org.springframework.vault.authentication.AppRoleAuthenticationOptions.SecretId Java Examples
The following examples show how to use
org.springframework.vault.authentication.AppRoleAuthenticationOptions.SecretId.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 6 votes |
|
@Test
void shouldAuthenticatePushModeWithProvidedSecretId() {
String roleId = getRoleId("with-secret-id");
String secretId = "hello_world";
VaultResponse customSecretIdResponse = getVaultOperations().write(
"auth/approle/role/with-secret-id/custom-secret-id", Collections.singletonMap("secret_id", secretId));
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().roleId(RoleId.provided(roleId))
.secretId(SecretId.provided(secretId)).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThat(authentication.login()).isNotNull();
getVaultOperations().write("auth/approle/role/with-secret-id/secret-id-accessor/destroy",
customSecretIdResponse.getRequiredData());
}
Example #2
| Source File: AppRoleAuthentication.java From spring-vault with Apache License 2.0 | 6 votes |
|
private static Node<String> getSecretIdSteps(AppRoleAuthenticationOptions options, SecretId secretId) {
if (secretId instanceof Provided) {
return AuthenticationSteps.fromSupplier(((Provided) secretId)::getValue);
}
if (secretId instanceof Pull) {
HttpHeaders headers = createHttpHeaders(((Pull) secretId).getInitialToken());
return AuthenticationSteps
.fromHttpRequest(post(getSecretIdPath(options)).with(headers).as(VaultResponse.class))
.map(vaultResponse -> (String) vaultResponse.getRequiredData().get("secret_id"));
}
if (secretId instanceof Wrapped) {
return unwrapResponse(options.getUnwrappingEndpoints(), ((Wrapped) secretId).getInitialToken())
.map(vaultResponse -> (String) vaultResponse.getRequiredData().get("secret_id"));
}
throw new IllegalArgumentException("Unknown SecretId configuration: " + secretId);
}
Example #3
| Source File: ClientAuthenticationFactory.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
private static SecretId getSecretId(VaultProperties vaultProperties,
AppRoleProperties appRole) {
if (StringUtils.hasText(appRole.getSecretId())) {
return SecretId.provided(appRole.getSecretId());
}
if (StringUtils.hasText(vaultProperties.getToken())
&& StringUtils.hasText(appRole.getRole())) {
return SecretId.pull(VaultToken.of(vaultProperties.getToken()));
}
if (StringUtils.hasText(vaultProperties.getToken())) {
return SecretId.wrapped(VaultToken.of(vaultProperties.getToken()));
}
return SecretId.absent();
}
Example #4
| Source File: EnvironmentVaultConfiguration.java From spring-vault with Apache License 2.0 | 6 votes |
|
protected ClientAuthentication appRoleAuthentication() {
String roleId = getProperty("vault.app-role.role-id");
String secretId = getProperty("vault.app-role.secret-id");
String path = getProperty("vault.app-role.app-role-path",
AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH);
Assert.hasText(roleId, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");
AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
.roleId(RoleId.provided(roleId)).path(path);
if (StringUtils.hasText(secretId)) {
builder = builder.secretId(SecretId.provided(secretId));
}
return new AppRoleAuthentication(builder.build(), restOperations());
}
Example #5
| Source File: AppRoleAuthenticationUnitTests.java From spring-vault with Apache License 2.0 | 6 votes |
|
@Test
void loginShouldObtainToken() {
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().roleId(RoleId.provided("hello")) //
.secretId(SecretId.provided("world")) //
.build();
this.mockRest.expect(requestTo("/auth/approle/login")).andExpect(method(HttpMethod.POST))
.andExpect(jsonPath("$.role_id").value("hello")).andExpect(jsonPath("$.secret_id").value("world"))
.andRespond(withSuccess().contentType(MediaType.APPLICATION_JSON)
.body("{" + "\"auth\":{\"client_token\":\"my-token\"}" + "}"));
AppRoleAuthentication sut = new AppRoleAuthentication(options, this.restTemplate);
VaultToken login = sut.login();
assertThat(login).isInstanceOf(LoginToken.class);
assertThat(login.getToken()).isEqualTo("my-token");
}
Example #6
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
@Test
public void appRoleWithFullPull() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId())
.isInstanceOf(RoleId.pull(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #7
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 6 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdPull() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #8
| Source File: AppRoleAuthenticationStepsIntegrationTests.java From spring-vault with Apache License 2.0 | 6 votes |
|
@Test
void authenticationStepsShouldAuthenticateWithWrappedRoleId() {
String secretId = (String) getVaultOperations()
.write(String.format("auth/approle/role/%s/secret-id", "with-secret-id"), null).getRequiredData()
.get("secret_id");
VaultToken roleIdToken = generateWrappedRoleIdResponse();
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.secretId(SecretId.provided(secretId)).roleId(RoleId.wrapped(roleIdToken))
.unwrappingEndpoints(getUnwrappingEndpoints()).build();
AuthenticationStepsExecutor executor = new AuthenticationStepsExecutor(
AppRoleAuthentication.createAuthenticationSteps(options), prepare().getRestTemplate());
assertThat(executor.login()).isNotNull();
}
Example #9
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdPull() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #10
| Source File: AppRoleAuthenticationStepsIntegrationTests.java From spring-vault with Apache License 2.0 | 6 votes |
|
@Test
void authenticationStepsShouldAuthenticateWithPullRoleId() {
String secretId = (String) getVaultOperations()
.write(String.format("auth/approle/role/%s/secret-id", "with-secret-id"), null).getRequiredData()
.get("secret_id");
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.secretId(SecretId.provided(secretId)).appRole("with-secret-id").roleId(RoleId.pull(Settings.token()))
.build();
AuthenticationStepsExecutor executor = new AuthenticationStepsExecutor(
AppRoleAuthentication.createAuthenticationSteps(options), prepare().getRestTemplate());
assertThat(executor.login()).isNotNull();
}
Example #11
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
@Test
public void shouldSupportAppRoleFullPull() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setRole("my-role");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getAppRole()).isEqualTo("my-role");
assertThat(options.getRoleId())
.isInstanceOf(RoleId.pull(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.pull(VaultToken.of("token")).getClass());
}
Example #12
| Source File: AppRoleAuthenticationStepsIntegrationTests.java From spring-vault with Apache License 2.0 | 6 votes |
|
@Test
void authenticationStepsShouldAuthenticatePushModeWithProvidedSecretId() {
String roleId = getRoleId("with-secret-id");
String secretId = "hello_world_two";
VaultResponse customSecretIdResponse = getVaultOperations().write(
"auth/approle/role/with-secret-id/custom-secret-id", Collections.singletonMap("secret_id", secretId));
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().roleId(RoleId.provided(roleId))
.secretId(SecretId.provided(secretId)).build();
AuthenticationStepsExecutor executor = new AuthenticationStepsExecutor(
AppRoleAuthentication.createAuthenticationSteps(options), prepare().getRestTemplate());
assertThat(executor.login()).isNotNull();
getVaultOperations().write("auth/approle/role/with-secret-id/secret-id-accessor/destroy",
customSecretIdResponse.getRequiredData());
}
Example #13
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdProvided() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #14
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdProvided() {
VaultProperties properties = new VaultProperties();
properties.getAppRole().setRoleId("foo");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #15
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdAbsent() {
VaultProperties properties = new VaultProperties();
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId()).isInstanceOf(SecretId.absent().getClass());
}
Example #16
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleFullWrapped() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #17
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdWrappedSecretIdProvided() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #18
| Source File: ClientAuthenticationFactoryUnitTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSupportAppRoleRoleIdProvidedSecretIdWrapped() {
VaultProperties properties = new VaultProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = ClientAuthenticationFactory
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #19
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticateWithWrappedRoleIdAndSecretId() {
VaultToken secretIdToken = generateWrappedSecretIdResponse();
VaultToken roleIdToken = generateWrappedRoleIdResponse();
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.secretId(SecretId.wrapped(secretIdToken)).roleId(RoleId.wrapped(roleIdToken))
.unwrappingEndpoints(getUnwrappingEndpoints()).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThat(authentication.login()).isNotNull();
}
Example #20
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdAbsent() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId()).isInstanceOf(SecretId.absent().getClass());
}
Example #21
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleFullWrapped() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #22
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdWrappedSecretIdProvided() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setSecretId("bar");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId())
.isInstanceOf(RoleId.wrapped(VaultToken.of("token")).getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.provided("bar").getClass());
}
Example #23
| Source File: AppRoleClientAuthenticationProviderTests.java From spring-cloud-config with Apache License 2.0 | 5 votes |
|
@Test
public void appRoleRoleIdProvidedSecretIdWrapped() {
VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
properties.setToken("token");
properties.getAppRole().setRoleId("foo");
AppRoleAuthenticationOptions options = AppRoleClientAuthenticationProvider
.getAppRoleAuthenticationOptions(properties);
assertThat(options.getRoleId()).isInstanceOf(RoleId.provided("foo").getClass());
assertThat(options.getSecretId())
.isInstanceOf(SecretId.wrapped(VaultToken.of("token")).getClass());
}
Example #24
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticatePullModeFailsWithWrongSecretId() {
String roleId = getRoleId("with-secret-id");
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().roleId(RoleId.provided(roleId))
.secretId(SecretId.provided("this-is-a-wrong-secret-id")).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThatExceptionOfType(VaultException.class).isThrownBy(authentication::login);
}
Example #25
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticateWithWrappedSecretIdFailIfUnwrappingTokenExpired() {
String roleId = getRoleId("no-secret-id");
String unwrappingToken = "incorrect-unwrapping-token";
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.secretId(SecretId.wrapped(VaultToken.of(unwrappingToken))).roleId(RoleId.provided(roleId))
.unwrappingEndpoints(getUnwrappingEndpoints()).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThatExceptionOfType(VaultException.class).isThrownBy(authentication::login);
}
Example #26
| Source File: AppRoleAuthentication.java From spring-vault with Apache License 2.0 | 5 votes |
|
private static Node<Map<String, String>> getAuthenticationSteps(AppRoleAuthenticationOptions options, RoleId roleId,
SecretId secretId) {
Node<String> roleIdSteps = getRoleIdSteps(options, roleId);
Node<String> secretIdSteps = getSecretIdSteps(options, secretId);
return roleIdSteps.zipWith(secretIdSteps).map(it -> getAppRoleLoginBody(it.getLeft(), it.getRight()));
}
Example #27
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticateWithWrappedSecretId() {
String roleId = getRoleId("with-secret-id");
VaultToken unwrappingToken = generateWrappedSecretIdResponse();
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.secretId(SecretId.wrapped(unwrappingToken)).roleId(RoleId.provided(roleId))
.unwrappingEndpoints(getUnwrappingEndpoints()).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThat(authentication.login()).isNotNull();
}
Example #28
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticatePullModeWithGeneratedSecretId() {
String roleId = getRoleId("with-secret-id");
String secretId = (String) getVaultOperations()
.write(String.format("auth/approle/role/%s/secret-id", "with-secret-id"), null).getRequiredData()
.get("secret_id");
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().roleId(RoleId.provided(roleId))
.secretId(SecretId.provided(secretId)).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThat(authentication.login()).isNotNull();
}
Example #29
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticateWithPullMode() {
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.roleId(RoleId.provided(getRoleId("with-secret-id"))).appRole("with-secret-id")
.secretId(SecretId.pull(Settings.token())).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThat(authentication.login()).isNotNull();
}
Example #30
| Source File: AppRoleAuthenticationIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@Test
void shouldAuthenticateWithFullPullMode() {
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder().appRole("with-secret-id")
.roleId(RoleId.pull(Settings.token())).secretId(SecretId.pull(Settings.token())).build();
AppRoleAuthentication authentication = new AppRoleAuthentication(options, prepare().getRestTemplate());
assertThat(authentication.login()).isNotNull();
}
