Note the below code and the method sessionManager() where I am adding listener “VaultEventListener” to the session. VaultEventListener class code also provided below. My requirement is that whenever there is error in call to renew the existing token, the vault event listener to be invoked whenever there is token renew error so that I can retry with multiple attampts.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
class SntlVaultGcpIamAuthConfig extends AbstractVaultConfiguration {
static final Logger logger = LogManager.getLogger(SntlVaultGcpIamAuthConfig.class);
@Override
public ClientAuthentication clientAuthentication() {
try {
GoogleCredentials credential = GoogleCredentials.getApplicationDefault();
String account = null;
if (credential instanceof ServiceAccountCredentials) {
account = ((ServiceAccountCredentials) credential).getAccount();
} else if (credential instanceof ComputeEngineCredentials) {
account = ((ComputeEngineCredentials) credential).getAccount();
} else {
logger.fatal(
"Unable to get service account email, Application default GoogleCredentials must be instance of ServiceAccountCredentials or ComputeEngineCredentials");
return null;
}
logger.info("Application running with service account : {}", account);
GcpIamCredentialsAuthenticationOptions options = GcpIamCredentialsAuthenticationOptions.builder()
.role(SntlVaultConfig.getGcpVaultLoginRole()).credentials(credential).serviceAccountId(account)
.build();
GcpIamCredentialsAuthentication authN = new GcpIamCredentialsAuthentication(options, this.restOperations());
return authN;
} catch (IOException | SntlCloudEnvException e) {
logger.fatal( "An exception occurred in setting up GCP IAM authentication for Vault.", e);;
}
return null;
}
@Override
public VaultEndpoint vaultEndpoint() {
VaultEndpoint endPoint = new VaultEndpoint();
try {
endPoint.setHost(SntlVaultConfig.getVaultAddr());
endPoint.setPort(SntlVaultConfig.getVaultPort());
endPoint.setScheme(SntlVaultConfig.getVaultEndPointScheme());
return endPoint;
} catch (SntlCloudEnvException e) {
logger.fatal( "SntlCloudEnvException occurred .", e);
return null;
}
}
@Override
public ClientOptions clientOptions() {
try {
return new ClientOptions(Duration.ofSeconds(SntlVaultConfig.getVaultConnectionTimeout()), Duration.ofSeconds(SntlVaultConfig.getVaultReadTimeout()));
} catch (SntlCloudEnvException e) {
logger.fatal( "SntlCloudEnvException occurred .", e);
return null;
}
}
@Override
@Bean
@Primary
public SessionManager sessionManager() {
boolean retryEnabled = Boolean.parseBoolean(SntlVaultConfig.isRetryTokenRenewal);
int REFRESH_PERIOD_BEFORE_EXPIRY = Integer.parseInt(SntlVaultConfig.refreshBeforeExpiryDuration); //120; // Overrides default which is 5 seconds
ClientAuthentication clientAuthentication = clientAuthentication();
Assert.notNull(clientAuthentication, "ClientAuthentication must not be null");
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger refreshTrigger = new LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger(
REFRESH_PERIOD_BEFORE_EXPIRY, TimeUnit.SECONDS);
LifecycleAwareSessionManager lifecycleAwareSessionManager = new LifecycleAwareSessionManager(clientAuthentication, getVaultThreadPoolTaskScheduler(), restOperations(), refreshTrigger);
lifecycleAwareSessionManager.setLeaseStrategy(LeaseStrategy.retainOnError()); //To-validate
VaultEventListener vaultEventListener = new VaultEventListener();
lifecycleAwareSessionManager.addErrorListener(vaultEventListener);
return lifecycleAwareSessionManager;
}
public class VaultEventListener implements AuthenticationErrorListener {
private static final Logger logger = LoggerFactory.getLogger(VaultEventListener.class);
@Override
public void onAuthenticationError(AuthenticationErrorEvent event) {
logger.info("AuthenticationErrorListener Error Source: {}", event.getSource());
logger.info("AuthenticationErrorListener Exception: {}", event.getException());
if (Boolean.parseBoolean(SntlVaultConfig.isRetryTokenRenewal)) {
AnnotationConfigApplicationContext context = SntlCloudEnvContext.getContext();
SntlVaultGcpIamAuthConfig sntlVaultGcpIamAuthConfig = context.getBean(SntlVaultGcpIamAuthConfig.class);
sntlVaultGcpIamAuthConfig.refreshToken();
}
}
}