com.bettercloud.vault.VaultConfig Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of vault-java-driver Show documentation
Zero-dependency Java client for HashiCorp's Vault
There is a newer version: 5.1.0
package com.bettercloud.vault;

import lombok.Getter;

import java.io.Serializable;

/**
 * A container for the configuration settings needed to initialize a Vault driver instance.
 *
 * Construct instances of this class using a builder pattern, calling setter methods for each value and then
 * terminating with a call to build():
 *
 * 
 * {@code
 * final VaultConfig config = new VaultConfig()
 *                              .address("http://127.0.0.1:8200")
 *                              .token("eace6676-4d78-c687-4e54-03cad00e3abf")
 *                              .sslConfig(new SslConfig().verify(false).build())
 *                              .timeout(30)
 *                              .build();
 * }
 * 
 *
 * @see SslConfig
 */
public class VaultConfig implements Serializable {

    protected static final String VAULT_TOKEN = "VAULT_TOKEN";
    private static final String VAULT_ADDR = "VAULT_ADDR";
    private static final String VAULT_OPEN_TIMEOUT = "VAULT_OPEN_TIMEOUT";
    private static final String VAULT_READ_TIMEOUT = "VAULT_READ_TIMEOUT";

    @Getter private String address;
    @Getter private String token;
    @Getter private SslConfig sslConfig;
    @Getter private Integer openTimeout;
    @Getter private Integer readTimeout;
    @Getter private int maxRetries;
    @Getter private int retryIntervalMilliseconds;
    private EnvironmentLoader environmentLoader;

    /**
     * The code used to load environment variables is encapsulated here, so that a mock version of that environment
     * loader can be used by unit tests.
     *
     * This method is used by unit tests, to inject a mock environment variable when constructing a
     * VaultConfig instance using the builder pattern approach rather than the convenience constructor.
     * There really shouldn't ever be a need to call this method outside of a unit test context (hence the
     * protected access level).
     *
     * @param environmentLoader An environment variable loader implementation (presumably a mock)
     * @return This object, with environmentLoader populated, ready for additional builder-pattern method calls or else finalization with the build() method
     */
    protected VaultConfig environmentLoader(final EnvironmentLoader environmentLoader) {
        this.environmentLoader = environmentLoader;
        return this;
    }

    /**
     * Sets the address (URL) of the Vault server instance to which API calls should be sent.
     * E.g. http://127.0.0.1:8200.
     *
     * If no address is explicitly set, the object will look to the VAULT_ADDR environment variable.
     *
     * address is required for the Vault driver to function.  If you do not supply it explicitly AND no
     * environment variable value is found, then initialization of the VaultConfig object will fail.
     *
     * @param address The Vault server base URL
     * @return This object, with address populated, ready for additional builder-pattern method calls or else finalization with the build() method
     */
    public VaultConfig address(final String address) {
        this.address = address;
        return this;
    }

    /**
     * Sets the token used to access Vault.
     *
     * If no token is explicitly set, then the object will look to the VAULT_TOKEN environment
     * variable.
     *
     * There are some cases where you might want to instantiate a VaultConfig object without a token
     * (e.g. you plan to retrieve a token programmatically, with a call to the "userpass" auth backend, and populate
     * it prior to making any other API calls).
     *
     * @param token The token to use for accessing Vault
     * @return This object, with token populated, ready for additional builder-pattern method calls or else finalization with the build() method
     */
    public VaultConfig token(final String token) {
        this.token = token;
        return this;
    }

    /**
     * A container for SSL-related configuration options (e.g. certificates).
     *
     * Although typically necessary in most production environments, this is not strictly required (e.g. if your
     * Vault server address begins with "http://" instead of "https://", then any SSL config will be ignored).
     * However, if your Vault server uses HTTPS, and you wish to skip SSL certificate verification (NOT RECOMMENDED
     * FOR PRODUCTION!), then you must supply an SslConfig object with {@link SslConfig#verify(Boolean)}
     * explicitly set to false.
     *
     * @param sslConfig SSL-related configuration options
     * @return This object, with SSL configuration options populated, ready for additional builder-pattern method calls or else finalization with the build() method
     */
    public VaultConfig sslConfig(final SslConfig sslConfig) {
        this.sslConfig = sslConfig;
        return this;
    }

    /**
     * The number of seconds to wait before giving up on establishing an HTTP(S) connection to the Vault server.
     *
     * If no openTimeout is explicitly set, then the object will look to the VAULT_OPEN_TIMEOUT
     * environment variable.
     *
     * @param openTimeout Number of seconds to wait for an HTTP(S) connection to successfully establish
     * @return This object, with openTimeout populated, ready for additional builder-pattern method calls or else finalization with the build() method
     */
    public VaultConfig openTimeout(final Integer openTimeout) {
        this.openTimeout = openTimeout;
        return this;
    }

    /**
     * After an HTTP(S) connection has already been established, this is the number of seconds to wait for all
     * data to finish downloading.
     *
     * If no readTimeout is explicitly set, then the object will look to the VAULT_READ_TIMEOUT
     * environment variable.
     *
     * @param readTimeout Number of seconds to wait for all data to be retrieved from an established HTTP(S) connection
     * @return This object, with readTimeout populated, ready for additional builder-pattern method calls or else finalization with the build() method
     */
    public VaultConfig readTimeout(final Integer readTimeout) {
        this.readTimeout = readTimeout;
        return this;
    }

    /**
     * Sets the maximum number of times that an API operation will retry upon failure.
     *
     * This method is not meant to be called from application-level code outside of this package (hence
     * the protected access level.  It is meant to be invoked via Vault.withRetries()
     * in a builder pattern DSL-style.
     *
     * @param maxRetries The number of times that API operations will be retried when a failure occurs.
     */
    protected void setMaxRetries(final int maxRetries) {
        this.maxRetries = maxRetries;
    }

    /**
     * Sets the period of time (in milliseconds) that the driver will wait in between retry attempts for a
     * failing API operation.
     *
     * This method is not meant to be called from application-level code outside of this package (hence
     * the protected access level.  It is meant to be invoked via Vault.withRetries()
     * in a builder pattern DSL-style.
     *
     * @param retryIntervalMilliseconds The number of milliseconds that the driver will wait in between retries.
     */
    protected void setRetryIntervalMilliseconds(final int retryIntervalMilliseconds) {
        this.retryIntervalMilliseconds = retryIntervalMilliseconds;
    }


    /**
     * This is the terminating method in the builder pattern.  The method that validates all of the fields that
     * has been set already, uses environment variables when available to populate any unset fields, and returns
     * a VaultConfig object that is ready for use.
     *
     * @return This object, with all available config options parsed and loaded
     * @throws VaultException If the address field was left unset, and there is no VAULT_ADDR environment variable value with which to populate it.
     */
    public VaultConfig build() throws VaultException {
        if (this.environmentLoader == null) {
            this.environmentLoader = new EnvironmentLoader();
        }
        if (this.address == null) {
            final String addressFromEnv = environmentLoader.loadVariable(VAULT_ADDR);
            if (addressFromEnv != null) {
                this.address = addressFromEnv;
            } else {
                throw new VaultException("No address is set");
            }
        }
        if (this.token == null && environmentLoader.loadVariable(VAULT_TOKEN) != null) {
            this.token = environmentLoader.loadVariable(VAULT_TOKEN);
        }
        if (this.openTimeout == null && environmentLoader.loadVariable(VAULT_OPEN_TIMEOUT) != null) {
            try {
                this.openTimeout = Integer.valueOf(environmentLoader.loadVariable(VAULT_OPEN_TIMEOUT));
            } catch (NumberFormatException e) {
                System.err.printf("The " + VAULT_OPEN_TIMEOUT + " environment variable contains value \"%s\", which cannot be parsed as an integer timeout period.%n",
                        environmentLoader.loadVariable(VAULT_OPEN_TIMEOUT));
            }
        }
        if (this.readTimeout == null && environmentLoader.loadVariable(VAULT_READ_TIMEOUT) != null) {
            try {
                this.readTimeout = Integer.valueOf(environmentLoader.loadVariable(VAULT_READ_TIMEOUT));
            } catch (NumberFormatException e) {
                System.err.printf("The " + VAULT_READ_TIMEOUT + " environment variable contains value \"%s\", which cannot be parsed as an integer timeout period.%n",
                        environmentLoader.loadVariable(VAULT_READ_TIMEOUT));
            }
        }
        if (this.sslConfig == null) {
            this.sslConfig = new SslConfig().environmentLoader(this.environmentLoader).build();
        }
        return this;
    }

}