Skip to content

Commit 8b35e66

Browse files
evan-kuevan-ku
committed
Add X-Vault-Request header to all REST API calls to support requests setnt to Vault Agent
Only needed if require_request_header = true is added in the vault-agent-config.hcl file. Reference: - https://www.vaultproject.io/api#the-x-vault-request-header - https://www.vaultproject.io/docs/agent#listener-stanza - BetterCloud#229 - ianferguson#3
1 parent 900ffe9 commit 8b35e66

File tree

11 files changed

+45
-6
lines changed

11 files changed

+45
-6
lines changed

build.gradle

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ apply plugin: 'checkstyle'
55

66
group 'com.bettercloud'
77
archivesBaseName = 'vault-java-driver'
8-
version '5.1.0'
8+
version '5.1.1'
99
ext.isReleaseVersion = !version.endsWith('SNAPSHOT')
1010

1111
// This project is actually limited to Java 8 compatibility. See below.

src/main/java/com/bettercloud/vault/Vault.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,6 +255,7 @@ private Map<String, String> collectSecretEngineVersions() {
255255
.url(vaultConfig.getAddress() + "/v1/sys/mounts")
256256
.header("X-Vault-Token", vaultConfig.getToken())
257257
.header("X-Vault-Namespace", this.vaultConfig.getNameSpace())
258+
.header("X-Vault-Request", "true")
258259
.connectTimeoutSeconds(vaultConfig.getOpenTimeout())
259260
.readTimeoutSeconds(vaultConfig.getReadTimeout())
260261
.sslVerification(vaultConfig.getSslConfig().isVerify())

src/main/java/com/bettercloud/vault/api/Auth.java

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -346,6 +346,7 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
346346
.url(url)
347347
.header("X-Vault-Token", config.getToken())
348348
.header("X-Vault-Namespace", this.nameSpace)
349+
.header("X-Vault-Request", "true")
349350
.body(requestJson.getBytes(StandardCharsets.UTF_8))
350351
.connectTimeoutSeconds(config.getOpenTimeout())
351352
.readTimeoutSeconds(config.getReadTimeout())
@@ -414,6 +415,7 @@ public AuthResponse loginByAppID(final String path, final String appId, final St
414415
final RestResponse restResponse = new Rest()//NOPMD
415416
.url(config.getAddress() + "/v1/auth/" + path)
416417
.optionalHeader("X-Vault-Namespace", this.nameSpace)
418+
.header("X-Vault-Request", "true")
417419
.body(requestJson.getBytes(StandardCharsets.UTF_8))
418420
.connectTimeoutSeconds(config.getOpenTimeout())
419421
.readTimeoutSeconds(config.getReadTimeout())
@@ -510,6 +512,7 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final
510512
final RestResponse restResponse = new Rest()//NOPMD
511513
.url(config.getAddress() + "/v1/auth/" + path + "/login")
512514
.header("X-Vault-Namespace", this.nameSpace)
515+
.header("X-Vault-Request", "true")
513516
.body(requestJson.getBytes(StandardCharsets.UTF_8))
514517
.connectTimeoutSeconds(config.getOpenTimeout())
515518
.readTimeoutSeconds(config.getReadTimeout())
@@ -595,6 +598,7 @@ public AuthResponse loginByUserPass(final String username, final String password
595598
final RestResponse restResponse = new Rest()//NOPMD
596599
.url(config.getAddress() + "/v1/auth/" + mount + "/login/" + username)
597600
.header("X-Vault-Namespace", this.nameSpace)
601+
.header("X-Vault-Request", "true")
598602
.body(requestJson.getBytes(StandardCharsets.UTF_8))
599603
.connectTimeoutSeconds(config.getOpenTimeout())
600604
.readTimeoutSeconds(config.getReadTimeout())
@@ -720,6 +724,7 @@ public AuthResponse loginByAwsEc2(final String role, final String identity, fina
720724
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
721725
.body(requestJson.getBytes(StandardCharsets.UTF_8))
722726
.header("X-Vault-Namespace", this.nameSpace)
727+
.header("X-Vault-Request", "true")
723728
.connectTimeoutSeconds(config.getOpenTimeout())
724729
.readTimeoutSeconds(config.getReadTimeout())
725730
.sslVerification(config.getSslConfig().isVerify())
@@ -797,6 +802,7 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S
797802
final RestResponse restResponse = new Rest()//NOPMD
798803
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
799804
.header("X-Vault-Namespace", this.nameSpace)
805+
.header("X-Vault-Request", "true")
800806
.body(requestJson.getBytes(StandardCharsets.UTF_8))
801807
.connectTimeoutSeconds(config.getOpenTimeout())
802808
.readTimeoutSeconds(config.getReadTimeout())
@@ -878,6 +884,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl,
878884
final RestResponse restResponse = new Rest()//NOPMD
879885
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
880886
.header("X-Vault-Namespace", this.nameSpace)
887+
.header("X-Vault-Request", "true")
881888
.body(requestJson.getBytes(StandardCharsets.UTF_8))
882889
.connectTimeoutSeconds(config.getOpenTimeout())
883890
.readTimeoutSeconds(config.getReadTimeout())
@@ -965,6 +972,7 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
965972
final RestResponse restResponse = new Rest()//NOPMD
966973
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
967974
.header("X-Vault-Namespace", this.nameSpace)
975+
.header("X-Vault-Request", "true")
968976
.body(requestJson.getBytes(StandardCharsets.UTF_8))
969977
.connectTimeoutSeconds(config.getOpenTimeout())
970978
.readTimeoutSeconds(config.getReadTimeout())
@@ -1031,6 +1039,7 @@ public AuthResponse loginByJwt(final String provider, final String role, final S
10311039
final RestResponse restResponse = new Rest()
10321040
.url(config.getAddress() + "/v1/auth/" + provider + "/login")
10331041
.header("X-Vault-Namespace", this.nameSpace)
1042+
.header("X-Vault-Request", "true")
10341043
.body(requestJson.getBytes(StandardCharsets.UTF_8))
10351044
.connectTimeoutSeconds(config.getOpenTimeout())
10361045
.readTimeoutSeconds(config.getReadTimeout())
@@ -1173,6 +1182,7 @@ public AuthResponse loginByCert(final String certAuthMount) throws VaultExceptio
11731182
final RestResponse restResponse = new Rest()//NOPMD
11741183
.url(config.getAddress() + "/v1/auth/" + mount + "/login")
11751184
.header("X-Vault-Namespace", this.nameSpace)
1185+
.header("X-Vault-Request", "true")
11761186
.connectTimeoutSeconds(config.getOpenTimeout())
11771187
.readTimeoutSeconds(config.getReadTimeout())
11781188
.sslVerification(config.getSslConfig().isVerify())
@@ -1256,6 +1266,7 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount)
12561266
.url(config.getAddress() + "/v1/auth/" + mount + "/renew-self")
12571267
.header("X-Vault-Token", config.getToken())
12581268
.header("X-Vault-Namespace", this.nameSpace)
1269+
.header("X-Vault-Request", "true")
12591270
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
12601271
.connectTimeoutSeconds(config.getOpenTimeout())
12611272
.readTimeoutSeconds(config.getReadTimeout())
@@ -1321,6 +1332,7 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept
13211332
.url(config.getAddress() + "/v1/auth/" + mount + "/lookup-self")
13221333
.header("X-Vault-Token", config.getToken())
13231334
.header("X-Vault-Namespace", this.nameSpace)
1335+
.header("X-Vault-Request", "true")
13241336
.connectTimeoutSeconds(config.getOpenTimeout())
13251337
.readTimeoutSeconds(config.getReadTimeout())
13261338
.sslVerification(config.getSslConfig().isVerify())
@@ -1385,6 +1397,7 @@ public LogicalResponse lookupWrap() throws VaultException {
13851397
.url(config.getAddress() + "/v1/sys/wrapping/lookup")
13861398
.header("X-Vault-Token", config.getToken())
13871399
.header("X-Vault-Namespace", this.nameSpace)
1400+
.header("X-Vault-Request", "true")
13881401
.connectTimeoutSeconds(config.getOpenTimeout())
13891402
.readTimeoutSeconds(config.getReadTimeout())
13901403
.sslVerification(config.getSslConfig().isVerify())
@@ -1447,6 +1460,7 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException {
14471460
.url(config.getAddress() + "/v1/auth/" + mount + "/revoke-self")
14481461
.header("X-Vault-Token", config.getToken())
14491462
.header("X-Vault-Namespace", this.nameSpace)
1463+
.header("X-Vault-Request", "true")
14501464
.connectTimeoutSeconds(config.getOpenTimeout())
14511465
.readTimeoutSeconds(config.getReadTimeout())
14521466
.sslVerification(config.getSslConfig().isVerify())
@@ -1550,6 +1564,7 @@ public AuthResponse unwrap(final String wrappedToken) throws VaultException {
15501564
.url(url)
15511565
.header("X-Vault-Token", config.getToken())
15521566
.header("X-Vault-Namespace", this.nameSpace)
1567+
.header("X-Vault-Request", "true")
15531568
.body(requestJson.getBytes(StandardCharsets.UTF_8))
15541569
.connectTimeoutSeconds(config.getOpenTimeout())
15551570
.readTimeoutSeconds(config.getReadTimeout())

src/main/java/com/bettercloud/vault/api/Debug.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ public HealthResponse health(
9292
.url(config.getAddress() + "/v1/" + path)
9393
.header("X-Vault-Token", config.getToken())
9494
.header("X-Vault-Namespace", this.nameSpace)
95+
.header("X-Vault-Request", "true")
9596
.connectTimeoutSeconds(config.getOpenTimeout())
9697
.readTimeoutSeconds(config.getReadTimeout())
9798
.sslVerification(config.getSslConfig().isVerify())

src/main/java/com/bettercloud/vault/api/Leases.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ public VaultResponse revoke(final String leaseId) throws VaultException {
6363
.url(config.getAddress() + "/v1/sys/leases/revoke/" + leaseId)
6464
.header("X-Vault-Token", config.getToken())
6565
.header("X-Vault-Namespace", this.nameSpace)
66+
.header("X-Vault-Request", "true")
6667
.connectTimeoutSeconds(config.getOpenTimeout())
6768
.readTimeoutSeconds(config.getReadTimeout())
6869
.sslVerification(config.getSslConfig().isVerify())
@@ -118,6 +119,7 @@ public VaultResponse revokePrefix(final String prefix) throws VaultException {
118119
.url(config.getAddress() + "/v1/sys/revoke-prefix/" + prefix)
119120
.header("X-Vault-Token", config.getToken())
120121
.header("X-Vault-Namespace", this.nameSpace)
122+
.header("X-Vault-Request", "true")
121123
.connectTimeoutSeconds(config.getOpenTimeout())
122124
.readTimeoutSeconds(config.getReadTimeout())
123125
.sslVerification(config.getSslConfig().isVerify())
@@ -176,6 +178,7 @@ public VaultResponse revokeForce(final String prefix) throws VaultException {
176178
.url(config.getAddress() + "/v1/sys/revoke-force/" + prefix)
177179
.header("X-Vault-Token", config.getToken())
178180
.header("X-Vault-Namespace", this.nameSpace)
181+
.header("X-Vault-Request", "true")
179182
.connectTimeoutSeconds(config.getOpenTimeout())
180183
.readTimeoutSeconds(config.getReadTimeout())
181184
.sslVerification(config.getSslConfig().isVerify())
@@ -239,6 +242,7 @@ public VaultResponse renew(final String leaseId, final long increment) throws Va
239242
.url(config.getAddress() + "/v1/sys/renew/" + leaseId)
240243
.header("X-Vault-Token", config.getToken())
241244
.header("X-Vault-Namespace", this.nameSpace)
245+
.header("X-Vault-Request", "true")
242246
.body(increment < 0 ? null : requestJson.getBytes(StandardCharsets.UTF_8))
243247
.connectTimeoutSeconds(config.getOpenTimeout())
244248
.readTimeoutSeconds(config.getReadTimeout())

src/main/java/com/bettercloud/vault/api/Logical.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,7 @@ private LogicalResponse read(final String path, Boolean shouldRetry, final logic
8787
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), operation))
8888
.header("X-Vault-Token", config.getToken())
8989
.header("X-Vault-Namespace", this.nameSpace)
90+
.header("X-Vault-Request", "true")
9091
.connectTimeoutSeconds(config.getOpenTimeout())
9192
.readTimeoutSeconds(config.getReadTimeout())
9293
.sslVerification(config.getSslConfig().isVerify())
@@ -155,6 +156,7 @@ public LogicalResponse read(final String path, Boolean shouldRetry, final Intege
155156
.url(config.getAddress() + "/v1/" + adjustPathForReadOrWrite(path, config.getPrefixPathDepth(), logicalOperations.readV2))
156157
.header("X-Vault-Token", config.getToken())
157158
.header("X-Vault-Namespace", this.nameSpace)
159+
.header("X-Vault-Request", "true")
158160
.parameter("version", version.toString())
159161
.connectTimeoutSeconds(config.getOpenTimeout())
160162
.readTimeoutSeconds(config.getReadTimeout())
@@ -257,6 +259,7 @@ private LogicalResponse write(final String path, final Map<String, Object> nameV
257259
.body(jsonObjectToWriteFromEngineVersion(operation, requestJson).toString().getBytes(StandardCharsets.UTF_8))
258260
.header("X-Vault-Token", config.getToken())
259261
.header("X-Vault-Namespace", this.nameSpace)
262+
.header("X-Vault-Request", "true")
260263
.connectTimeoutSeconds(config.getOpenTimeout())
261264
.readTimeoutSeconds(config.getReadTimeout())
262265
.sslVerification(config.getSslConfig().isVerify())
@@ -348,6 +351,7 @@ private LogicalResponse delete(final String path, final Logical.logicalOperation
348351
.url(config.getAddress() + "/v1/" + adjustPathForDelete(path, config.getPrefixPathDepth(), operation))
349352
.header("X-Vault-Token", config.getToken())
350353
.header("X-Vault-Namespace", this.nameSpace)
354+
.header("X-Vault-Request", "true")
351355
.connectTimeoutSeconds(config.getOpenTimeout())
352356
.readTimeoutSeconds(config.getReadTimeout())
353357
.sslVerification(config.getSslConfig().isVerify())
@@ -408,6 +412,7 @@ public LogicalResponse delete(final String path, final int[] versions) throws Va
408412
.url(config.getAddress() + "/v1/" + adjustPathForVersionDelete(path,config.getPrefixPathDepth()))
409413
.header("X-Vault-Token", config.getToken())
410414
.header("X-Vault-Namespace", this.nameSpace)
415+
.header("X-Vault-Request", "true")
411416
.connectTimeoutSeconds(config.getOpenTimeout())
412417
.readTimeoutSeconds(config.getReadTimeout())
413418
.sslVerification(config.getSslConfig().isVerify())
@@ -479,6 +484,7 @@ public LogicalResponse unDelete(final String path, final int[] versions) throws
479484
.url(config.getAddress() + "/v1/" + adjustPathForVersionUnDelete(path,config.getPrefixPathDepth()))
480485
.header("X-Vault-Token", config.getToken())
481486
.header("X-Vault-Namespace", this.nameSpace)
487+
.header("X-Vault-Request", "true")
482488
.connectTimeoutSeconds(config.getOpenTimeout())
483489
.readTimeoutSeconds(config.getReadTimeout())
484490
.sslVerification(config.getSslConfig().isVerify())
@@ -538,6 +544,7 @@ public LogicalResponse destroy(final String path, final int[] versions) throws V
538544
.url(config.getAddress() + "/v1/" + adjustPathForVersionDestroy(path,config.getPrefixPathDepth()))
539545
.header("X-Vault-Token", config.getToken())
540546
.header("X-Vault-Namespace", this.nameSpace)
547+
.header("X-Vault-Request", "true")
541548
.connectTimeoutSeconds(config.getOpenTimeout())
542549
.readTimeoutSeconds(config.getReadTimeout())
543550
.sslVerification(config.getSslConfig().isVerify())
@@ -589,6 +596,7 @@ public LogicalResponse upgrade(final String kvPath) throws VaultException {
589596
.url(config.getAddress() + "/v1/sys/mounts/" + (kvPath.replaceAll("/", "") + "/tune"))
590597
.header("X-Vault-Token", config.getToken())
591598
.header("X-Vault-Namespace", this.nameSpace)
599+
.header("X-Vault-Request", "true")
592600
.connectTimeoutSeconds(config.getOpenTimeout())
593601
.readTimeoutSeconds(config.getReadTimeout())
594602
.sslVerification(config.getSslConfig().isVerify())

src/main/java/com/bettercloud/vault/api/Seal.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ public void seal() throws VaultException {
4848
.url(config.getAddress() + "/v1/sys/seal")
4949
.header("X-Vault-Token", config.getToken())
5050
.header("X-Vault-Namespace", this.nameSpace)
51+
.header("X-Vault-Request", "true")
5152
.connectTimeoutSeconds(config.getOpenTimeout())
5253
.readTimeoutSeconds(config.getReadTimeout())
5354
.sslVerification(config.getSslConfig().isVerify())
@@ -108,6 +109,7 @@ public SealResponse unseal(final String key, final Boolean reset) throws VaultEx
108109
final RestResponse restResponse = new Rest()//NOPMD
109110
.url(config.getAddress() + "/v1/sys/unseal")
110111
.header("X-Vault-Namespace", this.nameSpace)
112+
.header("X-Vault-Request", "true")
111113
.body(requestJson.getBytes(StandardCharsets.UTF_8))
112114
.connectTimeoutSeconds(config.getOpenTimeout())
113115
.readTimeoutSeconds(config.getReadTimeout())
@@ -151,6 +153,7 @@ public SealResponse sealStatus() throws VaultException {
151153
final RestResponse restResponse = new Rest()//NOPMD
152154
.url(config.getAddress() + "/v1/sys/seal-status")
153155
.header("X-Vault-Namespace", this.nameSpace)
156+
.header("X-Vault-Request", "true")
154157
.connectTimeoutSeconds(config.getOpenTimeout())
155158
.readTimeoutSeconds(config.getReadTimeout())
156159
.sslVerification(config.getSslConfig().isVerify())

0 commit comments

Comments
 (0)