Java Code Examples for org.springframework.vault.core.VaultOperations#write()
The following examples show how to use
org.springframework.vault.core.VaultOperations#write() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: VaultConfigAwsTests.java From spring-cloud-vault with Apache License 2.0 | 6 votes |
|
/**
* Initialize the aws secret backend.
*/
@BeforeClass
public static void beforeClass() {
assumeTrue(StringUtils.hasText(AWS_ACCESS_KEY)
&& StringUtils.hasText(AWS_SECRET_KEY));
VaultRule vaultRule = new VaultRule();
vaultRule.before();
if (!vaultRule.prepare().hasSecretBackend("aws")) {
vaultRule.prepare().mountSecret("aws");
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
Map<String, String> connection = new HashMap<>();
connection.put("region", AWS_REGION);
connection.put("access_key", AWS_ACCESS_KEY);
connection.put("secret_key", AWS_SECRET_KEY);
vaultOperations.write("aws/config/root", connection);
vaultOperations.write("aws/roles/readonly", Collections.singletonMap("arn", ARN));
}
Example 2
| Source File: VaultConfigWithVaultConfigurerTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void beforeClass() {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
vaultOperations.write("secret/VaultConfigWithVaultConfigurerTests",
Collections.singletonMap("vault.value", "hello"));
vaultOperations.write("secret/testVaultApp",
Collections.singletonMap("vault.value", "world"));
}
Example 3
| Source File: MySqlDatabaseSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the mysql secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.7.1")));
this.mySql.setEnabled(true);
this.mySql.setRole("readonly");
this.mySql.setBackend("database");
if (!prepare().hasSecretBackend(this.mySql.getBackend())) {
prepare().mountSecret(this.mySql.getBackend());
}
VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
Map<String, String> config = new HashMap<>();
config.put("plugin_name", "mysql-legacy-database-plugin");
config.put("connection_url", ROOT_CREDENTIALS);
config.put("allowed_roles", "readonly");
vaultOperations.write(String.format("%s/config/mysql", this.mySql.getBackend()),
config);
Map<String, String> body = new HashMap<>();
body.put("db_name", "mysql");
body.put("creation_statements", CREATE_USER_AND_GRANT_SQL);
vaultOperations.write(String.format("%s/roles/%s", this.mySql.getBackend(),
this.mySql.getRole()), body);
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 4
| Source File: AwsSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the aws secret backend.
*/
@Before
public void setUp() {
assumeTrue(StringUtils.hasText(AWS_ACCESS_KEY)
&& StringUtils.hasText(AWS_SECRET_KEY));
this.aws.setEnabled(true);
this.aws.setRole("readonly");
if (!prepare().hasSecretBackend(this.aws.getBackend())) {
prepare().mountSecret(this.aws.getBackend());
}
VaultOperations vaultOperations = prepare().getVaultOperations();
Map<String, String> connection = new HashMap<>();
connection.put("region", AWS_REGION);
connection.put("access_key", AWS_ACCESS_KEY);
connection.put("secret_key", AWS_SECRET_KEY);
vaultOperations.write(String.format("%s/config/root", this.aws.getBackend()),
connection);
vaultOperations.write(
String.format("%s/roles/%s", this.aws.getBackend(), this.aws.getRole()),
Collections.singletonMap("arn", ARN));
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 5
| Source File: VaultConfigRabbitMqTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the rabbitmq secret backend.
*/
@BeforeClass
public static void beforeClass() {
assumeTrue(CanConnect
.to(new InetSocketAddress(RABBITMQ_HOST, RABBITMQ_HTTP_MANAGEMENT_PORT)));
VaultRule vaultRule = new VaultRule();
vaultRule.before();
assumeTrue(vaultRule.prepare().getVersion()
.isGreaterThanOrEqualTo(Version.parse("0.6.2")));
if (!vaultRule.prepare().hasSecretBackend("rabbitmq")) {
vaultRule.prepare().mountSecret("rabbitmq");
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
Map<String, String> connection = new HashMap<>();
connection.put("connection_uri", RABBITMQ_URI);
connection.put("username", RABBITMQ_USERNAME);
connection.put("password", RABBITMQ_PASSWORD);
vaultOperations.write(String.format("rabbitmq/config/connection"), connection);
vaultOperations.write(String.format("rabbitmq/roles/readonly"),
Collections.singletonMap("vhosts", VHOSTS_ROLE));
}
Example 6
| Source File: RabbitMqSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the rabbitmq secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect
.to(new InetSocketAddress(RABBITMQ_HOST, RABBITMQ_HTTP_MANAGEMENT_PORT)));
assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("0.6.2")));
this.rabbitmq.setEnabled(true);
this.rabbitmq.setRole("readonly");
if (!prepare().hasSecretBackend(this.rabbitmq.getBackend())) {
prepare().mountSecret(this.rabbitmq.getBackend());
}
Map<String, String> connection = new HashMap<>();
connection.put("connection_uri", RABBITMQ_URI);
connection.put("username", RABBITMQ_USERNAME);
connection.put("password", RABBITMQ_PASSWORD);
VaultOperations vaultOperations = prepare().getVaultOperations();
vaultOperations.write(
String.format("%s/config/connection", this.rabbitmq.getBackend()),
connection);
vaultOperations.write(
String.format("%s/roles/%s", this.rabbitmq.getBackend(),
this.rabbitmq.getRole()),
Collections.singletonMap("vhosts", VHOSTS_ROLE));
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 7
| Source File: PostgreSqlSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the postgresql secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect.to(new InetSocketAddress(POSTGRES_HOST, POSTGRES_PORT)));
this.postgreSql.setEnabled(true);
this.postgreSql.setRole("readonly");
if (!prepare().hasSecretBackend(this.postgreSql.getBackend())) {
prepare().mountSecret(this.postgreSql.getBackend());
}
VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
vaultOperations.write(
String.format("%s/config/connection", this.postgreSql.getBackend()),
Collections.singletonMap("connection_url", CONNECTION_URL));
vaultOperations.write(
String.format("%s/roles/%s", this.postgreSql.getBackend(),
this.postgreSql.getRole()),
Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 8
| Source File: VaultConfigMySqlDatabaseTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the mysql secret backend.
*/
@BeforeClass
public static void beforeClass() {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
assumeTrue(vaultRule.prepare().getVersion()
.isGreaterThanOrEqualTo(Version.parse("0.7.1")));
if (!vaultRule.prepare().hasSecretBackend("database")) {
vaultRule.prepare().mountSecret("database");
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
Map<String, String> config = new HashMap<>();
config.put("plugin_name", "mysql-legacy-database-plugin");
config.put("connection_url", ROOT_CREDENTIALS);
config.put("allowed_roles", "readonly");
vaultOperations.write("database/config/mysql", config);
Map<String, String> body = new HashMap<>();
body.put("db_name", "mysql");
body.put("creation_statements", CREATE_USER_AND_GRANT_SQL);
vaultOperations.write("database/roles/readonly", body);
}
Example 9
| Source File: VaultConfigCassandraTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the cassandra secret backend.
*/
@BeforeClass
public static void beforeClass() {
assumeTrue(CanConnect.to(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT)));
VaultRule vaultRule = new VaultRule();
vaultRule.before();
if (!vaultRule.prepare().hasSecretBackend("cassandra")) {
vaultRule.prepare().mountSecret("cassandra");
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
Map<String, Object> connection = new HashMap<>();
connection.put("hosts", CASSANDRA_HOST);
connection.put("username", CASSANDRA_USERNAME);
connection.put("password", CASSANDRA_PASSWORD);
connection.put("protocol_version", 3);
vaultOperations.write(String.format("%s/config/connection", "cassandra"),
connection);
Map<String, String> role = new HashMap<>();
role.put("creation_cql", CREATE_USER_AND_GRANT_CQL);
role.put("consistency", "All");
vaultOperations.write("cassandra/roles/readonly", role);
}
Example 10
| Source File: CassandraSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize cassandra secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect.to(new InetSocketAddress(CASSANDRA_HOST, CASSANDRA_PORT)));
this.cassandra.setEnabled(true);
this.cassandra.setRole("readonly");
if (!prepare().hasSecretBackend(this.cassandra.getBackend())) {
prepare().mountSecret(this.cassandra.getBackend());
}
VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
Map<String, Object> connection = new HashMap<>();
connection.put("hosts", CASSANDRA_HOST);
connection.put("username", CASSANDRA_USERNAME);
connection.put("password", CASSANDRA_PASSWORD);
connection.put("protocol_version", 3);
vaultOperations.write(
String.format("%s/config/connection", this.cassandra.getBackend()),
connection);
Map<String, String> role = new HashMap<>();
role.put("creation_cql", CREATE_USER_AND_GRANT_CQL);
role.put("consistency", "All");
vaultOperations.write(String.format("%s/roles/%s", this.cassandra.getBackend(),
this.cassandra.getRole()), role);
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 11
| Source File: VaultConfigWithContextTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void beforeClass() {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
vaultOperations.write("secret/testVaultApp/my-profile",
Collections.singletonMap("vault.value", "hello"));
vaultOperations.write("secret/testVaultApp",
Collections.singletonMap("vault.value", "world"));
}
Example 12
| Source File: MySqlSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 5 votes |
|
/**
* Initialize the mysql secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect.to(new InetSocketAddress(MYSQL_HOST, MYSQL_PORT)));
this.mySql.setEnabled(true);
this.mySql.setRole("readonly");
if (!prepare().hasSecretBackend(this.mySql.getBackend())) {
prepare().mountSecret(this.mySql.getBackend());
}
VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
vaultOperations.write(
String.format("%s/config/connection", this.mySql.getBackend()),
Collections.singletonMap("connection_url", ROOT_CREDENTIALS));
vaultOperations.write(
String.format("%s/roles/%s", this.mySql.getBackend(),
this.mySql.getRole()),
Collections.singletonMap("sql", CREATE_USER_AND_GRANT_SQL));
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 13
| Source File: VaultPropertySourceMultipleIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@BeforeAll
static void beforeClass(VaultInitializer initializer) {
VaultOperations vaultOperations = initializer.prepare().getVaultOperations();
vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
Example 14
| Source File: VaultPropertySourceIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@BeforeAll
static void beforeClass(VaultInitializer initializer) {
VaultOperations vaultOperations = initializer.prepare().getVaultOperations();
vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
vaultOperations.write("secret/generic", Collections.singletonMap("generic", "generic-value"));
vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
Example 15
| Source File: LeaseAwareVaultPropertySourceIntegrationTests.java From spring-vault with Apache License 2.0 | 5 votes |
|
@BeforeAll
static void beforeClass(VaultInitializer vaultInitializer) {
VaultOperations vaultOperations = vaultInitializer.prepare().getVaultOperations();
vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
vaultOperations.write("secret/myapp/profile", Collections.singletonMap("myprofile", "myprofilevalue"));
}
Example 16
| Source File: VaultConfigKubernetesTests.java From spring-cloud-vault with Apache License 2.0 | 4 votes |
|
@BeforeClass
public static void beforeClass() {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
String minikubeIp = System.getProperty("MINIKUBE_IP");
assumeTrue(StringUtils.hasText(minikubeIp) && vaultRule.prepare().getVersion()
.isGreaterThanOrEqualTo(Version.parse("0.8.3")));
if (!vaultRule.prepare().hasAuth("kubernetes")) {
vaultRule.prepare().mountAuth("kubernetes");
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
Policy policy = Policy.of(
Rule.builder().path("*").capabilities(BuiltinCapabilities.READ).build());
vaultOperations.opsForSys().createOrUpdatePolicy("testpolicy", policy);
vaultOperations.write(
"secret/" + VaultConfigKubernetesTests.class.getSimpleName(),
Collections.singletonMap("vault.value", "foo"));
File workDir = findWorkDir();
String certificate = Files.contentOf(new File(workDir, "minikube/ca.crt"),
StandardCharsets.US_ASCII);
String host = String.format("https://%s:8443", minikubeIp);
Map<String, String> kubeConfig = new HashMap<>();
kubeConfig.put("kubernetes_ca_cert", certificate);
kubeConfig.put("kubernetes_host", host);
vaultOperations.write("auth/kubernetes/config", kubeConfig);
Map<String, String> roleData = new HashMap<>();
roleData.put("bound_service_account_names", "default");
roleData.put("bound_service_account_namespaces", "default");
roleData.put("policies", "testpolicy");
roleData.put("ttl", "1h");
vaultOperations.write("auth/kubernetes/role/my-role", roleData);
}
Example 17
| Source File: VaultConfigAppIdTests.java From spring-cloud-vault with Apache License 2.0 | 4 votes |
|
@BeforeClass
public static void beforeClass() {
VaultRule vaultRule = new VaultRule();
vaultRule.before();
VaultProperties vaultProperties = Settings.createVaultProperties();
vaultProperties.setAuthentication(VaultProperties.AuthenticationMethod.APPID);
vaultProperties.getAppId().setUserId(VaultProperties.AppIdProperties.IP_ADDRESS);
if (!vaultRule.prepare().hasAuth(vaultProperties.getAppId().getAppIdPath())) {
vaultRule.prepare().mountAuth(vaultProperties.getAppId().getAppIdPath());
}
VaultOperations vaultOperations = vaultRule.prepare().getVaultOperations();
String rules = "{ \"name\": \"testpolicy\",\n" //
+ " \"path\": {\n" //
+ " \"*\": { \"policy\": \"read\" }\n" //
+ " }\n" //
+ "}";
vaultOperations.write("sys/policy/testpolicy",
Collections.singletonMap("rules", rules));
String appId = VaultConfigAppIdTests.class.getSimpleName();
vaultOperations.write("secret/" + VaultConfigAppIdTests.class.getSimpleName(),
Collections.singletonMap("vault.value", "foo"));
Map<String, String> appIdData = new HashMap<>();
appIdData.put("value", "testpolicy"); // policy
appIdData.put("display_name", "this is my test application");
vaultOperations.write(String.format("auth/app-id/map/app-id/%s", appId),
appIdData);
Map<String, String> userIdData = new HashMap<>();
userIdData.put("value", appId); // name of the app-id
userIdData.put("cidr_block", "0.0.0.0/0");
String userId = new IpAddressUserId().createUserId();
vaultOperations.write(String.format("auth/app-id/map/user-id/%s", userId),
userIdData);
}
Example 18
| Source File: ConsulSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 4 votes |
|
/**
* Initialize the consul secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect.to(new InetSocketAddress(CONSUL_HOST, CONSUL_PORT)));
this.consul.setEnabled(true);
this.consul.setRole("readonly");
if (!prepare().hasSecretBackend(this.consul.getBackend())) {
prepare().mountSecret(this.consul.getBackend());
}
VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
HttpHeaders headers = new HttpHeaders();
headers.add("X-Consul-Token", CONSUL_ACL_MASTER_TOKEN);
HttpEntity<String> requestEntity = new HttpEntity<>(
"{\"Name\": \"sample\", \"Type\": \"management\"}", headers);
try {
ResponseEntity<Map<String, String>> tokenResponse = this.restTemplate
.exchange("http://{host}:{port}/v1/acl/create", HttpMethod.PUT,
requestEntity, STRING_MAP, CONSUL_HOST, CONSUL_PORT);
Map<String, String> consulAccess = new HashMap<>();
consulAccess.put("address", CONNECTION_URL);
consulAccess.put("token", tokenResponse.getBody().get("ID"));
vaultOperations.write(
String.format("%s/config/access", this.consul.getBackend()),
consulAccess);
}
catch (HttpStatusCodeException e) {
assumeFalse("Skipping because Consul is not configured as we expect it to be",
e.getStatusCode().is4xxClientError());
throw e;
}
vaultOperations.write(
String.format("%s/roles/%s", this.consul.getBackend(),
this.consul.getRole()),
Collections.singletonMap("policy",
Base64Utils.encodeToString(POLICY.getBytes())));
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 19
| Source File: ElasticsearchSecretIntegrationTests.java From spring-cloud-vault with Apache License 2.0 | 4 votes |
|
/**
* Initialize the elasticsearch secret backend.
*/
@Before
public void setUp() {
assumeTrue(CanConnect
.to(new InetSocketAddress(ELASTICSEARCH_HOST, ELASTICSEARCH_PORT)));
assumeTrue(prepare().getVersion().isGreaterThanOrEqualTo(Version.parse("1.3.0")));
this.elasticsearch.setEnabled(true);
this.elasticsearch.setRole("readonly");
if (!prepare().hasSecretBackend(this.elasticsearch.getBackend())) {
prepare().mountSecret(this.elasticsearch.getBackend());
}
VaultOperations vaultOperations = this.vaultRule.prepare().getVaultOperations();
String database = "elasticsearch";
Map<String, Object> config = new LinkedHashMap<>();
config.put("plugin_name", "elasticsearch-database-plugin");
config.put("allowed_roles", "readonly");
config.put("username", "elastic");
config.put("password", "elastic");
config.put("url",
String.format("http://%s:%d", ELASTICSEARCH_HOST, ELASTICSEARCH_PORT));
config.put("ca_cert", String.format("%s/elastic-stack-ca.crt", ES_HOME));
config.put("client_cert", String.format("%s/elastic-certificates.crt", ES_HOME));
config.put("client_key", String.format("%s/elastic-certificates.key", ES_HOME));
vaultOperations.write(
String.format("%s/config/%s", this.elasticsearch.getBackend(), database),
config);
Map<String, Object> role = new LinkedHashMap<>();
role.put("db_name", database);
role.put("creation_statements",
"{\"elasticsearch_role_definition\": {\"indices\": [{\"names\":[\"*\"], \"privileges\":[\"read\"]}]}}");
role.put("default_ttl", "1h");
vaultOperations.write(this.elasticsearch.getBackend() + "/roles/"
+ this.elasticsearch.getRole(), role);
this.configOperations = new VaultConfigTemplate(vaultOperations,
this.vaultProperties);
}
Example 20
| Source File: VaultPropertySourceInBeanConfigurationIntegrationTest.java From spring-vault with Apache License 2.0 | 3 votes |
|
@BeforeAll
static void beforeClass(VaultInitializer initializer) {
VaultOperations vaultOperations = initializer.prepare().getVaultOperations();
vaultOperations.write("secret/myapp", Collections.singletonMap("myapp", "myvalue"));
}
