From 7fe14b6f6c2387487177720f60d3a06ff81207c9 Mon Sep 17 00:00:00 2001 From: chossrutter Date: Fri, 11 May 2018 21:55:53 +0100 Subject: [PATCH 1/2] Added request body to exception thrown when auth methods fail to help troubleshooting problems with auth backend or policy configuration --- .../java/com/bettercloud/vault/api/Auth.java | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java index 0e193c8e..d2dcdac5 100644 --- a/src/main/java/com/bettercloud/vault/api/Auth.java +++ b/src/main/java/com/bettercloud/vault/api/Auth.java @@ -13,7 +13,6 @@ import lombok.Getter; import java.io.Serializable; -import java.net.URI; import java.util.List; import java.util.Map; import java.util.UUID; @@ -225,7 +224,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -290,7 +289,7 @@ public AuthResponse loginByAppID(final String path, final String appId, final St // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -383,7 +382,7 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -466,7 +465,7 @@ public AuthResponse loginByUserPass(final String username, final String password // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -589,7 +588,7 @@ public AuthResponse loginByAwsEc2(final String role, final String identity, fina // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -666,7 +665,7 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -693,6 +692,11 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S } } + private VaultException createFailedRestCallException(RestResponse restResponse) { + return new VaultException(String.format("Vault responded with HTTP status code: %s - Response Body: %s", + restResponse.getStatus(), new String(restResponse.getBody())), restResponse.getStatus()); + } + /** *

Basic login operation to authenticate to a AWS backend using IAM authentication. Example usage:

* From 1cceb6ad1a9e756d39d7b6af512e2cce528b9654 Mon Sep 17 00:00:00 2001 From: chossrutter Date: Thu, 9 Aug 2018 13:40:05 +0100 Subject: [PATCH 2/2] PSEC-180 Adding new detailed exception to correct IAM login call --- src/main/java/com/bettercloud/vault/api/Auth.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java index d2dcdac5..751d47c5 100644 --- a/src/main/java/com/bettercloud/vault/api/Auth.java +++ b/src/main/java/com/bettercloud/vault/api/Auth.java @@ -750,7 +750,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl, // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw createFailedRestCallException(restResponse); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) {