SET-559 addtional config validation, minor refactor, address codacy f…

…indings fixes, fix spotlessJava findings and fix unit test failure.
partior-3p · Aug 23, 2024 · c9f6a0f · c9f6a0f
1 parent 96b186d
commit c9f6a0f
Show file tree

Hide file tree

Showing 8 changed files with 304 additions and 130 deletions.
diff --git a/config/src/main/java/com/quorum/tessera/config/HashicorpVaultDbCredentialsConfig.java b/config/src/main/java/com/quorum/tessera/config/HashicorpVaultDbCredentialsConfig.java
@@ -39,21 +39,66 @@ public class HashicorpVaultDbCredentialsConfig extends ConfigItem {
   @XmlJavaTypeAdapter(PathAdapter.class)
   private Path tlsTrustStorePath;
 
-  public HashicorpVaultDbCredentialsConfig(
-      String url,
-      String namespace,
-      String approlePath,
-      String dbSecretEngineName,
-      String vaultDbRole,
-      Path tlsKeyStorePath,
-      Path tlsTrustStorePath) {
-    this.url = url;
-    this.namespace = namespace;
-    this.approlePath = approlePath;
-    this.dbSecretEngineName = dbSecretEngineName;
-    this.vaultDbRole = vaultDbRole;
-    this.tlsKeyStorePath = tlsKeyStorePath;
-    this.tlsTrustStorePath = tlsTrustStorePath;
+  @Valid @XmlElement private String retryDelayInSeconds;
+  @Valid @XmlElement private String maxRetryDelayInSeconds;
+  @Valid @XmlElement private String minDelayBeforeNextRunInSeconds;
+  @Valid @XmlElement private String delayBeforeNextRunFactor;
+  @Valid @XmlElement private String maxDurationBeforeTtlExpireInSeconds;
+
+  public HashicorpVaultDbCredentialsConfig(HashicorpVaultDbCredentialsConfig config) {
+    this.url = config.url;
+    this.namespace = config.namespace;
+    this.approlePath = config.approlePath;
+    this.dbSecretEngineName = config.dbSecretEngineName;
+    this.vaultDbRole = config.vaultDbRole;
+    this.credentialType = config.credentialType;
+    this.tlsKeyStorePath = config.tlsKeyStorePath;
+    this.tlsTrustStorePath = config.tlsTrustStorePath;
+    this.retryDelayInSeconds = config.retryDelayInSeconds;
+    this.maxRetryDelayInSeconds = config.maxRetryDelayInSeconds;
+    this.minDelayBeforeNextRunInSeconds = config.minDelayBeforeNextRunInSeconds;
+    this.delayBeforeNextRunFactor = config.delayBeforeNextRunFactor;
+    this.maxDurationBeforeTtlExpireInSeconds = config.maxDurationBeforeTtlExpireInSeconds;
+  }
+
+  public String getRetryDelayInSeconds() {
+    return retryDelayInSeconds;
+  }
+
+  void setRetryDelayInSeconds(String retryDelayInSeconds) {
+    this.retryDelayInSeconds = retryDelayInSeconds;
+  }
+
+  public String getMaxRetryDelayInSeconds() {
+    return maxRetryDelayInSeconds;
+  }
+
+  void setMaxRetryDelayInSeconds(String maxRetryDelayInSeconds) {
+    this.maxRetryDelayInSeconds = maxRetryDelayInSeconds;
+  }
+
+  public String getMinDelayBeforeNextRunInSeconds() {
+    return minDelayBeforeNextRunInSeconds;
+  }
+
+  void setMinDelayBeforeNextRunInSeconds(String minDelayBeforeNextRunInSeconds) {
+    this.minDelayBeforeNextRunInSeconds = minDelayBeforeNextRunInSeconds;
+  }
+
+  public String getDelayBeforeNextRunFactor() {
+    return delayBeforeNextRunFactor;
+  }
+
+  void setDelayBeforeNextRunFactor(String delayBeforeNextRunFactor) {
+    this.delayBeforeNextRunFactor = delayBeforeNextRunFactor;
+  }
+
+  public String getMaxDurationBeforeTtlExpireInSeconds() {
+    return maxDurationBeforeTtlExpireInSeconds;
+  }
+
+  void setMaxDurationBeforeTtlExpireInSeconds(String maxDurationBeforeTtlExpireInSeconds) {
+    this.maxDurationBeforeTtlExpireInSeconds = maxDurationBeforeTtlExpireInSeconds;
   }
 
   public HashicorpVaultDbCredentialsConfig() {}
@@ -62,15 +107,15 @@ public String getUrl() {
     return this.url;
   }
 
-  public void setUrl(String url) {
+  void setUrl(String url) {
     this.url = url;
   }
 
   public String getNamespace() {
     return namespace;
   }
 
-  public void setNamespace(String namespace) {
+  void setNamespace(String namespace) {
     this.namespace = namespace;
   }
 
@@ -81,31 +126,31 @@ public String getDbSecretEngineName() {
     return dbSecretEngineName;
   }
 
-  public void setDbSecretEngineName(String dbSecretEngineName) {
+  void setDbSecretEngineName(String dbSecretEngineName) {
     this.dbSecretEngineName = dbSecretEngineName;
   }
 
   public String getVaultDbRole() {
     return vaultDbRole;
   }
 
-  public void setVaultDbRole(String vaultDbRole) {
+  void setVaultDbRole(String vaultDbRole) {
     this.vaultDbRole = vaultDbRole;
   }
 
   public Path getTlsKeyStorePath() {
     return tlsKeyStorePath;
   }
 
-  public void setTlsKeyStorePath(Path tlsKeyStorePath) {
+  void setTlsKeyStorePath(Path tlsKeyStorePath) {
     this.tlsKeyStorePath = tlsKeyStorePath;
   }
 
   public Path getTlsTrustStorePath() {
     return tlsTrustStorePath;
   }
 
-  public void setTlsTrustStorePath(Path tlsTrustStorePath) {
+  void setTlsTrustStorePath(Path tlsTrustStorePath) {
     this.tlsTrustStorePath = tlsTrustStorePath;
   }
 
@@ -116,7 +161,7 @@ public String getApprolePath() {
     return approlePath;
   }
 
-  public void setApprolePath(String approlePath) {
+  void setApprolePath(String approlePath) {
     this.approlePath = approlePath;
   }
 
@@ -128,7 +173,7 @@ public String getCredentialType() {
     return credentialType;
   }
 
-  public void setCredentialType(String credentialType) {
+  void setCredentialType(String credentialType) {
     this.credentialType = credentialType;
   }
 
@@ -141,6 +186,12 @@ public DefaultKeyVaultConfig toKeyVaultConfig() {
     config.setProperty("vaultDbRole", this.getVaultDbRole());
     config.setProperty("credentialType", this.getCredentialType());
     config.setProperty("namespace", this.getNamespace());
+    config.setProperty("retryDelayInSeconds", this.getRetryDelayInSeconds());
+    config.setProperty("maxRetryDelayInSeconds", this.getMaxRetryDelayInSeconds());
+    config.setProperty("minDelayBeforeNextRunInSeconds", this.getMinDelayBeforeNextRunInSeconds());
+    config.setProperty("delayBeforeNextRunFactor", this.getDelayBeforeNextRunFactor());
+    config.setProperty(
+        "maxDurationBeforeTtlExpireInSeconds", this.getMaxDurationBeforeTtlExpireInSeconds());
 
     Optional.ofNullable(this.getTlsKeyStorePath())
         .map(Objects::toString)

diff --git a/config/src/main/java/com/quorum/tessera/config/JdbcConfig.java b/config/src/main/java/com/quorum/tessera/config/JdbcConfig.java
@@ -67,10 +67,10 @@ public void setAutoCreateTables(boolean autoCreateTables) {
   }
 
   public HashicorpVaultDbCredentialsConfig getHashicorpVaultDbCredentialsConfig() {
-    return hashicorpVaultDbCredentialsConfig;
+    return new HashicorpVaultDbCredentialsConfig(hashicorpVaultDbCredentialsConfig);
   }
 
-  public void setHashicorpVaultDbCredentialsConfig(
+  void setHashicorpVaultDbCredentialsConfig(
       HashicorpVaultDbCredentialsConfig hashicorpVaultDbCredentialsConfig) {
     this.hashicorpVaultDbCredentialsConfig = hashicorpVaultDbCredentialsConfig;
   }

diff --git a/.../main/java/com/quorum/tessera/key/vault/hashicorp/HashicorpDbCredentialsVaultService.java b/.../main/java/com/quorum/tessera/key/vault/hashicorp/HashicorpDbCredentialsVaultService.java
@@ -4,11 +4,10 @@
 import com.quorum.tessera.config.KeyVaultConfig;
 import com.quorum.tessera.key.vault.DbCredentials;
 import com.quorum.tessera.key.vault.DbCredentialsVaultService;
+import java.util.Map;
 import org.springframework.vault.core.VaultOperations;
 import org.springframework.vault.support.VaultResponse;
 
-import java.util.Map;
-
 public class HashicorpDbCredentialsVaultService implements DbCredentialsVaultService {
 
   private final VaultOperations vaultOperations;
@@ -53,8 +52,8 @@ public HashicorpDbCredentials getDbCredentials() {
           vaultOperations.read(
               String.format("%s/%s/%s", dbSecretEngineName, credentialPath, vaultDbRole));
     } catch (Exception ex) {
-      throw new RuntimeException(
-          "Unexpected error reading db credentials from hashicorp vault", ex);
+      throw new ConfigException(
+          new RuntimeException("Unexpected error reading db credentials from hashicorp vault", ex));
     }
 
     if (response != null) {

diff --git a/...ava/com/quorum/tessera/key/vault/hashicorp/HashicorpDbCredentialsVaultServiceFactory.java b/...ava/com/quorum/tessera/key/vault/hashicorp/HashicorpDbCredentialsVaultServiceFactory.java
@@ -1,15 +1,16 @@
 package com.quorum.tessera.key.vault.hashicorp;
 
 import com.quorum.tessera.config.Config;
+import com.quorum.tessera.config.ConfigException;
 import com.quorum.tessera.config.KeyVaultConfig;
 import com.quorum.tessera.config.KeyVaultType;
 import com.quorum.tessera.config.util.EnvironmentVariableProvider;
 import com.quorum.tessera.key.vault.DbCredentialsVaultServiceFactory;
-
 import java.util.List;
 import java.util.Objects;
 
-public class HashicorpDbCredentialsVaultServiceFactory extends HashicorpVaultServiceFactory implements DbCredentialsVaultServiceFactory {
+public class HashicorpDbCredentialsVaultServiceFactory extends HashicorpVaultServiceFactory
+    implements DbCredentialsVaultServiceFactory {
 
   public HashicorpDbCredentialsVaultService create(
       Config config, EnvironmentVariableProvider envProvider) {
@@ -26,28 +27,36 @@ HashicorpDbCredentialsVaultService create(
       EnvironmentVariableProvider envProvider,
       HashicorpKeyVaultServiceFactoryUtil util) {
 
-    return super.create(config, envProvider, util,
-      (appConfig)->{
-        var keyVaultConfig = appConfig.getJdbcConfig()
-          .getHashicorpVaultDbCredentialsConfig()
-          .toKeyVaultConfig();
-        validateRequiredConfigurationPropertiesArePresent(keyVaultConfig);
-        return keyVaultConfig;
-      },
-      HashicorpDbCredentialsVaultService::new
-    );
+    return super.create(
+        config,
+        envProvider,
+        util,
+        this::getKeyVaultConfig,
+        HashicorpDbCredentialsVaultService::new);
+  }
+
+  private KeyVaultConfig getKeyVaultConfig(Config config) {
+    var keyVaultConfig =
+        config.getJdbcConfig().getHashicorpVaultDbCredentialsConfig().toKeyVaultConfig();
+    validateRequiredConfigurationPropertiesArePresent(keyVaultConfig);
+    return keyVaultConfig;
   }
 
-  void validateRequiredConfigurationPropertiesArePresent(KeyVaultConfig keyVaultConfig){
-    var requiredProperties = List.of("url","dbSecretEngineName","vaultDbRole","approlePath");
-    var missingProperties = requiredProperties.stream().filter(
-      propName->
-        !keyVaultConfig.hasProperty(propName) || keyVaultConfig.getProperty(propName).isEmpty()
-    ).toList();
-    if (!missingProperties.isEmpty()){
-      throw new HashicorpVaultException(
-        String.format("[%s] missing in the configuration. This/these properties should be defined in configuration section: jdbc.hashicorpVaultDbCredentialsConfig", String.join(", ", missingProperties))
-      );
+  void validateRequiredConfigurationPropertiesArePresent(KeyVaultConfig keyVaultConfig) {
+    var requiredProperties = List.of("url", "dbSecretEngineName", "vaultDbRole", "approlePath");
+    var missingProperties =
+        requiredProperties.stream()
+            .filter(
+                propName ->
+                    !keyVaultConfig.hasProperty(propName)
+                        || keyVaultConfig.getProperty(propName).isEmpty())
+            .toList();
+    if (!missingProperties.isEmpty()) {
+      throw new ConfigException(
+          new RuntimeException(
+              String.format(
+                  "[%s] missing in the configuration. This/these properties should be defined in configuration section: jdbc.hashicorpVaultDbCredentialsConfig",
+                  String.join(", ", missingProperties))));
     }
   }
 

diff --git a/...src/main/java/com/quorum/tessera/key/vault/hashicorp/HashicorpKeyVaultServiceFactory.java b/...src/main/java/com/quorum/tessera/key/vault/hashicorp/HashicorpKeyVaultServiceFactory.java
@@ -4,11 +4,12 @@
 import com.quorum.tessera.config.util.EnvironmentVariableProvider;
 import com.quorum.tessera.key.vault.KeyVaultService;
 import com.quorum.tessera.key.vault.KeyVaultServiceFactory;
-
 import java.util.Objects;
 import java.util.Optional;
+import org.springframework.vault.core.VaultOperations;
 
-public class HashicorpKeyVaultServiceFactory extends HashicorpVaultServiceFactory implements KeyVaultServiceFactory {
+public class HashicorpKeyVaultServiceFactory extends HashicorpVaultServiceFactory
+    implements KeyVaultServiceFactory {
 
   @Override
   public KeyVaultService create(Config config, EnvironmentVariableProvider envProvider) {
@@ -28,22 +29,24 @@ KeyVaultService create(
       EnvironmentVariableProvider envProvider,
       HashicorpKeyVaultServiceFactoryUtil util) {
 
-    return super.create(config, envProvider, util,
-      (appConfig)->{
-        return
-          Optional.ofNullable(appConfig.getKeys())
-            .flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP))
-            .orElseThrow(
-              () ->
+    return super.create(
+        config, envProvider, util, this::getKeyVaultConfig, this::getKeyVaultService);
+  }
+
+  private HashicorpKeyVaultService getKeyVaultService(
+      VaultOperations vaultOperations, KeyVaultConfig keyVaultConfig) {
+    return new HashicorpKeyVaultService(
+        vaultOperations, () -> new VaultVersionedKeyValueTemplateFactory() {});
+  }
+
+  private KeyVaultConfig getKeyVaultConfig(Config config) {
+    return Optional.ofNullable(config.getKeys())
+        .flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP))
+        .orElseThrow(
+            () ->
                 new ConfigException(
-                  new RuntimeException(
-                    "Trying to create Hashicorp Vault connection but no Vault configuration provided")));
-      },
-      (vaultOperations, keyVaultConfig) -> {
-        return new HashicorpKeyVaultService(
-          vaultOperations, () -> new VaultVersionedKeyValueTemplateFactory() {});
-      }
-      );
+                    new RuntimeException(
+                        "Trying to create Hashicorp Vault connection but no Vault configuration provided")));
   }
 
   @Override