Skip to content

Commit

Permalink
Include X-Vault-Request header on all requests
Browse files Browse the repository at this point in the history
  • Loading branch information
ianferguson committed Jan 30, 2021
1 parent 93c7b07 commit acf0c2d
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/main/java/io/ianferguson/vault/Vault.java
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,7 @@ private Map<String, String> collectSecretEngineVersions() {
.url(vaultConfig.getAddress() + "/v1/sys/mounts")
.header("X-Vault-Token", vaultConfig.getToken())
.header("X-Vault-Namespace", this.vaultConfig.getNameSpace())
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(vaultConfig.getOpenTimeout())
.readTimeoutSeconds(vaultConfig.getReadTimeout())
.sslVerification(vaultConfig.getSslConfig().isVerify())
Expand Down
15 changes: 15 additions & 0 deletions src/main/java/io/ianferguson/vault/api/Auth.java
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
.url(url)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -413,6 +414,7 @@ public AuthResponse loginByAppID(final String path, final String appId, final St
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + path)
.optionalHeader("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -509,6 +511,7 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + path + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -594,6 +597,7 @@ public AuthResponse loginByUserPass(final String username, final String password
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login/" + username)
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -719,6 +723,7 @@ public AuthResponse loginByAwsEc2(final String role, final String identity, fina
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -796,6 +801,7 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -877,6 +883,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl,
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -964,6 +971,7 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1030,6 +1038,7 @@ public AuthResponse loginByJwt(final String provider, final String role, final S
final RestResponse restResponse = new Rest()
.url(config.getAddress() + "/v1/auth/" + provider + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1172,6 +1181,7 @@ public AuthResponse loginByCert(final String certAuthMount) throws VaultExceptio
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1255,6 +1265,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
.url(config.getAddress() + "/v1/auth/" + mount + "/renew-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -1320,6 +1331,7 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
.url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1384,6 +1396,7 @@ public LogicalResponse lookupWrap() throws VaultException {
.url(config.getAddress() + "/v1/sys/wrapping/lookup")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1446,6 +1459,7 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException {
.url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -1549,6 +1563,7 @@ public AuthResponse unwrap(final String wrappedToken) throws VaultException {
.url(url)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down
1 change: 1 addition & 0 deletions src/main/java/io/ianferguson/vault/api/Debug.java
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ public HealthResponse health(
.url(config.getAddress() + "/v1/" + path)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/io/ianferguson/vault/api/Leases.java
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ public VaultResponse revoke(final String leaseId) throws VaultException {
.url(config.getAddress() + "/v1/sys/leases/revoke/" + leaseId)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -117,6 +118,7 @@ public VaultResponse revokePrefix(final String prefix) throws VaultException {
.url(config.getAddress() + "/v1/sys/revoke-prefix/" + prefix)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -175,6 +177,7 @@ public VaultResponse revokeForce(final String prefix) throws VaultException {
.url(config.getAddress() + "/v1/sys/revoke-force/" + prefix)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -238,6 +241,7 @@ public VaultResponse renew(final String leaseId, final long increment) throws Va
.url(config.getAddress() + "/v1/sys/renew/" + leaseId)
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down
8 changes: 8 additions & 0 deletions src/main/java/io/ianferguson/vault/api/Logical.java
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ private LogicalResponse read(final String path, Boolean shouldRetry, final logic
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), operation))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -155,6 +156,7 @@ public LogicalResponse read(final String path, Boolean shouldRetry, final Intege
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), logicalOperations.readV2))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.parameter("version", version.toString())
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -257,6 +259,7 @@ private LogicalResponse write(final String path, final Map<String, Object> nameV
.body(jsonObjectToWriteFromEngineVersion(operation, requestJson).toString().getBytes(StandardCharsets.UTF_8))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -348,6 +351,7 @@ private LogicalResponse delete(final String path, final Logical.logicalOperation
.url(config.getAddress() + "/v1/" + adjustPathForDelete(path, config.getPrefixPathDepth(), operation))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -408,6 +412,7 @@ public LogicalResponse delete(final String path, final int[] versions) throws Va
.url(config.getAddress() + "/v1/" + adjustPathForVersionDelete(path,config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -479,6 +484,7 @@ public LogicalResponse unDelete(final String path, final int[] versions) throws
.url(config.getAddress() + "/v1/" + adjustPathForVersionUnDelete(path,config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -538,6 +544,7 @@ public LogicalResponse destroy(final String path, final int[] versions) throws V
.url(config.getAddress() + "/v1/" + adjustPathForVersionDestroy(path,config.getPrefixPathDepth()))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -589,6 +596,7 @@ public LogicalResponse upgrade(final String kvPath) throws VaultException {
.url(config.getAddress() + "/v1/sys/mounts/" + (kvPath.replaceAll("/", "") + "/tune"))
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/io/ianferguson/vault/api/Seal.java
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ public void seal() throws VaultException {
.url(config.getAddress() + "/v1/sys/seal")
.header("X-Vault-Token", config.getToken())
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down Expand Up @@ -108,6 +109,7 @@ public SealResponse unseal(final String key, final Boolean reset) throws VaultEx
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/unseal")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.body(requestJson.getBytes(StandardCharsets.UTF_8))
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
Expand Down Expand Up @@ -151,6 +153,7 @@ public SealResponse sealStatus() throws VaultException {
final RestResponse restResponse = new Rest()//NOPMD
.url(config.getAddress() + "/v1/sys/seal-status")
.header("X-Vault-Namespace", this.nameSpace)
.header("X-Vault-Request", "true")
.connectTimeoutSeconds(config.getOpenTimeout())
.readTimeoutSeconds(config.getReadTimeout())
.sslVerification(config.getSslConfig().isVerify())
Expand Down
Loading

0 comments on commit acf0c2d

Please sign in to comment.