VaultTemplate refactor (#63)

anders-swanson · web-flow · commit 7f78ab767f38 · 2024-07-12T13:23:31.000-07:00
* VaultTemplate
---------

Signed-off-by: Anders Swanson &lt;anders.swanson@oracle.com&gt;
diff --git a/docs/src/main/asciidoc/getting-started.adoc b/docs/src/main/asciidoc/getting-started.adoc
@@ -82,7 +82,7 @@ The following table highlights several samples of the most used integrations in
 | Oracle Autonomous Database
 | https://github.com/oracle/spring-cloud-oci/tree/main/spring-cloud-oci-samples/spring-cloud-oci-adb-samples[spring-cloud-oci-adb-samples]
 
-| Generative AI 
+| Generative AI
 | https://github.com/oracle/spring-cloud-oci/tree/main/spring-cloud-oci-samples/spring-cloud-oci-gen-ai-sample[spring-cloud-oci-gen-ai-sample]
 
 | Vault
diff --git a/docs/src/main/asciidoc/vault.adoc b/docs/src/main/asciidoc/vault.adoc
@@ -28,7 +28,7 @@ dependencies {
 === Using VaultPropertySource
 
 By configuring Vault as a property source, secrets can be dynamically loaded from OCI Vault into the Spring application context.
-For each vault specified as a property source, Spring will inject secrets as properties identified by their name.
+For each Vault specified as a property source, Spring will inject secrets as properties identified by their name.
 
 [source,yaml]
 ----
@@ -58,10 +58,10 @@ spring:
 String secretValue;
 ----
 
-=== Using Vault APIs in an application
+=== Using VaultTemplate
 
-The starter automatically configures and registers an `Vault` bean in the Spring application context.
-The `Vault` bean can be used to create, update, list, and delete secrets in an OCI Vault
+The starter automatically configures and registers an `VaultTemplate` bean in the Spring application context.
+The `VaultTemplate` bean can be used to create, update, list, and delete secrets in an OCI Vault
 
 [source,yaml]
 ----
@@ -81,11 +81,11 @@ spring:
 [source,java]
 ----
 @Autowired
-private Vault vault;
+private VaultTemplate vaultTemplate;
 
 public String getSecretByName(String secretName) {
-    GetSecretBundleByNameResponse bundle = vault.getSecret(secretName);
-    return vault.decodeBundle(bundle);
+    GetSecretBundleByNameResponse bundle = vaultTemplate.getSecret(secretName);
+    return vaultTemplate.decodeBundle(bundle);
 }
 
 ----
diff --git a/spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/vault/VaultAutoConfiguration.java b/spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/vault/VaultAutoConfiguration.java
@@ -27,10 +27,10 @@
  *  {@link com.oracle.cloud.spring.autoconfigure.core.RegionProviderAutoConfiguration}
  *  for loading the Authentication configuration
  *
- * @see Vault
+ * @see VaultTemplate
  */
 @AutoConfiguration
-@ConditionalOnClass({Vault.class})
+@ConditionalOnClass({VaultTemplate.class})
 @EnableConfigurationProperties(VaultProperties.class)
 @ConditionalOnProperty(name = "spring.cloud.oci.vault.enabled", havingValue = "true", matchIfMissing = true)
 public class VaultAutoConfiguration {
@@ -42,9 +42,9 @@ public VaultAutoConfiguration(VaultProperties properties) {
 
     @Bean
     @RefreshScope
-    @ConditionalOnMissingBean(Vault.class)
-    public Vault vault(Vaults vaults, Secrets secrets) {
-        return new VaultImpl(vaults, secrets, properties.getVaultId(), properties.getCompartment());
+    @ConditionalOnMissingBean(VaultTemplate.class)
+    public VaultTemplate vault(Vaults vaults, Secrets secrets) {
+        return new VaultTemplateImpl(vaults, secrets, properties.getVaultId(), properties.getCompartment());
     }
 
     @Bean
diff --git a/spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/vault/VaultEnvironmentPostProcessor.java b/spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/vault/VaultEnvironmentPostProcessor.java
@@ -27,7 +27,7 @@
 
 /**
  * Injects a VaultPropertySource for each OCI Vault property source specified in the application properties.
- * OCI Vault property sources will only be loaded if the com.oracle.cloud.spring.vault.Vault class is on the classpath.
+ * OCI Vault property sources will only be loaded if the com.oracle.cloud.spring.vault.VaulTemplate class is on the classpath.
  */
 public class VaultEnvironmentPostProcessor implements EnvironmentPostProcessor, Ordered {
     @Override
@@ -51,8 +51,8 @@ public void postProcessEnvironment(ConfigurableEnvironment environment, SpringAp
             // Inject VaultPropertySources into the system property sources
             MutablePropertySources propertySources = environment.getPropertySources();
             for (VaultPropertySourceProperties properties : vaultProperties.getPropertySources()) {
-                Vault vault = new VaultImpl(vaultClient, secretsClient, properties.getVaultId(), vaultProperties.getCompartment());
-                VaultPropertyLoader vaultPropertyLoader = new VaultPropertyLoader(vault, vaultProperties.getPropertyRefreshInterval());
+                VaultTemplate vaultTemplate = new VaultTemplateImpl(vaultClient, secretsClient, properties.getVaultId(), vaultProperties.getCompartment());
+                VaultPropertyLoader vaultPropertyLoader = new VaultPropertyLoader(vaultTemplate, vaultProperties.getPropertyRefreshInterval());
                 VaultPropertySource vaultPropertySource = new VaultPropertySource(properties.getVaultId(), vaultPropertyLoader);
                 if (propertySources.contains(SYSTEM_ENVIRONMENT_PROPERTY_SOURCE_NAME)) {
                     propertySources.addAfter(SYSTEM_ENVIRONMENT_PROPERTY_SOURCE_NAME, vaultPropertySource);
@@ -69,7 +69,7 @@ public int getOrder() {
     }
 
     private boolean areClassesLoaded() {
-        return ClassUtils.isPresent("com.oracle.cloud.spring.vault.Vault", VaultEnvironmentPostProcessor.class.getClassLoader());
+        return ClassUtils.isPresent("com.oracle.cloud.spring.vault.VaultTemplate", VaultEnvironmentPostProcessor.class.getClassLoader());
     }
 
     private CredentialsProvider getCredentialsProvider(CredentialsProperties credentialsProperties) {
diff --git a/spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/vault/VaultPropertyLoader.java b/spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/vault/VaultPropertyLoader.java
@@ -16,11 +16,11 @@
 public class VaultPropertyLoader implements AutoCloseable {
     private static Timer timer;
 
-    private final Vault vault;
-    private final Map<String, Object> properties = new LinkedHashMap<>();
+    private final VaultTemplate vaultTemplate;
+    private Map<String, String> properties = new LinkedHashMap<>();
 
-    public VaultPropertyLoader(Vault vault, Duration refresh) {
-        this.vault = vault;
+    public VaultPropertyLoader(VaultTemplate vaultTemplate, Duration refresh) {
+        this.vaultTemplate = vaultTemplate;
         reload();
         long refreshMillis = Optional.ofNullable(refresh)
                 .orElse(Duration.ofMinutes(10))
@@ -54,12 +54,7 @@ String[] getPropertyNames() {
     }
 
     private void reload() {
-        List<SecretSummary> secrets = vault.listSecrets();
-        for (SecretSummary secretSummary : secrets) {
-            GetSecretBundleByNameResponse getSecretResponse = vault.getSecret(secretSummary.getSecretName());
-            String secretValue = vault.decodeBundle(getSecretResponse);
-            properties.put(secretSummary.getSecretName(), secretValue);
-        }
+        properties = vaultTemplate.getAllSecrets();
     }
 
     @Override
diff --git a/spring-cloud-oci-samples/spring-cloud-oci-vault-sample/src/main/java/com/oracle/cloud/spring/sample/vault/springcloudocivaultsample/VaultController.java b/spring-cloud-oci-samples/spring-cloud-oci-vault-sample/src/main/java/com/oracle/cloud/spring/sample/vault/springcloudocivaultsample/VaultController.java
@@ -3,7 +3,7 @@
 package com.oracle.cloud.spring.sample.vault.springcloudocivaultsample;
 
 import com.oracle.bmc.secrets.responses.GetSecretBundleByNameResponse;
-import com.oracle.cloud.spring.vault.Vault;
+import com.oracle.cloud.spring.vault.VaultTemplate;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
@@ -20,16 +20,16 @@ public class VaultController {
     @Value("${mysecret}")
     private String vaultSecretValue;
 
-    private final Vault vault;
+    private final VaultTemplate vaultTemplate;
 
-    public VaultController(Vault vault) {
-        this.vault = vault;
+    public VaultController(VaultTemplate vaultTemplate) {
+        this.vaultTemplate = vaultTemplate;
     }
 
     @GetMapping("secret")
     public ResponseEntity<?> getSecret(@RequestParam String secretName) {
-        GetSecretBundleByNameResponse secret = vault.getSecret(secretName);
-        return ResponseEntity.ok(vault.decodeBundle(secret));
+        GetSecretBundleByNameResponse secret = vaultTemplate.getSecret(secretName);
+        return ResponseEntity.ok(vaultTemplate.decodeBundle(secret));
     }
 
     public String getVaultSecretValue() {
diff --git a/spring-cloud-oci-samples/spring-cloud-oci-vault-sample/src/test/java/com/oracle/cloud/spring/sample/vault/springcloudocivaultsample/VaultTemplateIT.java b/spring-cloud-oci-samples/spring-cloud-oci-vault-sample/src/test/java/com/oracle/cloud/spring/sample/vault/springcloudocivaultsample/VaultTemplateIT.java
@@ -11,7 +11,7 @@
 import com.oracle.bmc.vault.model.SecretSummary;
 import com.oracle.bmc.vault.model.UpdateSecretDetails;
 import com.oracle.bmc.vault.responses.UpdateSecretResponse;
-import com.oracle.cloud.spring.vault.Vault;
+import com.oracle.cloud.spring.vault.VaultTemplate;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -26,9 +26,9 @@
 @SpringBootTest
 @EnabledIfEnvironmentVariable(named = "OCI_COMPARTMENT_ID", matches = ".+")
 @EnabledIfEnvironmentVariable(named = "OCI_VAULT_ID", matches = ".+")
-public class VaultIT {
+public class VaultTemplateIT {
     @Autowired
-    Vault vault;
+    VaultTemplate vaultTemplate;
 
     @Autowired
     VaultController vaultController;
@@ -37,8 +37,8 @@ public class VaultIT {
 
     @Test
     void getSecret() {
-        GetSecretBundleByNameResponse secret = vault.getSecret(secretName);
-        String decoded = vault.decodeBundle(secret);
+        GetSecretBundleByNameResponse secret = vaultTemplate.getSecret(secretName);
+        String decoded = vaultTemplate.decodeBundle(secret);
         assertThat(decoded).isNotNull();
         assertThat(decoded).hasSizeGreaterThan(1);
     }
@@ -50,15 +50,15 @@ void updateSecret() {
                 .content(Base64.getEncoder().encodeToString(content.getBytes()))
                 .name(content)
                 .build();
-        UpdateSecretResponse response = vault.updateSecret(secretName, UpdateSecretDetails.builder()
+        UpdateSecretResponse response = vaultTemplate.updateSecret(secretName, UpdateSecretDetails.builder()
                 .secretContent(contentDetails)
                 .build());
         assertThat(response.getSecret()).isNotNull();
     }
 
     @Test
     void listSecret() {
-        List<SecretSummary> summaries = vault.listSecrets();
+        List<SecretSummary> summaries = vaultTemplate.listSecrets();
         assertThat(summaries).hasSize(1);
     }
 
diff --git a/spring-cloud-oci-vault/src/main/java/com/oracle/cloud/spring/vault/VaultTemplate.java b/spring-cloud-oci-vault/src/main/java/com/oracle/cloud/spring/vault/VaultTemplate.java
@@ -5,6 +5,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.List;
+import java.util.Map;
 
 import com.oracle.bmc.secrets.model.Base64SecretBundleContentDetails;
 import com.oracle.bmc.secrets.model.SecretBundleContentDetails;
@@ -17,17 +18,24 @@
 import com.oracle.bmc.vault.responses.UpdateSecretResponse;
 
 /**
- * The Vault interface defines the API for accessing OCI Vault Service.
+ * The VaultTemplate interface defines the API for accessing OCI Vault Service.
  * Users can retrieve, create, update, list, and delete secrets within an OCI Vault.
  */
-public interface Vault {
+public interface VaultTemplate {
     /**
      * Retrieves a secret by name.
      * @param secretName The name of the secret.
      * @return The secret bundle response.
      */
     GetSecretBundleByNameResponse getSecret(String secretName);
 
+    /**
+     * Retrieve all secrets from the Vault.
+     *
+     * @return A mapping of secret names to secret values.
+     */
+    Map<String, String> getAllSecrets();
+
     /**
      * Lists all secrets in the Vault.
      * @return A list of secret summaries.
diff --git a/spring-cloud-oci-vault/src/main/java/com/oracle/cloud/spring/vault/VaultTemplateImpl.java b/spring-cloud-oci-vault/src/main/java/com/oracle/cloud/spring/vault/VaultTemplateImpl.java
@@ -5,7 +5,9 @@
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 import com.oracle.bmc.secrets.Secrets;
 import com.oracle.bmc.secrets.requests.GetSecretBundleByNameRequest;
@@ -27,17 +29,17 @@
 
 /**
  * Default implementation for Vault interface.
- * @see Vault
+ * @see VaultTemplate
  */
-public class VaultImpl implements Vault {
+public class VaultTemplateImpl implements VaultTemplate {
     private static final SimpleDateFormat DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd");
 
     private final Vaults vaults;
     private final Secrets secrets;
     private final String vaultId;
     private final String compartmentId;
 
-    public VaultImpl(Vaults vaults, Secrets secrets, String vaultId, String compartmentId) {
+    public VaultTemplateImpl(Vaults vaults, Secrets secrets, String vaultId, String compartmentId) {
         Assert.notNull(vaults, "vaults must not be null");
         Assert.notNull(secrets, "secrets must not be null");
         Assert.hasText(vaultId, "vaultId must not be empty");
@@ -63,6 +65,16 @@ public GetSecretBundleByNameResponse getSecret(String secretName) {
         return secrets.getSecretBundleByName(request);
     }
 
+    @Override
+    public Map<String, String> getAllSecrets() {
+        LinkedHashMap<String, String> secrets = new LinkedHashMap<>();
+        for (SecretSummary secretSummary : listSecrets()) {
+            GetSecretBundleByNameResponse bundle = getSecret(secretSummary.getSecretName());
+            secrets.put(secretSummary.getSecretName(), decodeBundle(bundle));
+        }
+        return secrets;
+    }
+
     /**
      * Create a secret.
      * @param secretName The name of the secret being created.
diff --git a/spring-cloud-oci-vault/src/test/java/com/oracle/cloud/spring/vault/VaultTemplateImplTest.java b/spring-cloud-oci-vault/src/test/java/com/oracle/cloud/spring/vault/VaultTemplateImplTest.java
@@ -4,7 +4,6 @@
 
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
-import java.util.Date;
 import java.util.List;
 
 import com.oracle.bmc.secrets.Secrets;
@@ -27,10 +26,10 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-public class VaultImplTest {
+public class VaultTemplateImplTest {
     private Vaults vaults;
     private Secrets secrets;
-    private Vault vault;
+    private VaultTemplate vaultTemplate;
 
     private final String compartmentId = "mycompartment";
     private final String vaultId = "myvault";
@@ -43,7 +42,7 @@ public class VaultImplTest {
     void setUp() {
         vaults = mock(Vaults.class);
         secrets = mock(Secrets.class);
-        vault = new VaultImpl(vaults, secrets, vaultId, compartmentId);
+        vaultTemplate = new VaultTemplateImpl(vaults, secrets, vaultId, compartmentId);
         GetSecretBundleByNameResponse response = GetSecretBundleByNameResponse.builder()
                 .secretBundle(SecretBundle.builder()
                         .secretId(secretName)
@@ -57,29 +56,29 @@ void setUp() {
 
     @Test
     void getSecretBundle() {
-        GetSecretBundleByNameResponse foo = vault.getSecret(secretName);
-        String decoded = vault.decodeBundle(foo);
+        GetSecretBundleByNameResponse foo = vaultTemplate.getSecret(secretName);
+        String decoded = vaultTemplate.decodeBundle(foo);
         assertThat(decoded).isEqualTo(secretValue);
     }
 
     @Test
     void createSecret() {
         when(vaults.createSecret(any())).thenReturn(CreateSecretResponse.builder().build());
-        CreateSecretResponse response = vault.createSecret(secretName, CreateSecretDetails.builder().build());
+        CreateSecretResponse response = vaultTemplate.createSecret(secretName, CreateSecretDetails.builder().build());
         assertThat(response).isNotNull();
     }
 
     @Test
     void scheduleSecretDeletion() {
         when(vaults.scheduleSecretDeletion(any())).thenReturn(ScheduleSecretDeletionResponse.builder().build());
-        ScheduleSecretDeletionResponse response = vault.scheduleSecretDeletion(secretName, 1);
+        ScheduleSecretDeletionResponse response = vaultTemplate.scheduleSecretDeletion(secretName, 1);
         assertThat(response).isNotNull();
     }
 
     @Test
     void updateSecret() {
         when(vaults.updateSecret(any())).thenReturn(UpdateSecretResponse.builder().build());
-        UpdateSecretResponse response = vault.updateSecret(secretName, UpdateSecretDetails.builder().build());
+        UpdateSecretResponse response = vaultTemplate.updateSecret(secretName, UpdateSecretDetails.builder().build());
         assertThat(response).isNotNull();
     }
 
@@ -94,7 +93,7 @@ void listSecrets() {
                 .items(summaries)
                 .build();
         when(vaults.listSecrets(any())).thenReturn(r1).thenReturn(r2);
-        List<SecretSummary> actual = vault.listSecrets();
+        List<SecretSummary> actual = vaultTemplate.listSecrets();
         assertThat(actual).hasSize(2);
     }
 }
