org.springframework.vault.authentication.SessionManager Java Examples
The following examples show how to use
org.springframework.vault.authentication.SessionManager.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: VaultReactiveBootstrapConfigurationTests.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
@Test
public void shouldConfigureTemplate() {
this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
.withPropertyValues("spring.cloud.vault.config.lifecycle.enabled=false")
.run(context -> {
assertThat(context.getBean(ReactiveVaultOperations.class))
.isNotNull();
assertThat(context.getBean(AuthenticationStepsFactory.class))
.isNotNull();
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
});
}
Example #2
| Source File: VaultBootstrapConfiguration.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
/**
* @return the {@link SessionManager} for Vault session management.
* @param clientAuthentication the {@link ClientAuthentication}.
* @param asyncTaskExecutorFactory the {@link ObjectFactory} for
* {@link TaskSchedulerWrapper}.
* @see SessionManager
* @see LifecycleAwareSessionManager
*/
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ClientAuthentication clientAuthentication,
ObjectFactory<TaskSchedulerWrapper> asyncTaskExecutorFactory) {
if (this.vaultProperties.getConfig().getLifecycle().isEnabled()) {
RestTemplate restTemplate = this.restTemplateBuilder.build();
return new LifecycleAwareSessionManager(clientAuthentication,
asyncTaskExecutorFactory.getObject().getTaskScheduler(),
restTemplate);
}
return new SimpleSessionManager(clientAuthentication);
}
Example #3
| Source File: VaultBootstrapConfiguration.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Creates a {@link VaultTemplate}.
* @return the {@link VaultTemplate} bean.
* @see VaultBootstrapConfiguration#clientHttpRequestFactoryWrapper()
*/
@Bean
@ConditionalOnMissingBean(VaultOperations.class)
public VaultTemplate vaultTemplate() {
VaultProperties.AuthenticationMethod authentication = this.vaultProperties
.getAuthentication();
if (authentication == VaultProperties.AuthenticationMethod.NONE) {
return new VaultTemplate(this.restTemplateBuilder);
}
return new VaultTemplate(this.restTemplateBuilder,
this.applicationContext.getBean(SessionManager.class));
}
Example #4
| Source File: ReactiveVaultBootstrapConfigurationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldConfigureWithoutAuthentication() {
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
"spring.cloud.vault.authentication=NONE").run(context -> {
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
assertThat(context).doesNotHaveBean(VaultTokenSupplier.class);
assertThat(context).doesNotHaveBean(ReactiveSessionManager.class);
assertThat(context).hasSingleBean(ReactiveVaultTemplate.class);
});
}
Example #5
| Source File: VaultReactiveBootstrapConfigurationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void sessionManagerBridgeShouldNotCacheTokens() {
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class,
CustomSessionManager.class).run(context -> {
SessionManager sessionManager = context.getBean(SessionManager.class);
assertThat(sessionManager.getSessionToken().getToken())
.isEqualTo("token-1");
assertThat(sessionManager.getSessionToken().getToken())
.isEqualTo("token-2");
});
}
Example #6
| Source File: VaultReactiveBootstrapConfigurationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldNotConfigureReactiveSupport() {
this.contextRunner.withUserConfiguration(VaultBootstrapConfiguration.class)
.withPropertyValues("spring.cloud.vault.reactive.enabled=false",
"spring.cloud.vault.token=foo")
.run(context -> {
assertThat(context.getBeanNamesForType(ReactiveVaultOperations.class))
.isEmpty();
assertThat(context.getBean(SessionManager.class))
.isInstanceOf(LifecycleAwareSessionManager.class);
});
}
Example #7
| Source File: VaultReactiveBootstrapConfigurationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldConfigureTemplateWithTokenSupplier() {
this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class)
.withPropertyValues("spring.cloud.vault.config.lifecycle.enabled=false")
.run(context -> {
assertThat(context.getBean(ReactiveVaultOperations.class))
.isNotNull();
assertThat(context.getBean(SessionManager.class)).isNotNull()
.isNotInstanceOf(LifecycleAwareSessionManager.class)
.isNotInstanceOf(SimpleSessionManager.class);
assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
});
}
Example #8
| Source File: VaultBootstrapConfigurationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldConfigureWithoutAuthentication() {
this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
"spring.cloud.vault.authentication=NONE").run(context -> {
assertThat(context).doesNotHaveBean(SessionManager.class);
assertThat(context).doesNotHaveBean(ClientAuthentication.class);
assertThat(context).hasSingleBean(VaultTemplate.class);
});
}
Example #9
| Source File: VaultReactiveBootstrapConfiguration.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* @param sessionManager the {@link ReactiveSessionManager}.
* @return {@link SessionManager} adapter wrapping {@link ReactiveSessionManager}.
*/
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ReactiveSessionManager sessionManager) {
return () -> {
VaultToken token = sessionManager.getSessionToken().block();
Assert.state(token != null,
"ReactiveSessionManager returned a null VaultToken");
return token;
};
}
Example #10
| Source File: VaultTemplate.java From spring-vault with Apache License 2.0 | 5 votes |
|
/**
* Create a new {@link VaultTemplate} through a {@link RestTemplateBuilder} and
* {@link SessionManager}.
* @param restTemplateBuilder must not be {@literal null}.
* @param sessionManager must not be {@literal null}.
* @since 2.2
*/
public VaultTemplate(RestTemplateBuilder restTemplateBuilder, SessionManager sessionManager) {
Assert.notNull(restTemplateBuilder, "RestTemplateBuilder must not be null");
Assert.notNull(sessionManager, "SessionManager must not be null");
this.sessionManager = sessionManager;
this.dedicatedSessionManager = false;
this.statelessTemplate = restTemplateBuilder.build();
this.sessionTemplate = restTemplateBuilder.build();
this.sessionTemplate.getInterceptors().add(getSessionInterceptor());
}
Example #11
| Source File: VaultTemplate.java From spring-vault with Apache License 2.0 | 5 votes |
|
/**
* Create a new {@link VaultTemplate} with a {@link VaultEndpointProvider},
* {@link ClientHttpRequestFactory} and {@link SessionManager}.
* @param endpointProvider must not be {@literal null}.
* @param requestFactory must not be {@literal null}.
* @param sessionManager must not be {@literal null}.
* @since 1.1
*/
public VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory,
SessionManager sessionManager) {
Assert.notNull(endpointProvider, "VaultEndpointProvider must not be null");
Assert.notNull(requestFactory, "ClientHttpRequestFactory must not be null");
Assert.notNull(sessionManager, "SessionManager must not be null");
this.sessionManager = sessionManager;
this.dedicatedSessionManager = false;
this.statelessTemplate = doCreateRestTemplate(endpointProvider, requestFactory);
this.sessionTemplate = doCreateSessionTemplate(endpointProvider, requestFactory);
}
Example #12
| Source File: HashicorpKeyVaultServiceFactory.java From tessera with Apache License 2.0 | 4 votes |
|
KeyVaultService create(
Config config, EnvironmentVariableProvider envProvider, HashicorpKeyVaultServiceFactoryUtil util) {
Objects.requireNonNull(config);
Objects.requireNonNull(envProvider);
Objects.requireNonNull(util);
final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
final String authToken = envProvider.getEnv(HASHICORP_TOKEN);
if (roleId == null && secretId == null && authToken == null) {
throw new HashicorpCredentialNotSetException(
"Environment variables must be set to authenticate with Hashicorp Vault. Set the "
+ HASHICORP_ROLE_ID
+ " and "
+ HASHICORP_SECRET_ID
+ " environment variables if using the AppRole authentication method. Set the "
+ HASHICORP_TOKEN
+ " environment variable if using another authentication method.");
} else if (isOnlyOneInputNull(roleId, secretId)) {
throw new HashicorpCredentialNotSetException(
"Only one of the "
+ HASHICORP_ROLE_ID
+ " and "
+ HASHICORP_SECRET_ID
+ " environment variables to authenticate with Hashicorp Vault using the AppRole method has been set");
}
KeyVaultConfig keyVaultConfig =
Optional.ofNullable(config.getKeys())
.flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP))
.orElseThrow(
() ->
new ConfigException(
new RuntimeException(
"Trying to create Hashicorp Vault connection but no Vault configuration provided")));
VaultEndpoint vaultEndpoint;
try {
URI uri = new URI(keyVaultConfig.getProperty("url").get());
vaultEndpoint = VaultEndpoint.from(uri);
} catch (URISyntaxException | NoSuchElementException | IllegalArgumentException e) {
throw new ConfigException(new RuntimeException("Provided Hashicorp Vault url is incorrectly formatted", e));
}
SslConfiguration sslConfiguration = util.configureSsl(keyVaultConfig, envProvider);
ClientOptions clientOptions = new ClientOptions();
ClientHttpRequestFactory clientHttpRequestFactory =
util.createClientHttpRequestFactory(clientOptions, sslConfiguration);
ClientAuthentication clientAuthentication =
util.configureClientAuthentication(
keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
SessionManager sessionManager = new SimpleSessionManager(clientAuthentication);
VaultOperations vaultOperations = new VaultTemplate(vaultEndpoint, clientHttpRequestFactory, sessionManager);
return new HashicorpKeyVaultService(new KeyValueOperationsDelegateFactory(vaultOperations));
}
Example #13
| Source File: AbstractReactiveVaultConfiguration.java From spring-vault with Apache License 2.0 | 4 votes |
|
/**
* Construct a session manager adapter wrapping {@link #reactiveSessionManager()} and
* exposing imperative {@link SessionManager} on top of a reactive API.
* @return the {@link SessionManager} adapter.
*/
@Bean
@Override
public SessionManager sessionManager() {
return new ReactiveSessionManagerAdapter(getReactiveSessionManager());
}
Example #14
| Source File: VaultTemplate.java From spring-vault with Apache License 2.0 | 3 votes |
|
/**
* Set the {@link SessionManager}.
* @param sessionManager must not be {@literal null}.
*/
public void setSessionManager(SessionManager sessionManager) {
Assert.notNull(sessionManager, "SessionManager must not be null");
this.sessionManager = sessionManager;
}
Example #15
| Source File: AbstractVaultConfiguration.java From spring-vault with Apache License 2.0 | 3 votes |
|
/**
* Construct a {@link LifecycleAwareSessionManager} using
* {@link #clientAuthentication()}. This {@link SessionManager} uses
* {@link #threadPoolTaskScheduler()}.
* @return the {@link SessionManager} for Vault session management.
* @see SessionManager
* @see LifecycleAwareSessionManager
* @see #restOperations()
* @see #clientAuthentication()
* @see #threadPoolTaskScheduler() ()
*/
@Bean
public SessionManager sessionManager() {
ClientAuthentication clientAuthentication = clientAuthentication();
Assert.notNull(clientAuthentication, "ClientAuthentication must not be null");
return new LifecycleAwareSessionManager(clientAuthentication, getVaultThreadPoolTaskScheduler(),
restOperations());
}
Example #16
| Source File: AbstractVaultConfiguration.java From spring-vault with Apache License 2.0 | 3 votes |
|
/**
* Create a {@link VaultTemplate}.
* @return the {@link VaultTemplate}.
* @see #vaultEndpointProvider()
* @see #clientHttpRequestFactoryWrapper()
* @see #sessionManager()
*/
@Bean
public VaultTemplate vaultTemplate() {
return new VaultTemplate(
restTemplateBuilder(vaultEndpointProvider(), getClientFactoryWrapper().getClientHttpRequestFactory()),
getBeanFactory().getBean("sessionManager", SessionManager.class));
}
Example #17
| Source File: VaultTemplate.java From spring-vault with Apache License 2.0 | 2 votes |
|
/**
* Create a new {@link VaultTemplate} with a {@link VaultEndpoint},
* {@link ClientHttpRequestFactory} and {@link SessionManager}.
* @param vaultEndpoint must not be {@literal null}.
* @param clientHttpRequestFactory must not be {@literal null}.
* @param sessionManager must not be {@literal null}.
*/
public VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory,
SessionManager sessionManager) {
this(SimpleVaultEndpointProvider.of(vaultEndpoint), clientHttpRequestFactory, sessionManager);
}
