From e3f2193df2828d97e86178bf70c395f853904101 Mon Sep 17 00:00:00 2001
From: Stefan Kalscheuer <stefan@stklcode.de>
Date: Tue, 20 Nov 2018 11:26:02 +0100
Subject: [PATCH] Add capability to pass options map when writing to Vault

This is required to create or update KV v2 secrets. The existing write
method delegates to the new one with null-value for the options map.
---
 .../jvault/connector/HTTPVaultConnector.java  | 22 +++++++++++++++----
 .../jvault/connector/VaultConnector.java      | 15 ++++++++++++-
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
index 3282834..8e16e6e 100644
--- a/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
@@ -650,15 +650,29 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public final void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
-        if (!isAuthorized())
+    public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options) throws VaultConnectorException {
+        if (!isAuthorized()) {
             throw new AuthorizationRequiredException();
+        }
 
-        if (key == null || key.isEmpty())
+        if (key == null || key.isEmpty()) {
             throw new InvalidRequestException("Secret path must not be empty.");
+        }
 
-        if (!requestPost(key, data).isEmpty())
+        // By default data is directly passed as payload.
+        Object payload = data;
+
+        // If options are given, split payload in two parts.
+        if (options != null) {
+            Map<String, Object> payloadMap = new HashMap<>();
+            payloadMap.put("data", data);
+            payloadMap.put("options", options);
+            payload = payloadMap;
+        }
+
+        if (!requestPost(key, payload).isEmpty()) {
             throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
+        }
     }
 
     @Override
diff --git a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
index 4f690df..5f61e2a 100644
--- a/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
+++ b/src/main/java/de/stklcode/jvault/connector/VaultConnector.java
@@ -474,7 +474,20 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      * @throws VaultConnectorException on error
      * @since 0.5.0
      */
-    void write(final String key, final Map<String, Object> data) throws VaultConnectorException;
+    default void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
+        write(key, data, null);
+    }
+
+    /**
+     * Write value to Vault.
+     *
+     * @param key     Secret path
+     * @param data    Secret content. Value must be be JSON serializable.
+     * @param options Secret options (optional).
+     * @throws VaultConnectorException on error
+     * @since 0.8 {@code options} parameter added
+     */
+    void write(final String key, final Map<String, Object> data, final Map<String, Object> options) throws VaultConnectorException;
 
     /**
      * Write secret to Vault.