/
VaultAppRoleAuthenticator.java
43 lines (36 loc) · 1.42 KB
/
VaultAppRoleAuthenticator.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package com.datapipe.jenkins.vault.jcasc.secrets;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
public class VaultAppRoleAuthenticator extends VaultAuthenticatorWithExpiration {
private final static Logger LOGGER = Logger.getLogger(VaultAppRoleAuthenticator.class.getName());
private String approle;
private String approleSecret;
public VaultAppRoleAuthenticator(String approle, String approleSecret) {
this.approle = approle;
this.approleSecret = approleSecret;
}
public void authenticate(Vault vault, VaultConfig config) throws VaultException {
if (isTokenTTLExpired()) {
// authenticate
currentAuthToken = vault.auth().loginByAppRole(approle, approleSecret).getAuthClientToken();
config.token(currentAuthToken).build();
LOGGER.log(Level.FINE, "Login to Vault using AppRole/SecretID successful");
getTTLExpiryOfCurrentToken(vault);
} else {
// make sure current auth token is set in config
config.token(currentAuthToken).build();
}
}
@Override
public boolean equals(Object o) {
return super.equals(o);
}
@Override
public int hashCode() {
return Objects.hash(approle, approleSecret);
}
}