Skip to content

Commit

Permalink
fix: only set min_decryption_version
Browse files Browse the repository at this point in the history
  • Loading branch information
meotchwilliams committed Mar 21, 2024
1 parent 7fb65da commit 50901d2
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
import com.bettercloud.vault.response.AuthResponse;
import com.bettercloud.vault.response.LogicalResponse;
import com.bettercloud.vault.response.VaultResponse;
import com.google.common.collect.ImmutableMap;
import com.mx.path.core.common.configuration.Configuration;
import com.mx.path.core.common.lang.Strings;
import com.mx.path.core.common.security.EncryptionService;
Expand Down Expand Up @@ -141,7 +140,6 @@ final Vault buildVaultDriver(@Nullable String authToken) {
.token(authToken)
.engineVersion(configuration.getEngineVersion())
.address(configuration.getUri())
// .sslConfig(new SslConfig().verify(false).build())
.build();

Vault newDriver = new Vault(vaultConfig);
Expand Down Expand Up @@ -203,11 +201,12 @@ final VaultTransitKey loadKey() {
final void setMinDecryptionVersion(int minDecryptionVersion) {
try {
//FIXME should `min_available_version` and `min_decyprtion_version` always be the same and `min_encryption_version` be ahead?
// VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), Collections.singletonMap("min_decryption_version", minDecryptionVersion));
VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), ImmutableMap.of(
"min_decryption_version", minDecryptionVersion,
"min_encryption_version", minDecryptionVersion,
"min_available_version", minDecryptionVersion));
VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName() + "/config", Collections.singletonMap("min_decryption_version", minDecryptionVersion));

// VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName() + "/config", ImmutableMap.of(
// "min_decryption_version", minDecryptionVersion,
// "min_encryption_version", minDecryptionVersion,
// "min_available_version", minDecryptionVersion));
validateVaultOperationResponse(response, "Unable to update vault key");
} catch (RuntimeException e) {
LOGGER.warn("Unable to update vault key", e);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import com.bettercloud.vault.api.Logical
import com.bettercloud.vault.response.AuthResponse
import com.bettercloud.vault.response.LogicalResponse
import com.bettercloud.vault.rest.RestResponse
import com.google.common.collect.ImmutableMap
import com.mx.path.core.common.collection.ObjectMap

import spock.lang.Specification
Expand Down Expand Up @@ -459,10 +458,7 @@ class VaultEncryptionServiceTest extends Specification {
when:
subject.rotateKeys()
verify(logicalDriver).write("transit/keys/" + config.getKeyName() + "/rotate", null)
verify(logicalDriver).write("transit/keys/" + config.getKeyName(), ImmutableMap.of(
"min_decryption_version", 2,
"min_encryption_version", 2,
"min_available_version", 2))
verify(logicalDriver).write("transit/keys/" + config.getKeyName() + "/config", Collections.singletonMap("min_decryption_version", 2))

then:
true
Expand Down Expand Up @@ -507,10 +503,7 @@ class VaultEncryptionServiceTest extends Specification {
subject.setDriver(vaultDriver)

subject.setMinDecryptionVersion(12)
verify(logicalDriver).write("transit/keys/" + config.getKeyName(), ImmutableMap.of(
"min_decryption_version", 12,
"min_encryption_version", 12,
"min_available_version", 12))
verify(logicalDriver).write("transit/keys/" + config.getKeyName() + "/config", Collections.singletonMap("min_decryption_version", 12))

then:
true
Expand Down

0 comments on commit 50901d2

Please sign in to comment.