add token_bound_cidrs field to AppRoleSecret model (#110)

2025-09-08 10:25:39 +02:00
parent f79ed98986
commit 15f514f877
3 changed files with 56 additions and 4 deletions
--- a/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java
@@ -32,7 +32,7 @@ import java.util.Objects;
 */
@JsonIgnoreProperties(ignoreUnknown = true)
 public final class AppRoleSecret implements Serializable {
-    private static final long serialVersionUID = -3401074170145792641L;
+    private static final long serialVersionUID = 3079272087137299819L;

    @JsonProperty("secret_id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -47,6 +47,8 @@ public final class AppRoleSecret implements Serializable {

    private List<String> cidrList;

+    private List<String> tokenBoundCidrs;
+
    @JsonProperty(value = "creation_time", access = JsonProperty.Access.WRITE_ONLY)
    private String creationTime;

@@ -137,6 +139,36 @@ public final class AppRoleSecret implements Serializable {
        return String.join(",", cidrList);
    }

+    /**
+     * @return list of bound CIDR subnets of associated tokens
+     * @since 1.5.3
+     */
+    public List<String> getTokenBoundCidrs() {
+        return tokenBoundCidrs;
+    }
+
+    /**
+     * @param boundCidrList list of subnets in CIDR notation to bind role to
+     * @since 1.5.3
+     */
+    @JsonSetter("token_bound_cidrs")
+    public void setTokenBoundCidrs(final List<String> boundCidrList) {
+        this.tokenBoundCidrs = boundCidrList;
+    }
+
+    /**
+     * @return list of subnets in CIDR notation as comma-separated {@link String}
+     * @since 1.5.3
+     */
+    @JsonGetter("token_bound_cidrs")
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    public String getTokenBoundCidrsString() {
+        if (tokenBoundCidrs == null || tokenBoundCidrs.isEmpty()) {
+            return "";
+        }
+        return String.join(",", tokenBoundCidrs);
+    }
+
    /**
     * @return Creation time
     */
@@ -184,6 +216,7 @@ public final class AppRoleSecret implements Serializable {
            Objects.equals(accessor, that.accessor) &&
            Objects.equals(metadata, that.metadata) &&
            Objects.equals(cidrList, that.cidrList) &&
+            Objects.equals(tokenBoundCidrs, that.tokenBoundCidrs) &&
            Objects.equals(creationTime, that.creationTime) &&
            Objects.equals(expirationTime, that.expirationTime) &&
            Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
@@ -193,7 +226,7 @@ public final class AppRoleSecret implements Serializable {

    @Override
    public int hashCode() {
-        return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
-            ttl);
+        return Objects.hash(id, accessor, metadata, cidrList, tokenBoundCidrs, creationTime, expirationTime,
+            lastUpdatedTime, numUses, ttl);
    }
 }
--- a/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java
@@ -39,6 +39,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        "number", 1337
    );
    private static final List<String> TEST_CIDR = List.of("203.0.113.0/24", "198.51.100.0/24");
+    private static final List<String> TEST_TOKEN_CIDR = List.of("192.0.2.0/24", "198.51.100.0/24");

    AppRoleSecretTest() {
        super(AppRoleSecret.class);
@@ -61,6 +62,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        assertNull(secret.getMetadata());
        assertNull(secret.getCidrList());
        assertEquals("", secret.getCidrListString());
+        assertNull(secret.getTokenBoundCidrs());
+        assertEquals("", secret.getTokenBoundCidrsString());
        assertNull(secret.getCreationTime());
        assertNull(secret.getExpirationTime());
        assertNull(secret.getLastUpdatedTime());
@@ -74,6 +77,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        assertNull(secret.getMetadata());
        assertNull(secret.getCidrList());
        assertEquals("", secret.getCidrListString());
+        assertNull(secret.getTokenBoundCidrs());
+        assertEquals("", secret.getTokenBoundCidrsString());
        assertNull(secret.getCreationTime());
        assertNull(secret.getExpirationTime());
        assertNull(secret.getLastUpdatedTime());
@@ -87,6 +92,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        assertEquals(TEST_META, secret.getMetadata());
        assertEquals(TEST_CIDR, secret.getCidrList());
        assertEquals(String.join(",", TEST_CIDR), secret.getCidrListString());
+        assertNull(secret.getTokenBoundCidrs());
+        assertEquals("", secret.getTokenBoundCidrsString());
        assertNull(secret.getCreationTime());
        assertNull(secret.getExpirationTime());
        assertNull(secret.getLastUpdatedTime());
@@ -108,6 +115,15 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
        secret.setCidrList(null);
        assertNull(secret.getCidrList());
        assertEquals("", secret.getCidrListString());
+
+        assertNull(secret.getTokenBoundCidrs());
+        assertEquals("", secret.getTokenBoundCidrsString());
+        secret.setTokenBoundCidrs(TEST_TOKEN_CIDR);
+        assertEquals(TEST_TOKEN_CIDR, secret.getTokenBoundCidrs());
+        assertEquals(String.join(",", TEST_TOKEN_CIDR), secret.getTokenBoundCidrsString());
+        secret.setTokenBoundCidrs(null);
+        assertNull(secret.getTokenBoundCidrs());
+        assertEquals("", secret.getTokenBoundCidrsString());
    }

    /**
@@ -159,7 +175,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {

        // Those fields should be deserialized from JSON though.
        String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
-            "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
+            "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"cidr_list\":[\"192.0.2.0/24\",\"198.51.100.0/24\"]," +
+            "\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
            "\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
            "\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
        secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
@@ -181,6 +198,7 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {

    private static String commaSeparatedToList(String json) {
        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
+            .replaceAll("\"token_bound_cidrs\":\"([^\"]*)\"", "\"token_bound_cidrs\":[$1]")
            .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
    }
 }