• Home
• io.helidon.integrations.vault.auths
• helidon-integrations-vault-auths-token
• 4.1.5
• source code
• TokenVaultAuth.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.helidon.integrations.vault.auths.token.TokenVaultAuth Maven / Gradle / Ivy

/*
 * Copyright (c) 2021, 2023 Oracle and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package io.helidon.integrations.vault.auths.token;

import java.lang.System.Logger.Level;
import java.util.Optional;

import io.helidon.common.Weight;
import io.helidon.common.Weighted;
import io.helidon.common.config.Config;
import io.helidon.http.HeaderName;
import io.helidon.http.HeaderNames;
import io.helidon.integrations.common.rest.RestApi;
import io.helidon.integrations.vault.Vault;
import io.helidon.integrations.vault.VaultApiException;
import io.helidon.integrations.vault.auths.common.VaultRestApi;
import io.helidon.integrations.vault.spi.VaultAuth;

/**
 * Java Service Loader implementation for authenticating using a token.
 * You can create a new instance using {@link #builder()}.
 * To use a custom built instance, use {@link Vault.Builder#addVaultAuth(VaultAuth)}.
 */
@Weight(Weighted.DEFAULT_WEIGHT)
public class TokenVaultAuth implements VaultAuth {
    private static final System.Logger LOGGER = System.getLogger(TokenVaultAuth.class.getName());
    private static final HeaderName VAULT_TOKEN_HEADER_NAME =  HeaderNames.create("X-Vault-Token");
    private static final HeaderName VAULT_NAMESPACE_HEADER_NAME =  HeaderNames.create("X-Vault-Namespace");
    private final String token;
    private final String baseNamespace;

    /**
     * Required for service loader.
     */
    public TokenVaultAuth() {
        this.token = null;
        this.baseNamespace = null;
    }

    private TokenVaultAuth(Builder builder) {
        this.token = builder.token;
        this.baseNamespace = builder.baseNamespace;
    }

    /**
     * Create a new builder.
     *
     * @return new builder
     */
    public static Builder builder() {
        return new Builder();
    }

    @Override
    public Optional authenticate(Config config, Vault.Builder vaultBuilder) {
        boolean enabled = config.get("auth.token.enabled").asBoolean().orElse(true);

        if (!enabled) {
            return Optional.empty();
        }

        return Optional.ofNullable(token)
                .or(vaultBuilder::token)
                .or(() -> config.get("token").asString().asOptional())
                .map(token -> restApi(vaultBuilder, token));
    }

    private RestApi restApi(Vault.Builder vaultBuilder, String token) {
        String address = vaultBuilder.address()
                                     .orElseThrow(() -> new VaultApiException(
                                             "Address is required when using token authentication"));

        LOGGER.log(Level.INFO, "Authenticated Vault " + address + " using a token");

        return VaultRestApi.builder()
                           .webClientBuilder(builder -> {
                               builder.config(vaultBuilder.config().get("webclient"))
                                      .baseUri(address + "/v1")
                                      .addHeader(VAULT_TOKEN_HEADER_NAME, token);
                               Optional.ofNullable(baseNamespace)
                                       .or(vaultBuilder::baseNamespace)
                                       .ifPresent(ns -> builder.addHeader(VAULT_NAMESPACE_HEADER_NAME, ns));
                               vaultBuilder.webClientUpdater().accept(builder);
                           })
                           .faultTolerance(vaultBuilder.ftHandler())
                           .build();
    }

    /**
     * Fluent API builder for {@link TokenVaultAuth}.
     */
    public static class Builder implements io.helidon.common.Builder {
        private String baseNamespace;
        private String token;

        private Builder() {
        }

        @Override
        public TokenVaultAuth build() {
            return new TokenVaultAuth(this);
        }

        /**
         * Configure a base namespace to use.
         *
         * @param baseNamespace base namespace
         * @return updated builder
         */
        public Builder baseNamespace(String baseNamespace) {
            this.baseNamespace = baseNamespace;
            return this;
        }

        /**
         * Configure the token to use.
         *
         * @param token token value
         * @return updated builder
         */
        public Builder token(String token) {
            this.token = token;
            return this;
        }
    }
}