Skip to content

Commit

Permalink
Build 5.1.1: Add X-Vault-Request header to all REST API calls to supp…
Browse files Browse the repository at this point in the history
…ort requests setnt to Vault Agent

Only needed if require_request_header = true is added in the vault-agent-config.hcl file.
Reference:
- https://www.vaultproject.io/api#the-x-vault-request-header
- https://www.vaultproject.io/docs/agent#listener-stanza
- BetterCloud#229
- ianferguson#3
  • Loading branch information
evan-ku committed Mar 16, 2021
1 parent 900ffe9 commit adae42f
Show file tree
Hide file tree
Showing 11 changed files with 45 additions and 6 deletions.
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ apply plugin: 'checkstyle'

group 'com.bettercloud'
archivesBaseName = 'vault-java-driver'
version '5.1.0'
version '5.1.1'
ext.isReleaseVersion = !version.endsWith('SNAPSHOT')

// This project is actually limited to Java 8 compatibility. See below.
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/bettercloud/vault/Vault.java
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,7 @@ private Map<String, String> collectSecretEngineVersions() {
.url(vaultConfig.getAddress() + "/v1/sys/mounts")
.header("X-Vault-Token", vaultConfig.getToken())
.header("X-Vault-Namespace", this.vaultConfig.getNameSpace())
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(vaultConfig.getOpenTimeout())
.readTimeoutSeconds(vaultConfig.getReadTimeout())
.sslVerification(vaultConfig.getSslConfig().isVerify())
Expand Down
15 changes: 15 additions & 0 deletions src/main/java/com/bettercloud/vault/api/Auth.java
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
.url(url)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -414,6 +415,7 @@ public AuthResponse loginByAppID(final String path, final String appId, final St
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + path)
.optionalHeader("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -510,6 +512,7 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + path + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -595,6 +598,7 @@ public AuthResponse loginByUserPass(final String username, final String password
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login/" + username)
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -720,6 +724,7 @@ public AuthResponse loginByAwsEc2(final String role, final String identity, fina
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -797,6 +802,7 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -878,6 +884,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl,
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -965,6 +972,7 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1031,6 +1039,7 @@ public AuthResponse loginByJwt(final String provider, final String role, final S
final RestResponse restResponse = new Rest()
.url(config.getAddress() + "/v1/auth/" + provider + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1173,6 +1182,7 @@ public AuthResponse loginByCert(final String certAuthMount) throws VaultExceptio
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1256,6 +1266,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
.url(config.getAddress() + "/v1/auth/" + mount + "/renew-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1321,6 +1332,7 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
.url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1385,6 +1397,7 @@ public LogicalResponse lookupWrap() throws VaultException {
.url(config.getAddress() + "/v1/sys/wrapping/lookup")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1447,6 +1460,7 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException {
.url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1550,6 +1564,7 @@ public AuthResponse unwrap(final String wrappedToken) throws VaultException {
.url(url)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/bettercloud/vault/api/Debug.java
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ public HealthResponse health(
.url(config.getAddress() + "/v1/" + path)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/com/bettercloud/vault/api/Leases.java
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ public VaultResponse revoke(final String leaseId) throws VaultException {
.url(config.getAddress() + "/v1/sys/leases/revoke/" + leaseId)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -118,6 +119,7 @@ public VaultResponse revokePrefix(final String prefix) throws VaultException {
.url(config.getAddress() + "/v1/sys/revoke-prefix/" + prefix)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -176,6 +178,7 @@ public VaultResponse revokeForce(final String prefix) throws VaultException {
.url(config.getAddress() + "/v1/sys/revoke-force/" + prefix)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -239,6 +242,7 @@ public VaultResponse renew(final String leaseId, final long increment) throws Va
.url(config.getAddress() + "/v1/sys/renew/" + leaseId)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down
8 changes: 8 additions & 0 deletions src/main/java/com/bettercloud/vault/api/Logical.java
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ private LogicalResponse read(final String path, Boolean shouldRetry, final logic
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), operation))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -155,6 +156,7 @@ public LogicalResponse read(final String path, Boolean shouldRetry, final Intege
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), logicalOperations.readV2))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.parameter("version", version.toString())
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -257,6 +259,7 @@ private LogicalResponse write(final String path, final Map<String, Object> nameV
.body(jsonObjectToWriteFromEngineVersion(operation, requestJson).toString().getBytes(StandardCharsets.UTF_8))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -348,6 +351,7 @@ private LogicalResponse delete(final String path, final Logical.logicalOperation
.url(config.getAddress() + "/v1/" + adjustPathForDelete(path, config.getPrefixPathDepth(), operation))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -408,6 +412,7 @@ public LogicalResponse delete(final String path, final int[] versions) throws Va
.url(config.getAddress() + "/v1/" + adjustPathForVersionDelete(path,config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -479,6 +484,7 @@ public LogicalResponse unDelete(final String path, final int[] versions) throws
.url(config.getAddress() + "/v1/" + adjustPathForVersionUnDelete(path,config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -538,6 +544,7 @@ public LogicalResponse destroy(final String path, final int[] versions) throws V
.url(config.getAddress() + "/v1/" + adjustPathForVersionDestroy(path,config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -589,6 +596,7 @@ public LogicalResponse upgrade(final String kvPath) throws VaultException {
.url(config.getAddress() + "/v1/sys/mounts/" + (kvPath.replaceAll("/", "") + "/tune"))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/com/bettercloud/vault/api/Seal.java
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ public void seal() throws VaultException {
.url(config.getAddress() + "/v1/sys/seal")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -108,6 +109,7 @@ public SealResponse unseal(final String key, final Boolean reset) throws VaultEx
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/unseal")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -151,6 +153,7 @@ public SealResponse sealStatus() throws VaultException {
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/seal-status")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
Loading

0 comments on commit adae42f

Please sign in to comment.