@Override public KeyVaultService create(Config config, EnvironmentVariableProvider envProvider) { Objects.requireNonNull(config); Objects.requireNonNull(envProvider); String clientId = envProvider.getEnv(clientIdEnvVar); String clientSecret = envProvider.getEnv(clientSecretEnvVar); if(clientId == null || clientSecret == null) { throw new AzureCredentialNotSetException(clientIdEnvVar + " and " + clientSecretEnvVar + " environment variables must be set"); } AzureKeyVaultConfig keyVaultConfig = Optional.ofNullable(config.getKeys()) .map(KeyConfiguration::getAzureKeyVaultConfig) .orElseThrow(() -> new ConfigException(new RuntimeException("Trying to create Azure key vault connection but no Azure configuration provided"))); return new AzureKeyVaultService( keyVaultConfig, new AzureKeyVaultClientDelegate( new AzureKeyVaultClientFactory( new AzureKeyVaultClientCredentials( clientId, clientSecret, Executors.newFixedThreadPool(1) ) ).getAuthenticatedClient() ) ); }
ClientAuthentication configureClientAuthentication(HashicorpKeyVaultConfig keyVaultConfig, EnvironmentVariableProvider envProvider, ClientHttpRequestFactory clientHttpRequestFactory, VaultEndpoint vaultEndpoint) { final String roleId = envProvider.getEnv(roleIdEnvVar); final String secretId = envProvider.getEnv(secretIdEnvVar); final String authToken = envProvider.getEnv(authTokenEnvVar); if(roleId != null && secretId != null) { AppRoleAuthenticationOptions appRoleAuthenticationOptions = AppRoleAuthenticationOptions.builder() .path(keyVaultConfig.getApprolePath()) .roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId)) .secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId)) .build(); RestOperations restOperations = VaultClients.createRestTemplate(vaultEndpoint, clientHttpRequestFactory); return new AppRoleAuthentication(appRoleAuthenticationOptions, restOperations); } else if (Objects.isNull(roleId) != Objects.isNull(secretId)) { throw new HashicorpCredentialNotSetException("Both " + roleIdEnvVar + " and " + secretIdEnvVar + " environment variables must be set to use the AppRole authentication method"); } else if (authToken == null){ throw new HashicorpCredentialNotSetException("Both " + roleIdEnvVar + " and " + secretIdEnvVar + " environment variables must be set to use the AppRole authentication method. Alternatively set " + authTokenEnvVar + " to authenticate using the Token method"); } return new TokenAuthentication(authToken); } }
@Override public KeyVaultService create(Config config, EnvironmentVariableProvider envProvider) { Objects.requireNonNull(config); Objects.requireNonNull(envProvider); String clientId = envProvider.getEnv(clientIdEnvVar); String clientSecret = envProvider.getEnv(clientSecretEnvVar); if(clientId == null || clientSecret == null) { throw new AzureCredentialNotSetException(clientIdEnvVar + " and " + clientSecretEnvVar + " environment variables must be set"); } AzureKeyVaultConfig keyVaultConfig = Optional.ofNullable(config.getKeys()) .map(KeyConfiguration::getAzureKeyVaultConfig) .orElseThrow(() -> new ConfigException(new RuntimeException("Trying to create Azure key vault connection but no Azure configuration provided"))); return new AzureKeyVaultService( keyVaultConfig, new AzureKeyVaultClientDelegate( new AzureKeyVaultClientFactory( new AzureKeyVaultClientCredentials( clientId, clientSecret, Executors.newFixedThreadPool(1) ) ).getAuthenticatedClient() ) ); }
ClientAuthentication configureClientAuthentication(HashicorpKeyVaultConfig keyVaultConfig, EnvironmentVariableProvider envProvider, ClientHttpRequestFactory clientHttpRequestFactory, VaultEndpoint vaultEndpoint) { final String roleId = envProvider.getEnv(roleIdEnvVar); final String secretId = envProvider.getEnv(secretIdEnvVar); final String authToken = envProvider.getEnv(authTokenEnvVar); if(roleId != null && secretId != null) { AppRoleAuthenticationOptions appRoleAuthenticationOptions = AppRoleAuthenticationOptions.builder() .path(keyVaultConfig.getApprolePath()) .roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId)) .secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId)) .build(); RestOperations restOperations = VaultClients.createRestTemplate(vaultEndpoint, clientHttpRequestFactory); return new AppRoleAuthentication(appRoleAuthenticationOptions, restOperations); } else if (Objects.isNull(roleId) != Objects.isNull(secretId)) { throw new HashicorpCredentialNotSetException("Both " + roleIdEnvVar + " and " + secretIdEnvVar + " environment variables must be set to use the AppRole authentication method"); } else if (authToken == null){ throw new HashicorpCredentialNotSetException("Both " + roleIdEnvVar + " and " + secretIdEnvVar + " environment variables must be set to use the AppRole authentication method. Alternatively set " + authTokenEnvVar + " to authenticate using the Token method"); } return new TokenAuthentication(authToken); } }