From dcd359a2dc1f4880f299fa9b612584bb707fc5e4 Mon Sep 17 00:00:00 2001 From: Mike Grass Date: Thu, 5 Dec 2019 15:02:07 -0700 Subject: [PATCH 1/2] Add response body to exception for Auth failures Similar to https://github.com/BetterCloud/vault-java-driver/pull/49, including the response body in the exception thrown for auth failures provides information that is helpful for debugging failed logins. Add the response body to the VaultException thrown when an Auth method fails. --- .../java/com/bettercloud/vault/api/Auth.java | 54 ++++++++++++++----- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java index 4b31de8e..41de8b9b 100644 --- a/src/main/java/com/bettercloud/vault/api/Auth.java +++ b/src/main/java/com/bettercloud/vault/api/Auth.java @@ -274,7 +274,9 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -340,7 +342,9 @@ public AuthResponse loginByAppID(final String path, final String appId, final St // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -434,7 +438,9 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -517,7 +523,9 @@ public AuthResponse loginByUserPass(final String username, final String password // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -639,7 +647,9 @@ public AuthResponse loginByAwsEc2(final String role, final String identity, fina // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -715,7 +725,9 @@ public AuthResponse loginByAwsEc2(final String role, final String pkcs7, final S // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -794,7 +806,9 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl, // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -879,7 +893,9 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -943,7 +959,9 @@ public AuthResponse loginByJwt(final String provider, final String role, final S // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -1082,7 +1100,8 @@ public AuthResponse loginByCert(final String certAuthMount) throws VaultExceptio // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); @@ -1165,7 +1184,9 @@ public AuthResponse renewSelf(final long increment, final String tokenAuthMount) // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); if (!mimeType.equals("application/json")) { @@ -1227,7 +1248,9 @@ public LookupResponse lookupSelf(final String tokenAuthMount) throws VaultExcept // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } final String mimeType = restResponse.getMimeType(); if (!"application/json".equals(mimeType)) { @@ -1351,7 +1374,9 @@ public void revokeSelf(final String tokenAuthMount) throws VaultException { // Validate restResponse if (restResponse.getStatus() != 204) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus()); + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), + restResponse.getStatus()); } return; } catch (Exception e) { @@ -1453,7 +1478,8 @@ public AuthResponse unwrap(final String wrappedToken) throws VaultException { // Validate restResponse if (restResponse.getStatus() != 200) { - throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), + throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus() + + "\nResponse body: " + new String(restResponse.getBody(), StandardCharsets.UTF_8), restResponse.getStatus()); } final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType(); From 68b2faabbea6eff61d9269a433c58785c24ddad5 Mon Sep 17 00:00:00 2001 From: Mike Grass Date: Thu, 5 Dec 2019 15:02:29 -0700 Subject: [PATCH 2/2] Fix javadoc and checkstyle errors --- src/main/java/com/bettercloud/vault/VaultConfig.java | 8 ++++---- src/main/java/com/bettercloud/vault/api/Logical.java | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/bettercloud/vault/VaultConfig.java b/src/main/java/com/bettercloud/vault/VaultConfig.java index 29cf4b27..a43c55bc 100644 --- a/src/main/java/com/bettercloud/vault/VaultConfig.java +++ b/src/main/java/com/bettercloud/vault/VaultConfig.java @@ -209,18 +209,18 @@ public VaultConfig readTimeout(final Integer readTimeout) { } /** - *

Set the "path depth" of the prefix path. Normally this is just + *

Set the "path depth" of the prefix path. Normally this is just * 1, to correspond to one path element in the prefix path. To use * a longer prefix path, set this value * * @param prefixPathDepth integer number of path elements in the prefix path */ - public VaultConfig prefixPathDepth(int pathLength) { - if (pathLength < 1) { + public VaultConfig prefixPathDepth(int prefixPathDepth) { + if (prefixPathDepth < 1) { throw new IllegalArgumentException("pathLength must be > 1"); } - this.prefixPathDepth = pathLength; + this.prefixPathDepth = prefixPathDepth; return this; } diff --git a/src/main/java/com/bettercloud/vault/api/Logical.java b/src/main/java/com/bettercloud/vault/api/Logical.java index fb19f020..8f9cbf70 100644 --- a/src/main/java/com/bettercloud/vault/api/Logical.java +++ b/src/main/java/com/bettercloud/vault/api/Logical.java @@ -3,16 +3,13 @@ import com.bettercloud.vault.VaultConfig; import com.bettercloud.vault.VaultException; import com.bettercloud.vault.json.Json; -import com.bettercloud.vault.json.JsonArray; import com.bettercloud.vault.json.JsonObject; import com.bettercloud.vault.response.LogicalResponse; import com.bettercloud.vault.rest.Rest; import com.bettercloud.vault.rest.RestException; import com.bettercloud.vault.rest.RestResponse; import java.nio.charset.StandardCharsets; -import java.util.ArrayList; import java.util.Arrays; -import java.util.List; import java.util.Map; import static com.bettercloud.vault.api.LogicalUtilities.adjustPathForDelete;