResponse();
assertNull(res.getData(), "Initial data should be empty");
// Parsing invalid data map should fail.
assertThrows(
InvalidResponseException.class,
() -> res.setData(INVALID_TOKEN_DATA),
"Parsing invalid token data succeeded"
);
}
/**
* Test creation from JSON value as returned by Vault (JSON example copied from Vault documentation).
*/
@Test
void jsonRoundtrip() {
TokenResponse res = assertDoesNotThrow(
() -> new ObjectMapper().readValue(RES_JSON, TokenResponse.class),
"TokenResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
assertEquals(RES_RENEWABLE, res.isRenewable(), "Incorrect response renewable flag");
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect response lease duration");
// Extract token data.
TokenData data = res.getData();
assertNotNull(data, "Token data is NULL");
assertEquals(TOKEN_ACCESSOR, data.getAccessor(), "Incorrect token accessor");
assertEquals(TOKEN_CREATION_TIME, data.getCreationTime(), "Incorrect token creation time");
assertEquals(TOKEN_TTL, data.getCreationTtl(), "Incorrect token creation TTL");
assertEquals(TOKEN_DISPLAY_NAME, data.getName(), "Incorrect token display name");
assertEquals(TOKEN_ENTITY_ID, data.getEntityId(), "Incorrect token entity ID");
assertEquals(TOKEN_EXPIRE_TIME, data.getExpireTimeString(), "Incorrect token expire time");
assertEquals(ZonedDateTime.parse(TOKEN_EXPIRE_TIME), data.getExpireTime(), "Incorrect parsed token expire time");
assertEquals(TOKEN_EXPLICIT_MAX_TTL, data.getExplicitMaxTtl(), "Incorrect token explicit max TTL");
assertEquals(TOKEN_ID, data.getId(), "Incorrect token ID");
assertEquals(TOKEN_ISSUE_TIME, data.getIssueTimeString(), "Incorrect token issue time");
assertEquals(ZonedDateTime.parse(TOKEN_ISSUE_TIME), data.getIssueTime(), "Incorrect parsed token issue time");
assertEquals(Map.of(TOKEN_META_KEY, TOKEN_META_VALUE), data.getMeta(), "Incorrect token metadata");
assertEquals(TOKEN_NUM_USES, data.getNumUses(), "Incorrect token number of uses");
assertEquals(TOKEN_ORPHAN, data.isOrphan(), "Incorrect token orphan flag");
assertEquals(TOKEN_PATH, data.getPath(), "Incorrect token path");
assertEquals(2, data.getPolicies().size(), "Incorrect number of token policies");
assertTrue(data.getPolicies().containsAll(List.of(TOKEN_POLICY_1, TOKEN_POLICY_2)), "Incorrect token policies");
assertEquals(TOKEN_RENEWABLE, data.isRenewable(), "Incorrect token renewable flag");
assertEquals(RES_TTL, data.getTtl(), "Incorrect token TTL");
assertEquals(TOKEN_TYPE, data.getType(), "Incorrect token type");
}
}

6
src/test/java/de/stklcode/jvault/connector/test/Credentials.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -21,8 +21,8 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* Simple credentials class for JSON testing.
*
* @author Stefan Kalscheuer
* @since 0.1
* @author Stefan Kalscheuer
* @since 0.1
*/
public class Credentials {
@JsonProperty("username")

4
src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 Stefan Kalscheuer
* Copyright 2016-2021 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -92,7 +92,7 @@ public class VaultConfiguration {
@Override
public String toString() {
return "backend \"file\" {\n" +
return "storage \"file\" {\n" +
" path = \"" + dataLocation + "\"\n" +
"}\n" +
"listener \"tcp\" {\n" +

1
src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/_salt
View File

@ -1 +0,0 @@
{"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/salt","Value":"AAAAAQJUsuXXEpmdNY5aIh5HdzZRTFpOUIgyKLGiw65DBwSXW6yGAYe/zhN/Ow+vyRZxG4temgnTjN7RVGjyzXGG5yLY"}

1
src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/app-id/_19d90b9adcec2bf5088304034622a169a148ff43
View File

@ -1 +0,0 @@
{"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/app-id/19d90b9adcec2bf5088304034622a169a148ff43","Value":"AAAAAQJuuRcCRinyawQ05brruZQY7ypgs1mOsFHI16XLwYB4dzwJob71wW+74RjvK4FVL4qPfgyMPKEtV2uO9+4hr2mC6BrcN///Ksxv+ns8FMVlBOMJpQ=="}

1
src/test/resources/data_dir/auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/user-id/_55a852babe045b5980fc8ac4a13af27021dbbfd4
View File

@ -1 +0,0 @@
{"Key":"auth/20e9c2e6-5b1f-b9c9-5a99-21667e0a899d/struct/map/user-id/55a852babe045b5980fc8ac4a13af27021dbbfd4","Value":"AAAAAQICaFIxG2xAq0AuJryVn1XghDulkVdQicXvhEL45K2S48aZcvMEsrDUXm9o427Bp6eMiq0Hw070nosnB9SWSQJEFUfPmM6I7Jhsou6CKmocs/AmocxY3Du4Lg=="}

1
src/test/resources/data_dir/auth/243a5842-b58f-24d5-d3b0-24304c57b7cc/user/_validuser Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQINZKQEssY4IzHI/0k27nBtxSvnC6LkivYrqky6CblcjyAmQIg/4/cKQIBCXzmrWEv/SqMQbLw+4Lp63Xu1niF+U0NbyqDmFaPqnD2yfPs7meXvZr21+P9E/0APZMHQaSR7DIEY46zedHRjQ/pkhR2Axcjuy5gdfzBzC2XvUcNqdyR0pQwcDwGhAIdO0gxJfZCeBuvv8ceYS+aPs4gDHtIlA3szi+5qAQ8HvPBTDKQn1lHVYnzTdNbMS7v3mtzCyG8AeMkaUw=="}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/_salt Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQJiN0bHxM8aNJpY7aHGZ/p3qOhJbd7JIXwFMEI4LtKmO6pP5Oa4P5z+2LK+2qzZhhX/iDeM4u+nR+lxt/GsBPKf"}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/accessor/_a9566f93ca05120fa8955f887ee0ca1a1422802df2ad979f2ac2951e95703089 Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQIZ5rvzLtBcBQvWqwwDoRADwUo6W0ECKgmcvXejbLKiYcbO0hP8fceCqB12J41wxcMViQ8vvWoIgyOX2HwcZS09GGCqQbjvyVfz/w+kyox9dJzr845f26tJjHVYlHX2YFsnxytwe5qCKdCsD5QP9kyz8J0="}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole1 Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQJIKXgvJ2Prr92Fn7qZK/WZxb+Q+vJsXyjMo44en/+zqbbnLfs5m7uH7hEUOfDM/MjzTrhfkOWxf6qcrC4MR3ocrFJwtbJ6j+QrNLg61gVIiLBUVBkvh8ErqCFnSjNIqhaIMQhuZXWANsgGF9K2+HBGJerWGe26C1rdWRZV4J0M23HnxLBf8aYDlOfkHe24I30rHUqXIk9/BKEuekcnhETw9Tx4Fk7KxxxEdGmHPbg+4G14c27wVj8IrpWHBpyLmt55Qdb/y24i5RzFYv1FQ2kQZIO6TQiYkwAUxJ5cIdCiAsEDNt+rBJ9zX1MvkEfkVj/WvzC9pxB7ad+j5vYIJgCUD1o09t0w2ChjBojGoOAWDSvNAeY8kr5PDKwYk+gBY5M2JHDI6ELvOVu8gsW+sqk9St9V3VisShTfU3+qln7TOWw/LQ+fUzGvYrAWG6UyPVpIEYeNmN0iGCIM8rzjQYvVC3KcQMG96MwK3ZlSQzgPpvTGxNxFm2omTn3ue7QHn7Ni6+c/K6xVy0bbJ+jS4yyfl2wFBm1tF1l3BITLqw3TiP3LEw=="}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role/_testrole2 Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQIUt2iYYy9zOwkx1mtNMHt69RjdHbUmcN8zydVQTMGjhv1kjEW+d4AaBv1qE22rPTs0xL3pJ1AjIvkBXXVBAuc/FE63t5dE81Fa+MvSY4tBeMtl6i09ykkAYyQUeeV2HlbjRpMUwPyq2QIslYw3d4lc73yT0S82s5I3MfjodKmDpheWMOgg5hGes/wstBHN5HEZkKV8gOPRZ/BsTM7tMXH1piM/JT8sNfsDh6TAGD1OEsS+N2QlKvS4yImNzcKrH0EgdkXB4sRZ9e/SmMaEVaagB1n0M5LukC+pyExgC7eK4EU8o2Xye3iij3YMWBaGollDzJBJFP5aSO4E5u+NnRc5/ZbLRCbqgfQj8IY86WF9hya31aJxbc8Pg28Yfez8hbGRJZZws/ojIUgEz+VtH3OyaW2Wohnycop7i4fK8xlJ2gYOGvlw43czOH6Y6joTce+QBZWI7KR6ugB0dI8pnK2eFy14OZeww1NEew7r1u7PgD10Obg8okIJSD8cGkxUHu/oOLxvKKOAJBLSPfKnJfKEiKrqYED7EPkmgP/t7okvo4c95qeuWy1BLtKfxw5lkv0="}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_4b3d052da8b3d9af8d551a4e515289bc4319f2c21012a70de2c9e9fea6e0f7e0 Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQKv0Yr+QFSWxYe8o51TBwGz/yAhNYFmkNHPISEK6EbIVGkpEJMHFYvHWxTXUzF7f2/a"}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/role_id/_c779a2e6599b8e4b6b6a3c68a7690a8e7d31fa0201ad73973dcd24f83e2950de Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQKs2/ICwQPLv6siBGDbBnB52fBVo52BkSKGvm74p4oHrdMEvejJ4cJljOADYyDT2QYa"}

1
src/test/resources/data_dir/auth/3ec9e5b4-41b0-a20c-cc8f-04c2b7bb2602/secret_id/c79a3b6ce2e8e8b725c8c0fcdd23521375fadf2190fb5823d459a2fd2cb5a670/_f5954e87c0b1a0eb9c8fa4fc2ed7ab6f4338a8d77341e06460de0870316e7320 Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQIq05o3NmsucipTxPrcRbT1sXpAJ8w2PpiShnof74Kuzf/4kkHj3AZL5AObGFLAkYUvUrv3RRmYBIhw6Jk4FCbgdQyJAjPNVUTwBun/kQVyzP5sQ9hUFgHJwINomtVDiDgPkOc92zk8ydr1hfnMmTAtS71G3xloHDn6CF/1Y9WI1PkHdSkZ8d+yBNxr+qjGyewrV3QVmQvAfpY56uQ6AOztItD9NgiPrtNP+clbCczsieY6Y9Ce2FZawmuKFi9svMcBtnEcMILV/SGt4iCiMgFwkCJ9gQsGEdWPifu6ITPB92LgT4Ccw4gVRO31QVcPl6S+FG6iCeN6lk2yRXYjyhBuU+GklouEZIsA6SoxlIXPZuvauyS1MWwMxtSOQUFVYr3kvtXzCpcpEHDyBOEUdxPaYUZXHNdhGtMr/JuJCN50t0ng5mEAqfhjoJfJ/tBTqAjySj4zmEHuY0RnqYLPmsp203Q="}

1
src/test/resources/data_dir/auth/6802ec63-11b0-0ccc-280a-982ad0a90621/user/_validuser
View File

@ -1 +0,0 @@
{"Key":"auth/6802ec63-11b0-0ccc-280a-982ad0a90621/user/validuser","Value":"AAAAAQJwFKMpgopAFjJaftTVY/iiawMw4Yj0S3pPDkzMPAfLxxaM3sCjOJt0q/07ozjTharT52wBv+s2ZEurPpr7VKDDzgy4xTMxFJbJs+0VkG3cjxRYEfW3bOIVAHhjLjmxZwYEATh0UUG7bQRNt56+/622bwR99ifWZ6e9zyRDGEwIn74JFN/3dY44qLQZmqfvDUrRQP5RfqDxqVdzbwse61s692Vy/QvlPsRFVRTkZHlNPqxT+OXd"}

1
src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/_salt Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQK5U1GclNj+Tga7D4bQ5wExYfVu2y+djHlAlhiJ/JHOS1gS0G/kDrjR8gCdg/Aw2UunrObAq/mrKw0HEe1wo2qA"}

1
src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/struct/map/app-id/_sfbe1922bae1f565115b4b933d76152e1a098ab507118283971184d58528e3411 Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQLbvc+neI458Mqhl2WUUjY5HMC1Ast0KjZ5pslwW+5TtjVHcqdzls4whrrYHGUWv+nTg6wxJaS46j5+FER+4gsgWVJE1S33ZqvGtmmueCVpac5ZM0biBDXOvE/YFQ=="}

1
src/test/resources/data_dir/auth/77603e3c-3db8-2d39-0e51-6c8eee76c3d5/struct/map/user-id/_s595229a9e81315fd0a5fb274f504622359e6024477ade54db93e36ca3b7801cf Normal file
View File

@ -0,0 +1 @@
{"Value":"AAAAAQIK4FkvUHPiWUfHY7l9lGW1qf+sU2mAIWbjlfSvEIecbg94Mu4KAPxY3E2YLwOs7VyPZtWNZrZAZDMJJJzxM/pLux2o/IctJ5oXGtfPPjTjwNRRJ4U62wpRqBnBGX4="}

Some files were not shown because too many files have changed in this diff Show More