Java Code Examples for org.springframework.vault.support.VaultResponse#setData()

@Test
@SuppressWarnings("unchecked")
void shouldSelfLookupToken() {

	VaultResponse vaultResponse = new VaultResponse();
	vaultResponse.setData(Collections.singletonMap("ttl", 100));

	when(this.clientAuthentication.login()).thenReturn(VaultToken.of("login"));

	when(this.restOperations.exchange(anyString(), any(), any(), ArgumentMatchers.<Class>any()))
			.thenReturn(new ResponseEntity<>(vaultResponse, HttpStatus.OK));

	LoginToken sessionToken = (LoginToken) this.sessionManager.getSessionToken();
	assertThat(sessionToken.getLeaseDuration()).isEqualTo(Duration.ofSeconds(100));

	verify(this.restOperations).exchange(eq("auth/token/lookup-self"), eq(HttpMethod.GET),
			eq(new HttpEntity<>(VaultHttpHeaders.from(LoginToken.of("login")))), any(Class.class));

	verify(this.listener).onAuthenticationEvent(this.captor.capture());
	AfterLoginEvent event = (AfterLoginEvent) this.captor.getValue();
	assertThat(event.getSource()).isSameAs(sessionToken);
}
 

@Test
@SuppressWarnings("unchecked")
void shouldContinueIfSelfLookupFails() {

	VaultResponse vaultResponse = new VaultResponse();
	vaultResponse.setData(Collections.singletonMap("ttl", 100));

	when(this.clientAuthentication.login()).thenReturn(VaultToken.of("login"));

	when(this.restOperations.exchange(anyString(), any(), any(), ArgumentMatchers.<Class>any()))
			.thenThrow(new HttpClientErrorException(HttpStatus.FORBIDDEN));

	VaultToken sessionToken = this.sessionManager.getSessionToken();
	assertThat(sessionToken).isExactlyInstanceOf(VaultToken.class);
	verify(this.listener).onAuthenticationEvent(any(AfterLoginEvent.class));
	verify(this.errorListener).onAuthenticationError(any());
}
 

@Test
@SuppressWarnings("unchecked")
void shouldSelfLookupToken() {

	VaultResponse vaultResponse = new VaultResponse();
	vaultResponse.setData(Collections.singletonMap("ttl", 100));

	mockToken(VaultToken.of("login"));

	when(this.responseSpec.bodyToMono((Class) any())).thenReturn(Mono.just(vaultResponse));

	this.sessionManager.getSessionToken().as(StepVerifier::create).assertNext(it -> {

		LoginToken sessionToken = (LoginToken) it;
		assertThat(sessionToken.getLeaseDuration()).isEqualTo(Duration.ofSeconds(100));
	}).verifyComplete();

	verify(this.webClient.get()).uri("auth/token/lookup-self");
	verify(this.listener).onAuthenticationEvent(this.captor.capture());
	AfterLoginEvent event = (AfterLoginEvent) this.captor.getValue();
	assertThat(event.getSource()).isInstanceOf(LoginToken.class);
}
 

@Test
@SuppressWarnings("unchecked")
void shouldContinueIfSelfLookupFails() {

	VaultResponse vaultResponse = new VaultResponse();
	vaultResponse.setData(Collections.singletonMap("ttl", 100));

	mockToken(VaultToken.of("login"));

	when(this.responseSpec.bodyToMono((Class) any())).thenReturn(
			Mono.error(new WebClientResponseException("forbidden", 403, "Forbidden", null, null, null)));

	this.sessionManager.getSessionToken() //
			.as(StepVerifier::create) //
			.assertNext(it -> {
				assertThat(it).isExactlyInstanceOf(VaultToken.class);
			}).verifyComplete();
	verify(this.listener).onAuthenticationEvent(any(AfterLoginEvent.class));
	verify(this.errorListener).onAuthenticationError(any());
}
 

@Test
void shouldRevokeLoginTokenOnDestroy() {

	VaultResponse vaultResponse = new VaultResponse();
	vaultResponse.setData(Collections.singletonMap("ttl", 100));

	mockToken(LoginToken.of("login"));
	when(this.responseSpec.bodyToMono(String.class)).thenReturn(Mono.just("OK"));

	this.sessionManager.getVaultToken() //
			.as(StepVerifier::create) //
			.expectNextCount(1) //
			.verifyComplete();

	this.sessionManager.destroy();

	verify(this.webClient.post()).uri("auth/token/revoke-self");
	verify(this.listener).onAuthenticationEvent(any(BeforeLoginTokenRevocationEvent.class));
	verify(this.listener).onAuthenticationEvent(any(AfterLoginTokenRevocationEvent.class));
}
 

@Test
void shouldAcceptSecretsWithoutLease() {

	VaultResponse secrets = new VaultResponse();
	secrets.setData(Collections.singletonMap("key", (Object) "value"));

	when(this.vaultOperations.read(this.requestedSecret.getPath())).thenReturn(secrets);

	this.secretLeaseContainer.addRequestedSecret(this.requestedSecret);
	this.secretLeaseContainer.start();

	verifyZeroInteractions(this.taskScheduler);
	verify(this.leaseListenerAdapter).onLeaseEvent(this.captor.capture());

	SecretLeaseCreatedEvent leaseCreatedEvent = (SecretLeaseCreatedEvent) this.captor.getValue();

	assertThat(leaseCreatedEvent.getSource()).isEqualTo(this.requestedSecret);
	assertThat(leaseCreatedEvent.getLease()).isNotNull();
	assertThat(leaseCreatedEvent.getSecrets()).containsKey("key");
}
 

@Test
void shouldAcceptSecretsWithStaticLease() {

	VaultResponse secrets = new VaultResponse();
	secrets.setLeaseId("lease");
	secrets.setRenewable(false);
	secrets.setData(Collections.singletonMap("key", "value"));

	when(this.vaultOperations.read(this.requestedSecret.getPath())).thenReturn(secrets);

	this.secretLeaseContainer.addRequestedSecret(this.requestedSecret);
	this.secretLeaseContainer.start();

	verifyZeroInteractions(this.taskScheduler);
	verify(this.leaseListenerAdapter).onLeaseEvent(this.captor.capture());

	SecretLeaseCreatedEvent leaseCreatedEvent = (SecretLeaseCreatedEvent) this.captor.getValue();

	assertThat(leaseCreatedEvent.getSource()).isEqualTo(this.requestedSecret);
	assertThat(leaseCreatedEvent.getLease()).isNotNull();
	assertThat(leaseCreatedEvent.getSecrets()).containsKey("key");
}
 

@SuppressWarnings("unchecked")
private static void unwrapDataResponse(@Nullable VaultResponse response) {

	if (response == null || response.getData() == null || !response.getData().containsKey("data")) {
		return;
	}

	Map<String, Object> nested = new LinkedHashMap<>((Map) response.getRequiredData().get("data"));
	response.setData(nested);
}
 

private void prepareResponse() {

		Map<String, Object> data = new LinkedHashMap<String, Object>();
		data.put("key", "value");
		data.put("integer", 1);
		data.put("empty", null);
		data.put("complex", Collections.singletonMap("key", "value"));

		VaultResponse vaultResponse = new VaultResponse();
		vaultResponse.setData(data);

		when(this.vaultTemplate.read("secret/myapp")).thenReturn(vaultResponse);
	}
 

private VaultResponse createSecrets(String key, String value, boolean renewable) {

		VaultResponse secrets = new VaultResponse();

		secrets.setLeaseId("lease");
		secrets.setRenewable(renewable);
		secrets.setLeaseDuration(100);
		secrets.setData(Collections.singletonMap(key, value));

		return secrets;
	}
 

private VaultResponse withVaultResponse(String key, Object value) {
	Map<String, Object> responseData = new HashMap<>();
	responseData.put(key, value);

	VaultResponse response = new VaultResponse();
	response.setData(responseData);

	return response;
}
 

@Test
void shouldNotRevokeSecretsWithoutLease() throws Exception {

	VaultResponse secrets = new VaultResponse();
	secrets.setData(Collections.singletonMap("key", (Object) "value"));

	when(this.vaultOperations.read(this.requestedSecret.getPath())).thenReturn(secrets);

	this.secretLeaseContainer.addRequestedSecret(this.requestedSecret);
	this.secretLeaseContainer.start();

	this.secretLeaseContainer.destroy();

	verifyZeroInteractions(this.taskScheduler);

	verify(this.leaseListenerAdapter, never()).onLeaseEvent(any(BeforeSecretLeaseRevocationEvent.class));
	verify(this.leaseListenerAdapter, never()).onLeaseEvent(any(AfterSecretLeaseRevocationEvent.class));
}
 

@Test
void shouldNotRotateExpiringLease() {

	when(this.taskScheduler.schedule(any(Runnable.class), any(Trigger.class))).thenReturn(this.scheduledFuture);

	VaultResponse first = createSecrets();
	VaultResponse second = createSecrets();
	second.setData(Collections.singletonMap("foo", (Object) "bar"));

	when(this.vaultOperations.read(this.requestedSecret.getPath())).thenReturn(first, second);
	when(this.vaultOperations.doWithSession(any(RestOperationsCallback.class)))
			.thenReturn(Lease.of("new_lease", Duration.ofSeconds(5), true));

	this.secretLeaseContainer.requestRotatingSecret("my-secret");

	this.secretLeaseContainer.start();

	ArgumentCaptor<Runnable> captor = ArgumentCaptor.forClass(Runnable.class);
	verify(this.taskScheduler).schedule(captor.capture(), any(Trigger.class));

	captor.getValue().run();
	verify(this.taskScheduler, times(2)).schedule(captor.capture(), any(Trigger.class));

	ArgumentCaptor<SecretLeaseEvent> createdEvents = ArgumentCaptor.forClass(SecretLeaseEvent.class);
	verify(this.leaseListenerAdapter, times(3)).onLeaseEvent(createdEvents.capture());

	List<SecretLeaseEvent> events = createdEvents.getAllValues();

	assertThat(events).hasSize(3);
	assertThat(events.get(0)).isInstanceOf(SecretLeaseCreatedEvent.class);
	assertThat(((SecretLeaseCreatedEvent) events.get(0)).getSecrets()).containsOnlyKeys("key");

	assertThat(events.get(1)).isInstanceOf(SecretLeaseExpiredEvent.class);

	assertThat(events.get(2)).isInstanceOf(SecretLeaseCreatedEvent.class);
	assertThat(((SecretLeaseCreatedEvent) events.get(2)).getSecrets()).containsOnlyKeys("foo");
}
 

private VaultResponse createGenericSecrets(Map<String, Object> data) {

		VaultResponse secrets = new VaultResponse();

		secrets.setRenewable(false);
		secrets.setLeaseDuration(100);
		secrets.setData(data);

		return secrets;
	}