diff --git a/lowkey-vault-app/README.md b/lowkey-vault-app/README.md index 1a3defd2..c175b8d9 100644 --- a/lowkey-vault-app/README.md +++ b/lowkey-vault-app/README.md @@ -78,6 +78,9 @@ argument. java -jar lowkey-vault-app-.jar --LOWKEY_VAULT_NAMES="name1" --LOWKEY_VAULT_ALIASES="name1.localhost=alias.localhost,localhost=example:" ``` +> [!TIP] +> If your alias does not contain the `` placeholder, then you shouldn't use quotes (`"`) around the alias values. The example uses the quotes only because the `<` and `>` characters have special meaning in the shell. + This command will result in the following aliases as seen in the logs: ``` diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/AppConfiguration.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/AppConfiguration.java index e71cbef9..8e2a2f68 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/AppConfiguration.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/AppConfiguration.java @@ -49,6 +49,11 @@ public VaultService vaultService() throws IOException { @Bean public Function portMapper() { + if (useRelaxedPorts) { + log.info("Using relaxed vault URI matching (ignoring ports)."); + } else { + log.info("Using strict vault URI matching (expecting exact match)."); + } return Optional.of(useRelaxedPorts) .filter(BooleanUtils::isTrue) .map(use -> (Function) uri -> replacePortWith(uri, port)) diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtil.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtil.java index a4923ab8..09416ea9 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtil.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtil.java @@ -24,7 +24,11 @@ public static URI vaultUri(@NonNull final String hostname, final int optionalPor if (optionalPort != DEFAULT_HTTPS_PORT) { builder.append(COLON).append(optionalPort); } - return URI.create(builder.toString()); + final URI result = URI.create(builder.toString()); + if (result.getHost() == null) { + throw new IllegalArgumentException("URI couldn't be parsed: " + builder); + } + return result; } public static URI aliasUri(@NonNull final String vaultAuthority, final int serverPort) { diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImpl.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImpl.java index 92352de0..0b5ac497 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImpl.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImpl.java @@ -53,7 +53,7 @@ public VaultFakeImpl(@NonNull final URI vaultUri, @NonNull final RecoveryLevel r } @Override - public boolean matches(@NonNull final URI vaultUri, final Function uriMapper) { + public boolean matches(@NonNull final URI vaultUri, @NonNull final Function uriMapper) { final URI lookupUri = uriMapper.apply(vaultUri); return uriMapper.apply(this.vaultUri).equals(lookupUri) || this.aliases.stream() .map(uriMapper) diff --git a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtilTest.java b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtilTest.java index 5fffe6e3..8abb85d4 100644 --- a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtilTest.java +++ b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/context/util/VaultUriUtilTest.java @@ -12,6 +12,8 @@ import java.net.URI; import java.util.stream.Stream; +import static com.github.nagyesta.lowkeyvault.TestConstants.TOMCAT_SECURE_PORT; + class VaultUriUtilTest { @SuppressWarnings("checkstyle:MagicNumber") @@ -46,6 +48,13 @@ public static Stream authorityProvider() { .build(); } + public static Stream invalidUriPartsProvider() { + return Stream.builder() + .add(Arguments.of("localhost", -1)) + .add(Arguments.of("demo.127.0.0.1", TOMCAT_SECURE_PORT)) + .build(); + } + @Test void testConstructorShouldThrowExceptionWhenCalled() throws NoSuchMethodException { //given @@ -81,6 +90,18 @@ void testVaultUriShouldThrowExceptionWhenCalledWithNull() { //then + exception } + + @ParameterizedTest + @MethodSource("invalidUriPartsProvider") + void testVaultUriShouldThrowExceptionWhenCalledWithInvalidUriParts(final String hostname, final int port) { + //given + + //when + Assertions.assertThrows(IllegalArgumentException.class, () -> VaultUriUtil.vaultUri(hostname, port)); + + //then + exception + } + @ParameterizedTest @MethodSource("aliasSource") void testAliasUriShouldReplacePortNumberWhenInputContainsPlaceholder( diff --git a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImplTest.java b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImplTest.java index 0f12756c..bbdd4674 100644 --- a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImplTest.java +++ b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultFakeImplTest.java @@ -102,7 +102,7 @@ void testMatchesShouldUseFullMatchWithAnyOfTheAliasesWhenCalled(final URI self, @SuppressWarnings("ConstantConditions") @Test - void testMatchesShouldThrowExceptionWhenCalledWithNull() { + void testMatchesShouldThrowExceptionWhenCalledWithNullUri() { //given final VaultFakeImpl underTest = new VaultFakeImpl(HTTPS_LOCALHOST); @@ -112,6 +112,18 @@ void testMatchesShouldThrowExceptionWhenCalledWithNull() { //then + exception } + @SuppressWarnings("ConstantConditions") + @Test + void testMatchesShouldThrowExceptionWhenCalledWithNullMapper() { + //given + final VaultFakeImpl underTest = new VaultFakeImpl(HTTPS_LOCALHOST); + + //when + Assertions.assertThrows(IllegalArgumentException.class, () -> underTest.matches(HTTPS_LOCALHOST, null)); + + //then + exception + } + @SuppressWarnings("ConstantConditions") @Test void testSetAliasesShouldThrowExceptionWhenCalledWithNull() { diff --git a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultServiceImplTest.java b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultServiceImplTest.java index 7d3ca840..6098626d 100644 --- a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultServiceImplTest.java +++ b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/vault/impl/VaultServiceImplTest.java @@ -370,8 +370,7 @@ void testUpdateAliasShouldThrowExceptionWhenCalledWithInvalidInput( final URI baseUri, final Set aliases, final URI add, final URI remove, final Class expectedException) { //given final VaultServiceImpl underTest = new VaultServiceImpl(Function.identity()); - final VaultFake vaultFake = underTest.create( - baseUri, RecoveryLevel.CUSTOMIZED_RECOVERABLE, RecoveryLevel.MAX_RECOVERABLE_DAYS_INCLUSIVE, aliases); + underTest.create(baseUri, RecoveryLevel.CUSTOMIZED_RECOVERABLE, RecoveryLevel.MAX_RECOVERABLE_DAYS_INCLUSIVE, aliases); //when Assertions.assertThrows(expectedException, () -> underTest.updateAlias(baseUri, add, remove)); @@ -398,7 +397,7 @@ void testUpdateAliasShouldAddAndRemoveAliasesWhenCalledWithValidInput( void testUpdateAliasShouldThrowExceptionWhenVaultNotFound() { //given final VaultServiceImpl underTest = new VaultServiceImpl(Function.identity()); - final VaultFake vaultFake = underTest.create(HTTPS_DEFAULT_LOWKEY_VAULT_8443); + underTest.create(HTTPS_DEFAULT_LOWKEY_VAULT_8443); //when Assertions.assertThrows(NotFoundException.class, () -> underTest.updateAlias(HTTPS_LOCALHOST, HTTPS_LOCALHOST_80, null)); diff --git a/lowkey-vault-docker/README.md b/lowkey-vault-docker/README.md index 84cb775a..7dd0791a 100644 --- a/lowkey-vault-docker/README.md +++ b/lowkey-vault-docker/README.md @@ -72,4 +72,5 @@ container) using a volume. ## ARM builds -Lowkey Vault offers a multi-arch variant using Buildx. You can find the relevant project [here](https://github.com/nagyesta/lowkey-vault-docker-buildx). +> [!TIP] +> Lowkey Vault offers a multi-arch variant using Buildx. You can find the relevant project [here](https://github.com/nagyesta/lowkey-vault-docker-buildx).