Java Code Examples for org.springframework.vault.core.VaultOperations#write()

/**
 * Initialize the aws secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(StringUtils.hasText(AWS_ACCESS_KEY)
			&& StringUtils.hasText(AWS_SECRET_KEY));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	if (!vaultRule.prepare().hasSecretBackend("aws")) {
		vaultRule.prepare().mountSecret("aws");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, String> connection = new HashMap<>();
	connection.put("region", AWS_REGION);
	connection.put("access_key", AWS_ACCESS_KEY);
	connection.put("secret_key", AWS_SECRET_KEY);

	vaultOperations.write("aws/config/root", connection);

	vaultOperations.write("aws/roles/readonly", Collections.singletonMap("arn", ARN));
}
 

@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("secret/VaultConfigWithVaultConfigurerTests",
			Collections.singletonMap("vault.value", "hello"));

	vaultOperations.write("secret/testVaultApp",
			Collections.singletonMap("vault.value", "world"));
}
 

/**
 * Initialize the mysql secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
	assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.7.1")));

	this.mySql.setEnabled(true);
	this.mySql.setRole("readonly");
	this.mySql.setBackend("database");

	if (!prepare().hasSecretBackend(this.mySql.getBackend())) {
		prepare().mountSecret(this.mySql.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	Map<String, String> config = new HashMap<>();
	config.put("plugin_name", "mysql-legacy-database-plugin");
	config.put("connection_url", ROOT_CREDENTIALS);
	config.put("allowed_roles", "readonly");

	vaultOperations.write(String.format("%s/config/mysql", this.mySql.getBackend()),
			config);

	Map<String, String> body = new HashMap<>();
	body.put("db_name", "mysql");
	body.put("creation_statements", CREATE_USER_AND_GRANT_SQL);

	vaultOperations.write(String.format("%s/roles/%s", this.mySql.getBackend(),
			this.mySql.getRole()), body);

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

/**
 * Initialize the aws secret backend.
 */
@Before
public void setUp() {

	assumeTrue(StringUtils.hasText(AWS_ACCESS_KEY)
			&& StringUtils.hasText(AWS_SECRET_KEY));

	this.aws.setEnabled(true);
	this.aws.setRole("readonly");

	if (!prepare().hasSecretBackend(this.aws.getBackend())) {
		prepare().mountSecret(this.aws.getBackend());
	}

	VaultOperations vaultOperations = prepare().getVaultOperations();

	Map<String, String> connection = new HashMap<>();
	connection.put("region", AWS_REGION);
	connection.put("access_key", AWS_ACCESS_KEY);
	connection.put("secret_key", AWS_SECRET_KEY);

	vaultOperations.write(String.format("%s/config/root", this.aws.getBackend()),
			connection);

	vaultOperations.write(
			String.format("%s/roles/%s", this.aws.getBackend(), this.aws.getRole()),
			Collections.singletonMap("arn", ARN));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

/**
 * Initialize the rabbitmq secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect
			.to(new InetSocketAddress(RABBITMQ_HOST, RABBITMQ_HTTP_MANAGEMENT_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	assumeTrue(vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.6.2")));

	if (!vaultRule.prepare().hasSecretBackend("rabbitmq")) {
		vaultRule.prepare().mountSecret("rabbitmq");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, String> connection = new HashMap<>();
	connection.put("connection_uri", RABBITMQ_URI);
	connection.put("username", RABBITMQ_USERNAME);
	connection.put("password", RABBITMQ_PASSWORD);

	vaultOperations.write(String.format("rabbitmq/config/connection"), connection);

	vaultOperations.write(String.format("rabbitmq/roles/readonly"),
			Collections.singletonMap("vhosts", VHOSTS_ROLE));
}
 

/**
 * Initialize the rabbitmq secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect
			.to(new InetSocketAddress(RABBITMQ_HOST, RABBITMQ_HTTP_MANAGEMENT_PORT)));
	assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.6.2")));

	this.rabbitmq.setEnabled(true);
	this.rabbitmq.setRole("readonly");

	if (!prepare().hasSecretBackend(this.rabbitmq.getBackend())) {
		prepare().mountSecret(this.rabbitmq.getBackend());
	}

	Map<String, String> connection = new HashMap<>();
	connection.put("connection_uri", RABBITMQ_URI);
	connection.put("username", RABBITMQ_USERNAME);
	connection.put("password", RABBITMQ_PASSWORD);

	VaultOperations vaultOperations = prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.rabbitmq.getBackend()),
			connection);

	vaultOperations.write(
			String.format("%s/roles/%s", this.rabbitmq.getBackend(),
					this.rabbitmq.getRole()),
			Collections.singletonMap("vhosts", VHOSTS_ROLE));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

/**
 * Initialize the postgresql secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(POSTGRES_HOST, POSTGRES_PORT)));

	this.postgreSql.setEnabled(true);
	this.postgreSql.setRole("readonly");

	if (!prepare().hasSecretBackend(this.postgreSql.getBackend())) {
		prepare().mountSecret(this.postgreSql.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.postgreSql.getBackend()),
			Collections.singletonMap("connection_url", CONNECTION_URL));

	vaultOperations.write(
			String.format("%s/roles/%s", this.postgreSql.getBackend(),
					this.postgreSql.getRole()),
			Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);

}
 

/**
 * Initialize the mysql secret backend.
 */
@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
	assumeTrue(vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.7.1")));

	if (!vaultRule.prepare().hasSecretBackend("database")) {
		vaultRule.prepare().mountSecret("database");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, String> config = new HashMap<>();
	config.put("plugin_name", "mysql-legacy-database-plugin");
	config.put("connection_url", ROOT_CREDENTIALS);
	config.put("allowed_roles", "readonly");

	vaultOperations.write("database/config/mysql", config);

	Map<String, String> body = new HashMap<>();
	body.put("db_name", "mysql");
	body.put("creation_statements", CREATE_USER_AND_GRANT_SQL);

	vaultOperations.write("database/roles/readonly", body);
}
 

/**
 * Initialize the cassandra secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect.to(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	if (!vaultRule.prepare().hasSecretBackend("cassandra")) {
		vaultRule.prepare().mountSecret("cassandra");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, Object> connection = new HashMap<>();
	connection.put("hosts", CASSANDRA_HOST);
	connection.put("username", CASSANDRA_USERNAME);
	connection.put("password", CASSANDRA_PASSWORD);
	connection.put("protocol_version", 3);

	vaultOperations.write(String.format("%s/config/connection", "cassandra"),
			connection);

	Map<String, String> role = new HashMap<>();

	role.put("creation_cql", CREATE_USER_AND_GRANT_CQL);
	role.put("consistency", "All");

	vaultOperations.write("cassandra/roles/readonly", role);
}
 

/**
 * Initialize cassandra secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT)));

	this.cassandra.setEnabled(true);
	this.cassandra.setRole("readonly");

	if (!prepare().hasSecretBackend(this.cassandra.getBackend())) {
		prepare().mountSecret(this.cassandra.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	Map<String, Object> connection = new HashMap<>();
	connection.put("hosts", CASSANDRA_HOST);
	connection.put("username", CASSANDRA_USERNAME);
	connection.put("password", CASSANDRA_PASSWORD);
	connection.put("protocol_version", 3);

	vaultOperations.write(
			String.format("%s/config/connection", this.cassandra.getBackend()),
			connection);

	Map<String, String> role = new HashMap<>();

	role.put("creation_cql", CREATE_USER_AND_GRANT_CQL);
	role.put("consistency", "All");

	vaultOperations.write(String.format("%s/roles/%s", this.cassandra.getBackend(),
			this.cassandra.getRole()), role);

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("secret/testVaultApp/my-profile",
			Collections.singletonMap("vault.value", "hello"));

	vaultOperations.write("secret/testVaultApp",
			Collections.singletonMap("vault.value", "world"));
}
 

/**
 * Initialize the mysql secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));

	this.mySql.setEnabled(true);
	this.mySql.setRole("readonly");

	if (!prepare().hasSecretBackend(this.mySql.getBackend())) {
		prepare().mountSecret(this.mySql.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.mySql.getBackend()),
			Collections.singletonMap("connection_url", ROOT_CREDENTIALS));

	vaultOperations.write(
			String.format("%s/roles/%s", this.mySql.getBackend(),
					this.mySql.getRole()),
			Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

@BeforeAll
static void beforeClass(VaultInitializer initializer) {

	VaultOperations vaultOperations = initializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
	vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
 

@BeforeAll
static void beforeClass(VaultInitializer initializer) {

	VaultOperations vaultOperations = initializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
	vaultOperations.write("secret/generic", Collections.singletonMap("generic", "generic-value"));
	vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
 

@BeforeAll
static void beforeClass(VaultInitializer vaultInitializer) {

	VaultOperations vaultOperations = vaultInitializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
	vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
 

@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	String minikubeIp = System.getProperty("MINIKUBE_IP");
	assumeTrue(StringUtils.hasText(minikubeIp) && vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.8.3")));

	if (!vaultRule.prepare().hasAuth("kubernetes")) {
		vaultRule.prepare().mountAuth("kubernetes");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Policy policy = Policy.of(
			Rule.builder().path("*").capabilities(BuiltinCapabilities.READ).build());

	vaultOperations.opsForSys().createOrUpdatePolicy("testpolicy", policy);

	vaultOperations.write(
			"secret/" + VaultConfigKubernetesTests.class.getSimpleName(),
			Collections.singletonMap("vault.value", "foo"));

	File workDir = findWorkDir();
	String certificate = Files.contentOf(new File(workDir, "minikube/ca.crt"),
			StandardCharsets.US_ASCII);

	String host = String.format("https://%s:8443", minikubeIp);
	Map<String, String> kubeConfig = new HashMap<>();
	kubeConfig.put("kubernetes_ca_cert", certificate);
	kubeConfig.put("kubernetes_host", host);
	vaultOperations.write("auth/kubernetes/config", kubeConfig);

	Map<String, String> roleData = new HashMap<>();
	roleData.put("bound_service_account_names", "default");
	roleData.put("bound_service_account_namespaces", "default");
	roleData.put("policies", "testpolicy");
	roleData.put("ttl", "1h");
	vaultOperations.write("auth/kubernetes/role/my-role", roleData);
}
 

@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	VaultProperties vaultProperties = Settings.createVaultProperties();
	vaultProperties.setAuthentication(VaultProperties.AuthenticationMethod.APPID);
	vaultProperties.getAppId().setUserId(VaultProperties.AppIdProperties.IP_ADDRESS);

	if (!vaultRule.prepare().hasAuth(vaultProperties.getAppId().getAppIdPath())) {
		vaultRule.prepare().mountAuth(vaultProperties.getAppId().getAppIdPath());
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	String rules = "{ \"name\": \"testpolicy\",\n" //
			+ "  \"path\": {\n" //
			+ "    \"*\": {  \"policy\": \"read\" }\n" //
			+ "  }\n" //
			+ "}";

	vaultOperations.write("sys/policy/testpolicy",
			Collections.singletonMap("rules", rules));

	String appId = VaultConfigAppIdTests.class.getSimpleName();

	vaultOperations.write("secret/" + VaultConfigAppIdTests.class.getSimpleName(),
			Collections.singletonMap("vault.value", "foo"));

	Map<String, String> appIdData = new HashMap<>();
	appIdData.put("value", "testpolicy"); // policy
	appIdData.put("display_name", "this is my test application");

	vaultOperations.write(String.format("auth/app-id/map/app-id/%s", appId),
			appIdData);

	Map<String, String> userIdData = new HashMap<>();
	userIdData.put("value", appId); // name of the app-id
	userIdData.put("cidr_block", "0.0.0.0/0");

	String userId = new IpAddressUserId().createUserId();

	vaultOperations.write(String.format("auth/app-id/map/user-id/%s", userId),
			userIdData);
}
 

/**
 * Initialize the consul secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(CONSUL_HOST, CONSUL_PORT)));

	this.consul.setEnabled(true);
	this.consul.setRole("readonly");

	if (!prepare().hasSecretBackend(this.consul.getBackend())) {
		prepare().mountSecret(this.consul.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	HttpHeaders headers = new HttpHeaders();
	headers.add("X-Consul-Token", CONSUL_ACL_MASTER_TOKEN);
	HttpEntity<String> requestEntity = new HttpEntity<>(
			"{\"Name\": \"sample\", \"Type\": \"management\"}", headers);

	try {
		ResponseEntity<Map<String, String>> tokenResponse = this.restTemplate
				.exchange("http://{host}:{port}/v1/acl/create", HttpMethod.PUT,
						requestEntity, STRING_MAP, CONSUL_HOST, CONSUL_PORT);

		Map<String, String> consulAccess = new HashMap<>();
		consulAccess.put("address", CONNECTION_URL);
		consulAccess.put("token", tokenResponse.getBody().get("ID"));

		vaultOperations.write(
				String.format("%s/config/access", this.consul.getBackend()),
				consulAccess);
	}
	catch (HttpStatusCodeException e) {

		assumeFalse("Skipping because Consul is not configured as we expect it to be",
				e.getStatusCode().is4xxClientError());

		throw e;
	}

	vaultOperations.write(
			String.format("%s/roles/%s", this.consul.getBackend(),
					this.consul.getRole()),
			Collections.singletonMap("policy",
					Base64Utils.encodeToString(POLICY.getBytes())));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

/**
 * Initialize the elasticsearch secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect
			.to(new InetSocketAddress(ELASTICSEARCH_HOST, ELASTICSEARCH_PORT)));
	assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("1.3.0")));

	this.elasticsearch.setEnabled(true);
	this.elasticsearch.setRole("readonly");

	if (!prepare().hasSecretBackend(this.elasticsearch.getBackend())) {
		prepare().mountSecret(this.elasticsearch.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
	String database = "elasticsearch";

	Map<String, Object> config = new LinkedHashMap<>();
	config.put("plugin_name", "elasticsearch-database-plugin");
	config.put("allowed_roles", "readonly");
	config.put("username", "elastic");
	config.put("password", "elastic");
	config.put("url",
			String.format("http://%s:%d", ELASTICSEARCH_HOST, ELASTICSEARCH_PORT));

	config.put("ca_cert", String.format("%s/elastic-stack-ca.crt", ES_HOME));
	config.put("client_cert", String.format("%s/elastic-certificates.crt", ES_HOME));
	config.put("client_key", String.format("%s/elastic-certificates.key", ES_HOME));

	vaultOperations.write(
			String.format("%s/config/%s", this.elasticsearch.getBackend(), database),
			config);

	Map<String, Object> role = new LinkedHashMap<>();
	role.put("db_name", database);
	role.put("creation_statements",
			"{\"elasticsearch_role_definition\": {\"indices\": [{\"names\":[\"*\"], \"privileges\":[\"read\"]}]}}");
	role.put("default_ttl", "1h");

	vaultOperations.write(this.elasticsearch.getBackend() + "/roles/"
			+ this.elasticsearch.getRole(), role);

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 

@BeforeAll
static void beforeClass(VaultInitializer initializer) {

	VaultOperations vaultOperations = initializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
}