org.springframework.vault.client.RestTemplateBuilder Java Examples

@Override
public void afterPropertiesSet() {

	ClientHttpRequestFactory clientHttpRequestFactory = clientHttpRequestFactoryWrapper()
			.getClientHttpRequestFactory();

	this.restTemplateBuilder = RestTemplateBuilder.builder()
			.requestFactory(clientHttpRequestFactory)
			.endpointProvider(this.endpointProvider);

	this.customizers.forEach(this.restTemplateBuilder::customizers);
	this.requestCustomizers.forEach(this.restTemplateBuilder::requestCustomizers);

	if (StringUtils.hasText(this.vaultProperties.getNamespace())) {
		this.restTemplateBuilder.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE,
				this.vaultProperties.getNamespace());
	}

	this.externalRestOperations = new RestTemplate(clientHttpRequestFactory);
}
 

@Override
public RestTemplate create(@Nullable Consumer<RestTemplateBuilder> customizer) {

	RestTemplateBuilder builder = this.builderFunction.apply(this.requestFactory);

	if (customizer != null) {
		customizer.accept(builder);
	}

	return builder.build();
}
 

/**
 * Create a {@link RestTemplateBuilder} initialized with {@link VaultEndpointProvider}
 * and {@link ClientHttpRequestFactory}. May be overridden by subclasses.
 * @return the {@link RestTemplateBuilder}.
 * @see #vaultEndpointProvider()
 * @see #clientHttpRequestFactoryWrapper()
 * @since 2.3
 */
protected RestTemplateBuilder restTemplateBuilder(VaultEndpointProvider endpointProvider,
		ClientHttpRequestFactory requestFactory) {

	ObjectProvider<RestTemplateCustomizer> customizers = getBeanFactory()
			.getBeanProvider(RestTemplateCustomizer.class);

	RestTemplateBuilder builder = RestTemplateBuilder.builder().endpointProvider(endpointProvider)
			.requestFactory(requestFactory);

	builder.customizers(customizers.stream().toArray(RestTemplateCustomizer[]::new));

	return builder;
}
 

/**
 * Create a new {@link VaultTemplate} through a {@link RestTemplateBuilder} and
 * {@link SessionManager}. This constructor does not use a
 * {@link ClientAuthentication} mechanism. It is intended for usage with Vault Agent
 * to inherit Vault Agent's authentication without using the
 * {@link VaultHttpHeaders#VAULT_TOKEN authentication token header}.
 * @param restTemplateBuilder must not be {@literal null}.
 * @since 2.2.1
 */
public VaultTemplate(RestTemplateBuilder restTemplateBuilder) {

	Assert.notNull(restTemplateBuilder, "RestTemplateBuilder must not be null");

	RestTemplate restTemplate = restTemplateBuilder.build();

	this.sessionManager = NoSessionManager.INSTANCE;
	this.dedicatedSessionManager = false;
	this.statelessTemplate = restTemplate;
	this.sessionTemplate = restTemplate;
}
 

/**
 * Create a new {@link VaultTemplate} through a {@link RestTemplateBuilder} and
 * {@link SessionManager}.
 * @param restTemplateBuilder must not be {@literal null}.
 * @param sessionManager must not be {@literal null}.
 * @since 2.2
 */
public VaultTemplate(RestTemplateBuilder restTemplateBuilder, SessionManager sessionManager) {

	Assert.notNull(restTemplateBuilder, "RestTemplateBuilder must not be null");
	Assert.notNull(sessionManager, "SessionManager must not be null");

	this.sessionManager = sessionManager;
	this.dedicatedSessionManager = false;

	this.statelessTemplate = restTemplateBuilder.build();
	this.sessionTemplate = restTemplateBuilder.build();
	this.sessionTemplate.getInterceptors().add(getSessionInterceptor());
}
 

@Before
public void before() {
	Assume.assumeTrue("Namespaces require enterprise version",
			this.vaultRule.prepare().getVersion().isEnterprise());

	List<String> namespaces = new ArrayList<>(Arrays.asList("dev/", "marketing/"));
	List<String> list = this.vaultRule.prepare().getVaultOperations()
			.list("sys/namespaces");
	namespaces.removeAll(list);

	for (String namespace : namespaces) {
		this.vaultRule.prepare().getVaultOperations()
				.write("sys/namespaces/" + namespace.replaceAll("/", ""));
	}

	this.maketingRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(ClientHttpRequestFactoryFactory
					.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
			.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");

	VaultTemplate marketing = new VaultTemplate(this.maketingRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(marketing, "marketing-secrets");
	marketing.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
	this.marketingToken = marketing.opsForToken()
			.create(VaultTokenRequest.builder().withPolicy("relaxed").build())
			.getToken().getToken();
}
 

DefaultRestTemplateFactory(ClientHttpRequestFactory requestFactory,
		Function<ClientHttpRequestFactory, RestTemplateBuilder> builderFunction) {
	this.requestFactory = requestFactory;
	this.builderFunction = builderFunction;
}
 

@BeforeEach
void before() {

	Assumptions.assumeTrue(prepare().getVersion().isEnterprise(), "Namespaces require enterprise version");

	List<String> namespaces = new ArrayList<>(Arrays.asList("dev/", "marketing/"));
	List<String> list = prepare().getVaultOperations().list("sys/namespaces");
	namespaces.removeAll(list);

	for (String namespace : namespaces) {
		prepare().getVaultOperations().write("sys/namespaces/" + namespace.replaceAll("/", ""));
	}

	RestTemplateBuilder devRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(
					ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT).customizers(restTemplate -> restTemplate
					.getInterceptors().add(VaultClients.createNamespaceInterceptor("dev")));

	VaultTemplate dev = new VaultTemplate(devRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(dev, "dev-secrets");
	dev.opsForSys().createOrUpdatePolicy("relaxed", POLICY);

	if (!dev.opsForSys().getAuthMounts().containsKey("cert/")) {
		dev.opsForSys().authMount("cert", VaultMount.create("cert"));
	}

	dev.doWithSession((RestOperationsCallback<Object>) restOperations -> {

		File workDir = findWorkDir();

		String certificate = Files.contentOf(new File(workDir, "ca/certs/client.cert.pem"),
				StandardCharsets.US_ASCII);

		Map<String, String> role = new LinkedHashMap<>();
		role.put("token_policies", "relaxed");
		role.put("policies", "relaxed");
		role.put("certificate", certificate);

		return restOperations.postForEntity("auth/cert/certs/relaxed", role, Map.class);
	});
}
 

@Test
void shouldAuthenticateWithNamespace() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			ClientCertificateAuthenticationIntegrationTestBase.prepareCertAuthenticationMethod());

	RestTemplateBuilder builder = RestTemplateBuilder.builder()
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT).requestFactory(clientHttpRequestFactory)
			.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "dev");

	RestTemplate forAuthentication = builder.build();

	ClientCertificateAuthentication authentication = new ClientCertificateAuthentication(forAuthentication);

	VaultTemplate dev = new VaultTemplate(builder, new SimpleSessionManager(authentication));

	dev.write("dev-secrets/my-secret", Collections.singletonMap("key", "dev"));

	assertThat(dev.read("dev-secrets/my-secret").getRequiredData()).containsEntry("key", "dev");
}
 

@BeforeEach
void before() {

	Assumptions.assumeTrue(prepare().getVersion().isEnterprise(), "Namespaces require enterprise version");

	List<String> namespaces = new ArrayList<>(Arrays.asList("dev/", "marketing/"));
	List<String> list = prepare().getVaultOperations().list("sys/namespaces");
	namespaces.removeAll(list);

	for (String namespace : namespaces) {
		prepare().getVaultOperations().write("sys/namespaces/" + namespace.replaceAll("/", ""));
	}

	this.devRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(
					ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT).customizers(restTemplate -> restTemplate
					.getInterceptors().add(VaultClients.createNamespaceInterceptor("dev")));

	this.maketingRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(
					ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
			.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");

	VaultTemplate dev = new VaultTemplate(this.devRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(dev, "dev-secrets");
	dev.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
	this.devToken = dev.opsForToken().create(VaultTokenRequest.builder().withPolicy("relaxed").build()).getToken()
			.getToken();

	VaultTemplate marketing = new VaultTemplate(this.maketingRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(marketing, "marketing-secrets");
	marketing.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
	this.marketingToken = marketing.opsForToken().create(VaultTokenRequest.builder().withPolicy("relaxed").build())
			.getToken().getToken();
}
 

@Override
protected RestTemplateBuilder restTemplateBuilder(VaultEndpointProvider endpointProvider,
		ClientHttpRequestFactory requestFactory) {
	return super.restTemplateBuilder(endpointProvider, requestFactory)
			.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");
}
 

/**
 * Create a session-bound {@link RestTemplate} to be used by {@link VaultTemplate} for
 * Vault communication given {@link VaultEndpointProvider} and
 * {@link ClientHttpRequestFactory} for calls that require an authenticated context.
 * {@link VaultEndpointProvider} is used to contribute host and port details for
 * relative URLs typically used by the Template API. Subclasses may override this
 * method to customize the {@link RestTemplate}.
 * @param endpointProvider must not be {@literal null}.
 * @param requestFactory must not be {@literal null}.
 * @return the {@link RestTemplate} used for Vault communication.
 * @since 2.1
 */
protected RestTemplate doCreateSessionTemplate(VaultEndpointProvider endpointProvider,
		ClientHttpRequestFactory requestFactory) {

	return RestTemplateBuilder.builder().endpointProvider(endpointProvider).requestFactory(requestFactory)
			.customizers(restTemplate -> restTemplate.getInterceptors().add(getSessionInterceptor())).build();
}
 

@Test
void shouldUseAgentAuthenticationWithBuilder() {

	RestTemplateBuilder builder = RestTemplateBuilder.builder().endpoint(this.endpoint)
			.requestFactory(this.requestFactory);

	VaultTemplate vaultTemplate = new VaultTemplate(builder);

	vaultTemplate.write("secret/foo", Collections.singletonMap("key", "value"));
}
 

/**
 * Create a {@link RestTemplate} to be used by {@link VaultTemplate} for Vault
 * communication given {@link VaultEndpointProvider} and
 * {@link ClientHttpRequestFactory}. {@link VaultEndpointProvider} is used to
 * contribute host and port details for relative URLs typically used by the Template
 * API. Subclasses may override this method to customize the {@link RestTemplate}.
 * @param endpointProvider must not be {@literal null}.
 * @param requestFactory must not be {@literal null}.
 * @return the {@link RestTemplate} used for Vault communication.
 * @since 2.1
 */
protected RestTemplate doCreateRestTemplate(VaultEndpointProvider endpointProvider,
		ClientHttpRequestFactory requestFactory) {

	return RestTemplateBuilder.builder().endpointProvider(endpointProvider).requestFactory(requestFactory).build();
}