Search in sources :

Example 11 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlySecretIdSetThenException.

@Test
public void configureClientAuthenticationIfOnlySecretIdSetThenException() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
    assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
    assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 12 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlyTokenSetThenTokenMethod.

@Test
public void configureClientAuthenticationIfOnlyTokenSetThenTokenMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
    assertThat(result).isInstanceOf(TokenAuthentication.class);
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 13 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlyRoleIdAndSecretIdSetThenAppRoleMethod.

@Test
public void configureClientAuthenticationIfOnlyRoleIdAndSecretIdSetThenAppRoleMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("somepath"));
    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
    assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 14 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureSslUsesNoKeyStoresIfNoneProvided.

@Test
public void configureSslUsesNoKeyStoresIfNoneProvided() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.empty());
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.empty());
    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);
    assertThat(result.getKeyStoreConfiguration().isPresent()).isFalse();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isFalse();
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) SslConfiguration(org.springframework.vault.support.SslConfiguration) Test(org.junit.Test)

Example 15 with KeyVaultConfig

use of com.quorum.tessera.config.KeyVaultConfig in project tessera by ConsenSys.

the class AzureKeyVaultServiceFactory method create.

@Override
public KeyVaultService create(Config config, EnvironmentVariableProvider envProvider) {
    Objects.requireNonNull(config);
    final KeyVaultConfig keyVaultConfig = Optional.ofNullable(config.getKeys()).flatMap(k -> k.getKeyVaultConfig(KeyVaultType.AZURE)).orElseThrow(() -> new ConfigException(new RuntimeException("Trying to create Azure key vault connection but no Azure configuration provided")));
    final String url = keyVaultConfig.getProperty("url").orElseThrow(() -> new ConfigException(new RuntimeException("No Azure Key Vault url provided")));
    final SecretClient secretClient = new SecretClientBuilder().vaultUrl(url).httpLogOptions(new HttpLogOptions().setLogLevel(HttpLogDetailLevel.BODY_AND_HEADERS)).credential(new DefaultAzureCredentialBuilder().build()).buildClient();
    return new AzureKeyVaultService(secretClient);
}
Also used : KeyVaultType(com.quorum.tessera.config.KeyVaultType) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) DefaultAzureCredentialBuilder(com.azure.identity.DefaultAzureCredentialBuilder) HttpLogOptions(com.azure.core.http.policy.HttpLogOptions) SecretClientBuilder(com.azure.security.keyvault.secrets.SecretClientBuilder) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) Objects(java.util.Objects) ConfigException(com.quorum.tessera.config.ConfigException) Optional(java.util.Optional) SecretClient(com.azure.security.keyvault.secrets.SecretClient) Config(com.quorum.tessera.config.Config) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) HttpLogDetailLevel(com.azure.core.http.policy.HttpLogDetailLevel) DefaultAzureCredentialBuilder(com.azure.identity.DefaultAzureCredentialBuilder) SecretClientBuilder(com.azure.security.keyvault.secrets.SecretClientBuilder) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ConfigException(com.quorum.tessera.config.ConfigException) HttpLogOptions(com.azure.core.http.policy.HttpLogOptions) SecretClient(com.azure.security.keyvault.secrets.SecretClient)

Aggregations

KeyVaultConfig (com.quorum.tessera.config.KeyVaultConfig)15 Test (org.junit.Test)14 EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)10 ClientHttpRequestFactory (org.springframework.http.client.ClientHttpRequestFactory)6 OkHttp3ClientHttpRequestFactory (org.springframework.http.client.OkHttp3ClientHttpRequestFactory)6 VaultEndpoint (org.springframework.vault.client.VaultEndpoint)6 DefaultKeyVaultConfig (com.quorum.tessera.config.DefaultKeyVaultConfig)3 Assertions.catchThrowable (org.assertj.core.api.Assertions.catchThrowable)3 ClientAuthentication (org.springframework.vault.authentication.ClientAuthentication)3 SslConfiguration (org.springframework.vault.support.SslConfiguration)3 Path (java.nio.file.Path)2 HttpLogDetailLevel (com.azure.core.http.policy.HttpLogDetailLevel)1 HttpLogOptions (com.azure.core.http.policy.HttpLogOptions)1 DefaultAzureCredentialBuilder (com.azure.identity.DefaultAzureCredentialBuilder)1 SecretClient (com.azure.security.keyvault.secrets.SecretClient)1 SecretClientBuilder (com.azure.security.keyvault.secrets.SecretClientBuilder)1 AzureKeyVaultConfig (com.quorum.tessera.config.AzureKeyVaultConfig)1 Config (com.quorum.tessera.config.Config)1 ConfigException (com.quorum.tessera.config.ConfigException)1 HashicorpKeyVaultConfig (com.quorum.tessera.config.HashicorpKeyVaultConfig)1