Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to use a different token than the one defined in the config #106

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Possibility to use a different token than the one defined in the config #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 20 additions & 4 deletions src/main/java/com/bettercloud/vault/api/Auth.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,10 @@ public AuthResponse createToken(final TokenRequest tokenRequest) throws VaultExc
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public AuthResponse createToken(final TokenRequest tokenRequest, final String tokenAuthMount) throws VaultException {
return createToken(tokenRequest, tokenAuthMount, tokenAuthMount, config.getToken());
}

public AuthResponse createToken(final TokenRequest tokenRequest, final String tokenAuthMount, final String token) throws VaultException {
int retryCount = 0;

final String mount = tokenAuthMount != null ? tokenAuthMount : "token";
Expand Down Expand Up @@ -213,7 +217,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
// HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(url)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.body(requestJson.getBytes("UTF-8"))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1037,6 +1041,10 @@ public AuthResponse renewSelf(final long increment) throws VaultException {
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public AuthResponse renewSelf(final long increment, final String tokenAuthMount) throws VaultException {
return renewSelf(increment, tokenAuthMount, config.getToken());
}

public AuthResponse renewSelf(final long increment, final String tokenAuthMount, final String token) throws VaultException {
int retryCount = 0;

final String mount = tokenAuthMount != null ? tokenAuthMount : "token";
Expand All @@ -1046,7 +1054,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
final String requestJson = Json.object().add("increment", increment).toString();
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/renew-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.body(increment < 0 ? null : requestJson.getBytes("UTF-8"))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1100,14 +1108,18 @@ public LookupResponse lookupSelf() throws VaultException {
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultException {
return lookupSelf(tokenAuthMount, config.getToken())
}

public LookupResponse lookupSelf(final String tokenAuthMount, final String token) throws VaultException {
int retryCount = 0;
final String mount = tokenAuthMount != null ? tokenAuthMount : "token";
while (true) {
try {
// HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1158,14 +1170,18 @@ public void revokeSelf() throws VaultException {
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public void revokeSelf(final String tokenAuthMount) throws VaultException {
revokeSelf(tokenAuthMount, config.getToken());
}

public void revokeSelf(final String tokenAuthMount, final String token) throws VaultException {
int retryCount = 0;
final String mount = tokenAuthMount != null ? tokenAuthMount : "token";
while (true) {
try {
// HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
14 changes: 12 additions & 2 deletions src/main/java/com/bettercloud/vault/api/Debug.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,16 @@ public HealthResponse health(
final Integer activeCode,
final Integer standbyCode,
final Integer sealedCode
) throws VaultException {
return health(standbyOk, activeCode, standbyCode, sealedCode, config.getToken());
}

public HealthResponse health(
final Boolean standbyOk,
final Integer activeCode,
final Integer standbyCode,
final Integer sealedCode,
final String token
) throws VaultException {
final String path = "sys/health";
int retryCount = 0;
Expand All @@ -85,8 +95,8 @@ public HealthResponse health(
.sslVerification(config.getSslConfig().isVerify())
.sslContext(config.getSslConfig().getSslContext());
// Add token if present
if (config.getToken() != null) {
rest.header("X-Vault-Token", config.getToken());
if (token != null) {
rest.header("X-Vault-Token", token);
}
// Add params if present
if (standbyOk != null) rest.parameter("standbyok", standbyOk.toString());
Expand Down
24 changes: 20 additions & 4 deletions src/main/java/com/bettercloud/vault/api/Leases.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,16 @@ public Leases(final VaultConfig config) {
* @throws VaultException If an error occurs, or unexpected reponse received from Vault
*/
public VaultResponse revoke(final String leaseId) throws VaultException {
return revoke(leaseId, config.getToken());
}

public VaultResponse revoke(final String leaseId, final String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/revoke/" + leaseId)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -92,12 +96,16 @@ public VaultResponse revoke(final String leaseId) throws VaultException {
* @throws VaultException If an error occurs, or unexpected reponse received from Vault
*/
public VaultResponse revokePrefix(final String prefix) throws VaultException {
return revokePrefix(prefix, config.getToken());
}

public VaultResponse revokePrefix(final String prefix, final String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/revoke-prefix/" + prefix)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -149,12 +157,16 @@ public VaultResponse revokePrefix(final String prefix) throws VaultException {
* @throws VaultException If an error occurs, or unexpected reponse received from Vault
*/
public VaultResponse revokeForce(final String prefix) throws VaultException {
return revokeForce(prefix, config.getToken());
}

public VaultResponse revokeForce(final String prefix, final String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/revoke-force/" + prefix)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -202,6 +214,10 @@ public VaultResponse revokeForce(final String prefix) throws VaultException {
* @throws VaultException The response information returned from Vault
*/
public VaultResponse renew(final String leaseId, final long increment) throws VaultException {
return renew(leaseId, increment, config.getToken());
}

public VaultResponse renew(final String leaseId, final long increment, final String token) throws VaultException {

// TODO: Update the integration test suite to provide coverate for this
// The "generic" backend does not support support lease renewal. The only other backend
Expand All @@ -216,7 +232,7 @@ public VaultResponse renew(final String leaseId, final long increment) throws Va
final String requestJson = Json.object().add("increment", increment).toString();
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/renew/" + leaseId)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.body(increment < 0 ? null : requestJson.getBytes("UTF-8"))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down
93 changes: 87 additions & 6 deletions src/main/java/com/bettercloud/vault/api/Logical.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import com.bettercloud.vault.rest.Rest;
import com.bettercloud.vault.rest.RestException;
import com.bettercloud.vault.rest.RestResponse;
import java.nio.charset.StandardCharsets;

/**
* <p>The implementing class for Vault's core/logical operations (e.g. read, write).</p>
Expand Down Expand Up @@ -47,17 +48,17 @@ public Logical(final VaultConfig config) {
* @throws VaultException If any errors occurs with the REST request (e.g. non-200 status code, invalid JSON payload, etc), and the maximum number of retries is exceeded.
*/
public LogicalResponse read(final String path) throws VaultException {
return read(path, true);
return read(path, config.getToken());
}

public LogicalResponse read(final String path, boolean shouldRetry) throws VaultException {
public LogicalResponse read(final String path, String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
// Make an HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/" + path)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -118,6 +119,10 @@ public LogicalResponse read(final String path, boolean shouldRetry) throws Vault
* @throws VaultException If any errors occurs with the REST request, and the maximum number of retries is exceeded.
*/
public LogicalResponse write(final String path, final Map<String, Object> nameValuePairs) throws VaultException {
return write(path, nameValuePairs, config.getToken());
}

public LogicalResponse write(final String path, final Map<String, Object> nameValuePairs, String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
Expand Down Expand Up @@ -146,7 +151,7 @@ public LogicalResponse write(final String path, final Map<String, Object> nameVa
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/" + path)
.body(requestJson.toString().getBytes("UTF-8"))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -195,10 +200,14 @@ public LogicalResponse write(final String path, final Map<String, Object> nameVa
* @throws VaultException If any errors occur, or unexpected response received from Vault
*/
public List<String> list(final String path) throws VaultException {
return list(path, config.getToken());
}

public List<String> list(final String path, String token) throws VaultException {
final String fullPath = path == null ? "list=true" : path + "?list=true";
LogicalResponse response = null;
try {
response = read(fullPath);
response = read(fullPath, token);
} catch (final VaultException e) {
if (e.getHttpStatusCode() != 404) {
throw e;
Expand Down Expand Up @@ -232,13 +241,17 @@ public List<String> list(final String path) throws VaultException {
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public LogicalResponse delete(final String path) throws VaultException {
return delete(path, config.getToken());
}

public LogicalResponse delete(final String path, String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
// Make an HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/" + path)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -270,4 +283,72 @@ public LogicalResponse delete(final String path) throws VaultException {
}
}
}

public List<String> getCapabilitiesSelf(final String path) throws VaultException {
return getCapabilitiesSelf(path, config.getToken());
}

public List<String> getCapabilitiesSelf(final String path, String token) throws VaultException {
final List<String> returnValues = new ArrayList<>();
LogicalResponse response = null;
try {
int retryCount = 0;
while (true) {
try {
final String payload = String.format("{\"path\":\"%s\"}", path);
// Make an HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/capabilities-self")
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
.sslContext(config.getSslConfig().getSslContext())
.body(payload.getBytes(StandardCharsets.UTF_8))
.post();

// Validate response
if (restResponse.getStatus() != 200) {
throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus()
+ "\nResponse body: " + new String(restResponse.getBody(), "UTF-8"), restResponse.getStatus());
}

response = new LogicalResponse(restResponse, retryCount);
if (response != null
&& response.getRestResponse().getStatus() != 404
&& response.getData() != null
&& response.getData().get("capabilities") != null) {

final JsonArray keys = Json.parse(response.getData().get("capabilities")).asArray();
for (int index = 0; index < keys.size(); index++) {
returnValues.add(keys.get(index).asString());
}
}
return returnValues;
} catch (RuntimeException | VaultException | RestException | UnsupportedEncodingException e) {
// If there are retries to perform, then pause for the configured interval and then execute the loop again...
if (retryCount < config.getMaxRetries()) {
retryCount++;
try {
final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
Thread.sleep(retryIntervalMilliseconds);
} catch (InterruptedException e1) {
e1.printStackTrace();
}
} else if (e instanceof VaultException) {
// ... otherwise, give up.
throw (VaultException) e;
} else {
throw new VaultException(e);
}
}
}

} catch (final VaultException e) {
if (e.getHttpStatusCode() != 404) {
throw e;
}
}
return returnValues;
}
}
6 changes: 5 additions & 1 deletion src/main/java/com/bettercloud/vault/api/Seal.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,17 @@ public Seal(final VaultConfig config) {
* @throws VaultException If any error occurs, or unexpected response received from Vault
*/
public void seal() throws VaultException {
seal(config.getToken());
}

public void seal(final String token) throws VaultException {
int retryCount = 0;
while (true) {
try {
// HTTP request to Vault
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/seal")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Token", token)
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
Loading