fix: add vault printouts and adjust tests

set min_encryption_version and min_available_version too
mxenabled · Mar 21, 2024 · 7fb65da · 7fb65da
1 parent e5ffd66
commit 7fb65da
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 13 deletions.
diff --git a/...ult/src/main/java/com/mx/path/service/facility/security/vault/VaultEncryptionService.java b/...ult/src/main/java/com/mx/path/service/facility/security/vault/VaultEncryptionService.java
@@ -1,27 +1,24 @@
 package com.mx.path.service.facility.security.vault;
 
 import java.nio.charset.StandardCharsets;
-import java.time.LocalDateTime;
-import java.time.ZoneOffset;
 import java.util.Base64;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
 
 import javax.annotation.Nullable;
 
-import com.google.common.collect.ImmutableMap;
 import lombok.Getter;
 import lombok.Setter;
 
-import com.bettercloud.vault.SslConfig;
 import com.bettercloud.vault.Vault;
 import com.bettercloud.vault.VaultConfig;
 import com.bettercloud.vault.VaultException;
 import com.bettercloud.vault.json.JsonObject;
 import com.bettercloud.vault.response.AuthResponse;
 import com.bettercloud.vault.response.LogicalResponse;
 import com.bettercloud.vault.response.VaultResponse;
+import com.google.common.collect.ImmutableMap;
 import com.mx.path.core.common.configuration.Configuration;
 import com.mx.path.core.common.lang.Strings;
 import com.mx.path.core.common.security.EncryptionService;
@@ -144,7 +141,7 @@ final Vault buildVaultDriver(@Nullable String authToken) {
           .token(authToken)
           .engineVersion(configuration.getEngineVersion())
           .address(configuration.getUri())
-//          .sslConfig(new SslConfig().verify(false).build())
+          //          .sslConfig(new SslConfig().verify(false).build())
           .build();
 
       Vault newDriver = new Vault(vaultConfig);
@@ -205,14 +202,12 @@ final VaultTransitKey loadKey() {
    */
   final void setMinDecryptionVersion(int minDecryptionVersion) {
     try {
-      //FIXME this is not setting `min_encryption_version` or `min_available_version`
       //FIXME should `min_available_version` and `min_decyprtion_version` always be the same and `min_encryption_version` be ahead?
-//      VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), Collections.singletonMap("min_decryption_version", minDecryptionVersion));
+      //            VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), Collections.singletonMap("min_decryption_version", minDecryptionVersion));
       VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), ImmutableMap.of(
-             "min_decryption_version", minDecryptionVersion,
-             "min_encryption_version", minDecryptionVersion,
-              "min_available_version", minDecryptionVersion
-      ));
+          "min_decryption_version", minDecryptionVersion,
+          "min_encryption_version", minDecryptionVersion,
+          "min_available_version", minDecryptionVersion));
       validateVaultOperationResponse(response, "Unable to update vault key");
     } catch (RuntimeException e) {
       LOGGER.warn("Unable to update vault key", e);

diff --git a/...test/groovy/com/mx/path/service/facility/security/vault/VaultEncryptionServiceTest.groovy b/...test/groovy/com/mx/path/service/facility/security/vault/VaultEncryptionServiceTest.groovy
@@ -18,6 +18,7 @@ import com.bettercloud.vault.api.Logical
 import com.bettercloud.vault.response.AuthResponse
 import com.bettercloud.vault.response.LogicalResponse
 import com.bettercloud.vault.rest.RestResponse
+import com.google.common.collect.ImmutableMap
 import com.mx.path.core.common.collection.ObjectMap
 
 import spock.lang.Specification
@@ -458,7 +459,10 @@ class VaultEncryptionServiceTest extends Specification {
     when:
     subject.rotateKeys()
     verify(logicalDriver).write("transit/keys/" + config.getKeyName() + "/rotate", null)
-    verify(logicalDriver).write("transit/keys/" + config.getKeyName(), Collections.singletonMap("min_decryption_version", 2))
+    verify(logicalDriver).write("transit/keys/" + config.getKeyName(), ImmutableMap.of(
+        "min_decryption_version", 2,
+        "min_encryption_version", 2,
+        "min_available_version", 2))
 
     then:
     true
@@ -503,7 +507,10 @@ class VaultEncryptionServiceTest extends Specification {
     subject.setDriver(vaultDriver)
 
     subject.setMinDecryptionVersion(12)
-    verify(logicalDriver).write("transit/keys/" + config.getKeyName(), Collections.singletonMap("min_decryption_version", 12))
+    verify(logicalDriver).write("transit/keys/" + config.getKeyName(), ImmutableMap.of(
+        "min_decryption_version", 12,
+        "min_encryption_version", 12,
+        "min_available_version", 12))
 
     then:
     true