search

spring-projects / spring-vault

Provides familiar Spring abstractions for HashiCorp Vault
https://spring.io/projects/spring-vault
Apache License 2.0
283 stars 186 forks source link

Assistance Needed with Dynamic Vault Template Creation Using RoleID and SecretID #856

Closed kamasainaresh-thalupuru closed 8 months ago

kamasainaresh-thalupuru commented 8 months ago

Hello Team,

I am currently working on a project where I need to dynamically create vault templates by passing a roleID and a secretID. Below is the snippet of code I've been experimenting with:

public VaultTemplate vaultTemplate(AppRoleCredentials credentials) { try { if (vaultUrl == null || vaultUrl.trim().isEmpty()) { throw new IllegalArgumentException("Vault URL cannot be null or empty"); } VaultEndpoint endpoint = VaultEndpoint.from(URI.create(vaultUrl)); AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder() .roleId(AppRoleAuthenticationOptions.RoleId.provided(credentials.getRoleId())) .secretId(AppRoleAuthenticationOptions.SecretId.provided(credentials.getSecretId())) .build(); RestTemplate restTemplate = new RestTemplate(); ClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory(); restTemplate.setRequestFactory(requestFactory); ClientAuthentication authentication = new AppRoleAuthentication(options, restTemplate); return new VaultTemplate(endpoint, authentication); } catch (Exception ex) { log.error("vaultTemplate", ex); } return null; }

However, when I execute this code, I encounter the following error:

java.lang.IllegalArgumentException: URI is not absolute at java.base/java.net.URL.fromURI(URL.java:721) at java.base/java.net.URI.toURL(URI.java:1139) at org.springframework.http.client.SimpleClientHttpRequestFactory.createRequest(SimpleClientHttpRequestFactory.java:145) at org.springframework.http.client.support.HttpAccessor.createRequest(HttpAccessor.java:124) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:772) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711) at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:437) at org.springframework.vault.authentication.AppRoleAuthentication.createTokenUsingAppRole(AppRoleAuthentication.java:188) at org.springframework.vault.authentication.AppRoleAuthentication.login(AppRoleAuthentication.java:175) at org.springframework.vault.authentication.SimpleSessionManager.getSessionToken(SimpleSessionManager.java:58) at org.springframework.vault.core.VaultTemplate.lambda$getSessionInterceptor$1(VaultTemplate.java:253) at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93) at org.springframework.vault.client.RestTemplateBuilder.lambda$createTemplate$4(RestTemplateBuilder.java:239) at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93) at org.springframework.vault.client.VaultClients.lambda$createRestTemplate$0(VaultClients.java:122) at

Could someone please assist me in resolving this issue? Any insights or suggestions would be greatly appreciated.

Thank you in advance for your help!

kamasainaresh-thalupuru commented 8 months ago

it's working after the implements ApplicationContextAware and creating RestOperations object

public class DynamicVaultConfiguration implements ApplicationContextAware {

private @Nullable ApplicationContext applicationContext;

/**
 * Creates a {@link VaultTemplate} with the provided HashiCorp Vault credentials.
 * <p>
 * This method configures a {@link VaultTemplate} for Vault interactions, using
 * AppRole authentication with the specified role and secret IDs. It throws an
 * IllegalArgumentException if the Vault URL is not configured.
 * </p>
 *
 * @param credentials The HashiCorp Vault configuration details.
 * @return A configured {@link VaultTemplate}, or {@code null} if an exception occurs.
 * @throws IllegalArgumentException If the Vault URL is null or empty.
 */
public VaultTemplate createVaultTemplate(HashiCorpVaultConfig credentials) {
    try {
        if (vaultUrl == null || vaultUrl.trim().isEmpty()) {
            throw new IllegalArgumentException("Vault URL cannot be null or empty");
        }
        VaultEndpoint endpoint = VaultEndpoint.from(URI.create(vaultUrl));
        AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
                .roleId(AppRoleAuthenticationOptions.RoleId.provided(credentials.getRoleId()))
                .secretId(AppRoleAuthenticationOptions.SecretId.provided(credentials.getSecretId()))
                .build();
    RestOperations restOperation = applicationContext.getBean(RestTemplateFactory.class).create(); //Createing Res
        ClientAuthentication authentication = new AppRoleAuthentication(options, restOperation);
        return new VaultTemplate(endpoint,authentication);
    } catch (Exception ex) {
        log.error("Exception While Creating vaultTemplate", ex);
    }
    return null;
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
    this.applicationContext=applicationContext;
}

}