From 5f331ee18d4a427fa4a4582ea86f033d2b04a51c Mon Sep 17 00:00:00 2001 From: vsevel Date: Thu, 19 Dec 2024 14:35:02 +0100 Subject: [PATCH] handle null values in secrets loaded by the credentials provider --- docs/modules/ROOT/pages/includes/attributes.adoc | 2 +- .../vault/src/test/java/io/quarkus/vault/VaultITCase.java | 2 +- .../io/quarkus/vault/runtime/VaultCredentialsProvider.java | 7 ++++++- .../java/io/quarkus/vault/test/VaultTestExtension.java | 6 +++--- test-framework/src/main/resources/cred-provider.json | 4 ++++ 5 files changed, 15 insertions(+), 6 deletions(-) create mode 100644 test-framework/src/main/resources/cred-provider.json diff --git a/docs/modules/ROOT/pages/includes/attributes.adoc b/docs/modules/ROOT/pages/includes/attributes.adoc index bcfe36df..184bb558 100644 --- a/docs/modules/ROOT/pages/includes/attributes.adoc +++ b/docs/modules/ROOT/pages/includes/attributes.adoc @@ -1,4 +1,4 @@ -:quarkus-version: 3.17.0 +:quarkus-version: 3.17.4 :quarkus-vault-version: 4.1.0 :maven-version: 3.8.1+ diff --git a/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java b/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java index 21780508..fd0d5411 100644 --- a/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java +++ b/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java @@ -91,7 +91,7 @@ public class VaultITCase { String someSecretThroughIndirection; @Test - public void credentialsProvider() throws Exception { + public void credentialsProvider() { Map staticCredentials = credentialsProvider.getCredentials("static"); assertEquals("{" + PASSWORD_PROPERTY_NAME + "=" + DB_PASSWORD + "}", staticCredentials.toString()); diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/VaultCredentialsProvider.java b/runtime/src/main/java/io/quarkus/vault/runtime/VaultCredentialsProvider.java index 3653fa4a..6e56a735 100644 --- a/runtime/src/main/java/io/quarkus/vault/runtime/VaultCredentialsProvider.java +++ b/runtime/src/main/java/io/quarkus/vault/runtime/VaultCredentialsProvider.java @@ -56,7 +56,12 @@ public Map getCredentials(String credentialsProviderName) { } if (config.kvPath().isPresent()) { - String password = vaultKVSecretEngine.readSecret(config.kvPath().get()).get(config.kvKey()); + var val = vaultKVSecretEngine.readSecretJson(config.kvPath().get()); + if (val == null) { + throw new VaultException( + "unable to retrieve credential " + config.kvKey() + " from path " + config.kvPath().get()); + } + String password = String.valueOf(val.get(config.kvKey())); Map result = new HashMap<>(); result.put(PASSWORD_PROPERTY_NAME, password); return result; diff --git a/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java b/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java index 63d265c2..f367180e 100644 --- a/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java +++ b/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java @@ -1,6 +1,5 @@ package io.quarkus.vault.test; -import static io.quarkus.credentials.CredentialsProvider.PASSWORD_PROPERTY_NAME; import static java.lang.Boolean.TRUE; import static java.lang.String.format; import static java.util.regex.Pattern.MULTILINE; @@ -226,6 +225,7 @@ public void start() throws Exception { .withClasspathResourceMapping("vault-postgres-creation.sql", TMP_VAULT_POSTGRES_CREATION_SQL_FILE, READ_ONLY) .withClasspathResourceMapping("secret.json", "/tmp/secret.json", READ_ONLY) .withClasspathResourceMapping("config.json", "/tmp/config.json", READ_ONLY) + .withClasspathResourceMapping("cred-provider.json", "/tmp/cred-provider.json", READ_ONLY) .withClasspathResourceMapping(getTestPluginFilename(), "/vault/plugins/test-plugin", READ_ONLY) .withCommand("server", "-log-level=debug", "-config=" + TMP_VAULT_CONFIG_JSON_FILE); @@ -312,7 +312,7 @@ private void initVault() throws Exception { execVault(format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, APP_SECRET_PATH, SECRET_KEY, SECRET_VALUE)); execVault( format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, LIST_PATH + "/" + LIST_SUB_PATH, SECRET_KEY, SECRET_VALUE)); - execVault(format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, APP_CONFIG_PATH, PASSWORD_PROPERTY_NAME, DB_PASSWORD)); + execVault(format("vault kv put %s/%s @/tmp/cred-provider.json", SECRET_PATH_V1, APP_CONFIG_PATH)); execVault(format("vault kv put %s/foo-json @/tmp/secret.json", SECRET_PATH_V1)); execVault(format("vault kv put %s/config-json @/tmp/config.json", SECRET_PATH_V1)); @@ -321,7 +321,7 @@ private void initVault() throws Exception { execVault(format("vault kv put %s/%s %s=%s", SECRET_PATH_V2, APP_SECRET_PATH, SECRET_KEY, SECRET_VALUE)); execVault( format("vault kv put %s/%s %s=%s", SECRET_PATH_V2, LIST_PATH + "/" + LIST_SUB_PATH, SECRET_KEY, SECRET_VALUE)); - execVault(format("vault kv put %s/%s %s=%s", SECRET_PATH_V2, APP_CONFIG_PATH, PASSWORD_PROPERTY_NAME, DB_PASSWORD)); + execVault(format("vault kv put %s/%s @/tmp/cred-provider.json", SECRET_PATH_V2, APP_CONFIG_PATH)); execVault(format("vault kv put %s/foo-json @/tmp/secret.json", SECRET_PATH_V2)); execVault(format("vault kv put %s/config-json @/tmp/config.json", SECRET_PATH_V2)); diff --git a/test-framework/src/main/resources/cred-provider.json b/test-framework/src/main/resources/cred-provider.json new file mode 100644 index 00000000..a0228c59 --- /dev/null +++ b/test-framework/src/main/resources/cred-provider.json @@ -0,0 +1,4 @@ +{ + "password": "bar", + "mynull": null +} \ No newline at end of file