diff --git a/README.md b/README.md index 14165bf..61c3e6d 100644 --- a/README.md +++ b/README.md @@ -117,7 +117,7 @@ Create the connector: AWSSecretManagerConnectorAsync connector = new AWSSecretManagerConnectorAsync(config); ``` -Get the secret in String: +Get the secret as String: ```java connector.getSecret("secretName") .doOnNext(System.out::println); @@ -184,7 +184,7 @@ Create the connector: GenericManagerAsync connector = configurator.getVaultClient(); ``` -Get the secret in String: +Get the secret as String: ```java connector.getSecret("my/secret/path") .doOnNext(System.out::println); @@ -198,6 +198,51 @@ connector.getSecret("my/database/credentials", DBCredentials.class) }) ``` +## Vault Sync + +```java +dependencies { + // Reactor Core is required! + implementation group: 'io.projectreactor', name: 'reactor-core', version: '3.4.17' + // vault-async dependency + implementation 'com.github.bancolombia:vault-sync:' +} +``` + +Define your configuration: +```java +// Example Config +VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .ssl(false) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") // for authentication with vault + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxx") // for authentication with vault + .build()) + .build(); +``` + +##### Configurations + +_Same as defined for Vault Async._ + +Create the connector: +```java +GenericManagerAsync connector = configurator.getVaultClient(); +``` + +Get the secret as String: +```java +String secret = connector.getSecret("my/secret/path"); +// ... continue your sync flow +``` +Get the secret deserialized: +```java +DBCredentials creds = connector.getSecret("my/database/credentials", + DBCredentials.class); +// ... continue your sync flow +``` ## Parameter Store Sync ```java @@ -263,7 +308,7 @@ Create the connector: AWSParameterStoreConnectorAsync connector = new AWSParameterStoreConnectorAsync(config); ``` -Get the secret in String: +Get the secret as String: ```java connector.getSecret("parameterName") .doOnNext(System.out::println); diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/K8sTokenReader.java b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/K8sTokenReader.java similarity index 95% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/K8sTokenReader.java rename to async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/K8sTokenReader.java index 6a78c7b..06cd45e 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/K8sTokenReader.java +++ b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/K8sTokenReader.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.auth; +package co.com.bancolombia.secretsmanager.connector; import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; import reactor.core.publisher.Mono; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultAuthenticator.java b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultAuthenticator.java index 7c94f53..9924825 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultAuthenticator.java +++ b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultAuthenticator.java @@ -2,11 +2,10 @@ import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; import co.com.bancolombia.secretsmanager.commons.utils.GsonUtils; -import co.com.bancolombia.secretsmanager.config.VaultSecretsManagerProperties; -import co.com.bancolombia.secretsmanager.connector.auth.AuthResponse; -import co.com.bancolombia.secretsmanager.connector.auth.K8sAuth; -import co.com.bancolombia.secretsmanager.connector.auth.K8sTokenReader; -import co.com.bancolombia.secretsmanager.connector.auth.RoleAuth; +import co.com.bancolombia.secretsmanager.vault.auth.AuthResponse; +import co.com.bancolombia.secretsmanager.vault.auth.K8sAuth; +import co.com.bancolombia.secretsmanager.vault.auth.RoleAuth; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; import com.github.benmanes.caffeine.cache.AsyncCache; import com.github.benmanes.caffeine.cache.Caffeine; import com.google.gson.Gson; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfigurator.java b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfigurator.java index 08b59b5..d45e97a 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfigurator.java +++ b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfigurator.java @@ -1,11 +1,10 @@ package co.com.bancolombia.secretsmanager.connector; import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; -import co.com.bancolombia.secretsmanager.config.VaultKeyStoreProperties; -import co.com.bancolombia.secretsmanager.config.VaultSecretsManagerProperties; -import co.com.bancolombia.secretsmanager.config.VaultTrustStoreProperties; -import co.com.bancolombia.secretsmanager.connector.auth.K8sTokenReader; -import co.com.bancolombia.secretsmanager.connector.ssl.SslConfig; +import co.com.bancolombia.secretsmanager.vault.config.VaultKeyStoreProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultTrustStoreProperties; +import co.com.bancolombia.secretsmanager.vault.ssl.SslConfig; import lombok.Builder; import java.net.http.HttpClient; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsync.java b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsync.java index e8c66c1..fc7f04b 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsync.java +++ b/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsync.java @@ -3,9 +3,9 @@ import co.com.bancolombia.secretsmanager.api.GenericManagerAsync; import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; import co.com.bancolombia.secretsmanager.commons.utils.GsonUtils; -import co.com.bancolombia.secretsmanager.config.VaultSecretsManagerProperties; -import co.com.bancolombia.secretsmanager.connector.auth.AuthResponse; -import co.com.bancolombia.secretsmanager.connector.secret.SecretResponse; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import co.com.bancolombia.secretsmanager.vault.secret.SecretResponse; +import co.com.bancolombia.secretsmanager.vault.auth.AuthResponse; import com.github.benmanes.caffeine.cache.AsyncCache; import com.github.benmanes.caffeine.cache.Caffeine; import reactor.core.publisher.Mono; diff --git a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/auth/K8sTokenReaderTest.java b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/K8sTokenReaderTest.java similarity index 90% rename from async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/auth/K8sTokenReaderTest.java rename to async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/K8sTokenReaderTest.java index a628c2c..de2683b 100644 --- a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/auth/K8sTokenReaderTest.java +++ b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/K8sTokenReaderTest.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.auth; +package co.com.bancolombia.secretsmanager.connector; import lombok.SneakyThrows; import org.junit.Test; diff --git a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaulAuthenticatorTest.java b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaulAuthenticatorTest.java index c679590..d857ccd 100644 --- a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaulAuthenticatorTest.java +++ b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaulAuthenticatorTest.java @@ -1,7 +1,6 @@ package co.com.bancolombia.secretsmanager.connector; -import co.com.bancolombia.secretsmanager.config.VaultSecretsManagerProperties; -import co.com.bancolombia.secretsmanager.connector.auth.K8sTokenReader; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; import lombok.SneakyThrows; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; diff --git a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfiguratorTest.java b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfiguratorTest.java index bb44b87..2a8e086 100644 --- a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfiguratorTest.java +++ b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretManagerConfiguratorTest.java @@ -1,9 +1,9 @@ package co.com.bancolombia.secretsmanager.connector; import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; -import co.com.bancolombia.secretsmanager.config.VaultKeyStoreProperties; -import co.com.bancolombia.secretsmanager.config.VaultSecretsManagerProperties; -import co.com.bancolombia.secretsmanager.config.VaultTrustStoreProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultKeyStoreProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultTrustStoreProperties; import lombok.SneakyThrows; import org.junit.Assert; import org.junit.Test; diff --git a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsyncTest.java b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsyncTest.java index 6d311b5..04a39ec 100644 --- a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsyncTest.java +++ b/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/connector/VaultSecretsManagerConnectorAsyncTest.java @@ -1,7 +1,7 @@ package co.com.bancolombia.secretsmanager.connector; -import co.com.bancolombia.secretsmanager.config.VaultSecretsManagerProperties; -import co.com.bancolombia.secretsmanager.connector.auth.AuthResponse; +import co.com.bancolombia.secretsmanager.vault.auth.AuthResponse; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; diff --git a/async/vault-async/vault-async.gradle b/async/vault-async/vault-async.gradle index c3be42a..1c9aa05 100644 --- a/async/vault-async/vault-async.gradle +++ b/async/vault-async/vault-async.gradle @@ -1,15 +1,15 @@ dependencies { api project(":secrets-manager-api") + api project(":vault-commons") implementation "io.projectreactor.addons:reactor-extra:${reactorExtraVersion}" implementation "io.projectreactor:reactor-core:${reactorCoreVersion}" implementation "com.google.code.gson:gson:${gsonVersion}" implementation "com.github.ben-manes.caffeine:caffeine:${cafeineVersion}" testImplementation "io.projectreactor:reactor-test:${reactorCoreVersion}" testImplementation("com.squareup.okhttp3:mockwebserver:4.9.3") - } ext { artifactId = 'vault-async' - artifactDescription = 'Secrets Manager' + artifactDescription = 'Secrets Manager async connector for Vault' } diff --git a/gradle.properties b/gradle.properties index f7752cb..6a2fb04 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,4 +1,4 @@ -version=4.3.1 +version=4.4.0 springBootVersion=3.2.1 reactorCoreVersion=3.6.1 reactorExtraVersion=3.5.1 diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/AuthResponse.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/AuthResponse.java similarity index 91% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/AuthResponse.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/AuthResponse.java index b8caa03..3d4ce13 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/AuthResponse.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/AuthResponse.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.auth; +package co.com.bancolombia.secretsmanager.vault.auth; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/K8sAuth.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/K8sAuth.java similarity index 80% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/K8sAuth.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/K8sAuth.java index cc13781..b3650ce 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/K8sAuth.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/K8sAuth.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.auth; +package co.com.bancolombia.secretsmanager.vault.auth; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/RoleAuth.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/RoleAuth.java similarity index 86% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/RoleAuth.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/RoleAuth.java index 52b579e..51ba930 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/auth/RoleAuth.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/auth/RoleAuth.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.auth; +package co.com.bancolombia.secretsmanager.vault.auth; import com.google.gson.annotations.SerializedName; import lombok.AllArgsConstructor; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/CacheProperties.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/CacheProperties.java similarity index 85% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/CacheProperties.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/CacheProperties.java index 52e863d..aa93888 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/CacheProperties.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/CacheProperties.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.config; +package co.com.bancolombia.secretsmanager.vault.config; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/HttpProperties.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/HttpProperties.java similarity index 83% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/HttpProperties.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/HttpProperties.java index ddafbed..e8cb7fe 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/HttpProperties.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/HttpProperties.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.config; +package co.com.bancolombia.secretsmanager.vault.config; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultKeyStoreProperties.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultKeyStoreProperties.java similarity index 94% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultKeyStoreProperties.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultKeyStoreProperties.java index 0bc809d..1644890 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultKeyStoreProperties.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultKeyStoreProperties.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.config; +package co.com.bancolombia.secretsmanager.vault.config; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultSecretsManagerProperties.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultSecretsManagerProperties.java similarity index 97% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultSecretsManagerProperties.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultSecretsManagerProperties.java index 594a67a..bdab1eb 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultSecretsManagerProperties.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultSecretsManagerProperties.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.config; +package co.com.bancolombia.secretsmanager.vault.config; import lombok.*; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultTrustStoreProperties.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultTrustStoreProperties.java similarity index 93% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultTrustStoreProperties.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultTrustStoreProperties.java index b60ed6c..8c0c45e 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/config/VaultTrustStoreProperties.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/config/VaultTrustStoreProperties.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.config; +package co.com.bancolombia.secretsmanager.vault.config; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/secret/SecretPayload.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/secret/SecretPayload.java similarity index 81% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/secret/SecretPayload.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/secret/SecretPayload.java index 89c5f08..a36fc31 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/secret/SecretPayload.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/secret/SecretPayload.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.secret; +package co.com.bancolombia.secretsmanager.vault.secret; import lombok.AllArgsConstructor; import lombok.Getter; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/secret/SecretResponse.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/secret/SecretResponse.java similarity index 88% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/secret/SecretResponse.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/secret/SecretResponse.java index 76e411e..8831be3 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/secret/SecretResponse.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/secret/SecretResponse.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.secret; +package co.com.bancolombia.secretsmanager.vault.secret; import com.google.gson.annotations.SerializedName; import lombok.AllArgsConstructor; diff --git a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/ssl/SslConfig.java b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/ssl/SslConfig.java similarity index 99% rename from async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/ssl/SslConfig.java rename to sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/ssl/SslConfig.java index 41ebf63..9a89e0c 100644 --- a/async/vault-async/src/main/java/co/com/bancolombia/secretsmanager/connector/ssl/SslConfig.java +++ b/sync/vault-commons/src/main/java/co/com/bancolombia/secretsmanager/vault/ssl/SslConfig.java @@ -1,4 +1,4 @@ -package co.com.bancolombia.secretsmanager.connector.ssl; +package co.com.bancolombia.secretsmanager.vault.ssl; import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; diff --git a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/ssl/SslConfigTest.java b/sync/vault-commons/src/test/java/co/com/bancolombia/secretsmanager/vault/ssl/SslConfigTest.java similarity index 97% rename from async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/ssl/SslConfigTest.java rename to sync/vault-commons/src/test/java/co/com/bancolombia/secretsmanager/vault/ssl/SslConfigTest.java index 1bcbce5..1f3e64d 100644 --- a/async/vault-async/src/test/java/co/com/bancolombia/secretsmanager/ssl/SslConfigTest.java +++ b/sync/vault-commons/src/test/java/co/com/bancolombia/secretsmanager/vault/ssl/SslConfigTest.java @@ -1,7 +1,7 @@ -package co.com.bancolombia.secretsmanager.ssl; +package co.com.bancolombia.secretsmanager.vault.ssl; import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; -import co.com.bancolombia.secretsmanager.connector.ssl.SslConfig; +import co.com.bancolombia.secretsmanager.vault.ssl.SslConfig; import lombok.SneakyThrows; import org.junit.Assert; import org.junit.Test; diff --git a/sync/vault-commons/src/test/resources/certificate.arm b/sync/vault-commons/src/test/resources/certificate.arm new file mode 100644 index 0000000..f1ad57f --- /dev/null +++ b/sync/vault-commons/src/test/resources/certificate.arm @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjACAQEwDQYJKoZIhvcNAQELBQAwajELMAkGA1UEBhMCQ08xDDAKBgNV +BAgMA0FOVDERMA8GA1UEBwwITUVERUxMSU4xEjAQBgNVBAoMCWxvY2FsaG9zdDES +MBAGA1UECwwJbG9jYWxob3N0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjMxMjIy +MDI1NzUxWhcNMjQwMzIxMDI1NzUxWjBqMQswCQYDVQQGEwJDTzEMMAoGA1UECAwD +QU5UMREwDwYDVQQHDAhNRURFTExJTjESMBAGA1UECgwJbG9jYWxob3N0MRIwEAYD +VQQLDAlsb2NhbGhvc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALlAo5u+D/fD+v5A4oXcF/14m15mYX+cx0svOKBD +dNigECPu4UghvmCia3pGFyRP72P1Cx3jye6ImLRCNL7JJFV7BuOiMk1OP+BkqAG0 +RNNt2okMsngkmHTyIHcBdu7QtNWewaZN7WRLa0cOgYMeKc1orftBNNfe7LpLtjuy +wqzrqi3qI2Y2xXdjTWUVySXzDfVSCnLS+mYNHF5XEkqZXwA4j+rJN9ipeWXxm78G +sft603a+u+f7PwvPHzMltHI7OxuaJpPC9KzUzgeJ9vzCMz/9Klmp/VrDjigqYMnW +j3EB5eh7iXamJslexDotHZ2q6pQOq2OAPOVwsExPWc/ILkMCAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEAplB1L6fxpoQN0ynZdfRaXblvwLjzjVZe0j+p120JIGp8nsDK +CwZvlu501j2y+yEZ4mUkNkbwe1U7bYd/KTexbsgrpzxfcqsPNGrs3te2k6m2Bkp1 +KS43rUKx9VvjIaYstx9akuCZmirTLWimCUOGTlsnqGLf5y806F+ifyHrBLkWa6ly +cZGnGitFS/PzCR3gjoO1CNIDFU5bLhAMGFdC6lr7aHLVctTI2Q9O42PVCBf169nP +10poZACmxQkuDvKVDRA6foNibTWbwHq2Ng//TORMdCts3BUf+cpXBX+zXj3qV3Nc +CPgnQwLaeotV1iBhzrt/TtWmZI2eGGNB8oL2qA== +-----END CERTIFICATE----- diff --git a/sync/vault-commons/src/test/resources/client_cert.pem b/sync/vault-commons/src/test/resources/client_cert.pem new file mode 100644 index 0000000..8fcdcdd --- /dev/null +++ b/sync/vault-commons/src/test/resources/client_cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTjCCAjagAwIBAgIEZYwSAzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJD +TzELMAkGA1UECAwCQU4xETAPBgNVBAcMCE1FREVMTElOMRIwEAYDVQQKDAlsb2Nh +bGhvc3QxEjAQBgNVBAsMCWxvY2FsaG9zdDESMBAGA1UEAwwJbG9jYWxob3N0MB4X +DTIzMTIyNzEyMDEwN1oXDTI0MTIyNjEyMDEwN1owaTELMAkGA1UEBhMCQ08xCzAJ +BgNVBAgMAkFOMREwDwYDVQQHDAhNRURFTExJTjESMBAGA1UECgwJbG9jYWxob3N0 +MRIwEAYDVQQLDAlsb2NhbGhvc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkh7JoVfFX20p0pqtRS8rRUl+70mpeu +32fGoN5pA1AdqTRZfOoGKoHnVhAG6C/5UoD5GOStKLVdsXVEtaWkBnyVAD3Imdj7 +450dU9+LATgSQYJbTL11OcZBizeiu6DfZmBtYWvmpPDIAPsZr6R+kcUIrzH3ZQjU +/BAfwCEmdQYwW7gWL456mTvefnMXcraoS4sOlBrH5FGXkb0ESIHuXMUsOrvg3cgN +8S9R7huZQTDCio605KZW3hjfngBSAFTKbxxNI8nt05i5Gd+PMjpTndBUT4xYPp8Y +igjL5IE0j9xY6IfvHqn/GD5GzYYIjjer2eCGmXfHDNtHAnA/wgdArEsCAwEAATAN +BgkqhkiG9w0BAQsFAAOCAQEAKUcvHUTOL+rNr4DvdS3N3PSvVsnldgcYoBGZH0nf +QtSWdbtLXfnhzgQPP+ndvL8ZWrYyZAv6+/fV7eQ569436nu+ebPz43JYiUsPReSg +qzcJn95JYJn1nW6CKBhkkFGmcDMidm6u0eSNKZdKc+vPdlQFcmqEXjEv7gMHmPrE +rCwXKvxQZ1DEFett56DFqJvnOTD0lBAGl6pyROqsF5JjJVUXgGcHGbXll3/CzgvK +803fOq4kgu/BNPxy/KyC6Ztz5Qgr+7/zFC52nyRJilWPOJwU64fHu+yHaR9sI6bn +NE3wY5gnwzKHWL2jotlFfSuoXNpBW11JSdzfDDH5GWhMDQ== +-----END CERTIFICATE----- diff --git a/sync/vault-commons/src/test/resources/keystore.jks b/sync/vault-commons/src/test/resources/keystore.jks new file mode 100644 index 0000000..3c5315f Binary files /dev/null and b/sync/vault-commons/src/test/resources/keystore.jks differ diff --git a/sync/vault-commons/src/test/resources/truststore.jks b/sync/vault-commons/src/test/resources/truststore.jks new file mode 100644 index 0000000..9b9bfbb Binary files /dev/null and b/sync/vault-commons/src/test/resources/truststore.jks differ diff --git a/sync/vault-commons/vault-commons.gradle b/sync/vault-commons/vault-commons.gradle new file mode 100644 index 0000000..22f0027 --- /dev/null +++ b/sync/vault-commons/vault-commons.gradle @@ -0,0 +1,9 @@ +dependencies { + api project(":secrets-manager-api") + implementation "com.google.code.gson:gson:${gsonVersion}" +} + +ext { + artifactId = 'vault-commons' + artifactDescription = 'Vault Secrets Manager base abstractions' +} diff --git a/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/K8sTokenReader.java b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/K8sTokenReader.java new file mode 100644 index 0000000..77dd3e4 --- /dev/null +++ b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/K8sTokenReader.java @@ -0,0 +1,33 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; + +public class K8sTokenReader { + + private final String tokenFile; + + public K8sTokenReader() { + this.tokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"; + } + + public K8sTokenReader(String tokenFile) { + this.tokenFile = tokenFile; + } + + /** + * Reads the kubernetes service account token from the file system + * @return the kubernetes service account token + */ + public String getKubernetesServiceAccountToken() throws SecretException { + try { + Path path = Paths.get(this.tokenFile); + return Files.readAllLines(path).get(0); + } catch (Exception e) { + throw new SecretException("Error reading kubernetes service account token: " + e.getMessage()); + } + } + +} diff --git a/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultAuthenticator.java b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultAuthenticator.java new file mode 100644 index 0000000..cbb2213 --- /dev/null +++ b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultAuthenticator.java @@ -0,0 +1,182 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.commons.utils.GsonUtils; +import co.com.bancolombia.secretsmanager.vault.auth.AuthResponse; +import co.com.bancolombia.secretsmanager.vault.auth.K8sAuth; +import co.com.bancolombia.secretsmanager.vault.auth.RoleAuth; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; +import com.google.gson.Gson; +import com.google.gson.JsonObject; +import com.google.gson.reflect.TypeToken; + +import java.io.IOException; +import java.lang.reflect.Type; +import java.net.URI; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.time.Duration; +import java.util.Map; +import java.util.concurrent.TimeUnit; +import java.util.logging.Logger; + +/** + * Class in charge of authenticating with vault + */ +public class VaultAuthenticator { + private final Logger logger = Logger.getLogger("connector.VaultAuthenticator"); + private static final String CONTENT_TYPE_HEADER = "Content-Type"; + + private static final String ERROR_TEMPLATE = "Error performing operation with vault: %s"; + + private final HttpClient httpClient; + private final VaultSecretsManagerProperties properties; + private final Cache cache; + private final K8sTokenReader k8sTokenReader; + private final Gson gson = new Gson(); + private final Type mapType = new TypeToken>() {}.getType(); + + public VaultAuthenticator(HttpClient httpClient, + VaultSecretsManagerProperties properties, + K8sTokenReader k8sTokenReader) { + this.httpClient = httpClient; + this.properties = properties; + this.k8sTokenReader = k8sTokenReader; + this.cache = initCache(); + } + + /** + * Performs the login process with vault. If a token is provided, it will be used. If not, it will try to log in + * with the role_id and secret_id. If not, it will try to log in with k8s. + * @return the authentication response with the client token. + */ + public AuthResponse login() throws SecretException { + AuthResponse response = useTokenIfProvided(); + if (response == null) { + response = loginWithRoleId(); + } + if (response == null) { + response = loginK8s(); + } + if (response != null) { + checkLeaseDurationAgainstCacheExpTime(response); + } else { + throw new SecretException("Could not perform login with vault. Please check your configuration"); + } + return response; + } + + private AuthResponse useTokenIfProvided() { + if (properties.isTokenProvided()) { + return AuthResponse.builder() + .clientToken(properties.getToken()) + .build(); + } + return null; + } + + private AuthResponse loginWithRoleId() throws SecretException { + AuthResponse response = null; + if (properties.isRoleCredentialsProvided()) { + response = cache.getIfPresent(properties.getRoleId()); + if (response == null) { + response = performLoginByRoleId(); + cache.put(properties.getRoleId(), response); + } + } + return response; + } + + private AuthResponse loginK8s() throws SecretException { + AuthResponse response = null; + if (properties.isRoleNameForK8sProvided()) { + response = cache.getIfPresent(properties.getVaultRoleForK8sAuth()); + if (response == null) { + response = performLoginWithK8s(); + cache.put(properties.getVaultRoleForK8sAuth(), response); + } + } + return response; + } + + private AuthResponse performLoginByRoleId() throws SecretException { + return doCallAuthApi( + HttpRequest.newBuilder() + .uri(URI.create(this.properties.buildUrl() + properties.getAppRoleAuthPath())) + .timeout(Duration.ofSeconds(5)) + .header(CONTENT_TYPE_HEADER, "application/json") + .POST(HttpRequest.BodyPublishers.ofString( + gson.toJson(RoleAuth.builder() + .roleId(properties.getRoleId()) + .secretId(properties.getSecretId()) + .build()) + )) + .build() + ); + } + + private AuthResponse performLoginWithK8s() throws SecretException { + String k8sToken = k8sTokenReader.getKubernetesServiceAccountToken(); + return doCallAuthApi( + HttpRequest.newBuilder() + .uri(URI.create(this.properties.buildUrl() + properties.getK8sAuthPath())) + .timeout(Duration.ofSeconds(5)) + .header(CONTENT_TYPE_HEADER, "application/json") + .POST(HttpRequest.BodyPublishers.ofString( + gson.toJson(K8sAuth.builder() + .jwt(k8sToken) + .role(properties.getVaultRoleForK8sAuth()) + .build()) + )) + .build() + ); + } + + private AuthResponse doCallAuthApi(HttpRequest request) throws SecretException { + try { + HttpResponse response = httpClient.send(request, HttpResponse.BodyHandlers.ofString()); + if (response.statusCode() != 200) { + throw new SecretException(String.format(ERROR_TEMPLATE, response.body())); + } + JsonObject bodyJson = GsonUtils.getInstance().stringToModel(response.body(), JsonObject.class); + JsonObject authPart = bodyJson.getAsJsonObject("auth"); + return AuthResponse.builder() + .clientToken(authPart.get("client_token").getAsString()) + .accessor(authPart.get("accessor").getAsString()) + .leaseDuration(authPart.get("lease_duration").getAsLong()) + .renewable(authPart.get("renewable").getAsBoolean()) + .metadata(gson.fromJson(authPart.get("metadata").toString(), mapType)) + .build(); + } catch (IOException e) { + throw new SecretException(String.format(ERROR_TEMPLATE, e.getMessage())); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + throw new SecretException(String.format(ERROR_TEMPLATE, e.getMessage())); + } + } + + private void checkLeaseDurationAgainstCacheExpTime(AuthResponse authResponse) { + if (!authResponse.isRenewable()) { + return; + } + var leaseInSeconds = authResponse.getLeaseDuration(); + var cacheExpTime = properties.getAuthCacheProperties().getExpireAfter(); + if (cacheExpTime > leaseInSeconds) { + logger.warning("The configured token cache expiration time is greater " + + "than the maximum lease duration of the token. Calling Vault operations using such token, " + + "will fail when the token expires. Adjust your cache expiration to be similar to vault's token" + + "lease duration!!!"); + } + } + + private Cache initCache() { + return Caffeine.newBuilder() + .maximumSize(properties.getAuthCacheProperties().getMaxSize()) + .expireAfterWrite(properties.getAuthCacheProperties().getExpireAfter(), TimeUnit.SECONDS) + .build(); + } + +} diff --git a/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretManagerConfigurator.java b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretManagerConfigurator.java new file mode 100644 index 0000000..b6e13d5 --- /dev/null +++ b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretManagerConfigurator.java @@ -0,0 +1,97 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.vault.config.VaultKeyStoreProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultTrustStoreProperties; +import co.com.bancolombia.secretsmanager.vault.ssl.SslConfig; +import lombok.Builder; + +import java.net.http.HttpClient; +import java.time.Duration; +import java.util.logging.Logger; + +/** + * This class is in charge of configuring the VaultSecretsManagerConnector + */ +@Builder(setterPrefix = "with", toBuilder = true) +public class VaultSecretManagerConfigurator { + + private static final Logger logger = Logger.getLogger("config.VaultSecretManagerConfigurator"); + private final VaultSecretsManagerProperties properties; + private final K8sTokenReader k8sTokenReader; + + /** + * This method is in charge of configuring the HttpClient + * @return HttpClient configured. + * @throws SecretException + */ + public HttpClient getHttpClient() throws SecretException { + HttpClient.Builder clientBuilder = HttpClient.newBuilder() + .followRedirects(HttpClient.Redirect.NORMAL) + .connectTimeout(Duration.ofSeconds(properties.getHttpProperties().getConnectionTimeout())); + if (properties.isSsl() || properties.getTrustStoreProperties() != null || properties.getKeyStoreProperties() != null) { + clientBuilder = clientBuilder.sslContext(buildSslConfig().getSslContext()); + } + return clientBuilder.build(); + } + + /** + * This method is in charge of configuring the VaultAuthenticator + * @return the VaultAuthenticator configured. + * @throws SecretException + */ + public VaultAuthenticator getVaultAuthenticator() throws SecretException { + return new VaultAuthenticator(getHttpClient(), properties, + k8sTokenReader != null? k8sTokenReader : new K8sTokenReader()); + } + + /** + * This method is in charge of configuring the VaultSecretsManagerConnector + * @return the VaultSecretsManagerConnector configured. + * @throws SecretException + */ + public VaultSecretsManagerConnectorSync getVaultClient() throws SecretException { + HttpClient httpClient = getHttpClient(); + return new VaultSecretsManagerConnectorSync(httpClient, + getVaultAuthenticator(), + properties); + } + + private SslConfig buildSslConfig() throws SecretException { + SslConfig sslConfig = new SslConfig(); + if (properties.getTrustStoreProperties() != null) { + setTrustConfiguration(sslConfig, properties.getTrustStoreProperties()); + } + if (properties.getKeyStoreProperties() != null) { + setKeystoreConfiguration(sslConfig, properties.getKeyStoreProperties()); + } + return sslConfig.build(); + } + + private SslConfig setTrustConfiguration(SslConfig sslConfig, + VaultTrustStoreProperties trustStoreProperties) throws SecretException { + if (trustStoreProperties.getTrustStoreJksFile() != null) { + sslConfig.trustStoreFile(trustStoreProperties.getTrustStoreJksFile()); + } else if (trustStoreProperties.getPemFile() != null) { + sslConfig.pemFile(trustStoreProperties.getPemFile()); + } else { + throw new SecretException("VaultTrustStoreProperties was set, but no trust store file or pem resource provided"); + } + return sslConfig; + } + + private SslConfig setKeystoreConfiguration(SslConfig sslConfig, + VaultKeyStoreProperties keyStoreProperties) throws SecretException { + if (keyStoreProperties.getKeyStoreFile() != null) { + sslConfig.keyStoreFile(keyStoreProperties.getKeyStoreFile(), + keyStoreProperties.getKeyStorePassword()); + } else if (keyStoreProperties.getClientPem() != null && keyStoreProperties.getClientKeyPem() != null) { + sslConfig.clientPemFile(keyStoreProperties.getClientPem()); + sslConfig.clientKeyPemFile(keyStoreProperties.getClientKeyPem()); + } else { + throw new SecretException("VaultKeyStoreProperties was set, but no key store file or pem resources provided"); + } + return sslConfig; + } +} diff --git a/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretsManagerConnectorSync.java b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretsManagerConnectorSync.java new file mode 100644 index 0000000..146f226 --- /dev/null +++ b/sync/vault-sync/src/main/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretsManagerConnectorSync.java @@ -0,0 +1,102 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.GenericManager; +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.commons.utils.GsonUtils; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import co.com.bancolombia.secretsmanager.vault.secret.SecretResponse; +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; + +import java.io.IOException; +import java.net.URI; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.time.Duration; +import java.util.concurrent.TimeUnit; +import java.util.logging.Logger; + +/** + * Connector to Vault Secrets Manager for reading secrets. + */ +public class VaultSecretsManagerConnectorSync implements GenericManager { + + private static final Logger logger = Logger.getLogger("connector.VaultSecretsManagerConnectorSync"); + private static final String CONTENT_TYPE_HEADER = "Content-Type"; + private static final String AUTH_HEADER = "X-Vault-Token"; + private static final String ERROR_TEMPLATE = "Error performing operation with vault: %s"; + + + private final HttpClient httpClient; + private final VaultSecretsManagerProperties properties; + private final VaultAuthenticator vaultAuthenticator; + private final Cache cache; + + public VaultSecretsManagerConnectorSync(HttpClient httpClient, + VaultAuthenticator vaultAuthenticator, + VaultSecretsManagerProperties properties) { + this.httpClient = httpClient; + this.properties = properties; + this.vaultAuthenticator = vaultAuthenticator; + this.cache = initCache(); + } + + @Override + public String getSecret(String secretName) throws SecretException { + String secret = cache.getIfPresent(secretName); + if (secret == null) { + secret = getSecretValue(secretName); + cache.put(secretName, secret); + } + return secret; + } + + private String getSecretValue(String secretName) throws SecretException { + HttpRequest request = HttpRequest.newBuilder() + .uri(URI.create(this.properties.buildUrl() + + properties.getBaseSecrets() + secretName)) + .timeout(Duration.ofSeconds(5)) + .header(CONTENT_TYPE_HEADER, "application/json") + .header(AUTH_HEADER, getToken()) + .GET() + .build(); + try { + HttpResponse httpResponse = httpClient.send(request, HttpResponse.BodyHandlers.ofString()); + if (httpResponse.statusCode() != 200) { + throw new SecretException(httpResponse.body()); + } else { + SecretResponse secretResponse = GsonUtils.getInstance().stringToModel(httpResponse.body(), + SecretResponse.class); + return GsonUtils.getInstance().modelToString(secretResponse.getData().getData()); + } + } catch (IOException e) { + throw new SecretException(String.format(ERROR_TEMPLATE, e.getMessage())); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + throw new SecretException(String.format(ERROR_TEMPLATE, e.getMessage())); + } + } + + private String getToken() { + try { + return vaultAuthenticator.login().getClientToken(); + } catch (SecretException e) { + logger.severe("Error retrieving token from vault: " + e.getMessage()); + return ""; + } + } + + @Override + public T getSecret(String secretName, Class cls) throws SecretException { + return GsonUtils.getInstance().stringToModel(this.getSecret(secretName), cls); + } + + private Cache initCache() { + return Caffeine.newBuilder() + .maximumSize(properties.getSecretsCacheProperties().getMaxSize()) + .expireAfterWrite(properties.getSecretsCacheProperties().getExpireAfter(), TimeUnit.SECONDS) + .build(); + } + +} diff --git a/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/K8sTokenReaderTest.java b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/K8sTokenReaderTest.java new file mode 100644 index 0000000..4b68808 --- /dev/null +++ b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/K8sTokenReaderTest.java @@ -0,0 +1,29 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.vaultsync.connector.K8sTokenReader; +import lombok.SneakyThrows; +import org.junit.Test; + +import static org.junit.Assert.assertThrows; + +public class K8sTokenReaderTest { + + @SneakyThrows + @Test + public void testReadToken() { + assertThrows(SecretException.class, () -> { + new K8sTokenReader().getKubernetesServiceAccountToken(); + }); + } + + @SneakyThrows + @Test + public void testReadTokenWithPath() { + assertThrows(SecretException.class, () -> { + new K8sTokenReader("/tmp/file").getKubernetesServiceAccountToken(); + }); + } + + +} diff --git a/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaulAuthenticatorTest.java b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaulAuthenticatorTest.java new file mode 100644 index 0000000..8198da3 --- /dev/null +++ b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaulAuthenticatorTest.java @@ -0,0 +1,187 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.vault.auth.AuthResponse; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import lombok.SneakyThrows; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mockito; +import org.mockito.junit.MockitoJUnitRunner; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class VaulAuthenticatorTest { + + @SneakyThrows + @Test + public void testAuthenticateWithRoleIdAndSecretId() { + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setBody(buildSuccessAuthResponse()); + server.enqueue(response); + server.start(); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(server.getPort()) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxxx") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + VaultAuthenticator vaultAuthenticator = configurator.getVaultAuthenticator(); + + AuthResponse authResponse = vaultAuthenticator.login(); + assertNotNull(authResponse); + assertEquals("hvs.dummytoken", authResponse.getClientToken()); + + assertEquals("/v1/auth/approle/login", server.takeRequest().getPath()); + + server.shutdown(); + } + + @SneakyThrows + @Test + public void testAuthenticateWithK8s() { + + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setBody(buildSuccessAuthResponse()); + server.enqueue(response); + server.start(); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(server.getPort()) + .token(null) + .vaultRoleForK8sAuth("xxxxxxxxxx") + .build(); + + K8sTokenReader k8sTokenReaderMock = Mockito.mock(K8sTokenReader.class); + when(k8sTokenReaderMock.getKubernetesServiceAccountToken()).thenReturn("ey..."); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .withK8sTokenReader(k8sTokenReaderMock) + .build(); + + VaultAuthenticator vaultAuthenticator = configurator.getVaultAuthenticator(); + + AuthResponse authResponse = vaultAuthenticator.login(); + assertNotNull(authResponse); + assertEquals("hvs.dummytoken", authResponse.getClientToken()); + + assertEquals("/v1/auth/kubernetes/login", server.takeRequest().getPath()); + + server.shutdown(); + } + + @SneakyThrows + @Test + public void testHandleNoCredentials() { + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(2020) + .token(null) + .roleId(null) + .secretId(null) + .vaultRoleForK8sAuth(null) + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + VaultAuthenticator vaultAuthenticator = configurator.getVaultAuthenticator(); + + Assert.assertThrows("Could not perform login with vault. Please check your configuration", + SecretException.class, + vaultAuthenticator::login); + + } + + @SneakyThrows + @Test + public void testHandleFailedAuth() { + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setResponseCode(400) + .setBody("{\n" + + " \"errors\": [\n" + + " \"invalid role or secret ID\"\n" + + " ]\n" + + "}"); + server.enqueue(response); + server.start(); + + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .token(null) + .host("localhost") + .port(server.getPort()) + .roleId("xxxx") + .secretId("yyyy") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + VaultAuthenticator vaultAuthenticator = configurator.getVaultAuthenticator(); + + Assert.assertThrows("invalid role or secret ID", + SecretException.class, + vaultAuthenticator::login); + + assertEquals("/v1/auth/approle/login", server.takeRequest().getPath()); + server.shutdown(); + } + + private String buildSuccessAuthResponse() { + return "{\n" + + " \"request_id\": \"260fa017-e8e1-e3b5-a194-5ebe86e53275\",\n" + + " \"lease_id\": \"\",\n" + + " \"renewable\": false,\n" + + " \"lease_duration\": 0,\n" + + " \"data\": null,\n" + + " \"wrap_info\": null,\n" + + " \"warnings\": null,\n" + + " \"auth\": {\n" + + " \"client_token\": \"hvs.dummytoken\",\n" + + " \"accessor\": \"accessor.dummy\",\n" + + " \"policies\": [\n" + + " \"default\"\n" + + " ],\n" + + " \"token_policies\": [\n" + + " \"default\"\n" + + " ],\n" + + " \"metadata\": {\n" + + " \"role_name\": \"my-role\"\n" + + " },\n" + + " \"lease_duration\": 600,\n" + + " \"renewable\": true,\n" + + " \"entity_id\": \"656855e4-82b7-b874-6da7-ce2dff19711e\",\n" + + " \"token_type\": \"service\",\n" + + " \"orphan\": true,\n" + + " \"mfa_requirement\": null,\n" + + " \"num_uses\": 0\n" + + " }\n" + + "}"; + } +} diff --git a/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretManagerConfiguratorTest.java b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretManagerConfiguratorTest.java new file mode 100644 index 0000000..f74a273 --- /dev/null +++ b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretManagerConfiguratorTest.java @@ -0,0 +1,171 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.vault.config.VaultKeyStoreProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import co.com.bancolombia.secretsmanager.vault.config.VaultTrustStoreProperties; +import lombok.SneakyThrows; +import org.junit.Assert; +import org.junit.Test; + +import java.io.File; +import java.net.URI; +import java.net.http.HttpClient; + +public class VaultSecretManagerConfiguratorTest { + + @SneakyThrows + @Test + public void testHttpClientGeneration() { + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .build(); + + HttpClient client = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getHttpClient(); + + Assert.assertNotNull(client); + } + + @SneakyThrows + @Test + public void testVaultClientGeneration() { + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .build(); + + VaultSecretsManagerConnectorSync client = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getVaultClient(); + + Assert.assertNotNull(client); + } + + @SneakyThrows + @Test + public void testClientGenerationWithKeyStore() { + URI keyStoreUri = getClass().getClassLoader().getResource("keystore.jks").toURI(); + File keyStoreFile = new File(keyStoreUri); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .keyStoreProperties(VaultKeyStoreProperties.builder() + .keyStoreFile(keyStoreFile) + .keyStorePassword("changeit") + .build() + ) + .build(); + + HttpClient client = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getHttpClient(); + + Assert.assertNotNull(client); + } + + @SneakyThrows + @Test + public void testClientGenerationWithKeyStoreNoValues() { + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .keyStoreProperties(VaultKeyStoreProperties.builder() + .build() + ) + .build(); + + Assert.assertThrows(SecretException.class, () -> VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getHttpClient()); + + } + + @SneakyThrows + @Test + public void testClientGenerationWithTrustStore() { + URI storeUri = getClass().getClassLoader().getResource("truststore.jks").toURI(); + File storeFile = new File(storeUri); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .trustStoreProperties(VaultTrustStoreProperties.builder() + .trustStoreJksFile(storeFile) + .build() + ) + .build(); + + HttpClient client = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getHttpClient(); + + Assert.assertNotNull(client); + } + + @SneakyThrows + @Test + public void testClientGenerationWithTrustPem() { + URI pemUri = getClass().getClassLoader().getResource("certificate.arm").toURI(); + File pemFile = new File(pemUri); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .trustStoreProperties(VaultTrustStoreProperties.builder() + .pemFile(pemFile) + .build() + ) + .build(); + + HttpClient client = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getHttpClient(); + + Assert.assertNotNull(client); + } + + @SneakyThrows + @Test + public void testClientGenerationWithTrustNoValues() { + URI pemUri = getClass().getClassLoader().getResource("certificate.arm").toURI(); + File pemFile = new File(pemUri); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .roleId("x") + .secretId("y") + .trustStoreProperties(VaultTrustStoreProperties.builder() + .build() + ) + .build(); + + Assert.assertThrows(SecretException.class, () -> VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build() + .getHttpClient()); + } + +} diff --git a/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretsManagerConnectorSyncTest.java b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretsManagerConnectorSyncTest.java new file mode 100644 index 0000000..9adcc17 --- /dev/null +++ b/sync/vault-sync/src/test/java/co/com/bancolombia/secretsmanager/vaultsync/connector/VaultSecretsManagerConnectorSyncTest.java @@ -0,0 +1,296 @@ +package co.com.bancolombia.secretsmanager.vaultsync.connector; + +import co.com.bancolombia.secretsmanager.api.exceptions.SecretException; +import co.com.bancolombia.secretsmanager.vault.auth.AuthResponse; +import co.com.bancolombia.secretsmanager.vault.config.VaultSecretsManagerProperties; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.SneakyThrows; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.MockitoJUnitRunner; + +import java.io.IOException; +import java.net.http.HttpClient; + +import static org.junit.Assert.*; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class VaultSecretsManagerConnectorSyncTest { + + @Mock + VaultAuthenticator authenticator; + + @SneakyThrows + @Test + public void testGetSecretContent() { + + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setResponseCode(200) + .setBody(secretPayload()); + server.enqueue(response); + server.start(); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(server.getPort()) + .ssl(false) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxx") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + HttpClient httpClient = configurator.getHttpClient(); + + when(authenticator.login()).thenReturn(AuthResponse.builder().clientToken("hvs.dummy").build()); + + VaultSecretsManagerConnectorSync vaultSecretsManagerConnectorSync = + new VaultSecretsManagerConnectorSync(httpClient, authenticator, properties); + + String secret = vaultSecretsManagerConnectorSync.getSecret("/path1/foo/bar"); + assertNotNull(secret); + assertTrue(secret.contains("password") + && secret.contains("secret") + && secret.contains("port") + && secret.contains("1234") + && secret.contains("host") + && secret.contains("localhost") + && secret.contains("user") + && secret.contains("jhon")); + + assertEquals("/v1/kv/data//path1/foo/bar", server.takeRequest().getPath()); + + server.shutdown(); + } + + @SneakyThrows + @Test + public void testUnsuccessfulGetSecretContent() { + + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setResponseCode(400) + .setBody("Bad Request"); + server.enqueue(response); + server.start(); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(server.getPort()) + .ssl(false) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxx") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + HttpClient httpClient = configurator.getHttpClient(); + + when(authenticator.login()).thenThrow(new SecretException("Dummy Exception")); + + VaultSecretsManagerConnectorSync vaultSecretsManagerConnectorSync = + new VaultSecretsManagerConnectorSync(httpClient, authenticator, properties); + + Assert.assertThrows(SecretException.class, + () -> vaultSecretsManagerConnectorSync.getSecret("/path1/foo/bar")); + + assertEquals("/v1/kv/data//path1/foo/bar", server.takeRequest().getPath()); + + server.shutdown(); + } + + @SneakyThrows + @Test + public void testHandleIOException() { + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .ssl(false) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxx") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + HttpClient httpClient = Mockito.mock(HttpClient.class); + when(httpClient.send(Mockito.any(), Mockito.any())).thenThrow(new IOException("Dummy IO Exception")); + when(authenticator.login()).thenReturn(AuthResponse.builder().clientToken("hvs.dummy").build()); + + VaultSecretsManagerConnectorSync vaultSecretsManagerConnectorSync = + new VaultSecretsManagerConnectorSync(httpClient, authenticator, properties); + + Assert.assertThrows(SecretException.class, + () -> vaultSecretsManagerConnectorSync.getSecret("/path1/foo/bar")); + + } + + @SneakyThrows + @Test + public void testHandleInterruptedException() { + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(8200) + .ssl(false) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxx") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + HttpClient httpClient = Mockito.mock(HttpClient.class); + when(httpClient.send(Mockito.any(), Mockito.any())).thenThrow(new InterruptedException("Dummy Interrupted Exception")); + when(authenticator.login()).thenReturn(AuthResponse.builder().clientToken("hvs.dummy").build()); + + VaultSecretsManagerConnectorSync vaultSecretsManagerConnectorSync = + new VaultSecretsManagerConnectorSync(httpClient, authenticator, properties); + + Assert.assertThrows(SecretException.class, + () -> vaultSecretsManagerConnectorSync.getSecret("/path1/foo/bar")); + + } + + @SneakyThrows + @Test + public void testGetSecretContentNoAuthUseTokenProvided() { + + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setResponseCode(200) + .setBody(secretPayload()); + server.enqueue(response); + server.start(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(VaultSecretsManagerProperties.builder() + .host("localhost") + .port(server.getPort()) + .ssl(false) + .token("shv.xxxxxxxxxx") + .build()) + .build(); + + VaultSecretsManagerConnectorSync vaultSecretsManagerConnectorSync = + configurator.getVaultClient(); + + String secret = vaultSecretsManagerConnectorSync.getSecret("/path1/foo/bar"); + assertNotNull(secret); + assertTrue(secret.contains("password") + && secret.contains("secret") + && secret.contains("port") + && secret.contains("1234") + && secret.contains("host") + && secret.contains("localhost") + && secret.contains("user") + && secret.contains("jhon")); + + assertEquals("/v1/kv/data//path1/foo/bar", server.takeRequest().getPath()); + + server.shutdown(); + } + + @SneakyThrows + @Test + public void testGetSecretPojo() { + + MockWebServer server = new MockWebServer(); + + MockResponse response = new MockResponse() + .addHeader("Content-Type", "application/json") + .setResponseCode(200) + .setBody(secretPayload()); + server.enqueue(response); + server.start(); + + VaultSecretsManagerProperties properties = VaultSecretsManagerProperties.builder() + .host("localhost") + .port(server.getPort()) + .ssl(false) + .roleId("65903d42-6dd4-2aa3-6a61-xxxxxxxxxx") + .secretId("0cce6d0b-e756-c12e-9729-xxxxxxxxx") + .build(); + + VaultSecretManagerConfigurator configurator = VaultSecretManagerConfigurator.builder() + .withProperties(properties) + .build(); + + HttpClient httpClient = configurator.getHttpClient(); + + when(authenticator.login()).thenReturn(AuthResponse.builder().clientToken("hvs.dummy").build()); + + VaultSecretsManagerConnectorSync vaultSecretsManagerConnectorSync = + new VaultSecretsManagerConnectorSync(httpClient, authenticator, properties); + + SamplePojo pojo = vaultSecretsManagerConnectorSync.getSecret("/path1/foo/bar", SamplePojo.class); + assertNotNull(pojo); + assertTrue(pojo.getUser().equals("jhon") + && pojo.getHost().equals("localhost") + && pojo.getPort().equals("1234") + && pojo.getPassword().equals("secret")); + + assertEquals("/v1/kv/data//path1/foo/bar", server.takeRequest().getPath()); + + server.shutdown(); + } + + private String secretPayload() { + return "{\n" + + " \"request_id\": \"0bdf4c9c-1d24-bbc8-e281-1a09197a87d2\",\n" + + " \"lease_id\": \"\",\n" + + " \"renewable\": false,\n" + + " \"lease_duration\": 0,\n" + + " \"data\": {\n" + + " \"data\": {\n" + + " \"host\": \"localhost\",\n" + + " \"password\": \"secret\",\n" + + " \"port\": \"1234\",\n" + + " \"user\": \"jhon\"\n" + + " },\n" + + " \"metadata\": {\n" + + " \"created_time\": \"2023-12-22T03:04:59.26619441Z\",\n" + + " \"custom_metadata\": null,\n" + + " \"deletion_time\": \"\",\n" + + " \"destroyed\": false,\n" + + " \"version\": 1\n" + + " }\n" + + " },\n" + + " \"wrap_info\": null,\n" + + " \"warnings\": null,\n" + + " \"auth\": null\n" + + "}"; + } + + @Getter + @AllArgsConstructor + @NoArgsConstructor + private static class SamplePojo { + private String password; + private String host; + private String user; + private String port; + } +} diff --git a/sync/vault-sync/src/test/resources/certificate.arm b/sync/vault-sync/src/test/resources/certificate.arm new file mode 100644 index 0000000..f1ad57f --- /dev/null +++ b/sync/vault-sync/src/test/resources/certificate.arm @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjACAQEwDQYJKoZIhvcNAQELBQAwajELMAkGA1UEBhMCQ08xDDAKBgNV +BAgMA0FOVDERMA8GA1UEBwwITUVERUxMSU4xEjAQBgNVBAoMCWxvY2FsaG9zdDES +MBAGA1UECwwJbG9jYWxob3N0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjMxMjIy +MDI1NzUxWhcNMjQwMzIxMDI1NzUxWjBqMQswCQYDVQQGEwJDTzEMMAoGA1UECAwD +QU5UMREwDwYDVQQHDAhNRURFTExJTjESMBAGA1UECgwJbG9jYWxob3N0MRIwEAYD +VQQLDAlsb2NhbGhvc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALlAo5u+D/fD+v5A4oXcF/14m15mYX+cx0svOKBD +dNigECPu4UghvmCia3pGFyRP72P1Cx3jye6ImLRCNL7JJFV7BuOiMk1OP+BkqAG0 +RNNt2okMsngkmHTyIHcBdu7QtNWewaZN7WRLa0cOgYMeKc1orftBNNfe7LpLtjuy +wqzrqi3qI2Y2xXdjTWUVySXzDfVSCnLS+mYNHF5XEkqZXwA4j+rJN9ipeWXxm78G +sft603a+u+f7PwvPHzMltHI7OxuaJpPC9KzUzgeJ9vzCMz/9Klmp/VrDjigqYMnW +j3EB5eh7iXamJslexDotHZ2q6pQOq2OAPOVwsExPWc/ILkMCAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEAplB1L6fxpoQN0ynZdfRaXblvwLjzjVZe0j+p120JIGp8nsDK +CwZvlu501j2y+yEZ4mUkNkbwe1U7bYd/KTexbsgrpzxfcqsPNGrs3te2k6m2Bkp1 +KS43rUKx9VvjIaYstx9akuCZmirTLWimCUOGTlsnqGLf5y806F+ifyHrBLkWa6ly +cZGnGitFS/PzCR3gjoO1CNIDFU5bLhAMGFdC6lr7aHLVctTI2Q9O42PVCBf169nP +10poZACmxQkuDvKVDRA6foNibTWbwHq2Ng//TORMdCts3BUf+cpXBX+zXj3qV3Nc +CPgnQwLaeotV1iBhzrt/TtWmZI2eGGNB8oL2qA== +-----END CERTIFICATE----- diff --git a/sync/vault-sync/src/test/resources/client_cert.pem b/sync/vault-sync/src/test/resources/client_cert.pem new file mode 100644 index 0000000..8fcdcdd --- /dev/null +++ b/sync/vault-sync/src/test/resources/client_cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTjCCAjagAwIBAgIEZYwSAzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJD +TzELMAkGA1UECAwCQU4xETAPBgNVBAcMCE1FREVMTElOMRIwEAYDVQQKDAlsb2Nh +bGhvc3QxEjAQBgNVBAsMCWxvY2FsaG9zdDESMBAGA1UEAwwJbG9jYWxob3N0MB4X +DTIzMTIyNzEyMDEwN1oXDTI0MTIyNjEyMDEwN1owaTELMAkGA1UEBhMCQ08xCzAJ +BgNVBAgMAkFOMREwDwYDVQQHDAhNRURFTExJTjESMBAGA1UECgwJbG9jYWxob3N0 +MRIwEAYDVQQLDAlsb2NhbGhvc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkh7JoVfFX20p0pqtRS8rRUl+70mpeu +32fGoN5pA1AdqTRZfOoGKoHnVhAG6C/5UoD5GOStKLVdsXVEtaWkBnyVAD3Imdj7 +450dU9+LATgSQYJbTL11OcZBizeiu6DfZmBtYWvmpPDIAPsZr6R+kcUIrzH3ZQjU +/BAfwCEmdQYwW7gWL456mTvefnMXcraoS4sOlBrH5FGXkb0ESIHuXMUsOrvg3cgN +8S9R7huZQTDCio605KZW3hjfngBSAFTKbxxNI8nt05i5Gd+PMjpTndBUT4xYPp8Y +igjL5IE0j9xY6IfvHqn/GD5GzYYIjjer2eCGmXfHDNtHAnA/wgdArEsCAwEAATAN +BgkqhkiG9w0BAQsFAAOCAQEAKUcvHUTOL+rNr4DvdS3N3PSvVsnldgcYoBGZH0nf +QtSWdbtLXfnhzgQPP+ndvL8ZWrYyZAv6+/fV7eQ569436nu+ebPz43JYiUsPReSg +qzcJn95JYJn1nW6CKBhkkFGmcDMidm6u0eSNKZdKc+vPdlQFcmqEXjEv7gMHmPrE +rCwXKvxQZ1DEFett56DFqJvnOTD0lBAGl6pyROqsF5JjJVUXgGcHGbXll3/CzgvK +803fOq4kgu/BNPxy/KyC6Ztz5Qgr+7/zFC52nyRJilWPOJwU64fHu+yHaR9sI6bn +NE3wY5gnwzKHWL2jotlFfSuoXNpBW11JSdzfDDH5GWhMDQ== +-----END CERTIFICATE----- diff --git a/sync/vault-sync/src/test/resources/keystore.jks b/sync/vault-sync/src/test/resources/keystore.jks new file mode 100644 index 0000000..3c5315f Binary files /dev/null and b/sync/vault-sync/src/test/resources/keystore.jks differ diff --git a/sync/vault-sync/src/test/resources/truststore.jks b/sync/vault-sync/src/test/resources/truststore.jks new file mode 100644 index 0000000..9b9bfbb Binary files /dev/null and b/sync/vault-sync/src/test/resources/truststore.jks differ diff --git a/sync/vault-sync/vault-sync.gradle b/sync/vault-sync/vault-sync.gradle new file mode 100644 index 0000000..5e90d0e --- /dev/null +++ b/sync/vault-sync/vault-sync.gradle @@ -0,0 +1,13 @@ +dependencies { + api project(":secrets-manager-api") + api project(":vault-commons") + implementation "com.google.code.gson:gson:${gsonVersion}" + implementation "com.github.ben-manes.caffeine:caffeine:${cafeineVersion}" + testImplementation("com.squareup.okhttp3:mockwebserver:4.9.3") + +} + +ext { + artifactId = 'vault-sync' + artifactDescription = 'Secrets Manager connector for Vault' +}