org.springframework.vault.authentication.SessionManager Java Examples

The following examples show how to use org.springframework.vault.authentication.SessionManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: VaultReactiveBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
@Test
public void shouldConfigureTemplate() {

	this.contextRunner.withUserConfiguration(AuthenticationFactoryConfiguration.class)
			.withPropertyValues("spring.cloud.vault.config.lifecycle.enabled=false")
			.run(context -> {

				assertThat(context.getBean(ReactiveVaultOperations.class))
						.isNotNull();
				assertThat(context.getBean(AuthenticationStepsFactory.class))
						.isNotNull();
				assertThat(context.getBean(SessionManager.class)).isNotNull()
						.isNotInstanceOf(LifecycleAwareSessionManager.class)
						.isNotInstanceOf(SimpleSessionManager.class);
				assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
			});
}
 
Example #2
Source File: VaultBootstrapConfiguration.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
/**
 * @return the {@link SessionManager} for Vault session management.
 * @param clientAuthentication the {@link ClientAuthentication}.
 * @param asyncTaskExecutorFactory the {@link ObjectFactory} for
 * {@link TaskSchedulerWrapper}.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ClientAuthentication clientAuthentication,
		ObjectFactory<TaskSchedulerWrapper> asyncTaskExecutorFactory) {

	if (this.vaultProperties.getConfig().getLifecycle().isEnabled()) {
		RestTemplate restTemplate = this.restTemplateBuilder.build();
		return new LifecycleAwareSessionManager(clientAuthentication,
				asyncTaskExecutorFactory.getObject().getTaskScheduler(),
				restTemplate);
	}

	return new SimpleSessionManager(clientAuthentication);
}
 
Example #3
Source File: VaultBootstrapConfiguration.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Creates a {@link VaultTemplate}.
 * @return the {@link VaultTemplate} bean.
 * @see VaultBootstrapConfiguration#clientHttpRequestFactoryWrapper()
 */
@Bean
@ConditionalOnMissingBean(VaultOperations.class)
public VaultTemplate vaultTemplate() {

	VaultProperties.AuthenticationMethod authentication = this.vaultProperties
			.getAuthentication();

	if (authentication == VaultProperties.AuthenticationMethod.NONE) {
		return new VaultTemplate(this.restTemplateBuilder);
	}

	return new VaultTemplate(this.restTemplateBuilder,
			this.applicationContext.getBean(SessionManager.class));
}
 
Example #4
Source File: ReactiveVaultBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldConfigureWithoutAuthentication() {

	this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
			"spring.cloud.vault.authentication=NONE").run(context -> {

				assertThat(context).doesNotHaveBean(SessionManager.class);
				assertThat(context).doesNotHaveBean(ClientAuthentication.class);
				assertThat(context).doesNotHaveBean(VaultTokenSupplier.class);
				assertThat(context).doesNotHaveBean(ReactiveSessionManager.class);
				assertThat(context).hasSingleBean(ReactiveVaultTemplate.class);
			});
}
 
Example #5
Source File: VaultReactiveBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void sessionManagerBridgeShouldNotCacheTokens() {
	this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class,
			CustomSessionManager.class).run(context -> {

				SessionManager sessionManager = context.getBean(SessionManager.class);

				assertThat(sessionManager.getSessionToken().getToken())
						.isEqualTo("token-1");
				assertThat(sessionManager.getSessionToken().getToken())
						.isEqualTo("token-2");
			});
}
 
Example #6
Source File: VaultReactiveBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldNotConfigureReactiveSupport() {

	this.contextRunner.withUserConfiguration(VaultBootstrapConfiguration.class)
			.withPropertyValues("spring.cloud.vault.reactive.enabled=false",
					"spring.cloud.vault.token=foo")
			.run(context -> {

				assertThat(context.getBeanNamesForType(ReactiveVaultOperations.class))
						.isEmpty();
				assertThat(context.getBean(SessionManager.class))
						.isInstanceOf(LifecycleAwareSessionManager.class);
			});
}
 
Example #7
Source File: VaultReactiveBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldConfigureTemplateWithTokenSupplier() {

	this.contextRunner.withUserConfiguration(TokenSupplierConfiguration.class)
			.withPropertyValues("spring.cloud.vault.config.lifecycle.enabled=false")
			.run(context -> {

				assertThat(context.getBean(ReactiveVaultOperations.class))
						.isNotNull();
				assertThat(context.getBean(SessionManager.class)).isNotNull()
						.isNotInstanceOf(LifecycleAwareSessionManager.class)
						.isNotInstanceOf(SimpleSessionManager.class);
				assertThat(context.getBeanNamesForType(WebClient.class)).isEmpty();
			});
}
 
Example #8
Source File: VaultBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldConfigureWithoutAuthentication() {

	this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
			"spring.cloud.vault.authentication=NONE").run(context -> {

				assertThat(context).doesNotHaveBean(SessionManager.class);
				assertThat(context).doesNotHaveBean(ClientAuthentication.class);
				assertThat(context).hasSingleBean(VaultTemplate.class);
			});
}
 
Example #9
Source File: VaultReactiveBootstrapConfiguration.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * @param sessionManager the {@link ReactiveSessionManager}.
 * @return {@link SessionManager} adapter wrapping {@link ReactiveSessionManager}.
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ReactiveSessionManager sessionManager) {
	return () -> {

		VaultToken token = sessionManager.getSessionToken().block();
		Assert.state(token != null,
				"ReactiveSessionManager returned a null VaultToken");
		return token;
	};
}
 
Example #10
Source File: VaultTemplate.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link VaultTemplate} through a {@link RestTemplateBuilder} and
 * {@link SessionManager}.
 * @param restTemplateBuilder must not be {@literal null}.
 * @param sessionManager must not be {@literal null}.
 * @since 2.2
 */
public VaultTemplate(RestTemplateBuilder restTemplateBuilder, SessionManager sessionManager) {

	Assert.notNull(restTemplateBuilder, "RestTemplateBuilder must not be null");
	Assert.notNull(sessionManager, "SessionManager must not be null");

	this.sessionManager = sessionManager;
	this.dedicatedSessionManager = false;

	this.statelessTemplate = restTemplateBuilder.build();
	this.sessionTemplate = restTemplateBuilder.build();
	this.sessionTemplate.getInterceptors().add(getSessionInterceptor());
}
 
Example #11
Source File: VaultTemplate.java    From spring-vault with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link VaultTemplate} with a {@link VaultEndpointProvider},
 * {@link ClientHttpRequestFactory} and {@link SessionManager}.
 * @param endpointProvider must not be {@literal null}.
 * @param requestFactory must not be {@literal null}.
 * @param sessionManager must not be {@literal null}.
 * @since 1.1
 */
public VaultTemplate(VaultEndpointProvider endpointProvider, ClientHttpRequestFactory requestFactory,
		SessionManager sessionManager) {

	Assert.notNull(endpointProvider, "VaultEndpointProvider must not be null");
	Assert.notNull(requestFactory, "ClientHttpRequestFactory must not be null");
	Assert.notNull(sessionManager, "SessionManager must not be null");

	this.sessionManager = sessionManager;
	this.dedicatedSessionManager = false;
	this.statelessTemplate = doCreateRestTemplate(endpointProvider, requestFactory);
	this.sessionTemplate = doCreateSessionTemplate(endpointProvider, requestFactory);
}
 
Example #12
Source File: HashicorpKeyVaultServiceFactory.java    From tessera with Apache License 2.0 4 votes vote down vote up
KeyVaultService create(
        Config config, EnvironmentVariableProvider envProvider, HashicorpKeyVaultServiceFactoryUtil util) {
    Objects.requireNonNull(config);
    Objects.requireNonNull(envProvider);
    Objects.requireNonNull(util);

    final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
    final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
    final String authToken = envProvider.getEnv(HASHICORP_TOKEN);

    if (roleId == null && secretId == null && authToken == null) {
        throw new HashicorpCredentialNotSetException(
                "Environment variables must be set to authenticate with Hashicorp Vault.  Set the "
                        + HASHICORP_ROLE_ID
                        + " and "
                        + HASHICORP_SECRET_ID
                        + " environment variables if using the AppRole authentication method.  Set the "
                        + HASHICORP_TOKEN
                        + " environment variable if using another authentication method.");
    } else if (isOnlyOneInputNull(roleId, secretId)) {
        throw new HashicorpCredentialNotSetException(
                "Only one of the "
                        + HASHICORP_ROLE_ID
                        + " and "
                        + HASHICORP_SECRET_ID
                        + " environment variables to authenticate with Hashicorp Vault using the AppRole method has been set");
    }

    KeyVaultConfig keyVaultConfig =
            Optional.ofNullable(config.getKeys())
                    .flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP))
                    .orElseThrow(
                            () ->
                                    new ConfigException(
                                            new RuntimeException(
                                                    "Trying to create Hashicorp Vault connection but no Vault configuration provided")));

    VaultEndpoint vaultEndpoint;

    try {
        URI uri = new URI(keyVaultConfig.getProperty("url").get());
        vaultEndpoint = VaultEndpoint.from(uri);
    } catch (URISyntaxException | NoSuchElementException | IllegalArgumentException e) {
        throw new ConfigException(new RuntimeException("Provided Hashicorp Vault url is incorrectly formatted", e));
    }

    SslConfiguration sslConfiguration = util.configureSsl(keyVaultConfig, envProvider);

    ClientOptions clientOptions = new ClientOptions();

    ClientHttpRequestFactory clientHttpRequestFactory =
            util.createClientHttpRequestFactory(clientOptions, sslConfiguration);

    ClientAuthentication clientAuthentication =
            util.configureClientAuthentication(
                    keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);

    SessionManager sessionManager = new SimpleSessionManager(clientAuthentication);
    VaultOperations vaultOperations = new VaultTemplate(vaultEndpoint, clientHttpRequestFactory, sessionManager);

    return new HashicorpKeyVaultService(new KeyValueOperationsDelegateFactory(vaultOperations));
}
 
Example #13
Source File: AbstractReactiveVaultConfiguration.java    From spring-vault with Apache License 2.0 4 votes vote down vote up
/**
 * Construct a session manager adapter wrapping {@link #reactiveSessionManager()} and
 * exposing imperative {@link SessionManager} on top of a reactive API.
 * @return the {@link SessionManager} adapter.
 */
@Bean
@Override
public SessionManager sessionManager() {
	return new ReactiveSessionManagerAdapter(getReactiveSessionManager());
}
 
Example #14
Source File: VaultTemplate.java    From spring-vault with Apache License 2.0 3 votes vote down vote up
/**
 * Set the {@link SessionManager}.
 * @param sessionManager must not be {@literal null}.
 */
public void setSessionManager(SessionManager sessionManager) {

	Assert.notNull(sessionManager, "SessionManager must not be null");

	this.sessionManager = sessionManager;
}
 
Example #15
Source File: AbstractVaultConfiguration.java    From spring-vault with Apache License 2.0 3 votes vote down vote up
/**
 * Construct a {@link LifecycleAwareSessionManager} using
 * {@link #clientAuthentication()}. This {@link SessionManager} uses
 * {@link #threadPoolTaskScheduler()}.
 * @return the {@link SessionManager} for Vault session management.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 * @see #restOperations()
 * @see #clientAuthentication()
 * @see #threadPoolTaskScheduler() ()
 */
@Bean
public SessionManager sessionManager() {

	ClientAuthentication clientAuthentication = clientAuthentication();

	Assert.notNull(clientAuthentication, "ClientAuthentication must not be null");

	return new LifecycleAwareSessionManager(clientAuthentication, getVaultThreadPoolTaskScheduler(),
			restOperations());
}
 
Example #16
Source File: AbstractVaultConfiguration.java    From spring-vault with Apache License 2.0 3 votes vote down vote up
/**
 * Create a {@link VaultTemplate}.
 * @return the {@link VaultTemplate}.
 * @see #vaultEndpointProvider()
 * @see #clientHttpRequestFactoryWrapper()
 * @see #sessionManager()
 */
@Bean
public VaultTemplate vaultTemplate() {
	return new VaultTemplate(
			restTemplateBuilder(vaultEndpointProvider(), getClientFactoryWrapper().getClientHttpRequestFactory()),
			getBeanFactory().getBean("sessionManager", SessionManager.class));
}
 
Example #17
Source File: VaultTemplate.java    From spring-vault with Apache License 2.0 2 votes vote down vote up
/**
 * Create a new {@link VaultTemplate} with a {@link VaultEndpoint},
 * {@link ClientHttpRequestFactory} and {@link SessionManager}.
 * @param vaultEndpoint must not be {@literal null}.
 * @param clientHttpRequestFactory must not be {@literal null}.
 * @param sessionManager must not be {@literal null}.
 */
public VaultTemplate(VaultEndpoint vaultEndpoint, ClientHttpRequestFactory clientHttpRequestFactory,
		SessionManager sessionManager) {
	this(SimpleVaultEndpointProvider.of(vaultEndpoint), clientHttpRequestFactory, sessionManager);
}