de.stklcode.jvault.connector

Class HTTPVaultConnector

java.lang.Object

de.stklcode.jvault.connector.HTTPVaultConnector

All Implemented Interfaces:

VaultConnector, AutoCloseable

public class HTTPVaultConnector
extends Object
implements VaultConnector

Vault Connector implementatin using Vault's HTTP API.

Since:

0.1

Author:

Stefan Kalscheuer

Field Summary

Fields inherited from interface de.stklcode.jvault.connector.VaultConnector

PATH_SECRET

Constructor Summary

Constructors

Constructor and Description
HTTPVaultConnector(String baseURL) Create connector using full URL.
HTTPVaultConnector(String hostname, boolean useTLS) Create connector using hostname and schema.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port) Create connector using hostname, schema and port.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix) Create connector using hostname, schema, port and path.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix, SSLContext sslContext) Create connector using hostname, schema, port, path and trusted certificate.
HTTPVaultConnector(String hostname, boolean useTLS, Integer port, String prefix, SSLContext sslContext, int numberOfRetries, Integer timeout) Create connector using hostname, schema, port, path and trusted certificate.
HTTPVaultConnector(String baseURL, SSLContext sslContext) Create connector using full URL and trusted certificate.
HTTPVaultConnector(String baseURL, SSLContext sslContext, int numberOfRetries) Create connector using full URL and trusted certificate.
HTTPVaultConnector(String baseURL, SSLContext sslContext, int numberOfRetries, Integer timeout) Create connector using full URL and trusted certificate.

Method Summary

Modifier and Type	Method and Description
AuthResponse	authAppId(String appID, String userID) Deprecated.
AuthResponse	authAppRole(String roleID, String secretID) Authorize to Vault using AppRole method.
TokenResponse	authToken(String token) Authorize to Vault using token.
AuthResponse	authUserPass(String username, String password) Authorize to Vault using username and password.
void	close()
boolean	createAppRole(AppRole role) Register a new AppRole role from given metamodel.
AppRoleSecretResponse	createAppRoleSecret(String roleName, AppRoleSecret secret) Register new AppRole secret with custom ID.
AuthResponse	createToken(Token token) Create a new token.
AuthResponse	createToken(Token token, boolean orphan) Create a new token.
AuthResponse	createToken(Token token, String role) Create a new token for specific role.
void	delete(String key) Delete key from Vault.
boolean	deleteAppRole(String roleName) Delete AppRole role from Vault.
boolean	destroyAppRoleSecret(String roleName, String secretID) Destroy an AppRole secret.
String	getAppRoleID(String roleName) Retrieve ID for an AppRole role.
List<AuthBackend>	getAuthBackends() Get all availale authentication backends.
boolean	isAuthorized() Get authorization status.
List<String>	list(String path) List available nodes from Vault.
List<String>	listAppRoles() List existing (accessible) AppRole roles.
List<String>	listAppRoleSecrets(String roleName) List existing (accessible) secret IDs for AppRole role.
AppRoleResponse	lookupAppRole(String roleName) Lookup an AppRole role.
AppRoleSecretResponse	lookupAppRoleSecret(String roleName, String secretID) Lookup an AppRole secret.
TokenResponse	lookupToken(String token) Lookup token information.
SecretResponse	read(String key) Retrieve any nodes content from Vault.
boolean	registerAppId(String appID, String policy, String displayName) Deprecated.
boolean	registerUserId(String appID, String userID) Deprecated.
SecretResponse	renew(String leaseID, Integer increment) Renew lease with given ID.
void	resetAuth() Reset authorization information.
void	revoke(String leaseID) Revoke given lease immediately.
boolean	seal() Seal vault.
SealResponse	sealStatus() Retrieve status of vault seal.
boolean	setAppRoleID(String roleName, String roleID) Set custom ID for an AppRole role.
SealResponse	unseal(String key, Boolean reset) Unseal vault.
void	write(String key, Map<String,Object> data) Write value to Vault.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface de.stklcode.jvault.connector.VaultConnector

authAppRole, createAppRole, createAppRole, createAppRole, createAppRole, createAppRoleSecret, createAppRoleSecret, deleteSecret, listAppRoleSecretss, listSecrets, readDbCredentials, readMongoDbCredentials, readMsSqlCredentials, readMySqlCredentials, readPostgreSqlCredentials, readSecret, registerAppUserId, renew, unseal, write, writeSecret, writeSecret

Constructor Detail

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS)

Create connector using hostname and schema.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port)

Create connector using hostname, schema and port.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port,
                          String prefix)

Create connector using hostname, schema, port and path.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

prefix - HTTP API prefix (default: /v1/)

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port,
                          String prefix,
                          SSLContext sslContext)

Create connector using hostname, schema, port, path and trusted certificate.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

prefix - HTTP API prefix (default: /v1/)

sslContext - Custom SSL Context

HTTPVaultConnector

public HTTPVaultConnector(String hostname,
                          boolean useTLS,
                          Integer port,
                          String prefix,
                          SSLContext sslContext,
                          int numberOfRetries,
                          Integer timeout)

Create connector using hostname, schema, port, path and trusted certificate.

Parameters:

hostname - The hostname

useTLS - If TRUE, use HTTPS, otherwise HTTP

port - The port

prefix - HTTP API prefix (default: /v1/)

sslContext - Custom SSL Context

numberOfRetries - Number of retries on 5xx errors

timeout - Timeout for HTTP requests (milliseconds)

HTTPVaultConnector

public HTTPVaultConnector(String baseURL)

Create connector using full URL.

Parameters:

baseURL - The URL

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          SSLContext sslContext)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

sslContext - Custom SSL Context

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          SSLContext sslContext,
                          int numberOfRetries)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

sslContext - Custom SSL Context

numberOfRetries - Number of retries on 5xx errors

HTTPVaultConnector

public HTTPVaultConnector(String baseURL,
                          SSLContext sslContext,
                          int numberOfRetries,
                          Integer timeout)

Create connector using full URL and trusted certificate.

Parameters:

baseURL - The URL

sslContext - Custom SSL Context

numberOfRetries - Number of retries on 5xx errors

timeout - Timeout for HTTP requests (milliseconds)

Method Detail

resetAuth

public final void resetAuth()

Description copied from interface: VaultConnector

Reset authorization information.

Specified by:

resetAuth in interface VaultConnector

sealStatus

public final SealResponse sealStatus()

Description copied from interface: VaultConnector

Retrieve status of vault seal.

Specified by:

sealStatus in interface VaultConnector

Returns:

Seal status

seal

public final boolean seal()

Description copied from interface: VaultConnector

Seal vault.

Specified by:

seal in interface VaultConnector

Returns:

TRUE on success

unseal

public final SealResponse unseal(String key,
                                 Boolean reset)

Description copied from interface: VaultConnector

Unseal vault.

Specified by:

unseal in interface VaultConnector

Parameters:

key - A single master share key

reset - Discard previously provided keys (optional)

Returns:

TRUE on success

isAuthorized

public final boolean isAuthorized()

Description copied from interface: VaultConnector

Get authorization status.

Specified by:

isAuthorized in interface VaultConnector

Returns:

TRUE, if successfully authorized

getAuthBackends

public final List<AuthBackend> getAuthBackends()
                                        throws VaultConnectorException

Description copied from interface: VaultConnector

Get all availale authentication backends.

Specified by:

getAuthBackends in interface VaultConnector

Returns:

List of backends

Throws:

VaultConnectorException - on error

authToken

public final TokenResponse authToken(String token)
                              throws VaultConnectorException

Description copied from interface: VaultConnector

Authorize to Vault using token.

Specified by:

authToken in interface VaultConnector

Parameters:

token - The token

Returns:

Token response

Throws:

VaultConnectorException - on error

authUserPass

public final AuthResponse authUserPass(String username,
                                       String password)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Authorize to Vault using username and password.

Specified by:

authUserPass in interface VaultConnector

Parameters:

username - The username

password - The password

Returns:

Authorization result

Throws:

VaultConnectorException - on error

authAppId

@Deprecated
public final AuthResponse authAppId(String appID,
                                                String userID)
                                         throws VaultConnectorException

Deprecated.

Description copied from interface: VaultConnector

Authorize to Vault using AppID method.

Specified by:

authAppId in interface VaultConnector

Parameters:

appID - The App ID

userID - The User ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

authAppRole

public final AuthResponse authAppRole(String roleID,
                                      String secretID)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Authorize to Vault using AppRole method.

Specified by:

authAppRole in interface VaultConnector

Parameters:

roleID - The role ID

secretID - The secret ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

registerAppId

@Deprecated
public final boolean registerAppId(String appID,
                                               String policy,
                                               String displayName)
                                        throws VaultConnectorException

Deprecated.

Description copied from interface: VaultConnector

Register new App-ID with policy.

Specified by:

registerAppId in interface VaultConnector

Parameters:

appID - The unique App-ID

policy - The policy to associate with

displayName - Arbitrary name to display

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

registerUserId

@Deprecated
public final boolean registerUserId(String appID,
                                                String userID)
                                         throws VaultConnectorException

Deprecated.

Description copied from interface: VaultConnector

Register User-ID with App-ID.

Specified by:

registerUserId in interface VaultConnector

Parameters:

appID - The App-ID

userID - The User-ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

createAppRole

public final boolean createAppRole(AppRole role)
                            throws VaultConnectorException

Description copied from interface: VaultConnector

Register a new AppRole role from given metamodel.

Specified by:

createAppRole in interface VaultConnector

Parameters:

role - The role

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

lookupAppRole

public final AppRoleResponse lookupAppRole(String roleName)
                                    throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup an AppRole role.

Specified by:

lookupAppRole in interface VaultConnector

Parameters:

roleName - The role name

Returns:

Result of the lookup

Throws:

VaultConnectorException - on error

deleteAppRole

public final boolean deleteAppRole(String roleName)
                            throws VaultConnectorException

Description copied from interface: VaultConnector

Delete AppRole role from Vault.

Specified by:

deleteAppRole in interface VaultConnector

Parameters:

roleName - The role anme

Returns:

TRUE on succevss

Throws:

VaultConnectorException - on error

getAppRoleID

public final String getAppRoleID(String roleName)
                          throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve ID for an AppRole role.

Specified by:

getAppRoleID in interface VaultConnector

Parameters:

roleName - The role name

Returns:

The role ID

Throws:

VaultConnectorException - on error

setAppRoleID

public final boolean setAppRoleID(String roleName,
                                  String roleID)
                           throws VaultConnectorException

Description copied from interface: VaultConnector

Set custom ID for an AppRole role.

Specified by:

setAppRoleID in interface VaultConnector

Parameters:

roleName - The role name

roleID - The role ID

Returns:

TRUE on success

Throws:

VaultConnectorException - on error

createAppRoleSecret

public final AppRoleSecretResponse createAppRoleSecret(String roleName,
                                                       AppRoleSecret secret)
                                                throws VaultConnectorException

Description copied from interface: VaultConnector

Register new AppRole secret with custom ID.

Specified by:

createAppRoleSecret in interface VaultConnector

Parameters:

roleName - The role name

secret - The secret meta object

Returns:

The secret ID

Throws:

VaultConnectorException - on error

lookupAppRoleSecret

public final AppRoleSecretResponse lookupAppRoleSecret(String roleName,
                                                       String secretID)
                                                throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup an AppRole secret.

Specified by:

lookupAppRoleSecret in interface VaultConnector

Parameters:

roleName - The role name

secretID - The secret ID

Returns:

Result of the lookup

Throws:

VaultConnectorException - on error

destroyAppRoleSecret

public final boolean destroyAppRoleSecret(String roleName,
                                          String secretID)
                                   throws VaultConnectorException

Description copied from interface: VaultConnector

Destroy an AppRole secret.

Specified by:

destroyAppRoleSecret in interface VaultConnector

Parameters:

roleName - The role name

secretID - The secret meta object

Returns:

The secret ID

Throws:

VaultConnectorException - on error

listAppRoles

public final List<String> listAppRoles()
                                throws VaultConnectorException

Description copied from interface: VaultConnector

List existing (accessible) AppRole roles.

Specified by:

listAppRoles in interface VaultConnector

Returns:

List of roles

Throws:

VaultConnectorException - on error

listAppRoleSecrets

public final List<String> listAppRoleSecrets(String roleName)
                                      throws VaultConnectorException

Description copied from interface: VaultConnector

List existing (accessible) secret IDs for AppRole role.

Specified by:

listAppRoleSecrets in interface VaultConnector

Parameters:

roleName - The role name

Returns:

List of roles

Throws:

VaultConnectorException - on error

read

public final SecretResponse read(String key)
                          throws VaultConnectorException

Description copied from interface: VaultConnector

Retrieve any nodes content from Vault.

Specified by:

read in interface VaultConnector

Parameters:

key - Secret identifier

Returns:

Secret response

Throws:

VaultConnectorException - on error

list

public final List<String> list(String path)
                        throws VaultConnectorException

Description copied from interface: VaultConnector

List available nodes from Vault.

Specified by:

list in interface VaultConnector

Parameters:

path - Root path to search

Returns:

List of secret keys

Throws:

VaultConnectorException - on error

write

public final void write(String key,
                        Map<String,Object> data)
                 throws VaultConnectorException

Description copied from interface: VaultConnector

Write value to Vault.

Specified by:

write in interface VaultConnector

Parameters:

key - Secret path

data - Secret content. Value must be be JSON serializable.

Throws:

VaultConnectorException - on error

delete

public final void delete(String key)
                  throws VaultConnectorException

Description copied from interface: VaultConnector

Delete key from Vault.

Specified by:

delete in interface VaultConnector

Parameters:

key - Secret path

Throws:

VaultConnectorException - on error

revoke

public final void revoke(String leaseID)
                  throws VaultConnectorException

Description copied from interface: VaultConnector

Revoke given lease immediately.

Specified by:

revoke in interface VaultConnector

Parameters:

leaseID - the lease ID

Throws:

VaultConnectorException - on error

renew

public final SecretResponse renew(String leaseID,
                                  Integer increment)
                           throws VaultConnectorException

Description copied from interface: VaultConnector

Renew lease with given ID.

Specified by:

renew in interface VaultConnector

Parameters:

leaseID - the lase ID

increment - number of seconds to extend lease time

Returns:

Renewed lease

Throws:

VaultConnectorException - on error

createToken

public final AuthResponse createToken(Token token)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new token.

Specified by:

createToken in interface VaultConnector

Parameters:

token - the token

Returns:

the result response

Throws:

VaultConnectorException - on error

createToken

public final AuthResponse createToken(Token token,
                                      boolean orphan)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new token.

Specified by:

createToken in interface VaultConnector

Parameters:

token - the token

orphan - create orphan token

Returns:

the result response

Throws:

VaultConnectorException - on error

createToken

public final AuthResponse createToken(Token token,
                                      String role)
                               throws VaultConnectorException

Description copied from interface: VaultConnector

Create a new token for specific role.

Specified by:

createToken in interface VaultConnector

Parameters:

token - the token

role - the role name

Returns:

the result response

Throws:

VaultConnectorException - on error

close

public final void close()

Specified by:

close in interface AutoCloseable

lookupToken

public final TokenResponse lookupToken(String token)
                                throws VaultConnectorException

Description copied from interface: VaultConnector

Lookup token information.

Specified by:

lookupToken in interface VaultConnector

Parameters:

token - the token

Returns:

the result response

Throws:

VaultConnectorException - on error