org.springframework.vault.client.VaultClients Java Examples

The following examples show how to use org.springframework.vault.client.VaultClients. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PcfAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #2
Source File: AppRoleAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #3
Source File: AwsIamAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #4
Source File: SpringVaultClientConfiguration.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
private RestOperations applyNamespaceInterceptor(RestTemplate restTemplate) {
	if (vaultProperties.getNamespace() != null) {
		restTemplate.getInterceptors().add(VaultClients
				.createNamespaceInterceptor(vaultProperties.getNamespace()));
	}

	return restTemplate;
}
 
Example #5
Source File: KubernetesHashicorpVaultClientAuthenticationProvider.java    From knox with Apache License 2.0 5 votes vote down vote up
private RestOperations getRestOperations(Map<String, String> properties) throws Exception {
  String vaultAddress = properties.get(HashicorpVaultAliasService.VAULT_ADDRESS_KEY);
  VaultEndpoint vaultEndpoint = VaultEndpoint.from(new URI(vaultAddress));
  VaultEndpointProvider vaultEndpointProvider = SimpleVaultEndpointProvider.of(vaultEndpoint);
  ClientOptions clientOptions = new ClientOptions();
  SslConfiguration sslConfiguration = SslConfiguration.unconfigured();
  ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(
      clientOptions, sslConfiguration);
  return VaultClients.createRestTemplate(vaultEndpointProvider, clientHttpRequestFactory);
}
 
Example #6
Source File: KubernetesAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #7
Source File: AppIdAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());
	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #8
Source File: AwsEc2AuthenticationUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #9
Source File: ClientCertificateAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #10
Source File: AzureMsiAuthenticationUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #11
Source File: ClientCertificateAuthenticationStepsIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@Test
void authenticationStepsLoginShouldFail() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			Settings.createSslConfiguration());
	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);

	assertThatExceptionOfType(NestedRuntimeException.class).isThrownBy(
			() -> new AuthenticationStepsExecutor(ClientCertificateAuthentication.createAuthenticationSteps(),
					restTemplate).login());
}
 
Example #12
Source File: AuthenticationStepsExecutorUnitTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void before() {

	RestTemplate restTemplate = VaultClients.createRestTemplate();
	restTemplate.setUriTemplateHandler(new PrefixAwareUriTemplateHandler());

	this.mockRest = MockRestServiceServer.createServer(restTemplate);
	this.restTemplate = restTemplate;
}
 
Example #13
Source File: ClientCertificateAuthenticationIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@Test
void loginShouldFail() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			Settings.createSslConfiguration());
	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);

	assertThatExceptionOfType(NestedRuntimeException.class)
			.isThrownBy(() -> new ClientCertificateAuthentication(restTemplate).login());
}
 
Example #14
Source File: ClientCertificateAuthenticationIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@Test
void shouldSelectInvalidKey() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration.of("changeit".toCharArray(), "2")));

	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);
	ClientCertificateAuthentication authentication = new ClientCertificateAuthentication(restTemplate);

	assertThatExceptionOfType(NestedRuntimeException.class).isThrownBy(authentication::login);
}
 
Example #15
Source File: ClientCertificateAuthenticationIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@Test
void shouldSelectKey() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration.of("changeit".toCharArray(), "1")));

	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);
	ClientCertificateAuthentication authentication = new ClientCertificateAuthentication(restTemplate);
	VaultToken login = authentication.login();

	assertThat(login.getToken()).isNotEmpty();
}
 
Example #16
Source File: ClientCertificateAuthenticationIntegrationTests.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
@Test
void shouldLoginSuccessfully() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			prepareCertAuthenticationMethod());

	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);
	ClientCertificateAuthentication authentication = new ClientCertificateAuthentication(restTemplate);
	VaultToken login = authentication.login();

	assertThat(login.getToken()).isNotEmpty();
}
 
Example #17
Source File: ClientCertificateAuthenticationStepsIntegrationTests.java    From spring-vault with Apache License 2.0 4 votes vote down vote up
@Test
void authenticationStepsShouldLoginSuccessfully() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			prepareCertAuthenticationMethod());

	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);

	AuthenticationStepsExecutor executor = new AuthenticationStepsExecutor(
			ClientCertificateAuthentication.createAuthenticationSteps(), restTemplate);

	VaultToken login = executor.login();

	assertThat(login.getToken()).isNotEmpty();
}
 
Example #18
Source File: ClientCertificateNamespaceIntegrationTests.java    From spring-vault with Apache License 2.0 4 votes vote down vote up
@BeforeEach
void before() {

	Assumptions.assumeTrue(prepare().getVersion().isEnterprise(), "Namespaces require enterprise version");

	List<String> namespaces = new ArrayList<>(Arrays.asList("dev/", "marketing/"));
	List<String> list = prepare().getVaultOperations().list("sys/namespaces");
	namespaces.removeAll(list);

	for (String namespace : namespaces) {
		prepare().getVaultOperations().write("sys/namespaces/" + namespace.replaceAll("/", ""));
	}

	RestTemplateBuilder devRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(
					ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT).customizers(restTemplate -> restTemplate
					.getInterceptors().add(VaultClients.createNamespaceInterceptor("dev")));

	VaultTemplate dev = new VaultTemplate(devRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(dev, "dev-secrets");
	dev.opsForSys().createOrUpdatePolicy("relaxed", POLICY);

	if (!dev.opsForSys().getAuthMounts().containsKey("cert/")) {
		dev.opsForSys().authMount("cert", VaultMount.create("cert"));
	}

	dev.doWithSession((RestOperationsCallback<Object>) restOperations -> {

		File workDir = findWorkDir();

		String certificate = Files.contentOf(new File(workDir, "ca/certs/client.cert.pem"),
				StandardCharsets.US_ASCII);

		Map<String, String> role = new LinkedHashMap<>();
		role.put("token_policies", "relaxed");
		role.put("policies", "relaxed");
		role.put("certificate", certificate);

		return restOperations.postForEntity("auth/cert/certs/relaxed", role, Map.class);
	});
}
 
Example #19
Source File: VaultNamespaceSecretIntegrationTests.java    From spring-vault with Apache License 2.0 4 votes vote down vote up
@BeforeEach
void before() {

	Assumptions.assumeTrue(prepare().getVersion().isEnterprise(), "Namespaces require enterprise version");

	List<String> namespaces = new ArrayList<>(Arrays.asList("dev/", "marketing/"));
	List<String> list = prepare().getVaultOperations().list("sys/namespaces");
	namespaces.removeAll(list);

	for (String namespace : namespaces) {
		prepare().getVaultOperations().write("sys/namespaces/" + namespace.replaceAll("/", ""));
	}

	this.devRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(
					ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT).customizers(restTemplate -> restTemplate
					.getInterceptors().add(VaultClients.createNamespaceInterceptor("dev")));

	this.maketingRestTemplate = RestTemplateBuilder.builder()
			.requestFactory(
					ClientHttpRequestFactoryFactory.create(new ClientOptions(), Settings.createSslConfiguration()))
			.endpoint(TestRestTemplateFactory.TEST_VAULT_ENDPOINT)
			.defaultHeader(VaultHttpHeaders.VAULT_NAMESPACE, "marketing");

	VaultTemplate dev = new VaultTemplate(this.devRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(dev, "dev-secrets");
	dev.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
	this.devToken = dev.opsForToken().create(VaultTokenRequest.builder().withPolicy("relaxed").build()).getToken()
			.getToken();

	VaultTemplate marketing = new VaultTemplate(this.maketingRestTemplate,
			new SimpleSessionManager(new TokenAuthentication(Settings.token())));

	mountKv(marketing, "marketing-secrets");
	marketing.opsForSys().createOrUpdatePolicy("relaxed", POLICY);
	this.marketingToken = marketing.opsForToken().create(VaultTokenRequest.builder().withPolicy("relaxed").build())
			.getToken().getToken();
}
 
Example #20
Source File: HashicorpKeyVaultServiceFactoryUtil.java    From tessera with Apache License 2.0 3 votes vote down vote up
ClientAuthentication configureClientAuthentication(KeyVaultConfig keyVaultConfig, EnvironmentVariableProvider envProvider, ClientHttpRequestFactory clientHttpRequestFactory, VaultEndpoint vaultEndpoint) {

        final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
        final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
        final String authToken = envProvider.getEnv(HASHICORP_TOKEN);

        if(roleId != null && secretId != null) {

            AppRoleAuthenticationOptions appRoleAuthenticationOptions = AppRoleAuthenticationOptions.builder()
                .path(keyVaultConfig.getProperty("approlePath").get())
                .roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
                .secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
                .build();

            RestOperations restOperations = VaultClients.createRestTemplate(vaultEndpoint, clientHttpRequestFactory);

            return new AppRoleAuthentication(appRoleAuthenticationOptions, restOperations);

        } else if (Objects.isNull(roleId) != Objects.isNull(secretId)) {

            throw new HashicorpCredentialNotSetException("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");

        } else if (authToken == null){

            throw new HashicorpCredentialNotSetException("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method.  Alternatively set " + HASHICORP_TOKEN + " to authenticate using the Token method");
        }

        return new TokenAuthentication(authToken);
    }
 
Example #21
Source File: TestRestTemplateFactory.java    From spring-vault with Apache License 2.0 1 votes vote down vote up
/**
 * Create a new {@link RestTemplate} using the {@link ClientHttpRequestFactory}. The
 * {@link RestTemplate} will throw
 * {@link org.springframework.web.client.HttpStatusCodeException exceptions} in error
 * cases and behave in that aspect like the regular
 * {@link org.springframework.web.client.RestTemplate}.
 * @param requestFactory must not be {@literal null}.
 * @return
 */
private static RestTemplate create(ClientHttpRequestFactory requestFactory) {

	Assert.notNull(requestFactory, "ClientHttpRequestFactory must not be null!");

	return VaultClients.createRestTemplate(TEST_VAULT_ENDPOINT, requestFactory);
}
 
Example #22
Source File: TestRestTemplateFactory.java    From spring-cloud-vault with Apache License 2.0 1 votes vote down vote up
/**
 * Create a new {@link RestTemplate} using the {@link ClientHttpRequestFactory}. The
 * {@link RestTemplate} will throw
 * {@link org.springframework.web.client.HttpStatusCodeException exceptions} in error
 * cases and behave in that aspect like the regular {@link RestTemplate}.
 * @param requestFactory must not be {@literal null}.
 * @return
 */
public static RestTemplate create(ClientHttpRequestFactory requestFactory) {

	Assert.notNull(requestFactory, "ClientHttpRequestFactory must not be null!");

	return VaultClients.createRestTemplate(TEST_VAULT_ENDPOINT, requestFactory);
}