org.springframework.vault.core.VaultOperations Java Examples

The following examples show how to use org.springframework.vault.core.VaultOperations. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: VaultBootstrapPropertySourceConfiguration.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
/**
 * @param vaultProperties the {@link VaultProperties}.
 * @param vaultOperations the {@link VaultOperations}.
 * @param taskSchedulerWrapper the {@link TaskSchedulerWrapper}.
 * @return the {@link SessionManager} for Vault session management.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 */
@Bean
@Lazy
@ConditionalOnMissingBean
public SecretLeaseContainer secretLeaseContainer(VaultProperties vaultProperties,
		VaultOperations vaultOperations, TaskSchedulerWrapper taskSchedulerWrapper) {

	VaultProperties.Lifecycle lifecycle = vaultProperties.getConfig().getLifecycle();

	SecretLeaseContainer container = new SecretLeaseContainer(vaultOperations,
			taskSchedulerWrapper.getTaskScheduler());

	customizeContainer(lifecycle, container);

	return container;
}
 
Example #2
Source File: VaultConfigPostgreSqlTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
/**
 * Initialize the postgresql secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect.to(new InetSocketAddress(POSTGRES_HOST, POSTGRES_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	if (!vaultRule.prepare().hasSecretBackend("postgresql")) {
		vaultRule.prepare().mountSecret("postgresql");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("postgresql/config/connection",
			Collections.singletonMap("connection_url", CONNECTION_URL));

	vaultOperations.write("postgresql/roles/readonly",
			Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));
}
 
Example #3
Source File: VaultConfigMySqlTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
/**
 * Initialize the mysql secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	if (!vaultRule.prepare().hasSecretBackend("mysql")) {
		vaultRule.prepare().mountSecret("mysql");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("mysql/config/connection",
			Collections.singletonMap("connection_url", ROOT_CREDENTIALS));

	vaultOperations.write("mysql/roles/readonly",
			Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));
}
 
Example #4
Source File: VaultPropertySource.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
/**
 * Create a new {@link VaultPropertySource} given a {@code name},
 * {@link VaultTemplate} and {@code path} inside of Vault. This property source loads
 * properties upon construction and transforms these by applying
 * {@link PropertyTransformer}.
 * @param name name of the property source, must not be {@literal null}.
 * @param vaultOperations must not be {@literal null}.
 * @param path the path inside Vault (e.g. {@code secret/myapp/myproperties}. Must not
 * be empty or {@literal null}.
 * @param propertyTransformer object to transform properties.
 * @param ignoreSecretNotFound indicate if failure to find a secret at {@code path}
 * should be ignored.
 * @since 2.2
 * @see PropertyTransformers
 */
public VaultPropertySource(String name, VaultOperations vaultOperations, String path,
		PropertyTransformer propertyTransformer, boolean ignoreSecretNotFound) {

	super(name, vaultOperations);

	Assert.hasText(path, "Path name must contain at least one character");
	Assert.isTrue(!path.startsWith("/"), "Path name must not start with a slash (/)");
	Assert.notNull(propertyTransformer, "PropertyTransformer must not be null");

	this.path = path;
	this.keyValueDelegate = new KeyValueDelegate(vaultOperations, LinkedHashMap::new);
	this.propertyTransformer = propertyTransformer.andThen(PropertyTransformers.removeNullProperties());
	this.ignoreSecretNotFound = ignoreSecretNotFound;

	loadProperties();
}
 
Example #5
Source File: VaultConfigAwsTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
/**
 * Initialize the aws secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(StringUtils.hasText(AWS_ACCESS_KEY)
			&& StringUtils.hasText(AWS_SECRET_KEY));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	if (!vaultRule.prepare().hasSecretBackend("aws")) {
		vaultRule.prepare().mountSecret("aws");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, String> connection = new HashMap<>();
	connection.put("region", AWS_REGION);
	connection.put("access_key", AWS_ACCESS_KEY);
	connection.put("secret_key", AWS_SECRET_KEY);

	vaultOperations.write("aws/config/root", connection);

	vaultOperations.write("aws/roles/readonly", Collections.singletonMap("arn", ARN));
}
 
Example #6
Source File: MySqlDatabaseSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the mysql secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
	assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.7.1")));

	this.mySql.setEnabled(true);
	this.mySql.setRole("readonly");
	this.mySql.setBackend("database");

	if (!prepare().hasSecretBackend(this.mySql.getBackend())) {
		prepare().mountSecret(this.mySql.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	Map<String, String> config = new HashMap<>();
	config.put("plugin_name", "mysql-legacy-database-plugin");
	config.put("connection_url", ROOT_CREDENTIALS);
	config.put("allowed_roles", "readonly");

	vaultOperations.write(String.format("%s/config/mysql", this.mySql.getBackend()),
			config);

	Map<String, String> body = new HashMap<>();
	body.put("db_name", "mysql");
	body.put("creation_statements", CREATE_USER_AND_GRANT_SQL);

	vaultOperations.write(String.format("%s/roles/%s", this.mySql.getBackend(),
			this.mySql.getRole()), body);

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 
Example #7
Source File: VaultConfigTemplate.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link VaultConfigTemplate} given {@link VaultOperations}.
 * @param vaultOperations must not be {@literal null}.
 * @param properties must not be {@literal null}.
 */
public VaultConfigTemplate(VaultOperations vaultOperations,
		VaultProperties properties) {

	Assert.notNull(vaultOperations, "VaultOperations must not be null!");
	Assert.notNull(properties, "VaultProperties must not be null!");

	this.vaultOperations = vaultOperations;
	this.properties = properties;
	this.keyValueDelegate = new KeyValueDelegate(vaultOperations);
}
 
Example #8
Source File: VaultBootstrapConfiguration.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Creates a {@link VaultTemplate}.
 * @return the {@link VaultTemplate} bean.
 * @see VaultBootstrapConfiguration#clientHttpRequestFactoryWrapper()
 */
@Bean
@ConditionalOnMissingBean(VaultOperations.class)
public VaultTemplate vaultTemplate() {

	VaultProperties.AuthenticationMethod authentication = this.vaultProperties
			.getAuthentication();

	if (authentication == VaultProperties.AuthenticationMethod.NONE) {
		return new VaultTemplate(this.restTemplateBuilder);
	}

	return new VaultTemplate(this.restTemplateBuilder,
			this.applicationContext.getBean(SessionManager.class));
}
 
Example #9
Source File: VaultConfigWithContextTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("secret/testVaultApp/my-profile",
			Collections.singletonMap("vault.value", "hello"));

	vaultOperations.write("secret/testVaultApp",
			Collections.singletonMap("vault.value", "world"));
}
 
Example #10
Source File: VaultConfigCubbyholeAuthenticationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	assumeTrue(vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.6.1")));

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write(
			"secret/" + VaultConfigCubbyholeAuthenticationTests.class.getSimpleName(),
			Collections.singletonMap("vault.value",
					VaultConfigCubbyholeAuthenticationTests.class.getSimpleName()));

	VaultResponse vaultResponse = vaultOperations.doWithSession(restOperations -> {

		HttpHeaders headers = new HttpHeaders();
		headers.add("X-Vault-Wrap-TTL", "1h");

		return restOperations.postForObject("/auth/token/create",
				new HttpEntity<>(headers), VaultResponse.class);
	});

	String initialToken = vaultResponse.getWrapInfo().get("token");
	System.setProperty("spring.cloud.vault.token", initialToken);
}
 
Example #11
Source File: VaultConfigWithVaultConfigurerTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("secret/VaultConfigWithVaultConfigurerTests",
			Collections.singletonMap("vault.value", "hello"));

	vaultOperations.write("secret/testVaultApp",
			Collections.singletonMap("vault.value", "world"));
}
 
Example #12
Source File: VaultConfigTlsCertAuthenticationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	VaultProperties vaultProperties = Settings.createVaultProperties();

	if (!vaultRule.prepare().hasAuth(vaultProperties.getSsl().getCertAuthPath())) {
		vaultRule.prepare().mountAuth(vaultProperties.getSsl().getCertAuthPath());
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	String rules = "{ \"name\": \"testpolicy\",\n" //
			+ "  \"path\": {\n" //
			+ "    \"*\": {  \"policy\": \"read\" }\n" //
			+ "  }\n" //
			+ "}";

	vaultOperations.write("sys/policy/testpolicy",
			Collections.singletonMap("rules", rules));

	vaultOperations.write(
			"secret/" + VaultConfigTlsCertAuthenticationTests.class.getSimpleName(),
			Collections.singletonMap("vault.value", "foo"));

	File workDir = findWorkDir();

	String certificate = Files.contentOf(
			new File(workDir, "ca/certs/client.cert.pem"), StandardCharsets.US_ASCII);

	Map<String, String> role = new HashMap<>();
	role.put("certificate", certificate);
	role.put("policies", "testpolicy");

	vaultOperations.write("auth/cert/certs/my-role", role);
}
 
Example #13
Source File: RabbitMqSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the rabbitmq secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect
			.to(new InetSocketAddress(RABBITMQ_HOST, RABBITMQ_HTTP_MANAGEMENT_PORT)));
	assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.6.2")));

	this.rabbitmq.setEnabled(true);
	this.rabbitmq.setRole("readonly");

	if (!prepare().hasSecretBackend(this.rabbitmq.getBackend())) {
		prepare().mountSecret(this.rabbitmq.getBackend());
	}

	Map<String, String> connection = new HashMap<>();
	connection.put("connection_uri", RABBITMQ_URI);
	connection.put("username", RABBITMQ_USERNAME);
	connection.put("password", RABBITMQ_PASSWORD);

	VaultOperations vaultOperations = prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.rabbitmq.getBackend()),
			connection);

	vaultOperations.write(
			String.format("%s/roles/%s", this.rabbitmq.getBackend(),
					this.rabbitmq.getRole()),
			Collections.singletonMap("vhosts", VHOSTS_ROLE));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 
Example #14
Source File: VaultConfigRabbitMqTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the rabbitmq secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect
			.to(new InetSocketAddress(RABBITMQ_HOST, RABBITMQ_HTTP_MANAGEMENT_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	assumeTrue(vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.6.2")));

	if (!vaultRule.prepare().hasSecretBackend("rabbitmq")) {
		vaultRule.prepare().mountSecret("rabbitmq");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, String> connection = new HashMap<>();
	connection.put("connection_uri", RABBITMQ_URI);
	connection.put("username", RABBITMQ_USERNAME);
	connection.put("password", RABBITMQ_PASSWORD);

	vaultOperations.write(String.format("rabbitmq/config/connection"), connection);

	vaultOperations.write(String.format("rabbitmq/roles/readonly"),
			Collections.singletonMap("vhosts", VHOSTS_ROLE));
}
 
Example #15
Source File: AwsSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the aws secret backend.
 */
@Before
public void setUp() {

	assumeTrue(StringUtils.hasText(AWS_ACCESS_KEY)
			&& StringUtils.hasText(AWS_SECRET_KEY));

	this.aws.setEnabled(true);
	this.aws.setRole("readonly");

	if (!prepare().hasSecretBackend(this.aws.getBackend())) {
		prepare().mountSecret(this.aws.getBackend());
	}

	VaultOperations vaultOperations = prepare().getVaultOperations();

	Map<String, String> connection = new HashMap<>();
	connection.put("region", AWS_REGION);
	connection.put("access_key", AWS_ACCESS_KEY);
	connection.put("secret_key", AWS_SECRET_KEY);

	vaultOperations.write(String.format("%s/config/root", this.aws.getBackend()),
			connection);

	vaultOperations.write(
			String.format("%s/roles/%s", this.aws.getBackend(), this.aws.getRole()),
			Collections.singletonMap("arn", ARN));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 
Example #16
Source File: VaultBootstrapPropertySourceConfiguration.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Bean
public PropertySourceLocator vaultPropertySourceLocator(VaultOperations operations,
		VaultProperties vaultProperties,
		VaultKeyValueBackendProperties kvBackendProperties,
		ObjectFactory<SecretLeaseContainer> secretLeaseContainerObjectFactory) {

	VaultConfigTemplate vaultConfigTemplate = new VaultConfigTemplate(operations,
			vaultProperties);

	PropertySourceLocatorConfiguration configuration = getPropertySourceConfiguration(
			Collections.singletonList(kvBackendProperties));

	VaultProperties.Lifecycle lifecycle = vaultProperties.getConfig().getLifecycle();

	if (lifecycle.isEnabled()) {

		// This is to destroy bootstrap resources
		// otherwise, the bootstrap context is not shut down cleanly
		this.applicationContext.registerShutdownHook();

		SecretLeaseContainer secretLeaseContainer = secretLeaseContainerObjectFactory
				.getObject();

		secretLeaseContainer.start();

		return new LeasingVaultPropertySourceLocator(vaultProperties, configuration,
				secretLeaseContainer);
	}

	return new VaultPropertySourceLocator(vaultConfigTemplate, vaultProperties,
			configuration);
}
 
Example #17
Source File: VaultConfigMongoTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the mongo secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MONGODB_HOST, MONGODB_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	assumeTrue(vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.6.2")));

	if (!vaultRule.prepare().hasSecretBackend("mongodb")) {
		vaultRule.prepare().mountSecret("mongodb");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	vaultOperations.write("mongodb/config/connection",
			Collections.singletonMap("uri", ROOT_CREDENTIALS));

	Map<String, String> role = new HashMap<>();
	role.put("db", "admin");
	role.put("roles", ROLES);

	vaultOperations.write("mongodb/roles/readonly", role);
}
 
Example #18
Source File: VaultConfigMySqlDatabaseTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the mysql secret backend.
 */
@BeforeClass
public static void beforeClass() {

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
	assumeTrue(vaultRule.prepare().getVersion()
			.isGreaterThanOrEqualTo(Version.parse("0.7.1")));

	if (!vaultRule.prepare().hasSecretBackend("database")) {
		vaultRule.prepare().mountSecret("database");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, String> config = new HashMap<>();
	config.put("plugin_name", "mysql-legacy-database-plugin");
	config.put("connection_url", ROOT_CREDENTIALS);
	config.put("allowed_roles", "readonly");

	vaultOperations.write("database/config/mysql", config);

	Map<String, String> body = new HashMap<>();
	body.put("db_name", "mysql");
	body.put("creation_statements", CREATE_USER_AND_GRANT_SQL);

	vaultOperations.write("database/roles/readonly", body);
}
 
Example #19
Source File: MongoSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the mongodb secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MONGODB_HOST, MONGODB_PORT)));
	assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.6.2")));

	this.mongodb.setEnabled(true);
	this.mongodb.setRole("readonly");

	if (!prepare().hasSecretBackend(this.mongodb.getBackend())) {
		prepare().mountSecret(this.mongodb.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.mongodb.getBackend()),
			Collections.singletonMap("uri", ROOT_CREDENTIALS));

	Map<String, String> role = new HashMap<>();
	role.put("db", "admin");
	role.put("roles", ROLES);

	vaultOperations.write(String.format("%s/roles/%s", this.mongodb.getBackend(),
			this.mongodb.getRole()), role);

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 
Example #20
Source File: CassandraSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize cassandra secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT)));

	this.cassandra.setEnabled(true);
	this.cassandra.setRole("readonly");

	if (!prepare().hasSecretBackend(this.cassandra.getBackend())) {
		prepare().mountSecret(this.cassandra.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	Map<String, Object> connection = new HashMap<>();
	connection.put("hosts", CASSANDRA_HOST);
	connection.put("username", CASSANDRA_USERNAME);
	connection.put("password", CASSANDRA_PASSWORD);
	connection.put("protocol_version", 3);

	vaultOperations.write(
			String.format("%s/config/connection", this.cassandra.getBackend()),
			connection);

	Map<String, String> role = new HashMap<>();

	role.put("creation_cql", CREATE_USER_AND_GRANT_CQL);
	role.put("consistency", "All");

	vaultOperations.write(String.format("%s/roles/%s", this.cassandra.getBackend(),
			this.cassandra.getRole()), role);

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 
Example #21
Source File: VaultConfigCassandraTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the cassandra secret backend.
 */
@BeforeClass
public static void beforeClass() {

	assumeTrue(CanConnect.to(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT)));

	VaultRule vaultRule = new VaultRule();
	vaultRule.before();

	if (!vaultRule.prepare().hasSecretBackend("cassandra")) {
		vaultRule.prepare().mountSecret("cassandra");
	}

	VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();

	Map<String, Object> connection = new HashMap<>();
	connection.put("hosts", CASSANDRA_HOST);
	connection.put("username", CASSANDRA_USERNAME);
	connection.put("password", CASSANDRA_PASSWORD);
	connection.put("protocol_version", 3);

	vaultOperations.write(String.format("%s/config/connection", "cassandra"),
			connection);

	Map<String, String> role = new HashMap<>();

	role.put("creation_cql", CREATE_USER_AND_GRANT_CQL);
	role.put("consistency", "All");

	vaultOperations.write("cassandra/roles/readonly", role);
}
 
Example #22
Source File: PostgreSqlSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the postgresql secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(POSTGRES_HOST, POSTGRES_PORT)));

	this.postgreSql.setEnabled(true);
	this.postgreSql.setRole("readonly");

	if (!prepare().hasSecretBackend(this.postgreSql.getBackend())) {
		prepare().mountSecret(this.postgreSql.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.postgreSql.getBackend()),
			Collections.singletonMap("connection_url", CONNECTION_URL));

	vaultOperations.write(
			String.format("%s/roles/%s", this.postgreSql.getBackend(),
					this.postgreSql.getRole()),
			Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);

}
 
Example #23
Source File: MySqlSecretIntegrationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Initialize the mysql secret backend.
 */
@Before
public void setUp() {

	assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));

	this.mySql.setEnabled(true);
	this.mySql.setRole("readonly");

	if (!prepare().hasSecretBackend(this.mySql.getBackend())) {
		prepare().mountSecret(this.mySql.getBackend());
	}

	VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();

	vaultOperations.write(
			String.format("%s/config/connection", this.mySql.getBackend()),
			Collections.singletonMap("connection_url", ROOT_CREDENTIALS));

	vaultOperations.write(
			String.format("%s/roles/%s", this.mySql.getBackend(),
					this.mySql.getRole()),
			Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));

	this.configOperations = new VaultConfigTemplate(vaultOperations,
			this.vaultProperties);
}
 
Example #24
Source File: SecretLeaseContainer.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link SecretLeaseContainer} given {@link VaultOperations}.
 * @param operations must not be {@literal null}.
 */
public SecretLeaseContainer(VaultOperations operations) {

	Assert.notNull(operations, "VaultOperations must not be null");

	this.operations = operations;
	this.keyValueDelegate = new KeyValueDelegate(this.operations);
}
 
Example #25
Source File: VaultPropertySourceIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeAll
static void beforeClass(VaultInitializer initializer) {

	VaultOperations vaultOperations = initializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
	vaultOperations.write("secret/generic", Collections.singletonMap("generic", "generic-value"));
	vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
 
Example #26
Source File: VaultPropertySourceMultipleIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeAll
static void beforeClass(VaultInitializer initializer) {

	VaultOperations vaultOperations = initializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
	vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
 
Example #27
Source File: LeaseAwareVaultPropertySourceIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeAll
static void beforeClass(VaultInitializer vaultInitializer) {

	VaultOperations vaultOperations = vaultInitializer.prepare().getVaultOperations();

	vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
	vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
 
Example #28
Source File: SecretLeaseContainer.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link SecretLeaseContainer} given {@link VaultOperations} and
 * {@link TaskScheduler}.
 * @param operations must not be {@literal null}.
 * @param taskScheduler must not be {@literal null}.
 */
public SecretLeaseContainer(VaultOperations operations, TaskScheduler taskScheduler) {

	Assert.notNull(operations, "VaultOperations must not be null");
	Assert.notNull(taskScheduler, "TaskScheduler must not be null");

	this.operations = operations;
	this.keyValueDelegate = new KeyValueDelegate(this.operations);
	setTaskScheduler(taskScheduler);
}
 
Example #29
Source File: VaultKeyValueAdapter.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link VaultKeyValueAdapter} given {@link VaultOperations} and
 * {@link VaultConverter}.
 * @param vaultOperations must not be {@literal null}.
 * @param vaultConverter must not be {@literal null}.
 */
public VaultKeyValueAdapter(VaultOperations vaultOperations, VaultConverter vaultConverter) {

	super(new VaultQueryEngine());

	Assert.notNull(vaultOperations, "VaultOperations must not be null");
	Assert.notNull(vaultConverter, "VaultConverter must not be null");

	this.vaultOperations = vaultOperations;
	this.vaultConverter = vaultConverter;
}
 
Example #30
Source File: PrepareVault.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link PrepareVault} object.
 * @param webClient must not be {@literal null}.
 * @param restTemplate must not be {@literal null}.
 * @param vaultOperations must not be {@literal null}.
 */
public PrepareVault(WebClient webClient, RestTemplate restTemplate, VaultOperations vaultOperations) {

	this.webClient = webClient;
	this.restTemplate = restTemplate;
	this.vaultOperations = vaultOperations;
	this.adminOperations = vaultOperations.opsForSys();
}