From 5637f440f37ff588fb11241d789bbbc6dd84be72 Mon Sep 17 00:00:00 2001 From: Mark Paluch Date: Sun, 18 Sep 2016 00:08:15 +0200 Subject: [PATCH] Polishing. Update documentation. Provide builder for VaultMount. Rename VaultHealthResponse to VaultHealth. Make VaultMount and VaultHealth immutable. --- .../AppIdAuthenticationOptions.java | 18 ++- .../authentication/AppIdUserIdMechanism.java | 3 +- .../authentication/AwsEc2Authentication.java | 10 +- .../AwsEc2AuthenticationOptions.java | 23 +++- .../vault/core/VaultSysOperations.java | 25 +++- .../vault/core/VaultSysTemplate.java | 21 +-- .../vault/core/VaultTokenOperations.java | 22 ++- .../vault/support/VaultHealth.java | 86 ++++++++++++ .../vault/support/VaultHealthResponse.java | 68 --------- .../vault/support/VaultMount.java | 130 ++++++++++++++---- .../VaultSysTemplateIntegrationTests.java | 10 +- .../VaultTemplateTransitIntegrationTests.java | 2 +- .../VaultTransitTemplateIntegrationTests.java | 2 +- .../vault/util/PrepareVault.java | 7 +- .../springframework/vault/util/VaultRule.java | 1 + 15 files changed, 294 insertions(+), 134 deletions(-) create mode 100644 spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealth.java delete mode 100644 spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealthResponse.java diff --git a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdAuthenticationOptions.java b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdAuthenticationOptions.java index 4b8ed151..d55134f8 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdAuthenticationOptions.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdAuthenticationOptions.java @@ -18,10 +18,13 @@ package org.springframework.vault.authentication; import org.springframework.util.Assert; /** - * Authentication options for {@link AppIdAuthentication}. Authentication options provide the path, appId and a - * {@link AppIdUserIdMechanism}. {@link AppIdAuthentication} can be constructed using {@link #builder()}. + * Authentication options for {@link AppIdAuthentication}. + *

+ * Authentication options provide the path, appId and a {@link AppIdUserIdMechanism}. {@link AppIdAuthentication} can be + * constructed using {@link #builder()}. Instances of this class are immutable once constructed. * * @author Mark Paluch + * @see AppIdAuthentication * @see AppIdUserIdMechanism * @see #builder() */ @@ -29,10 +32,19 @@ public class AppIdAuthenticationOptions { public final static String DEFAULT_APPID_AUTHENTICATION_PATH = "app-id"; + /** + * Path of the appid authentication backend mount. + */ private final String path; + /** + * The AppId + */ private final String appId; + /** + * {@link AppIdUserIdMechanism} instance to obtain a userId. + */ private final AppIdUserIdMechanism userIdMechanism; private AppIdAuthenticationOptions(String path, String appId, AppIdUserIdMechanism userIdMechanism) { @@ -76,7 +88,9 @@ public class AppIdAuthenticationOptions { public static class AppIdAuthenticationOptionsBuilder { private String path = DEFAULT_APPID_AUTHENTICATION_PATH; + private String appId; + private AppIdUserIdMechanism userIdMechanism; AppIdAuthenticationOptionsBuilder() {} diff --git a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdUserIdMechanism.java b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdUserIdMechanism.java index ca8ebe8d..3238b4a1 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdUserIdMechanism.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdUserIdMechanism.java @@ -17,9 +17,10 @@ package org.springframework.vault.authentication; /** - * Interface to obtain a UserId for AppId authentication. + * Interface to obtain a UserId for AppId authentication. Implementations are used by {@link AppIdAuthentication}. * * @author Mark Paluch + * @see AppIdAuthentication */ public interface AppIdUserIdMechanism { diff --git a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2Authentication.java b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2Authentication.java index d9f113ca..030a4090 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2Authentication.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2Authentication.java @@ -33,8 +33,11 @@ import org.springframework.web.client.RestClientException; import org.springframework.web.client.RestTemplate; /** - * AWS-EC2 login implementation. AWS-EC2 login uses the EC2 identity document and a nonce to login into Vault. AWS-EC2 - * login obtains the PKCS#7 signed EC2 identity document and generates a {@link #createNonce() nonce}. + * AWS-EC2 login implementation. + *

+ * AWS-EC2 login uses the EC2 identity document and a nonce to login into Vault. AWS-EC2 login obtains the PKCS#7 signed + * EC2 identity document and generates a {@link #createNonce() nonce}. Instances of this class are immutable once + * constructed. * * @author Mark Paluch * @see AwsEc2AuthenticationOptions @@ -45,8 +48,11 @@ public class AwsEc2Authentication implements ClientAuthentication { private final static Logger logger = LoggerFactory.getLogger(AwsEc2Authentication.class); private final AwsEc2AuthenticationOptions options; + private final VaultClient vaultClient; + private final RestTemplate restTemplate; + private final AtomicReference nonce = new AtomicReference(); /** diff --git a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2AuthenticationOptions.java b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2AuthenticationOptions.java index 88b4fe51..da9c4ef7 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2AuthenticationOptions.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsEc2AuthenticationOptions.java @@ -20,8 +20,11 @@ import java.net.URI; import org.springframework.util.Assert; /** - * Authentication options for {@link AwsEc2Authentication}. Authentication options provide the path, the Identity - * Document URI and an optional role. {@link AwsEc2AuthenticationOptions} can be constructed using {@link #builder()}. + * Authentication options for {@link AwsEc2Authentication}. + *

+ * Authentication options provide the path, the Identity Document URI and an optional role. + * {@link AwsEc2AuthenticationOptions} can be constructed using {@link #builder()}. Instances of this class are + * immutable once constructed. * * @author Mark Paluch * @see AwsEc2Authentication @@ -40,10 +43,19 @@ public class AwsEc2AuthenticationOptions { */ public final static AwsEc2AuthenticationOptions DEFAULT = new AwsEc2AuthenticationOptions(); + /** + * Path of the aws-ec2 authentication backend mount. + */ private final String path; + /** + * {@link URI} to the AWS EC2 PKCS#7-signed identity document. + */ private final URI identityDocumentUri; + /** + * EC2 instance role name. May be {@literal null} if none. + */ private final String role; private AwsEc2AuthenticationOptions() { @@ -65,21 +77,21 @@ public class AwsEc2AuthenticationOptions { } /** - * @return the mount path. + * @return the path of the aws-ec2 authentication backend mount. */ public String getPath() { return path; } /** - * @return the {@link URI} to the Identity Document. + * @return the {@link URI} to the AWS EC2 PKCS#7-signed identity document. */ public URI getIdentityDocumentUri() { return identityDocumentUri; } /** - * @return the role, may be {@literal null}. + * @return the role, may be {@literal null} if none. */ public String getRole() { return role; @@ -115,6 +127,7 @@ public class AwsEc2AuthenticationOptions { * @see #DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI */ public AwsEc2AuthenticationOptionsBuilder identityDocumentUri(URI identityDocumentUri) { + this.identityDocumentUri = identityDocumentUri; return this; } diff --git a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysOperations.java b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysOperations.java index d1b628aa..03b6a1df 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysOperations.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysOperations.java @@ -18,7 +18,7 @@ package org.springframework.vault.core; import java.util.Map; import org.springframework.vault.client.VaultException; -import org.springframework.vault.support.VaultHealthResponse; +import org.springframework.vault.support.VaultHealth; import org.springframework.vault.support.VaultInitializationRequest; import org.springframework.vault.support.VaultInitializationResponse; import org.springframework.vault.support.VaultMount; @@ -34,19 +34,23 @@ public interface VaultSysOperations { /** * @return {@literal true} if Vault is initialized. + * @see GET /sys/init */ boolean isInitialized() throws VaultException; /** - * Initializes Vault with a {@link VaultInitializationRequest}. + * Initialize Vault with a {@link VaultInitializationRequest}. * * @param vaultInitializationRequest must not be {@literal null}. * @return the {@link VaultInitializationResponse}. + * @see PUT /sys/init */ VaultInitializationResponse initialize(VaultInitializationRequest vaultInitializationRequest) throws VaultException; /** - * Seals vault. + * Seal vault. + * + * @see PUT /sys/seal */ void seal() throws VaultException; @@ -55,11 +59,13 @@ public interface VaultSysOperations { * * @param keyShare must not be empty and not {@literal null}. * @return the {@link VaultUnsealStatus}. + * @see PUT /sys/unseal */ VaultUnsealStatus unseal(String keyShare) throws VaultException; /** * @return the {@link VaultUnsealStatus}. + * @see GET /sys/unseal */ VaultUnsealStatus getUnsealStatus() throws VaultException; @@ -68,11 +74,13 @@ public interface VaultSysOperations { * * @param path must not be empty or {@literal null}. * @param vaultMount must not be {@literal null}. + * @see POST /sys/mounts/{mount} */ void mount(String path, VaultMount vaultMount) throws VaultException; /** * @return {@link Map} of all secret backend {@link VaultMount mounts}. + * @see GET /sys/mounts/ */ Map getMounts() throws VaultException; @@ -80,6 +88,7 @@ public interface VaultSysOperations { * Unmounts the secret backend mount at {@code path}. * * @param path must not be empty or {@literal null}. + * @see DELETE /sys/mounts/{mount} */ void unmount(String path) throws VaultException; @@ -88,11 +97,13 @@ public interface VaultSysOperations { * * @param path must not be empty or {@literal null}. * @param vaultMount must not be {@literal null}. + * @see POST /sys/auth/{mount} */ void authMount(String path, VaultMount vaultMount) throws VaultException; /** * @return {@link Map} of all auth backend {@link VaultMount mounts}. + * @see GET /sys/auth/ */ Map getAuthMounts() throws VaultException; @@ -100,11 +111,15 @@ public interface VaultSysOperations { * Unmounts the auth backend mount at {@code path}. * * @param path must not be empty or {@literal null}. + * @see DELETE /sys/auth/{mount} */ void authUnmount(String path) throws VaultException; /** - * @return the {@link VaultHealthResponse}. + * Returns the health status of Vault. + * + * @return the {@link VaultHealth}. + * @see GET /sys/health */ - VaultHealthResponse health() throws VaultException; + VaultHealth health() throws VaultException; } diff --git a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysTemplate.java b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysTemplate.java index 08fe3ce5..08c5297a 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysTemplate.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultSysTemplate.java @@ -31,7 +31,7 @@ import org.springframework.vault.client.VaultException; import org.springframework.vault.client.VaultResponseEntity; import org.springframework.vault.core.VaultOperations.ClientCallback; import org.springframework.vault.core.VaultOperations.SessionCallback; -import org.springframework.vault.support.VaultHealthResponse; +import org.springframework.vault.support.VaultHealth; import org.springframework.vault.support.VaultInitializationRequest; import org.springframework.vault.support.VaultInitializationResponse; import org.springframework.vault.support.VaultMount; @@ -191,7 +191,7 @@ public class VaultSysTemplate implements VaultSysOperations { } @Override - public VaultHealthResponse health() { + public VaultHealth health() { return vaultOperations.doWithRestTemplate("sys/health", Collections. emptyMap(), HEALTH); } @@ -283,9 +283,10 @@ public class VaultSysTemplate implements VaultSysOperations { if (map.containsKey("type")) { - VaultMount vaultMount = new VaultMount((String) map.get("type")); - vaultMount.setDescription((String) map.get("description")); - vaultMount.setConfig((Map) map.get("config")); + VaultMount vaultMount = VaultMount.builder() // + .type((String) map.get("type")) // + .description((String) map.get("description")) // + .config((Map) map.get("config")).build(); topLevelMounts.put(name, vaultMount); } @@ -295,21 +296,21 @@ public class VaultSysTemplate implements VaultSysOperations { } - private static class Health implements VaultAccessor.RestTemplateCallback { + private static class Health implements VaultAccessor.RestTemplateCallback { @Override - public VaultHealthResponse doWithRestTemplate(URI uri, RestTemplate restTemplate) { + public VaultHealth doWithRestTemplate(URI uri, RestTemplate restTemplate) { try { - ResponseEntity healthResponse = restTemplate.exchange(uri, HttpMethod.GET, null, - VaultHealthResponse.class); + ResponseEntity healthResponse = restTemplate.exchange(uri, HttpMethod.GET, null, + VaultHealth.class); return healthResponse.getBody(); } catch (HttpStatusCodeException responseError) { try { ObjectMapper mapper = new ObjectMapper(); - return mapper.readValue(responseError.getResponseBodyAsString(), VaultHealthResponse.class); + return mapper.readValue(responseError.getResponseBodyAsString(), VaultHealth.class); } catch (Exception jsonError) { throw responseError; } diff --git a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTokenOperations.java b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTokenOperations.java index 7ba256af..4e362458 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTokenOperations.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/core/VaultTokenOperations.java @@ -24,58 +24,66 @@ import org.springframework.vault.support.VaultTokenResponse; * Interface that specifies token-related operations. * * @author Mark Paluch + * @see Auth Backend: Token */ public interface VaultTokenOperations { /** - * Creates a new token. + * Create a new token. * * @return a {@link VaultTokenResponse} + * @see POST /auth/token/create */ VaultTokenResponse create() throws VaultException; /** - * Creates a new token for the given {@link VaultTokenRequest}. + * Create a new token for the given {@link VaultTokenRequest}. * * @param request must not be {@literal null}. * @return a {@link VaultTokenResponse} + * @see POST /auth/token/create */ VaultTokenResponse create(VaultTokenRequest request) throws VaultException; /** - * Creates a new orphan token. + * Create a new orphan token. * * @return a {@link VaultTokenResponse} + * @see POST /auth/token/create-orphan */ VaultTokenResponse createOrphan(); /** - * Creates a new orphan token for the given {@link VaultTokenRequest}. + * Create a new orphan token for the given {@link VaultTokenRequest}. * * @param request must not be {@literal null}. * @return a {@link VaultTokenResponse} + * @see POST /auth/token/create-orphan */ VaultTokenResponse createOrphan(VaultTokenRequest request); /** - * Renews a {@link VaultToken}. + * Renew a {@link VaultToken}. * * @param vaultToken must not be {@literal null}. * @return a {@link VaultTokenResponse} + * @see POST /auth/token/renew/{token} */ VaultTokenResponse renew(VaultToken vaultToken); /** - * Revokes a {@link VaultToken}. + * Revoke a {@link VaultToken}. * * @param vaultToken must not be {@literal null}. + * @see POST /auth/token/revoke/{token} */ void revoke(VaultToken vaultToken); /** - * Revokes a {@link VaultToken} but not its child tokens. + * Revoke a {@link VaultToken} but not its child tokens. * * @param vaultToken must not be {@literal null}. + * @see POST /auth/token/revoke-orphan/{token} */ void revokeOrphan(VaultToken vaultToken); } diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealth.java b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealth.java new file mode 100644 index 00000000..54985150 --- /dev/null +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealth.java @@ -0,0 +1,86 @@ +/* + * Copyright 2016 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.vault.support; + +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * Value object to bind HTTP API responses for sys/health. Instances of this class are immutable. + * + * @author Stuart Ingram + * @author Bill Koch + */ +public class VaultHealth { + + /** + * Reports whether the Vault instance is initialized. + */ + private final boolean initialized; + + /** + * Reports whether the Vault instance is sealed. + */ + private final boolean sealed; + + /** + * Reports whether the Vault instance is in stand-by mode if running using High-Availability. + */ + private final boolean standby; + + /** + * The server time in seconds, UTC. + */ + private final int serverTimeUtc; + + private VaultHealth(@JsonProperty("initialized") boolean initialized, @JsonProperty("sealed") boolean sealed, + @JsonProperty("standby") boolean standby, @JsonProperty("server_time_utc") int serverTimeUtc) { + + this.initialized = initialized; + this.sealed = sealed; + this.standby = standby; + this.serverTimeUtc = serverTimeUtc; + } + + /** + * @return {@literal true} if the Vault instance is initialized, otherwise {@literal false}. + */ + public boolean isInitialized() { + return initialized; + } + + /** + * @return {@literal true} if the Vault instance is sealed, otherwise {@literal false} if the Vault instance is + * unsealed. + */ + public boolean isSealed() { + return sealed; + } + + /** + * @return {@literal true} if the Vault instance is in standby mode, otherwise {@literal false} if the Vault instance + * is active. + */ + public boolean isStandby() { + return standby; + } + + /** + * @return the server time in seconds, UTC. + */ + public int getServerTimeUtc() { + return serverTimeUtc; + } +} diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealthResponse.java b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealthResponse.java deleted file mode 100644 index d9ddfb2d..00000000 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultHealthResponse.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.vault.support; - -import com.fasterxml.jackson.annotation.JsonProperty; - -/** - * Value object to bind HTTP API responses for sys/health. - * - * @author Stuart Ingram - * @author Bill Koch - */ -public class VaultHealthResponse { - - private boolean initialized; - - private boolean sealed; - - private boolean standby; - - @JsonProperty("server_time_utc") private int serverTimeUtc; - - public boolean isInitialized() { - return initialized; - } - - public void setInitialized(boolean initialized) { - this.initialized = initialized; - } - - public boolean isSealed() { - return sealed; - } - - public void setSealed(boolean sealed) { - this.sealed = sealed; - } - - public boolean isStandby() { - return standby; - } - - public void setStandby(boolean standby) { - this.standby = standby; - } - - public int getServerTimeUtc() { - return serverTimeUtc; - } - - public void setServerTimeUtc(int serverTimeUtc) { - this.serverTimeUtc = serverTimeUtc; - } -} diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultMount.java b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultMount.java index 0570a551..ea12b613 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultMount.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultMount.java @@ -19,57 +19,137 @@ import java.util.Map; import org.springframework.util.Assert; +import com.fasterxml.jackson.annotation.JsonProperty; + /** * Value object to bind Vault HTTP Mount API requests/responses. - * + *

+ * A {@link VaultMount} represents an auth or secret mount with its config details. Instances of this class are + * immutable once constructed. + * * @author Mark Paluch + * @see #builder() */ public class VaultMount { - private String type; - - private String description; - - private Map config; + /** + * Backend type. Can be an auth or secret backend. + */ + private final String type; /** - * Creates a new {@link VaultMount}. + * Human readable description of the mount. */ - public VaultMount() {} + private final String description; + + /** + * Additional configuration. + */ + private final Map config; + + private VaultMount(@JsonProperty("type") String type, @JsonProperty("description") String description, + @JsonProperty("config") Map config) { + this.type = type; + this.description = description; + this.config = config; + } /** * Creates a new {@link VaultMount} given a {@code type}. - * - * @param type must not be empty or {@literal null}. + * + * @param type backend type, must not be empty or {@literal null}. */ - public VaultMount(String type) { - - Assert.hasText(type, "Type must not be empty"); - - this.type = type; + public static VaultMount create(String type) { + return builder().type(type).build(); } + /** + * @return a new {@link VaultMountBuilder}. + */ + public static VaultMountBuilder builder() { + return new VaultMountBuilder(); + } + + /** + * @return the backend type. + */ public String getType() { return type; } - public void setType(String type) { - this.type = type; - } - + /** + * @return human readable description of this mount. + */ public String getDescription() { return description; } - public void setDescription(String description) { - this.description = description; - } - + /** + * @return additional configuration details. + */ public Map getConfig() { return config; } - public void setConfig(Map config) { - this.config = config; + /** + * Builder to build a {@link VaultMount}. + */ + public static class VaultMountBuilder { + + private String type; + + private String description; + + private Map config; + + VaultMountBuilder() {} + + /** + * Configure the backend type. + * + * @param type the backend type, must not be empty or {@literal null}. + * @return {@literal this} {@link VaultMountBuilder}. + */ + public VaultMount.VaultMountBuilder type(String type) { + + Assert.hasText(type, "Type must not be empty or null"); + + this.type = type; + return this; + } + + /** + * Configure a human readable description of this mount. + * + * @param description a human readable description of this mount. + * @return {@literal this} {@link VaultMountBuilder}. + */ + public VaultMount.VaultMountBuilder description(String description) { + this.description = description; + return this; + } + + /** + * Set additional configuration details for this mount. + * + * @param config additional configuration details for this mount. + * @return {@literal this} {@link VaultMountBuilder}. + */ + public VaultMount.VaultMountBuilder config(Map config) { + this.config = config; + return this; + } + + /** + * Builds a new {@link VaultMount} instance. Requires {@link #type(String)} to be configured. + * + * @return a new {@link VaultMount}. + */ + public VaultMount build() { + + Assert.hasText(type, "Type must not be empty or null"); + + return new VaultMount(type, description, config); + } } } diff --git a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultSysTemplateIntegrationTests.java b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultSysTemplateIntegrationTests.java index 6a6c6919..49b3ef9f 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultSysTemplateIntegrationTests.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultSysTemplateIntegrationTests.java @@ -40,6 +40,7 @@ import org.springframework.vault.util.IntegrationTestSupport; public class VaultSysTemplateIntegrationTests extends IntegrationTestSupport { @Autowired private VaultOperations vaultOperations; + private VaultSysOperations adminOperations; @Before @@ -66,9 +67,9 @@ public class VaultSysTemplateIntegrationTests extends IntegrationTestSupport { adminOperations.unmount("other"); } - VaultMount mount = new VaultMount("generic"); - mount.setConfig(Collections.singletonMap("default_lease_ttl", (Object) "1h")); - mount.setDescription("hello, world"); + VaultMount mount = VaultMount.builder().type("generic") // + .config(Collections.singletonMap("default_lease_ttl", (Object) "1h")) // + .description("hello, world").build(); adminOperations.mount("other", mount); @@ -101,8 +102,7 @@ public class VaultSysTemplateIntegrationTests extends IntegrationTestSupport { adminOperations.authUnmount("other"); } - VaultMount mount = new VaultMount("userpass"); - mount.setDescription("hello, world"); + VaultMount mount = VaultMount.builder().type("userpass").description("hello, world").build(); adminOperations.authMount("other", mount); diff --git a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java index 00ff9f27..56424009 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTemplateTransitIntegrationTests.java @@ -47,7 +47,7 @@ public class VaultTemplateTransitIntegrationTests extends IntegrationTestSupport VaultSysOperations adminOperations = vaultOperations.opsForSys(); if (!adminOperations.getMounts().containsKey("transit/")) { - adminOperations.mount("transit", new VaultMount("transit")); + adminOperations.mount("transit", VaultMount.create("transit")); vaultOperations.write("transit/keys/mykey", null); vaultOperations.write("transit/keys/derived", Collections.singletonMap("derived", true)); diff --git a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java index e39cc12e..1b289064 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java @@ -48,7 +48,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport transitOperations = vaultOperations.opsForTransit(); if (!vaultOperations.opsForSys().getMounts().containsKey("transit/")) { - vaultOperations.opsForSys().mount("transit", new VaultMount("transit")); + vaultOperations.opsForSys().mount("transit", VaultMount.create("transit")); } try { diff --git a/spring-vault-core/src/test/java/org/springframework/vault/util/PrepareVault.java b/spring-vault-core/src/test/java/org/springframework/vault/util/PrepareVault.java index adcc8b7c..2c0ba45f 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/util/PrepareVault.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/util/PrepareVault.java @@ -29,11 +29,14 @@ import org.springframework.vault.support.VaultTokenResponse; import org.springframework.vault.support.VaultUnsealStatus; /** + * Vault preparation utility class. This class allows preparing Vault for integration tests. + * * @author Mark Paluch */ public class PrepareVault { private final VaultOperations vaultOperations; + private final VaultSysOperations adminOperations; public PrepareVault(VaultOperations vaultOperations) { @@ -105,7 +108,7 @@ public class PrepareVault { Assert.hasText(authBackend, "AuthBackend must not be empty"); - adminOperations.authMount(authBackend, new VaultMount(authBackend)); + adminOperations.authMount(authBackend, VaultMount.create(authBackend)); } /** @@ -130,7 +133,7 @@ public class PrepareVault { Assert.hasText(secretBackend, "SecretBackend must not be empty"); - adminOperations.mount(secretBackend, new VaultMount(secretBackend)); + adminOperations.mount(secretBackend, VaultMount.create(secretBackend)); } /** diff --git a/spring-vault-core/src/test/java/org/springframework/vault/util/VaultRule.java b/spring-vault-core/src/test/java/org/springframework/vault/util/VaultRule.java index 692d673a..69c514f2 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/util/VaultRule.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/util/VaultRule.java @@ -38,6 +38,7 @@ import org.springframework.vault.support.VaultToken; public class VaultRule extends ExternalResource { private final VaultEndpoint vaultEndpoint; + private final PrepareVault prepareVault; private VaultToken token;