All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.bettercloud.vault.Vault Maven / Gradle / Ivy

There is a newer version: 5.1.0
Show newest version
package com.bettercloud.vault;

import com.bettercloud.vault.api.Auth;
import com.bettercloud.vault.api.Debug;
import com.bettercloud.vault.api.Leases;
import com.bettercloud.vault.api.Logical;
import com.bettercloud.vault.api.Seal;
import com.bettercloud.vault.api.pki.Pki;

/**
 * 

The Vault driver class, the primary interface through which dependent applications will access Vault.

* *

This driver exposes a DSL, compartmentalizing the various endpoints of the HTTP API (e.g. "/", "sys/init", * "sys/seal") into separate implementation classes (e.g. Logical, Init, etc).

* *

Example usage:

* *
*
{@code
 * final VaultConfig config = new VaultConfig
 *                                    .address("http://127.0.0.1:8200")
 *                                    .token("eace6676-4d78-c687-4e54-03cad00e3abf")
 *                                    .build();
 * final Vault vault = new Vault(config);
 *
 * ...
 *
 * final Map secrets = new HashMap();
 * secrets.put("value", "world");
 * secrets.put("other_value", "You can store multiple name/value pairs under a given key");
 *
 * final LogicalResponse writeResponse = vault
 *                                         .withRetries(5, 1000)  // optional
 *                                         .logical()
 *                                         .write("secret/hello", secrets);
 *
 * ...
 *
 * final String value = vault.logical()
 *                        .read("secret/hello")
 *                        .getData().get("value");
 * }
*
*/ public class Vault { private final VaultConfig vaultConfig; /** * Construct a Vault driver instance with the provided config settings. * * @param vaultConfig Configuration settings for Vault interaction (e.g. server address, token, etc) */ public Vault(final VaultConfig vaultConfig) { this.vaultConfig = vaultConfig; } /** * This method is chained ahead of endpoints (e.g. logical(), auth(), * etc... to specify retry rules for any API operations invoked on that endpoint. * * @param maxRetries The number of times that API operations will be retried when a failure occurs * @param retryIntervalMilliseconds The number of milliseconds that the driver will wait in between retries * @return This object, with maxRetries and retryIntervalMilliseconds populated */ public Vault withRetries(final int maxRetries, final int retryIntervalMilliseconds) { this.vaultConfig.setMaxRetries(maxRetries); this.vaultConfig.setRetryIntervalMilliseconds(retryIntervalMilliseconds); return this; } /** * Returns the implementing class for Vault's core/logical operations (e.g. read, write). * * @return The implementing class for Vault's core/logical operations (e.g. read, write) */ public Logical logical() { return new Logical(vaultConfig); } /** * Returns the implementing class for operations on Vault's /v1/auth/* REST endpoints * * @return The implementing class for Vault's auth operations. */ public Auth auth() { return new Auth(vaultConfig); } /** * Returns the implementing class for Vault's PKI secret backend (i.e. /v1/pki/* REST endpoints). * * @return The implementing class for Vault's PKI secret backend. */ public Pki pki() { return new Pki(vaultConfig); } /** *

Returns the implementing class for Vault's PKI secret backend, using a custom path when that backend is * mounted on something other than the default (i.e. /v1/pki).

* *

For instance, if your PKI backend is instead mounted on /v1/root-ca, then "root-ca" * would be passed via the mountPath parameter. Example usage:

* *
*
{@code
     * final VaultConfig config = new VaultConfig().address(...).token(...).build();
     * final Vault vault = new Vault(config);
     * final PkiResponse response = vault.pki("root-ca").createOrUpdateRole("testRole");
     *
     * assertEquals(204, response.getRestResponse().getStatus());
     * }
*
* * @param mountPath The path on which your Vault PKI backend is mounted, without the /v1/ prefix * @return The implementing class for Vault's PKI secret backend. */ public Pki pki(final String mountPath) { return new Pki(vaultConfig, mountPath); } /** * Returns the implementing class for Vault's lease operations (e.g. revoke, revoke-prefix). * * @return The implementing class for Vault's lease operations (e.g. revoke, revoke-prefix). */ public Leases leases() { return new Leases(vaultConfig); } /** * Returns the implementing class for Vault's debug operations (e.g. raw, health). * * @return The implementing class for Vault's debug operations (e.g. raw, health) */ public Debug debug() { return new Debug(vaultConfig); } /** * Returns the implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus). * * @return The implementing class for Vault's seal operations (e.g. seal, unseal, sealStatus). */ public Seal seal() { return new Seal(vaultConfig); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy