org.springframework.vault.authentication.AppRoleAuthenticationOptions Java Examples
The following examples show how to use
org.springframework.vault.authentication.AppRoleAuthenticationOptions.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: EnvironmentVaultConfiguration.java From spring-vault with Apache License 2.0 | 6 votes |
|
protected ClientAuthentication appRoleAuthentication() {
String roleId = getProperty("vault.app-role.role-id");
String secretId = getProperty("vault.app-role.secret-id");
String path = getProperty("vault.app-role.app-role-path",
AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH);
Assert.hasText(roleId, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");
AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
.roleId(RoleId.provided(roleId)).path(path);
if (StringUtils.hasText(secretId)) {
builder = builder.secretId(SecretId.provided(secretId));
}
return new AppRoleAuthentication(builder.build(), restOperations());
}
Example #2
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
@Test
public void appRoleWithFullPull() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId())
.isInstanceOf(RoleId.pull(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #3
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdPull() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #4
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdPull() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #5
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
@Test
public void shouldSupportAppRoleFullPull() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId())
.isInstanceOf(RoleId.pull(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #6
| Source File: AppRoleClientAuthenticationProvider.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
private static AppRoleAuthenticationOptions.SecretId getSecretId(
VaultEnvironmentProperties vaultProperties,
VaultEnvironmentProperties.AppRoleProperties appRole) {
if (StringUtils.hasText(appRole.getSecretId())) {
return AppRoleAuthenticationOptions.SecretId.provided(appRole.getSecretId());
}
if (StringUtils.hasText(vaultProperties.getToken())
&& StringUtils.hasText(appRole.getRole())) {
return AppRoleAuthenticationOptions.SecretId
.pull(VaultToken.of(vaultProperties.getToken()));
}
if (StringUtils.hasText(vaultProperties.getToken())) {
return AppRoleAuthenticationOptions.SecretId
.wrapped(VaultToken.of(vaultProperties.getToken()));
}
return AppRoleAuthenticationOptions.SecretId.absent();
}
Example #7
| Source File: AppRoleClientAuthenticationProvider.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
private static AppRoleAuthenticationOptions.RoleId getRoleId(
VaultEnvironmentProperties vaultProperties,
VaultEnvironmentProperties.AppRoleProperties appRole) {
if (StringUtils.hasText(appRole.getRoleId())) {
return AppRoleAuthenticationOptions.RoleId.provided(appRole.getRoleId());
}
if (StringUtils.hasText(vaultProperties.getToken())
&& StringUtils.hasText(appRole.getRole())) {
return AppRoleAuthenticationOptions.RoleId
.pull(VaultToken.of(vaultProperties.getToken()));
}
if (StringUtils.hasText(vaultProperties.getToken())) {
return AppRoleAuthenticationOptions.RoleId
.wrapped(VaultToken.of(vaultProperties.getToken()));
}
throw new IllegalArgumentException("Any of '" + VAULT_PROPERTIES_PREFIX
+ "app-role.role-id', '.token', "
+ "or '.app-role.role' and '.token' must be provided if the "
+ AuthenticationMethod.APPROLE + " authentication method is specified.");
}
Example #8
| Source File: AppRoleClientAuthenticationProvider.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
static AppRoleAuthenticationOptions getAppRoleAuthenticationOptions(
VaultEnvironmentProperties vaultProperties) {
VaultEnvironmentProperties.AppRoleProperties appRole = vaultProperties
.getAppRole();
AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions
.builder().path(appRole.getAppRolePath());
if (StringUtils.hasText(appRole.getRole())) {
builder.appRole(appRole.getRole());
}
AppRoleAuthenticationOptions.RoleId roleId = getRoleId(vaultProperties, appRole);
AppRoleAuthenticationOptions.SecretId secretId = getSecretId(vaultProperties,
appRole);
builder.roleId(roleId).secretId(secretId);
return builder.build();
}
Example #9
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdWrapped() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #10
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdWrappedSecretIdProvided() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #11
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleFullWrapped() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #12
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdAbsent() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId()).isInstanceOf(SecretId.absent().getClass());
}
Example #13
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdProvided() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #14
| Source File: AppRoleClientAuthenticationProvider.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Override
public ClientAuthentication getClientAuthentication(
VaultEnvironmentProperties vaultProperties,
RestOperations vaultRestOperations, RestOperations externalRestOperations) {
AppRoleAuthenticationOptions options = getAppRoleAuthenticationOptions(
vaultProperties);
return new AppRoleAuthentication(options, vaultRestOperations);
}
Example #15
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdWrapped() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #16
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdWrappedSecretIdProvided() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #17
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleFullWrapped() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #18
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdAbsent() {
VaultProperties properties = new VaultProperties();
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId()).isInstanceOf(SecretId.absent().getClass());
}
Example #19
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdProvided() {
VaultProperties properties = new VaultProperties();
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #20
| Source File: ClientAuthenticationFactory.java From spring-cloud-vault with Apache License 2.0 | 4 votes |
|
static AppRoleAuthenticationOptions getAppRoleAuthenticationOptions(
VaultProperties vaultProperties) {
AppRoleProperties appRole = vaultProperties.getAppRole();
AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions
.builder().path(appRole.getAppRolePath());
if (StringUtils.hasText(appRole.getRole())) {
builder.appRole(appRole.getRole());
}
RoleId roleId = getRoleId(vaultProperties, appRole);
SecretId secretId = getSecretId(vaultProperties, appRole);
builder.roleId(roleId).secretId(secretId);
return builder.build();
}
Example #21
| Source File: ClientAuthenticationFactory.java From spring-cloud-vault with Apache License 2.0 | 3 votes |
|
private ClientAuthentication appRoleAuthentication(VaultProperties vaultProperties) {
AppRoleAuthenticationOptions options = getAppRoleAuthenticationOptions(
vaultProperties);
return new AppRoleAuthentication(options, this.restOperations);
}
Example #22
| Source File: HashicorpKeyVaultServiceFactoryUtil.java From tessera with Apache License 2.0 | 3 votes |
|
ClientAuthentication configureClientAuthentication(KeyVaultConfig keyVaultConfig, EnvironmentVariableProvider envProvider, ClientHttpRequestFactory clientHttpRequestFactory, VaultEndpoint vaultEndpoint) {
final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
final String authToken = envProvider.getEnv(HASHICORP_TOKEN);
if(roleId != null && secretId != null) {
AppRoleAuthenticationOptions appRoleAuthenticationOptions = AppRoleAuthenticationOptions.builder()
.path(keyVaultConfig.getProperty("approlePath").get())
.roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
.secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
.build();
RestOperations restOperations = VaultClients.createRestTemplate(vaultEndpoint, clientHttpRequestFactory);
return new AppRoleAuthentication(appRoleAuthenticationOptions, restOperations);
} else if (Objects.isNull(roleId) != Objects.isNull(secretId)) {
throw new HashicorpCredentialNotSetException("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");
} else if (authToken == null){
throw new HashicorpCredentialNotSetException("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method. Alternatively set " + HASHICORP_TOKEN + " to authenticate using the Token method");
}
return new TokenAuthentication(authToken);
}
