From f2d1b5f2a014b61a1e5e1078dad9e75a604539e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= Date: Tue, 31 Jan 2023 15:35:19 +0100 Subject: [PATCH 1/4] upgrade spring boot to 3.0.x --- pom.xml | 25 +++---------------- .../de/koudingspawn/vault/KeyValueTest.java | 14 ++++++----- 2 files changed, 12 insertions(+), 27 deletions(-) diff --git a/pom.xml b/pom.xml index c1504cd..884310b 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ org.springframework.boot spring-boot-starter-parent - 2.7.8 + 3.0.2 @@ -42,7 +42,7 @@ org.springframework.vault spring-vault-core - 2.3.2 + 3.0.0 org.springframework.boot @@ -75,7 +75,7 @@ com.github.tomakehurst wiremock - 2.27.2 + 3.0.0-beta-2 test @@ -103,7 +103,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.8.1 + 3.10.1 17 true @@ -113,21 +113,4 @@ - - - - - - org.springframework.vault - spring-vault-dependencies - 2.3.2 - import - pom - - - - - - - diff --git a/src/test/java/de/koudingspawn/vault/KeyValueTest.java b/src/test/java/de/koudingspawn/vault/KeyValueTest.java index adf2cc0..8f43a50 100644 --- a/src/test/java/de/koudingspawn/vault/KeyValueTest.java +++ b/src/test/java/de/koudingspawn/vault/KeyValueTest.java @@ -8,12 +8,14 @@ import de.koudingspawn.vault.kubernetes.EventHandler; import de.koudingspawn.vault.kubernetes.scheduler.impl.KeyValueRefresh; import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException; -import io.fabric8.kubernetes.api.model.DeletionPropagation; import io.fabric8.kubernetes.api.model.ObjectMetaBuilder; import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; -import org.junit.*; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -84,10 +86,10 @@ public void shouldGenerateSimpleSecretFromVaultCustomResource() { vault.setSpec(vaultSpec); stubFor(get(urlPathMatching("/v1/secret/simple")) - .willReturn(aResponse() - .withStatus(200) - .withHeader("Content-Type", "application/json") - .withBody("{\"request_id\":\"6cc090a8-3821-8244-73e4-5ab62b605587\",\"lease_id\":\"\",\"renewable\":false,\"lease_duration\":2764800,\"data\":{\"key\":\"value\"},\"wrap_info\":null,\"warnings\":null,\"auth\":null}"))); + .willReturn(aResponse() + .withStatus(200) + .withHeader("Content-Type", "application/json") + .withBody("{\"request_id\":\"6cc090a8-3821-8244-73e4-5ab62b605587\",\"lease_id\":\"\",\"renewable\":false,\"lease_duration\":2764800,\"data\":{\"key\":\"value\"},\"wrap_info\":null,\"warnings\":null,\"auth\":null}"))); handler.addHandler(vault); From 008c7b48110d33c45a978ddc8b31cfc918083cdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= Date: Tue, 31 Jan 2023 16:03:06 +0100 Subject: [PATCH 2/4] fix deprecations and code cleanup --- .../java/de/koudingspawn/vault/Constants.java | 10 +- .../AdmissionReviewRestService.java | 6 - .../java/de/koudingspawn/vault/crd/Vault.java | 2 +- .../de/koudingspawn/vault/crd/VaultList.java | 4 +- .../kubernetes/ChangeAdjustmentService.java | 18 +- .../kubernetes/KubernetesConnection.java | 11 +- .../vault/kubernetes/KubernetesService.java | 8 +- .../vault/kubernetes/cache/SecretCache.java | 13 +- .../kubernetes/event/EventNotification.java | 2 +- .../vault/kubernetes/event/EventType.java | 2 +- .../scheduler/ScheduledRefresh.java | 3 - .../vault/vault/impl/EncryptionUtils.java | 6 - .../de/koudingspawn/vault/CertChainTest.java | 152 ++++++------ .../java/de/koudingspawn/vault/CertTest.java | 144 +++++------ .../de/koudingspawn/vault/DockerCfgTest.java | 83 +++---- .../vault/EventNotificationTest.java | 3 +- .../de/koudingspawn/vault/KeyValueTest.java | 5 +- .../de/koudingspawn/vault/KeyValueV2Test.java | 225 +++++++++--------- ...fix.java => OwnerReferenceBugfixTest.java} | 10 +- .../de/koudingspawn/vault/PKIChainTest.java | 36 +-- .../java/de/koudingspawn/vault/PKITest.java | 32 +-- .../de/koudingspawn/vault/PropertiesTest.java | 5 +- .../de/koudingspawn/vault/TestHelper.java | 59 ++--- .../kubernetes/KubernetesServiceTest.java | 22 +- 24 files changed, 440 insertions(+), 421 deletions(-) rename src/test/java/de/koudingspawn/vault/{OwnerReferenceBugfix.java => OwnerReferenceBugfixTest.java} (93%) diff --git a/src/main/java/de/koudingspawn/vault/Constants.java b/src/main/java/de/koudingspawn/vault/Constants.java index 642d6ec..9722e08 100644 --- a/src/main/java/de/koudingspawn/vault/Constants.java +++ b/src/main/java/de/koudingspawn/vault/Constants.java @@ -1,7 +1,11 @@ package de.koudingspawn.vault; public class Constants { - public static String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm'Z'"; - public static String COMPARE_ANNOTATION = "/compare"; - public static String LAST_UPDATE_ANNOTATION = "/lastUpdated"; + + private Constants() { + } + + public static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm'Z'"; + public static final String COMPARE_ANNOTATION = "/compare"; + public static final String LAST_UPDATE_ANNOTATION = "/lastUpdated"; } diff --git a/src/main/java/de/koudingspawn/vault/admissionreview/AdmissionReviewRestService.java b/src/main/java/de/koudingspawn/vault/admissionreview/AdmissionReviewRestService.java index ea74328..787f357 100644 --- a/src/main/java/de/koudingspawn/vault/admissionreview/AdmissionReviewRestService.java +++ b/src/main/java/de/koudingspawn/vault/admissionreview/AdmissionReviewRestService.java @@ -3,10 +3,6 @@ import io.fabric8.kubernetes.api.model.admission.v1.AdmissionResponse; import io.fabric8.kubernetes.api.model.admission.v1.AdmissionReview; import io.fabric8.kubernetes.api.model.admission.v1.AdmissionReviewBuilder; -import io.fabric8.kubernetes.client.dsl.Resource; -import io.fabric8.kubernetes.client.utils.ApiVersionUtil; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -16,8 +12,6 @@ @RequestMapping("/validation/vault-crd") public class AdmissionReviewRestService { - private static final Logger log = LoggerFactory.getLogger(AdmissionReviewRestService.class); - private final AdmissionReviewService admissionReviewService; public AdmissionReviewRestService(AdmissionReviewService admissionReviewService) { diff --git a/src/main/java/de/koudingspawn/vault/crd/Vault.java b/src/main/java/de/koudingspawn/vault/crd/Vault.java index 925edb2..dcb9cb7 100644 --- a/src/main/java/de/koudingspawn/vault/crd/Vault.java +++ b/src/main/java/de/koudingspawn/vault/crd/Vault.java @@ -55,7 +55,7 @@ public boolean modifyHandlerEquals(Object o) { HashMap annotations = new HashMap<>(getMetadata().getAnnotations()); annotations.remove("kubectl.kubernetes.io/last-applied-configuration"); - if (!Objects.equals(vaultAnnotations, annotations)) return false; + return Objects.equals(vaultAnnotations, annotations); } diff --git a/src/main/java/de/koudingspawn/vault/crd/VaultList.java b/src/main/java/de/koudingspawn/vault/crd/VaultList.java index 219172a..7dfb910 100644 --- a/src/main/java/de/koudingspawn/vault/crd/VaultList.java +++ b/src/main/java/de/koudingspawn/vault/crd/VaultList.java @@ -1,6 +1,6 @@ package de.koudingspawn.vault.crd; -import io.fabric8.kubernetes.client.CustomResourceList; +import io.fabric8.kubernetes.api.model.DefaultKubernetesResourceList; -public class VaultList extends CustomResourceList { +public class VaultList extends DefaultKubernetesResourceList { } diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/ChangeAdjustmentService.java b/src/main/java/de/koudingspawn/vault/kubernetes/ChangeAdjustmentService.java index c4ef82b..63468bf 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/ChangeAdjustmentService.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/ChangeAdjustmentService.java @@ -12,7 +12,7 @@ @Service public class ChangeAdjustmentService { - private static final Logger log = LoggerFactory.getLogger(KubernetesService.class); + private static final Logger log = LoggerFactory.getLogger(ChangeAdjustmentService.class); private final KubernetesClient client; @@ -24,15 +24,13 @@ public void handle(Vault resource) { VaultChangeAdjustmentCallback changeAdjustmentCallback = resource.getSpec().getChangeAdjustmentCallback(); if (changeAdjustmentCallback != null && changeAdjustmentCallback.getType() != null && changeAdjustmentCallback.getName() != null) { switch (changeAdjustmentCallback.getType().toLowerCase()) { - case "deployment": - rotateDeployment(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName()); - break; - case "statefulset": - rotateStatefulSet(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName()); - break; - default: - log.info("Currently a change adjustment is only supported for type deployment. Resource {} in namespace {} has type {}", - resource.getMetadata().getName(), resource.getMetadata().getNamespace(), changeAdjustmentCallback.getType()); + case "deployment" -> + rotateDeployment(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName()); + case "statefulset" -> + rotateStatefulSet(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName()); + default -> + log.info("Currently a change adjustment is only supported for type deployment. Resource {} in namespace {} has type {}", + resource.getMetadata().getName(), resource.getMetadata().getNamespace(), changeAdjustmentCallback.getType()); } } else { log.warn("Change adjustment callback for resource {} in namespace {} is invalid!", resource.getMetadata().getName(), resource.getMetadata().getNamespace()); diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesConnection.java b/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesConnection.java index 21d8342..6b432c4 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesConnection.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesConnection.java @@ -3,10 +3,7 @@ import de.koudingspawn.vault.crd.Vault; import de.koudingspawn.vault.crd.VaultList; import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition; -import io.fabric8.kubernetes.client.Config; -import io.fabric8.kubernetes.client.ConfigBuilder; -import io.fabric8.kubernetes.client.DefaultKubernetesClient; -import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.*; import io.fabric8.kubernetes.client.dsl.MixedOperation; import io.fabric8.kubernetes.client.dsl.Resource; import io.fabric8.kubernetes.internal.KubernetesDeserializer; @@ -27,13 +24,15 @@ public class KubernetesConnection { @Profile("development") public KubernetesClient testClient() { Config config = new ConfigBuilder().withMasterUrl("http://localhost:8001").withWatchReconnectLimit(5).build(); - return new DefaultKubernetesClient(config); + return new KubernetesClientBuilder() + .withConfig(config) + .build(); } @Bean @Profile("!development") public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } @Bean diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesService.java b/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesService.java index a850523..ace0402 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesService.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/KubernetesService.java @@ -59,7 +59,7 @@ void createSecret(Vault resource, VaultSecret vaultSecret) { Secret secret = newSecretInstance(resource, vaultSecret); secretCache.invalidate(secret.getMetadata().getNamespace(), secret.getMetadata().getName()); - client.secrets().inNamespace(resource.getMetadata().getNamespace()).create(secret); + client.secrets().inNamespace(resource.getMetadata().getNamespace()).resource(secret).create(); log.info("Created secret for vault resource {} in namespace {}", secret.getMetadata().getName(), secret.getMetadata().getNamespace()); } @@ -86,7 +86,7 @@ void modifySecret(Vault resource, VaultSecret vaultSecret) { secret.setData(vaultSecret.getData()); secretCache.invalidate(resource.getMetadata().getNamespace(), resource.getMetadata().getName()); - secretResource.createOrReplace(secret); + client.secrets().inNamespace(resource.getMetadata().getNamespace()).resource(secret).createOrReplace(); log.info("Modified secret {} in namespace {}", resource.getMetadata().getName(), resource.getMetadata().getNamespace()); } @@ -145,9 +145,7 @@ public boolean hasBrokenOwnerReference(Vault resource) { if (secret.getMetadata() != null && secret.getMetadata().getOwnerReferences() != null && secret.getMetadata().getOwnerReferences().size() == 1) { OwnerReference ownerReference = secret.getMetadata().getOwnerReferences().get(0); - if (ownerReference.getApiVersion().equals(crdName + "/v1")) { - return true; - } + return ownerReference.getApiVersion().equals(crdName + "/v1"); } } diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/cache/SecretCache.java b/src/main/java/de/koudingspawn/vault/kubernetes/cache/SecretCache.java index 552eb9d..9548517 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/cache/SecretCache.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/cache/SecretCache.java @@ -14,7 +14,7 @@ public class SecretCache { private static final Logger log = LoggerFactory.getLogger(SecretCache.class); - private Cache secretResourceCache = Caffeine.newBuilder().build(); + private final Cache secretResourceCache = Caffeine.newBuilder().build(); private final KubernetesClient client; public SecretCache(KubernetesClient client, boolean watch) { @@ -28,23 +28,28 @@ public SecretCache(KubernetesClient client, boolean watch) { public void watcher() { client.secrets().inAnyNamespace().withLabel("vault.koudingspawn.de=vault").inform( new ResourceEventHandler<>() { + + private String cacheKey(String namespace, String name) { + return "%s/%s".formatted(namespace, name); + } + @Override public void onAdd(Secret obj) { - String key = String.format("%s/%s", obj.getMetadata().getNamespace(), obj.getMetadata().getName()); + String key = cacheKey(obj.getMetadata().getNamespace(), obj.getMetadata().getName()); log.debug("Received create secret for {}", key); secretResourceCache.put(key, obj); } @Override public void onUpdate(Secret oldObj, Secret newObj) { - String key = String.format("%s/%s", newObj.getMetadata().getNamespace(), newObj.getMetadata().getName()); + String key = cacheKey(newObj.getMetadata().getNamespace(), newObj.getMetadata().getName()); log.debug("Received update for secret {}", key); secretResourceCache.put(key, newObj); } @Override public void onDelete(Secret obj, boolean deletedFinalStateUnknown) { - String key = String.format("%s/%s", obj.getMetadata().getNamespace(), obj.getMetadata().getName()); + String key = cacheKey(obj.getMetadata().getNamespace(), obj.getMetadata().getName()); log.debug("Invalidate secret cache for {} after delete", key); secretResourceCache.invalidate(key); } diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java b/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java index 832bc5e..725d270 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java @@ -59,7 +59,7 @@ public void storeNewEvent(EventType type, String message, Vault resource) { .build(); try { - client.v1().events().inNamespace(resource.getMetadata().getNamespace()).create(evt); + client.v1().events().resource(evt).create(); } catch (Exception ex) { log.error("Failed to store event for {} in namespace {} next to resource with error", resource.getMetadata().getName(), resource.getMetadata().getNamespace(), ex); diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/event/EventType.java b/src/main/java/de/koudingspawn/vault/kubernetes/event/EventType.java index 711c244..3f36bf3 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/event/EventType.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/event/EventType.java @@ -12,7 +12,7 @@ public enum EventType { private final String type; private final String reason; - private EventType(String type, String reason) { + EventType(String type, String reason) { this.type = type; this.reason = reason; } diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/scheduler/ScheduledRefresh.java b/src/main/java/de/koudingspawn/vault/kubernetes/scheduler/ScheduledRefresh.java index d1de474..1ec3dc0 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/scheduler/ScheduledRefresh.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/scheduler/ScheduledRefresh.java @@ -1,12 +1,9 @@ package de.koudingspawn.vault.kubernetes.scheduler; import de.koudingspawn.vault.crd.Vault; -import de.koudingspawn.vault.crd.VaultList; import de.koudingspawn.vault.kubernetes.EventHandler; import de.koudingspawn.vault.kubernetes.event.EventNotification; import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException; -import io.fabric8.kubernetes.client.dsl.MixedOperation; -import io.fabric8.kubernetes.client.dsl.Resource; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; diff --git a/src/main/java/de/koudingspawn/vault/vault/impl/EncryptionUtils.java b/src/main/java/de/koudingspawn/vault/vault/impl/EncryptionUtils.java index df4f74e..592ff58 100644 --- a/src/main/java/de/koudingspawn/vault/vault/impl/EncryptionUtils.java +++ b/src/main/java/de/koudingspawn/vault/vault/impl/EncryptionUtils.java @@ -74,12 +74,6 @@ private static PrivateKey readPkcs1PrivateKey(byte[] pkcs1Bytes) throws GeneralS return readPkcs8PrivateKey(pkcs8bytes); } - public static String sanitizeJson(String json) { - return json.replace("\n", "") - .replace("\r", "") - .replace("\t", ""); - } - private static byte[] join(byte[] byteArray1, byte[] byteArray2) { byte[] bytes = new byte[byteArray1.length + byteArray2.length]; System.arraycopy(byteArray1, 0, bytes, 0, byteArray1.length); diff --git a/src/test/java/de/koudingspawn/vault/CertChainTest.java b/src/test/java/de/koudingspawn/vault/CertChainTest.java index 84c88da..934b3d4 100644 --- a/src/test/java/de/koudingspawn/vault/CertChainTest.java +++ b/src/test/java/de/koudingspawn/vault/CertChainTest.java @@ -8,12 +8,14 @@ import de.koudingspawn.vault.kubernetes.EventHandler; import de.koudingspawn.vault.kubernetes.scheduler.impl.CertRefresh; import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException; -import io.fabric8.kubernetes.api.model.DeletionPropagation; import io.fabric8.kubernetes.api.model.ObjectMetaBuilder; import io.fabric8.kubernetes.api.model.Secret; -import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; -import org.junit.*; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -40,7 +42,7 @@ public class CertChainTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8206)); @Rule @@ -58,7 +60,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -89,23 +91,24 @@ public void shouldGenerateCertFromVaultResource() { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"ca_chain\": [\"ISSUINGCA\"],\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATE", + "issuing_ca": "ISSUINGCA", + "ca_chain": ["ISSUINGCA"], + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -141,23 +144,24 @@ public void shouldCheckIfCertificateHasChangedAndReturnFalse() throws SecretNotA .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"ca_chain\": [\"ISSUINGCA\"],\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATE", + "issuing_ca": "ISSUINGCA", + "ca_chain": ["ISSUINGCA"], + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -182,23 +186,24 @@ public void shouldCheckIfCertificateHasChangedAndReturnTrue() throws SecretNotAc .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"ca_chain\": [\"ISSUINGCA\"],\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATE", + "issuing_ca": "ISSUINGCA", + "ca_chain": ["ISSUINGCA"], + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); stubFor(get(urlEqualTo("/v1/secret/certificate")) .inScenario("Cert secret change") @@ -206,23 +211,24 @@ public void shouldCheckIfCertificateHasChangedAndReturnTrue() throws SecretNotAc .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATECHANGE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"ca_chain\": [\"ISSUINGCA\"],\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATECHANGE", + "issuing_ca": "ISSUINGCA", + "ca_chain": ["ISSUINGCA"], + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); diff --git a/src/test/java/de/koudingspawn/vault/CertTest.java b/src/test/java/de/koudingspawn/vault/CertTest.java index 6028162..6504f54 100644 --- a/src/test/java/de/koudingspawn/vault/CertTest.java +++ b/src/test/java/de/koudingspawn/vault/CertTest.java @@ -8,12 +8,14 @@ import de.koudingspawn.vault.kubernetes.EventHandler; import de.koudingspawn.vault.kubernetes.scheduler.impl.CertRefresh; import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException; -import io.fabric8.kubernetes.api.model.DeletionPropagation; import io.fabric8.kubernetes.api.model.ObjectMetaBuilder; import io.fabric8.kubernetes.api.model.Secret; -import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; -import org.junit.*; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -40,7 +42,7 @@ public class CertTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8201)); @Rule @@ -58,7 +60,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -89,22 +91,23 @@ public void shouldGenerateCertFromVaultResource() { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATE", + "issuing_ca": "ISSUINGCA", + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -140,22 +143,23 @@ public void shouldCheckIfCertificateHasChangedAndReturnFalse() throws SecretNotA .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATE", + "issuing_ca": "ISSUINGCA", + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -180,22 +184,23 @@ public void shouldCheckIfCertificateHasChangedAndReturnTrue() throws SecretNotAc .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATE", + "issuing_ca": "ISSUINGCA", + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); stubFor(get(urlEqualTo("/v1/secret/certificate")) .inScenario("Cert secret change") @@ -203,22 +208,23 @@ public void shouldCheckIfCertificateHasChangedAndReturnTrue() throws SecretNotAc .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"certificate\": \"CERTIFICATECHANGE\",\n" + - " \"issuing_ca\": \"ISSUINGCA\",\n" + - " \"private_key\": \"PRIVATEKEY\"\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "data": { + "certificate": "CERTIFICATECHANGE", + "issuing_ca": "ISSUINGCA", + "private_key": "PRIVATEKEY" + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); diff --git a/src/test/java/de/koudingspawn/vault/DockerCfgTest.java b/src/test/java/de/koudingspawn/vault/DockerCfgTest.java index 890afc2..cdcb4d2 100644 --- a/src/test/java/de/koudingspawn/vault/DockerCfgTest.java +++ b/src/test/java/de/koudingspawn/vault/DockerCfgTest.java @@ -17,6 +17,7 @@ import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.junit.*; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -46,7 +47,7 @@ public class DockerCfgTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8202)); @Rule @@ -67,7 +68,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -97,21 +98,22 @@ public void shouldGenerateDockerCfgFromVaultResource() throws IOException { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"username\": \"username\",\n" + - " \"password\": \"password\",\n" + - " \"url\": \"hub.docker.com\",\n" + - " \"email\": \"test-user@test.com\"\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "username": "username", + "password": "password", + "url": "hub.docker.com", + "email": "test-user@test.com" + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -210,29 +212,30 @@ public void shouldGenerateDockerCfgV2() throws JsonProcessingException { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"username\": \"username\",\n" + - " \"password\": \"password\",\n" + - " \"url\": \"hub.docker.com\",\n" + - " \"email\": \"test-user@test.com\"\n" + - " },\n" + - " \"metadata\": {\n" + - " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + - " \"deletion_time\": \"\",\n" + - " \"destroyed\": false,\n" + - " \"version\": 1\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "data": { + "username": "username", + "password": "password", + "url": "hub.docker.com", + "email": "test-user@test.com" + }, + "metadata": { + "created_time": "2018-12-10T18:59:53.337997525Z", + "deletion_time": "", + "destroyed": false, + "version": 1 + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); diff --git a/src/test/java/de/koudingspawn/vault/EventNotificationTest.java b/src/test/java/de/koudingspawn/vault/EventNotificationTest.java index 21c5cbd..d88f4f2 100644 --- a/src/test/java/de/koudingspawn/vault/EventNotificationTest.java +++ b/src/test/java/de/koudingspawn/vault/EventNotificationTest.java @@ -6,6 +6,7 @@ import io.fabric8.kubernetes.api.model.ObjectMetaBuilder; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -40,7 +41,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } diff --git a/src/test/java/de/koudingspawn/vault/KeyValueTest.java b/src/test/java/de/koudingspawn/vault/KeyValueTest.java index 8f43a50..24dac9c 100644 --- a/src/test/java/de/koudingspawn/vault/KeyValueTest.java +++ b/src/test/java/de/koudingspawn/vault/KeyValueTest.java @@ -12,6 +12,7 @@ import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; @@ -41,7 +42,7 @@ public class KeyValueTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8209)); @Rule @@ -62,7 +63,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } diff --git a/src/test/java/de/koudingspawn/vault/KeyValueV2Test.java b/src/test/java/de/koudingspawn/vault/KeyValueV2Test.java index 9c2162c..d884f47 100644 --- a/src/test/java/de/koudingspawn/vault/KeyValueV2Test.java +++ b/src/test/java/de/koudingspawn/vault/KeyValueV2Test.java @@ -8,12 +8,14 @@ import de.koudingspawn.vault.kubernetes.EventHandler; import de.koudingspawn.vault.kubernetes.scheduler.impl.KeyValueV2Refresh; import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException; -import io.fabric8.kubernetes.api.model.DeletionPropagation; import io.fabric8.kubernetes.api.model.ObjectMetaBuilder; import io.fabric8.kubernetes.api.model.Secret; -import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; -import org.junit.*; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -41,7 +43,7 @@ public class KeyValueV2Test { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8207)); @Rule @@ -62,7 +64,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -86,29 +88,30 @@ public void shouldGenerateSimpleSecretFromVaultCustomResource() { vault.setSpec(vaultSpec); stubFor(get(urlPathMatching("/v1/secret/data/simple")) - .willReturn(aResponse() - .withStatus(200) - .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"key\": \"value\"\n" + - " },\n" + - " \"metadata\": {\n" + - " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + - " \"deletion_time\": \"\",\n" + - " \"destroyed\": false,\n" + - " \"version\": 1\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .willReturn(aResponse() + .withStatus(200) + .withHeader("Content-Type", "application/json") + .withBody(""" + { + "request_id": "1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "data": { + "key": "value" + }, + "metadata": { + "created_time": "2018-12-10T18:59:53.337997525Z", + "deletion_time": "", + "destroyed": false, + "version": 1 + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -138,26 +141,27 @@ public void shouldCheckIfSimpleSecretHasChangedAndReturnTrue() throws SecretNotA .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"key\": \"value\"\n" + - " },\n" + - " \"metadata\": {\n" + - " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + - " \"deletion_time\": \"\",\n" + - " \"destroyed\": false,\n" + - " \"version\": 1\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "data": { + "key": "value" + }, + "metadata": { + "created_time": "2018-12-10T18:59:53.337997525Z", + "deletion_time": "", + "destroyed": false, + "version": 1 + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); stubFor(get(urlPathMatching("/v1/secret/data/simple")) .inScenario("Vault secret change") @@ -165,26 +169,27 @@ public void shouldCheckIfSimpleSecretHasChangedAndReturnTrue() throws SecretNotA .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"key\": \"value1\"\n" + - " },\n" + - " \"metadata\": {\n" + - " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + - " \"deletion_time\": \"\",\n" + - " \"destroyed\": false,\n" + - " \"version\": 1\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "data": { + "key": "value1" + }, + "metadata": { + "created_time": "2018-12-10T18:59:53.337997525Z", + "deletion_time": "", + "destroyed": false, + "version": 1 + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -205,26 +210,27 @@ public void shouldCheckIfSimpleSecretHasChangedAndReturnFalse() throws SecretNot .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"key\": \"value\"\n" + - " },\n" + - " \"metadata\": {\n" + - " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + - " \"deletion_time\": \"\",\n" + - " \"destroyed\": false,\n" + - " \"version\": 1\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "data": { + "key": "value" + }, + "metadata": { + "created_time": "2018-12-10T18:59:53.337997525Z", + "deletion_time": "", + "destroyed": false, + "version": 1 + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); @@ -245,27 +251,28 @@ public void shouldSupportNestedPath() { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"data\": {\n" + - " \"key\": \"value\",\n" + - " \"nested\": \"value2\"\n" + - " },\n" + - " \"metadata\": {\n" + - " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + - " \"deletion_time\": \"\",\n" + - " \"destroyed\": false,\n" + - " \"version\": 1\n" + - " }\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "1cfee2a6-318a-ea12-f5b5-6fd52d74d2c6", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "data": { + "key": "value", + "nested": "value2" + }, + "metadata": { + "created_time": "2018-12-10T18:59:53.337997525Z", + "deletion_time": "", + "destroyed": false, + "version": 1 + } + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); handler.addHandler(vault); diff --git a/src/test/java/de/koudingspawn/vault/OwnerReferenceBugfix.java b/src/test/java/de/koudingspawn/vault/OwnerReferenceBugfixTest.java similarity index 93% rename from src/test/java/de/koudingspawn/vault/OwnerReferenceBugfix.java rename to src/test/java/de/koudingspawn/vault/OwnerReferenceBugfixTest.java index 21dce5a..56d67b3 100644 --- a/src/test/java/de/koudingspawn/vault/OwnerReferenceBugfix.java +++ b/src/test/java/de/koudingspawn/vault/OwnerReferenceBugfixTest.java @@ -10,8 +10,8 @@ import io.fabric8.kubernetes.api.model.OwnerReference; import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.api.model.SecretBuilder; -import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import io.fabric8.kubernetes.client.dsl.MixedOperation; import io.fabric8.kubernetes.client.dsl.Resource; import org.junit.Before; @@ -41,10 +41,10 @@ } ) -public class OwnerReferenceBugfix { +public class OwnerReferenceBugfixTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8210)); @Rule @@ -65,7 +65,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -113,7 +113,7 @@ public void fixOwnerReference() throws IOException { ) .withData(Collections.singletonMap("key", "dmFsdWU=")) .build(); - client.secrets().inNamespace("default").withName("properties-correct-owner-2").create(secret); + client.secrets().inNamespace("default").resource(secret).create(); handler.addHandler(vault); diff --git a/src/test/java/de/koudingspawn/vault/PKIChainTest.java b/src/test/java/de/koudingspawn/vault/PKIChainTest.java index 3a57973..b5ff206 100644 --- a/src/test/java/de/koudingspawn/vault/PKIChainTest.java +++ b/src/test/java/de/koudingspawn/vault/PKIChainTest.java @@ -14,6 +14,7 @@ import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.junit.*; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -44,7 +45,7 @@ public class PKIChainTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8205)); @Rule @@ -62,7 +63,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -91,21 +92,22 @@ public void shouldGeneratePkiFromVaultChainResource() throws Exception { .withStatus(200) .withHeader("Content-Type", "application/json") .withBody( - String.format("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"certificate\": \"%s\",\n" + - " \"ca_chain\": [\"%s\"],\n" + - " \"issuing_ca\": \"%s\",\n" + - " \"private_key\": \"%s\"\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}", keyPair.getCertificate(), keyPair.getCa_chain().get(0), keyPair.getIssuing_ca(), keyPair.getPrivate_key()) + String.format(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "certificate": "%s", + "ca_chain": ["%s"], + "issuing_ca": "%s", + "private_key": "%s" + }, + "wrap_info": null, + "warnings": null, + "auth": null + }""", keyPair.getCertificate(), keyPair.getCa_chain().get(0), keyPair.getIssuing_ca(), keyPair.getPrivate_key()) ))); handler.addHandler(vaultResource); diff --git a/src/test/java/de/koudingspawn/vault/PKITest.java b/src/test/java/de/koudingspawn/vault/PKITest.java index 2373538..853d470 100644 --- a/src/test/java/de/koudingspawn/vault/PKITest.java +++ b/src/test/java/de/koudingspawn/vault/PKITest.java @@ -14,6 +14,7 @@ import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; @@ -63,7 +64,7 @@ public class PKITest { } @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8204)); @Rule @@ -81,7 +82,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } @@ -111,19 +112,20 @@ public void shouldGeneratePkiFromVaultResource() throws Exception { .withStatus(200) .withHeader("Content-Type", "application/json") .withBody( - String.format("{\n" + - " \"request_id\": \"6cc090a8-3821-8244-73e4-5ab62b605587\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 2764800,\n" + - " \"data\": {\n" + - " \"certificate\": \"%s\",\n" + - " \"private_key\": \"%s\"\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}", keyPair.getCertificate(), keyPair.getPrivate_key()) + String.format(""" + { + "request_id": "6cc090a8-3821-8244-73e4-5ab62b605587", + "lease_id": "", + "renewable": false, + "lease_duration": 2764800, + "data": { + "certificate": "%s", + "private_key": "%s" + }, + "wrap_info": null, + "warnings": null, + "auth": null + }""", keyPair.getCertificate(), keyPair.getPrivate_key()) ))); handler.addHandler(vaultResource); diff --git a/src/test/java/de/koudingspawn/vault/PropertiesTest.java b/src/test/java/de/koudingspawn/vault/PropertiesTest.java index 3e8284b..e6d7320 100644 --- a/src/test/java/de/koudingspawn/vault/PropertiesTest.java +++ b/src/test/java/de/koudingspawn/vault/PropertiesTest.java @@ -16,6 +16,7 @@ import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.junit.*; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -47,7 +48,7 @@ public class PropertiesTest { @ClassRule - public static WireMockClassRule wireMockClassRule = + public static final WireMockClassRule wireMockClassRule = new WireMockClassRule(wireMockConfig().port(8208)); @Rule @@ -68,7 +69,7 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } } diff --git a/src/test/java/de/koudingspawn/vault/TestHelper.java b/src/test/java/de/koudingspawn/vault/TestHelper.java index 6ecba45..eabe5bc 100644 --- a/src/test/java/de/koudingspawn/vault/TestHelper.java +++ b/src/test/java/de/koudingspawn/vault/TestHelper.java @@ -13,33 +13,34 @@ public static void generateLookupSelfStub() { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\n" + - " \"request_id\": \"200ef4ee-7ca7-9d38-2e63-6002454e00d7\",\n" + - " \"lease_id\": \"\",\n" + - " \"renewable\": false,\n" + - " \"lease_duration\": 0,\n" + - " \"data\": {\n" + - " \"accessor\": \"c69c3bd7-c142-c655-2757-77bfdc86b04a\",\n" + - " \"creation_time\": 1536033750,\n" + - " \"creation_ttl\": 0,\n" + - " \"display_name\": \"root\",\n" + - " \"entity_id\": \"\",\n" + - " \"expire_time\": null,\n" + - " \"explicit_max_ttl\": 0,\n" + - " \"id\": \"c73ab0cb-41e6-b89c-7af6-96b36f1ac87b\",\n" + - " \"meta\": null,\n" + - " \"num_uses\": 0,\n" + - " \"orphan\": true,\n" + - " \"path\": \"auth/token/root\",\n" + - " \"policies\": [\n" + - " \"root\"\n" + - " ],\n" + - " \"ttl\": 0\n" + - " },\n" + - " \"wrap_info\": null,\n" + - " \"warnings\": null,\n" + - " \"auth\": null\n" + - "}"))); + .withBody(""" + { + "request_id": "200ef4ee-7ca7-9d38-2e63-6002454e00d7", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "accessor": "c69c3bd7-c142-c655-2757-77bfdc86b04a", + "creation_time": 1536033750, + "creation_ttl": 0, + "display_name": "root", + "entity_id": "", + "expire_time": null, + "explicit_max_ttl": 0, + "id": "c73ab0cb-41e6-b89c-7af6-96b36f1ac87b", + "meta": null, + "num_uses": 0, + "orphan": true, + "path": "auth/token/root", + "policies": [ + "root" + ], + "ttl": 0 + }, + "wrap_info": null, + "warnings": null, + "auth": null + }"""))); } public static void generateKVStup(String path, Map value) { @@ -50,7 +51,7 @@ public static void generateKVStup(String path, Map value) { .willReturn(aResponse() .withStatus(200) .withHeader("Content-Type", "application/json") - .withBody("{\"request_id\":\"6cc090a8-3821-8244-73e4-5ab62b605587\",\"lease_id\":\"\",\"renewable\":false,\"lease_duration\":2764800,\"data\":" + jsonObject.toString() + ",\"wrap_info\":null,\"warnings\":null,\"auth\":null}"))); + .withBody("{\"request_id\":\"6cc090a8-3821-8244-73e4-5ab62b605587\",\"lease_id\":\"\",\"renewable\":false,\"lease_duration\":2764800,\"data\":" + jsonObject + ",\"wrap_info\":null,\"warnings\":null,\"auth\":null}"))); } @@ -68,7 +69,7 @@ public static void generateKV2Stup(String path, Map value) { " \"renewable\": false,\n" + " \"lease_duration\": 0,\n" + " \"data\": {\n" + - " \"data\": " + jsonObject.toString() + ",\n" + + " \"data\": " + jsonObject + ",\n" + " \"metadata\": {\n" + " \"created_time\": \"2018-12-10T18:59:53.337997525Z\",\n" + " \"deletion_time\": \"\",\n" + diff --git a/src/test/java/de/koudingspawn/vault/kubernetes/KubernetesServiceTest.java b/src/test/java/de/koudingspawn/vault/kubernetes/KubernetesServiceTest.java index b73f352..7153969 100644 --- a/src/test/java/de/koudingspawn/vault/kubernetes/KubernetesServiceTest.java +++ b/src/test/java/de/koudingspawn/vault/kubernetes/KubernetesServiceTest.java @@ -6,6 +6,7 @@ import io.fabric8.kubernetes.api.model.*; import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -25,12 +26,12 @@ @RunWith(SpringRunner.class) public class KubernetesServiceTest { - private static String COMPARE = "COMPARE"; - private static String CRDNAME = "CRDNAME"; - private static String CRDGROUP = "CRDGROUP"; + private static final String COMPARE = "COMPARE"; + private static final String CRDNAME = "CRDNAME"; + private static final String CRDGROUP = "CRDGROUP"; - private static String NAMESPACE = "test"; - private static String SECRETNAME = "testsecret"; + private static final String NAMESPACE = "test"; + private static final String SECRETNAME = "testsecret"; @Autowired public KubernetesClient client; @@ -43,9 +44,8 @@ static class KindConfig { @Bean @Primary public KubernetesClient client() { - return new DefaultKubernetesClient(); + return new KubernetesClientBuilder().build(); } - } @Before @@ -54,7 +54,7 @@ public void setUp() { kubernetesService = new KubernetesService(client, secretCache, CRDNAME, CRDGROUP); Namespace ns = new NamespaceBuilder().withMetadata(new ObjectMetaBuilder().withName(NAMESPACE).build()).build(); - client.namespaces().createOrReplace(ns); + client.namespaces().resource(ns).createOrReplace(); } @Test @@ -62,7 +62,7 @@ public void shouldCheckIfResourceExists() { Vault vault = generateVault(); Secret testsecret = generateSecret(); - client.secrets().inNamespace(NAMESPACE).create(testsecret); + client.secrets().inNamespace(NAMESPACE).resource(testsecret).create(); boolean exists = kubernetesService.exists(vault); @@ -96,7 +96,7 @@ public void shouldCreateSecret() { public void shouldDeleteSecret() { Secret secret = generateSecret(); - client.secrets().inNamespace(NAMESPACE).create(secret); + client.secrets().inNamespace(NAMESPACE).resource(secret).create(); assertNotNull(client.secrets().inNamespace(NAMESPACE).withName(SECRETNAME).get()); @@ -108,7 +108,7 @@ public void shouldDeleteSecret() { @Test public void shouldModifySecret() { Secret secret = generateSecret(); - client.secrets().inNamespace(NAMESPACE).create(secret); + client.secrets().inNamespace(NAMESPACE).resource(secret).create(); Vault vault = generateVault(); HashMap data = new HashMap<>(); From c1925bbf6ec948935b9374d1ecfacc6e233a96b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= Date: Tue, 31 Jan 2023 16:06:00 +0100 Subject: [PATCH 3/4] bump deprecations --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/maven.yaml | 4 ++-- .../vault/kubernetes/event/EventNotification.java | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 89fff3d..67dedc5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/maven.yaml b/.github/workflows/maven.yaml index a7bdb29..59c8c1a 100644 --- a/.github/workflows/maven.yaml +++ b/.github/workflows/maven.yaml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v1 - name: Set up JDK 17 - uses: actions/setup-java@v2 + uses: actions/setup-java@v3 with: distribution: 'zulu' java-version: 17 @@ -51,7 +51,7 @@ jobs: needs: test steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 diff --git a/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java b/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java index 725d270..9ff4169 100644 --- a/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java +++ b/src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java @@ -59,7 +59,7 @@ public void storeNewEvent(EventType type, String message, Vault resource) { .build(); try { - client.v1().events().resource(evt).create(); + client.v1().events().inNamespace(resource.getMetadata().getNamespace()).resource(evt).create(); } catch (Exception ex) { log.error("Failed to store event for {} in namespace {} next to resource with error", resource.getMetadata().getName(), resource.getMetadata().getNamespace(), ex); From 32c3c914f5874bd2a00e8d65f7ad29cdacb46802 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= Date: Tue, 31 Jan 2023 16:18:40 +0100 Subject: [PATCH 4/4] fix build in codeql --- .github/workflows/codeql-analysis.yml | 23 ++++++++--------------- .github/workflows/maven.yaml | 2 +- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 67dedc5..ea2495f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,6 +40,13 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: 17 + cache: 'maven' + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 @@ -50,21 +57,7 @@ jobs: # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release + - run: mvn -B package --file pom.xml -Dspring.profiles.active=test -DskipTests - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/maven.yaml b/.github/workflows/maven.yaml index 59c8c1a..66f5310 100644 --- a/.github/workflows/maven.yaml +++ b/.github/workflows/maven.yaml @@ -17,7 +17,7 @@ jobs: - "kindest/node:v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41" steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: Set up JDK 17 uses: actions/setup-java@v3