3. CredHub操作入门

接口 org.springframework.credhub.core.CredHubOperations 和实现 org.springframework.credhub.core.CredHubTemplate 是 Spring CredHub 的核心类。 CredHubOperations 提供对额外操作接口的访问,这些接口建模完整的 CredHub API:spring-doc.cadn.net.cn

/**
 * Get the operations for saving, retrieving, and deleting credentials.
 */
CredHubCredentialOperations credentials();

/**
 * Get the operations for adding, retrieving, and deleting credential permissions.
 */
CredHubPermissionOperations permissions();

/**
 * Get the operations for adding, retrieving, and deleting credential permissions.
 */
CredHubPermissionV2Operations permissionsV2();

/**
 * Get the operations for retrieving, regenerating, and updating certificates.
 */
CredHubCertificateOperations certificates();

/**
 * Get the operations for interpolating service binding credentials.
 */
CredHubInterpolationOperations interpolation();

/**
 * Get the operations for retrieving CredHub server information.
 */
CredHubInfoOperations info();

3.1. 映射到 CredHub API

每个 0 接口的方法都直接映射到 CredHub HTTP API 的一个端点。 以下表格展示了 CredHub API 与适当的 Spring CredHub Operations 接口之间的映射关系。spring-doc.cadn.net.cn

CredHub Credentials APIspring-doc.cadn.net.cn

CredHubCredentialOperationsspring-doc.cadn.net.cn

凭证Hub 权限 API (v1)spring-doc.cadn.net.cn

CredHubPermissionOperationsspring-doc.cadn.net.cn

凭证Hub 权限 API (v2)spring-doc.cadn.net.cn

CredHubPermissionV2Operationsspring-doc.cadn.net.cn

CredHub 证书 APIspring-doc.cadn.net.cn

CredHubCertificateOperationsspring-doc.cadn.net.cn

CredHub 插值 APIspring-doc.cadn.net.cn

CredHubInterpolationOperationsspring-doc.cadn.net.cn

CredHub Information APIspring-doc.cadn.net.cn

CredHubInfoOperationsspring-doc.cadn.net.cn

3.2. CredHubOperations 自动配置

一个 CredHubOperations Spring bean 在应用程序属性配置得当的情况下,通过 Spring Boot 自动配置创建。 应用程序类可以自动装配该 bean 的一个实例以与 CredHub 服务器交互。spring-doc.cadn.net.cn

/*
 * Copyright 2016-2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.example.credhub;

import org.springframework.credhub.core.CredHubOperations;
import org.springframework.credhub.support.CredentialDetails;
import org.springframework.credhub.support.SimpleCredentialName;
import org.springframework.credhub.support.password.PasswordCredential;
import org.springframework.credhub.support.password.PasswordParameters;
import org.springframework.credhub.support.password.PasswordParametersRequest;
import org.springframework.stereotype.Component;

@Component
public class CredHubService {

	private final CredHubOperations credHubOperations;

	private final SimpleCredentialName credentialName;

	public CredHubService(CredHubOperations credHubOperations) {
		this.credHubOperations = credHubOperations;

		this.credentialName = new SimpleCredentialName("example", "password");
	}

	public String generatePassword() {
		PasswordParameters parameters = PasswordParameters.builder()
			.length(12)
			.excludeLower(false)
			.excludeUpper(false)
			.excludeNumber(false)
			.includeSpecial(true)
			.build();

		CredentialDetails<PasswordCredential> password = this.credHubOperations.credentials()
			.generate(PasswordParametersRequest.builder().name(this.credentialName).parameters(parameters).build());

		return password.getValue().getPassword();
	}

	public String getPassword() {
		CredentialDetails<PasswordCredential> password = this.credHubOperations.credentials()
			.getByName(this.credentialName, PasswordCredential.class);

		return password.getValue().getPassword();
	}

}