Merge pull request BetterCloud#50 from EXPEddrewery/master

steve-perkins · web-flow · commit 1bf0c57576d5 · 2017-05-18T12:52:49.000-04:00
Add LookupSelf capability to Auth
diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java
@@ -5,6 +5,7 @@
 import com.bettercloud.vault.json.Json;
 import com.bettercloud.vault.json.JsonObject;
 import com.bettercloud.vault.response.AuthResponse;
+import com.bettercloud.vault.response.LookupResponse;
 import com.bettercloud.vault.rest.RestResponse;
 import com.bettercloud.vault.rest.Rest;
 
@@ -315,7 +316,7 @@ public AuthResponse createToken(TokenRequest tokenRequest) throws VaultException
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslPemUTF8(config.getSslPemUTF8())
-                        .sslVerification(config.isSslVerify() != null ? config.isSslVerify() : null)
+                        .sslVerification(config.isSslVerify())
                         .post();
 
                 // Validate restResponse
@@ -380,7 +381,7 @@ public AuthResponse loginByAppID(final String path, final String appId, final St
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslPemUTF8(config.getSslPemUTF8())
-                        .sslVerification(config.isSslVerify() != null ? config.isSslVerify() : null)
+                        .sslVerification(config.isSslVerify())
                         .post();
 
                 // Validate restResponse
@@ -441,7 +442,7 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslPemUTF8(config.getSslPemUTF8())
-                        .sslVerification(config.isSslVerify() != null ? config.isSslVerify() : null)
+                        .sslVerification(config.isSslVerify())
                         .post();
 
                 // Validate restResponse
@@ -501,7 +502,7 @@ public AuthResponse loginByUserPass(final String username, final String password
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslPemUTF8(config.getSslPemUTF8())
-                        .sslVerification(config.isSslVerify() != null ? config.isSslVerify() : null)
+                        .sslVerification(config.isSslVerify())
                         .post();
 
                 // Validate restResponse
@@ -563,7 +564,7 @@ public AuthResponse loginByGithub(final String githubToken) throws VaultExceptio
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslPemUTF8(config.getSslPemUTF8())
-                        .sslVerification(config.isSslVerify() != null ? config.isSslVerify() : null)
+                        .sslVerification(config.isSslVerify())
                         .post();
 
                 // Validate restResponse
@@ -628,7 +629,7 @@ public AuthResponse renewSelf(final long increment) throws VaultException {
                         .connectTimeoutSeconds(config.getOpenTimeout())
                         .readTimeoutSeconds(config.getReadTimeout())
                         .sslPemUTF8(config.getSslPemUTF8())
-                        .sslVerification(config.isSslVerify() != null ? config.isSslVerify() : null)
+                        .sslVerification(config.isSslVerify())
                         .post();
                 // Validate restResponse
                 if (restResponse.getStatus() != 200) {
@@ -659,4 +660,52 @@ public AuthResponse renewSelf(final long increment) throws VaultException {
         }
     }
 
+    /**
+     * <p>Returns information about the current client token.</p>
+     *
+     * @return The response information returned from Vault
+     * @throws VaultException If any error occurs, or unexpected response received from Vault
+     */
+    public LookupResponse lookupSelf() throws VaultException {
+        int retryCount = 0;
+        while (true) {
+            try {
+                // HTTP request to Vault
+                final RestResponse restResponse = new Rest()//NOPMD
+                        .url(config.getAddress() + "/v1/auth/token/lookup-self")
+                        .header("X-Vault-Token", config.getToken())
+                        .connectTimeoutSeconds(config.getOpenTimeout())
+                        .readTimeoutSeconds(config.getReadTimeout())
+                        .sslPemUTF8(config.getSslPemUTF8())
+                        .sslVerification(config.isSslVerify())
+                        .post();
+                // Validate restResponse
+                if (restResponse.getStatus() != 200) {
+                    throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
+                }
+                final String mimeType = restResponse.getMimeType();
+                if (mimeType == null || !"application/json".equals(mimeType)) {
+                    throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
+                }
+                return new LookupResponse(restResponse, retryCount);
+            } catch (Exception e) {
+                // If there are retries to perform, then pause for the configured interval and then execute the loop again...
+                if (retryCount < config.getMaxRetries()) {
+                    retryCount++;
+                    try {
+                        final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
+                        Thread.sleep(retryIntervalMilliseconds);
+                    } catch (InterruptedException e1) {
+                        e1.printStackTrace(); //NOPMD
+                    }
+                } else if (e instanceof VaultException) { //NOPMD
+                    // ... otherwise, give up.
+                    throw (VaultException) e;
+                } else {
+                    throw new VaultException(e);
+                }
+            }
+        }
+    }
+
 }
diff --git a/src/main/java/com/bettercloud/vault/response/LookupResponse.java b/src/main/java/com/bettercloud/vault/response/LookupResponse.java
@@ -0,0 +1,128 @@
+package com.bettercloud.vault.response;
+
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.bettercloud.vault.json.*;
+import com.bettercloud.vault.rest.RestResponse;
+
+/**
+ * This class is a container for the information returned by Vault in lookup operations on auth backends.
+ */
+public class LookupResponse extends VaultResponse {
+
+    private String accessor;
+    private long creationTime;
+    private long creationTTL;
+    private String displayName;
+    private long explicitMaxTTL;
+    private String id;
+    private Long lastRenewalTime;
+    private int numUses;
+    private boolean orphan;
+    private String path;
+    private List<String> policies;
+    private boolean renewable;
+    private long ttl;
+    private String username;
+
+    /**
+     * This constructor simply exposes the common base class constructor.
+     *
+     * @param restResponse The raw HTTP response from Vault.
+     * @param retries      The number of retry attempts that occurred during the API call (can be zero).
+     */
+    public LookupResponse(final RestResponse restResponse, final int retries) {
+        super(restResponse, retries);
+
+        try {
+            final String responseJson = new String(restResponse.getBody(), "UTF-8");
+            final JsonObject jsonObject = Json.parse(responseJson).asObject();
+            final JsonObject dataJsonObject = jsonObject.get("data").asObject();
+
+            accessor = dataJsonObject.getString("accessor", "");
+            creationTime = dataJsonObject.getLong("creation_time", 0);
+            creationTTL = dataJsonObject.getLong("creation_ttl", 0);
+            displayName = dataJsonObject.getString("display_name", "");
+            explicitMaxTTL = dataJsonObject.getLong("explicit_max_ttl", 0);
+            id = dataJsonObject.getString("id", "");
+            final JsonValue lastRenewalTimeJsonValue = dataJsonObject.get("last_renewal_time");
+            if (lastRenewalTimeJsonValue != null) {
+                lastRenewalTime = lastRenewalTimeJsonValue.asLong();
+            }
+            if (dataJsonObject.get("metadata") != null && !dataJsonObject.get("metadata").toString().equalsIgnoreCase("null")) {
+                final JsonObject metadata = dataJsonObject.get("metadata").asObject();
+                username = metadata.getString("username", "");
+            }
+            numUses = dataJsonObject.getInt("num_uses", 0);
+            orphan = dataJsonObject.getBoolean("orphan", true);
+            path = dataJsonObject.getString("path", "");
+            final JsonArray policiesJsonArray = dataJsonObject.get("policies").asArray();
+            policies = new ArrayList<>();
+            for (final JsonValue policy : policiesJsonArray) {
+                policies.add(policy.asString());
+            }
+            renewable = dataJsonObject.getBoolean("renewable", false);
+            ttl = dataJsonObject.getLong("ttl", 0);
+
+        } catch (UnsupportedEncodingException | ParseException e) {
+        }
+    }
+
+    public String getAccessor() {
+        return accessor;
+    }
+
+    public long getCreationTime() {
+        return creationTime;
+    }
+
+    public long getCreationTTL() {
+        return creationTTL;
+    }
+
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public long getExplicitMaxTTL() {
+        return explicitMaxTTL;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public Long getLastRenewalTime() {
+        return lastRenewalTime;
+    }
+
+    public int getNumUses() {
+        return numUses;
+    }
+
+    public boolean isOrphan() {
+        return orphan;
+    }
+
+    public String getPath() {
+        return path;
+    }
+
+    public List<String> getPolicies() {
+        return policies;
+    }
+
+    public boolean isRenewable() {
+        return renewable;
+    }
+
+    public long getTTL() {
+        return ttl;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+}
diff --git a/src/test-integration/java/com/bettercloud/vault/api/AuthTests.java b/src/test-integration/java/com/bettercloud/vault/api/AuthTests.java
@@ -6,11 +6,14 @@
 import com.bettercloud.vault.json.Json;
 import com.bettercloud.vault.response.AuthResponse;
 import com.bettercloud.vault.response.LogicalResponse;
+import com.bettercloud.vault.response.LookupResponse;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
 import java.io.UnsupportedEncodingException;
+import java.util.List;
 
+import static junit.framework.Assert.assertTrue;
 import static junit.framework.TestCase.assertEquals;
 import static junit.framework.TestCase.assertNotNull;
 import static junit.framework.TestCase.assertNotSame;
@@ -165,4 +168,27 @@ public void testRenewSelf() throws VaultException, UnsupportedEncodingException
         assertEquals(20, explicitLeaseDuration);
     }
 
+    /**
+     * Tests token lookup-self for the token auth backend.
+     *
+     * @throws VaultException
+     */
+    @Test
+    public void testLookupSelf() throws VaultException, UnsupportedEncodingException {
+        // Generate a client token
+        final VaultConfig authConfig = new VaultConfig(address, rootToken);
+        final Vault authVault = new Vault(authConfig);
+        final AuthResponse createResponse = authVault.auth().createToken(null, null, null, null, null, "1h", null, null);
+        final String token = createResponse.getAuthClientToken();
+        assertNotNull(token);
+        assertNotSame("", token.trim());
+
+        // Lookup the client token
+        final VaultConfig lookupConfig = new VaultConfig(address, token);
+        final Vault lookupVault = new Vault(lookupConfig);
+        final LookupResponse lookupResponse = lookupVault.auth().lookupSelf();
+        assertEquals(token, lookupResponse.getId());
+        assertEquals(3600, lookupResponse.getCreationTTL());
+        assertTrue(lookupResponse.getTTL()<=3600);
+    }
 }
