Implement update of KV v2 metadata (#16)

2019-03-22 14:40:27 +01:00
parent ab33325b8e
commit dee7ec0b23
3 changed files with 75 additions and 1 deletions
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@ -504,6 +504,19 @@ public class HTTPVaultConnector implements VaultConnector {
        return request.get(mount + PATH_METADATA + key, new HashMap<>(), token, MetadataResponse.class);
    }

+    @Override
+    public void updateSecretMetadata(final String mount, final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException {
+        requireAuth();
+
+        Map<String, Object> payload = new HashMap<>();
+        if (maxVersions != null) {
+            payload.put("max_versions", maxVersions);
+        }
+        payload.put("cas_required", casRequired);
+
+        write(mount + PATH_METADATA + key, payload);
+    }
+
    @Override
    public final SecretVersionResponse writeSecretData(final String mount, final String key, final Map<String, Object> data, final Integer cas) throws VaultConnectorException {
        requireAuth();
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@ -520,7 +520,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {

    /**
     * Retrieve secret metadata from Vault.
-     * Prefix "secret/metadata" is automatically added to key. Only available for KV v2 secrets.
+     * Prefix "metadata" is automatically added to key. Only available for KV v2 secrets.
     *
     * @param mount Secret store mountpoint (without leading or trailing slash).
     * @param key   Secret identifier
@ -530,6 +530,31 @@ public interface VaultConnector extends AutoCloseable, Serializable {
     */
    MetadataResponse readSecretMetadata(final String mount, final String key) throws VaultConnectorException;

+    /**
+     * Update secret metadata.
+     * Prefix "secret/metadata" is automatically added to key. Only available for KV v2 secrets.
+     *
+     * @param key Secret identifier
+     * @throws VaultConnectorException on error
+     * @since 0.8
+     */
+    default void updateSecretMetadata(final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException {
+        updateSecretMetadata(PATH_SECRET, key, maxVersions, casRequired);
+    }
+
+    /**
+     * Update secret metadata.
+     * Prefix "metadata" is automatically added to key. Only available for KV v2 secrets.
+     *
+     * @param mount       Secret store mountpoint (without leading or trailing slash).
+     * @param key         Secret identifier
+     * @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
+     * @param casRequired Specify if Check-And-Set is required for this secret.
+     * @throws VaultConnectorException on error
+     * @since 0.8
+     */
+    void updateSecretMetadata(final String mount, final String key, final Integer maxVersions, final boolean casRequired) throws VaultConnectorException;
+
    /**
     * List available nodes from Vault.
     *