Search in sources :

Example 1 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfNoEnvVarSetThenException.

@Test
public void configureClientAuthenticationIfNoEnvVarSetThenException() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
    assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
    assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method.  Alternatively set " + HASHICORP_TOKEN + " to authenticate using the Token method");
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 2 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureSslUsesKeyStoreAndTrustStoreIfBothProvided.

@Test
public void configureSslUsesKeyStoreAndTrustStoreIfBothProvided() throws Exception {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    Path path = Files.createTempFile(UUID.randomUUID().toString(), ".tmp");
    path.toFile().deleteOnExit();
    when(keyVaultConfig.hasProperty("tlsKeyStorePath", "tlsTrustStorePath")).thenReturn(true);
    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.of(path.toString()));
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.of(path.toString()));
    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);
    assertThat(result.getKeyStoreConfiguration().isPresent()).isTrue();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isTrue();
}
Also used : Path(java.nio.file.Path) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) SslConfiguration(org.springframework.vault.support.SslConfiguration) Test(org.junit.Test)

Example 3 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureSslUsesTrustStoreOnlyIfProvided.

@Test
public void configureSslUsesTrustStoreOnlyIfProvided() throws Exception {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    Path path = Files.createTempFile(UUID.randomUUID().toString(), ".tmp");
    path.toFile().deleteOnExit();
    when(keyVaultConfig.hasProperty("tlsTrustStorePath")).thenReturn(true);
    when(keyVaultConfig.hasProperty("tlsKeyStorePath")).thenReturn(false);
    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.empty());
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.of(path.toString()));
    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);
    assertThat(result.getKeyStoreConfiguration().isPresent()).isFalse();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isTrue();
}
Also used : Path(java.nio.file.Path) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) SslConfiguration(org.springframework.vault.support.SslConfiguration) Test(org.junit.Test)

Example 4 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlyRoleIdSetThenException.

@Test
public void configureClientAuthenticationIfOnlyRoleIdSetThenException() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
    assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
    assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 5 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class DefaultKeyVaultConfigValidationsTest method validCase.

@Test
public void validCase() {
    KeyConfiguration keyConfiguration = mock(KeyConfiguration.class);
    // Not ideal. Having to use config object in tests to apply validation rules.
    KeyVaultConfig keyVaultConfig = new DefaultKeyVaultConfig() {

        {
            setKeyVaultType(KeyVaultType.AZURE);
        }
    };
    List<KeyVaultConfig> keyVaultConfigList = Arrays.asList(mock(KeyVaultConfig.class));
    when(keyConfiguration.getKeyVaultConfigs()).thenReturn(keyVaultConfigList);
    ConfigKeyPair keyPair = new AzureVaultKeyPair("publicKeyId", "privateKeyId", null, null);
    List<ConfigKeyPair> keyPairs = Arrays.asList(keyPair);
    Set<ConstraintViolation<?>> results = validator.validate(keyConfiguration, keyPairs);
    assertThat(results).isEmpty();
}
Also used : KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) KeyConfiguration(com.quorum.tessera.config.KeyConfiguration) ConstraintViolation(jakarta.validation.ConstraintViolation) ConfigKeyPair(com.quorum.tessera.config.keypairs.ConfigKeyPair) AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair) Test(org.junit.Test)

Aggregations

KeyVaultConfig (com.quorum.tessera.config.KeyVaultConfig)15 Test (org.junit.Test)14 EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)10 ClientHttpRequestFactory (org.springframework.http.client.ClientHttpRequestFactory)6 OkHttp3ClientHttpRequestFactory (org.springframework.http.client.OkHttp3ClientHttpRequestFactory)6 VaultEndpoint (org.springframework.vault.client.VaultEndpoint)6 DefaultKeyVaultConfig (com.quorum.tessera.config.DefaultKeyVaultConfig)3 Assertions.catchThrowable (org.assertj.core.api.Assertions.catchThrowable)3 ClientAuthentication (org.springframework.vault.authentication.ClientAuthentication)3 SslConfiguration (org.springframework.vault.support.SslConfiguration)3 Path (java.nio.file.Path)2 HttpLogDetailLevel (com.azure.core.http.policy.HttpLogDetailLevel)1 HttpLogOptions (com.azure.core.http.policy.HttpLogOptions)1 DefaultAzureCredentialBuilder (com.azure.identity.DefaultAzureCredentialBuilder)1 SecretClient (com.azure.security.keyvault.secrets.SecretClient)1 SecretClientBuilder (com.azure.security.keyvault.secrets.SecretClientBuilder)1 AzureKeyVaultConfig (com.quorum.tessera.config.AzureKeyVaultConfig)1 Config (com.quorum.tessera.config.Config)1 ConfigException (com.quorum.tessera.config.ConfigException)1 HashicorpKeyVaultConfig (com.quorum.tessera.config.HashicorpKeyVaultConfig)1