Java源码示例:org.springframework.vault.support.VaultResponseSupport
示例1
@Override
@Nullable
public <T> VaultResponseSupport<T> read(String path, Class<T> responseType) {
ParameterizedTypeReference<VaultResponseSupport<T>> ref = VaultResponses.getTypeReference(responseType);
return doWithSession(restOperations -> {
try {
ResponseEntity<VaultResponseSupport<T>> exchange = restOperations.exchange(path, HttpMethod.GET, null,
ref);
return exchange.getBody();
}
catch (HttpStatusCodeException e) {
if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
return null;
}
throw VaultResponses.buildException(e, path);
}
});
}
示例2
@Nullable
private <T extends VaultResponseSupport<?>> T doUnwrap(VaultToken token,
BiFunction<RestOperations, HttpEntity<?>, T> requestFunction) {
return this.vaultOperations.doWithVault(restOperations -> {
try {
return requestFunction.apply(restOperations, new HttpEntity<>(VaultHttpHeaders.from(token)));
}
catch (HttpStatusCodeException e) {
if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
return null;
}
if (e.getStatusCode() == HttpStatus.BAD_REQUEST
&& e.getResponseBodyAsString().contains("does not exist")) {
return null;
}
throw VaultResponses.buildException(e, "sys/wrapping/unwrap");
}
});
}
示例3
private <T extends VaultResponseSupport<?>> T writeAndReturn(String path, @Nullable Object body,
Class<T> responseType) {
Assert.hasText(path, "Path must not be empty");
T response = this.vaultOperations.doWithSession(restOperations -> {
try {
ResponseEntity<T> exchange = restOperations.exchange(path, HttpMethod.POST,
body == null ? HttpEntity.EMPTY : new HttpEntity<>(body), responseType);
return exchange.getBody();
}
catch (HttpStatusCodeException e) {
throw VaultResponses.buildException(e, path);
}
});
Assert.state(response != null, "Response must not be null");
return response;
}
示例4
/**
* Retrieve secrets from {@link VaultOperations}.
* @param requestedSecret the {@link RequestedSecret} providing the secret
* {@code path}.
* @return the response.
*/
@Nullable
protected VaultResponseSupport<Map<String, Object>> doGetSecrets(RequestedSecret requestedSecret) {
try {
VaultResponseSupport<Map<String, Object>> secrets;
if (this.keyValueDelegate.isVersioned(requestedSecret.getPath())) {
secrets = this.keyValueDelegate.getSecret(requestedSecret.getPath());
}
else {
secrets = this.operations.read(requestedSecret.getPath());
}
if (secrets == null) {
onSecretsNotFound(requestedSecret);
}
return secrets;
}
catch (RuntimeException e) {
onError(requestedSecret, Lease.none(), e);
return null;
}
}
示例5
@Test
void readObjectShouldReadDomainClass() {
Map<String, String> data = new HashMap<String, String>();
data.put("firstname", "Walter");
data.put("password", "Secret");
this.vaultOperations.write("secret/mykey", data);
VaultResponseSupport<Person> read = this.vaultOperations.read("secret/mykey", Person.class);
assertThat(read).isNotNull();
Person person = read.getRequiredData();
assertThat(person.getFirstname()).isEqualTo("Walter");
assertThat(person.getPassword()).isEqualTo("Secret");
}
示例6
private <T> T getRequest(String path, Class<T> clazz) throws SecretNotAccessibleException {
try {
VaultResponseSupport<T> response = vaultTemplate.read(path, clazz);
if (response != null) {
return response.getData();
} else {
throw new SecretNotAccessibleException(String.format("The secret %s is not available or in the wrong format.", path));
}
} catch (VaultException exception) {
throw new SecretNotAccessibleException(
String.format("Couldn't load secret from vault path %s", path), exception);
}
}
示例7
/**
* Create a {@link ParameterizedTypeReference} for {@code responseType}.
* @param responseType must not be {@literal null}.
* @return the {@link ParameterizedTypeReference} for {@code responseType}.
*/
public static <T> ParameterizedTypeReference<VaultResponseSupport<T>> getTypeReference(
final Class<T> responseType) {
Assert.notNull(responseType, "Response type must not be null");
final Type supportType = new ParameterizedType() {
@Override
public Type[] getActualTypeArguments() {
return new Type[] { responseType };
}
@Override
public Type getRawType() {
return VaultResponseSupport.class;
}
@Override
public Type getOwnerType() {
return VaultResponseSupport.class;
}
};
return new ParameterizedTypeReference<VaultResponseSupport<T>>() {
@Override
public Type getType() {
return supportType;
}
};
}
示例8
@Nullable
private <T> Versioned<T> doRead(String path, Version version, Class<T> responseType) {
String secretPath = version.isVersioned()
? String.format("%s?version=%d", createDataPath(path), version.getVersion()) : createDataPath(path);
VersionedResponse response = this.vaultOperations.doWithSession(restOperations -> {
try {
return restOperations.exchange(secretPath, HttpMethod.GET, null, VersionedResponse.class).getBody();
}
catch (HttpStatusCodeException e) {
if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
if (e.getResponseBodyAsString().contains("deletion_time")) {
return VaultResponses.unwrap(e.getResponseBodyAsString(), VersionedResponse.class);
}
return null;
}
throw VaultResponses.buildException(e, path);
}
});
if (response == null) {
return null;
}
VaultResponseSupport<JsonNode> data = response.getRequiredData();
Metadata metadata = getMetadata(data.getMetadata());
T body = deserialize(data.getRequiredData(), responseType);
return Versioned.create(body, metadata);
}
示例9
@Override
@SuppressWarnings({ "rawtypes", "unchecked" })
public VaultMetadataResponse get(String path) {
VaultResponseSupport<Map> response = this.vaultOperations.read(getPath(path), Map.class);
return response != null ? fromMap(response.getRequiredData()) : null;
}
示例10
@Nullable
@Override
@SuppressWarnings("unchecked")
public <T> VaultResponseSupport<T> get(String path, Class<T> responseType) {
Assert.hasText(path, "Path must not be empty");
Assert.notNull(responseType, "Response type must not be null");
return doRead(path, responseType, (response, data) -> {
VaultResponseSupport result = response;
result.setData(data);
return result;
});
}
示例11
@Nullable
@Override
@SuppressWarnings("unchecked")
public <T> VaultResponseSupport<T> get(String path, Class<T> responseType) {
Assert.hasText(path, "Path must not be empty");
Assert.notNull(responseType, "Response type must not be null");
return doRead(path, responseType, (response, data) -> {
VaultResponseSupport result = response;
result.setData(data);
return result;
});
}
示例12
@Nullable
@Override
public <T> VaultResponseSupport<T> read(VaultToken token, Class<T> responseType) {
ParameterizedTypeReference<VaultResponseSupport<T>> ref = VaultResponses.getTypeReference(responseType);
return doUnwrap(token, (restOperations, entity) -> {
return restOperations.exchange("sys/wrapping/unwrap", HttpMethod.POST, entity, ref).getBody();
});
}
示例13
@Override
@Nullable
public RawTransitKey exportKey(String keyName, TransitKeyType type) {
Assert.hasText(keyName, "Key name must not be empty");
Assert.notNull(type, "Key type must not be null");
VaultResponseSupport<RawTransitKeyImpl> result = this.vaultOperations
.read(String.format("%s/export/%s/%s", this.path, type.getValue(), keyName), RawTransitKeyImpl.class);
return result != null ? result.getRequiredData() : null;
}
示例14
@Override
@Nullable
public VaultTransitKey getKey(String keyName) {
Assert.hasText(keyName, "Key name must not be empty");
VaultResponseSupport<VaultTransitKeyImpl> result = this.vaultOperations
.read(String.format("%s/keys/%s", this.path, keyName), VaultTransitKeyImpl.class);
if (result != null) {
return result.getRequiredData();
}
return null;
}
示例15
private void start(RequestedSecret requestedSecret, LeaseRenewalScheduler renewalScheduler) {
VaultResponseSupport<Map<String, Object>> secrets = doGetSecrets(requestedSecret);
if (secrets != null) {
Lease lease;
if (StringUtils.hasText(secrets.getLeaseId())) {
lease = Lease.of(secrets.getLeaseId(), Duration.ofSeconds(secrets.getLeaseDuration()),
secrets.isRenewable());
}
else if (isRotatingGenericSecret(requestedSecret, secrets)) {
lease = Lease.fromTimeToLive(Duration.ofSeconds(secrets.getLeaseDuration()));
}
else {
lease = Lease.none();
}
if (renewalScheduler.isLeaseRenewable(lease, requestedSecret)) {
scheduleLeaseRenewal(requestedSecret, lease, renewalScheduler);
}
else if (renewalScheduler.isLeaseRotateOnly(lease, requestedSecret)) {
scheduleLeaseRotation(requestedSecret, lease, renewalScheduler);
}
onSecretsObtained(requestedSecret, lease, secrets.getRequiredData());
}
}
示例16
@Override
JsonNode getJsonNode(VaultResponseSupport<JsonNode> response) {
return response.getRequiredData();
}
示例17
/**
* Read a secret at {@code path} and deserialize the {@literal data} element to the
* given {@link Class type}.
* @param path must not be {@literal null}.
* @param deserializeAs must not be {@literal null}.
* @param mappingFunction Mapping function to convert from the intermediate to the
* target data type. Must not be {@literal null}.
* @param <I> intermediate data type for {@literal data} deserialization.
* @param <T> return type. Value is created by the {@code mappingFunction}.
* @return mapped value.
*/
@Nullable
<I, T> T doRead(String path, Class<I> deserializeAs, BiFunction<VaultResponseSupport<?>, I, T> mappingFunction) {
ParameterizedTypeReference<VaultResponseSupport<JsonNode>> ref = VaultResponses
.getTypeReference(JsonNode.class);
VaultResponseSupport<JsonNode> response = doRead(createDataPath(path), ref);
if (response != null) {
JsonNode jsonNode = getJsonNode(response);
return mappingFunction.apply(response, deserialize(jsonNode, deserializeAs));
}
return null;
}
示例18
JsonNode getJsonNode(VaultResponseSupport<JsonNode> response) {
return response.getRequiredData().at("/data");
}
示例19
private static boolean isRotatingGenericSecret(RequestedSecret requestedSecret,
VaultResponseSupport<Map<String, Object>> secrets) {
return Mode.ROTATE.equals(requestedSecret.getMode()) && !secrets.isRenewable()
&& secrets.getLeaseDuration() > 0;
}
示例20
public static void main(String[] args) {
VaultTemplate vaultTemplate = new VaultTemplate(new VaultEndpoint(),
new TokenAuthentication("00000000-0000-0000-0000-000000000000"));
Secrets secrets = new Secrets();
secrets.username = "hello";
secrets.password = "world";
vaultTemplate.write("secret/myapp", secrets);
VaultResponseSupport<Secrets> response = vaultTemplate.read("secret/myapp", Secrets.class);
System.out.println(response.getRequiredData().getUsername());
vaultTemplate.delete("secret/myapp");
}
示例21
/**
* To Retrieve Credentials
* @return Credentials
* @throws URISyntaxException
*/
public Credentials accessCredentials() throws URISyntaxException {
VaultResponseSupport<Credentials> response = vaultTemplate.read("credentials/myapp", Credentials.class);
return response.getData();
}
示例22
@Override
public <T> Mono<VaultResponseSupport<T>> read(String path, Class<T> responseType) {
return doWithSession(webClient -> {
ParameterizedTypeReference<VaultResponseSupport<T>> ref = VaultResponses.getTypeReference(responseType);
return webClient.get().uri(path).exchange().flatMap(mapResponse(ref, path, HttpMethod.GET));
});
}
示例23
@Test
void shouldReadWrappedTypedSecret() {
Map<String, String> map = Collections.singletonMap("key", "value");
WrappedMetadata metadata = this.wrappingOperations.wrap(map, Duration.ofSeconds(100));
VaultResponseSupport<Secret> response = this.wrappingOperations.read(metadata.getToken(), Secret.class);
assertThat(response.getRequiredData()).isEqualTo(new Secret("value"));
}
示例24
/**
* Read a wrapped secret of type {@link Class responseType}.
* @param token must not be {@literal null}.
* @param responseType must not be {@literal null}.
* @return the data or {@literal null} if the token was invalid or expired.
*/
@Nullable
<T> VaultResponseSupport<T> read(VaultToken token, Class<T> responseType);
示例25
/**
* Read the secret at {@code path}.
* @param path must not be {@literal null}.
* @param responseType must not be {@literal null}.
* @return the data. May be {@literal null} if the path does not exist.
*/
@Nullable
<T> VaultResponseSupport<T> get(String path, Class<T> responseType);
示例26
/**
* Return the {@link JsonNode} that contains the actual response body.
* @param response
* @return
*/
abstract JsonNode getJsonNode(VaultResponseSupport<JsonNode> response);
示例27
/**
* Read from a Vault path. Reading data using this method is suitable for API
* calls/secret backends that do not require a request body.
* @param path must not be {@literal null}.
* @param responseType must not be {@literal null}.
* @return the data. May be empty if the path does not exist.
*/
<T> Mono<VaultResponseSupport<T>> read(String path, Class<T> responseType);
示例28
/**
* Read from a secret backend. Reading data using this method is suitable for secret
* backends that do not require a request body.
* @param path must not be {@literal null}.
* @param responseType must not be {@literal null}.
* @return the data. May be {@literal null} if the path does not exist.
*/
@Nullable
<T> VaultResponseSupport<T> read(String path, Class<T> responseType);
