diff --git a/CHANGELOG.md b/CHANGELOG.md index e548494..a267552 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ * Model and response classes implement `Serializable` (#57) * Split `SercretResponse` into `PlainSecretResponse` and `MetaSecretResponse` subclasses (common API unchanged) * Add missing fields to `AuthMethod` model +* Add support for (dis)allowed policy glob patterns in `TokenRole` ### Test * Tested against Vault 1.10.1 diff --git a/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java b/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java index 414d0e1..b078db5 100644 --- a/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java +++ b/src/main/java/de/stklcode/jvault/connector/model/TokenRole.java @@ -34,7 +34,7 @@ import java.util.Objects; */ @JsonIgnoreProperties(ignoreUnknown = true) public final class TokenRole implements Serializable { - private static final long serialVersionUID = -6159563751115867561L; + private static final long serialVersionUID = -3505215215838576321L; /** * Get {@link Builder} instance. @@ -53,10 +53,18 @@ public final class TokenRole implements Serializable { @JsonInclude(JsonInclude.Include.NON_NULL) private List allowedPolicies; + @JsonProperty("allowed_policies_glob") + @JsonInclude(JsonInclude.Include.NON_NULL) + private List allowedPoliciesGlob; + @JsonProperty("disallowed_policies") @JsonInclude(JsonInclude.Include.NON_NULL) private List disallowedPolicies; + @JsonProperty("disallowed_policies_glob") + @JsonInclude(JsonInclude.Include.NON_NULL) + private List disallowedPoliciesGlob; + @JsonProperty("orphan") @JsonInclude(JsonInclude.Include.NON_NULL) private Boolean orphan; @@ -106,7 +114,9 @@ public final class TokenRole implements Serializable { public TokenRole(final Builder builder) { this.name = builder.name; this.allowedPolicies = builder.allowedPolicies; + this.allowedPoliciesGlob = builder.allowedPoliciesGlob; this.disallowedPolicies = builder.disallowedPolicies; + this.disallowedPoliciesGlob = builder.disallowedPoliciesGlob; this.orphan = builder.orphan; this.renewable = builder.renewable; this.pathSuffix = builder.pathSuffix; @@ -133,6 +143,14 @@ public final class TokenRole implements Serializable { return allowedPolicies; } + /** + * @return List of allowed policy glob patterns + * @since 1.1 + */ + public List getAllowedPoliciesGlob() { + return allowedPoliciesGlob; + } + /** * @return List of disallowed policies */ @@ -140,6 +158,14 @@ public final class TokenRole implements Serializable { return disallowedPolicies; } + /** + * @return List of disallowed policy glob patterns + * @since 1.1 + */ + public List getDisallowedPoliciesGlob() { + return disallowedPoliciesGlob; + } + /** * @return Is Token Role orphan? */ @@ -220,7 +246,9 @@ public final class TokenRole implements Serializable { TokenRole tokenRole = (TokenRole) o; return Objects.equals(name, tokenRole.name) && Objects.equals(allowedPolicies, tokenRole.allowedPolicies) && + Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) && Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) && + Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) && Objects.equals(orphan, tokenRole.orphan) && Objects.equals(renewable, tokenRole.renewable) && Objects.equals(pathSuffix, tokenRole.pathSuffix) && @@ -235,9 +263,9 @@ public final class TokenRole implements Serializable { @Override public int hashCode() { - return Objects.hash(name, allowedPolicies, disallowedPolicies, orphan, renewable, pathSuffix, - allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl, tokenNoDefaultPolicy, tokenNumUses, - tokenPeriod, tokenType); + return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob, + orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl, + tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType); } /** @@ -249,7 +277,9 @@ public final class TokenRole implements Serializable { public static final class Builder { private String name; private List allowedPolicies; + private List allowedPoliciesGlob; private List disallowedPolicies; + private List disallowedPoliciesGlob; private Boolean orphan; private Boolean renewable; private String pathSuffix; @@ -304,6 +334,40 @@ public final class TokenRole implements Serializable { return this; } + /** + * Add an allowed policy glob pattern. + * + * @param allowedPolicyGlob allowed policy glob pattern to add + * @return self + * @since 1.1 + */ + public Builder withAllowedPolicyGlob(final String allowedPolicyGlob) { + if (allowedPolicyGlob != null) { + if (this.allowedPoliciesGlob == null) { + this.allowedPoliciesGlob = new ArrayList<>(); + } + this.allowedPoliciesGlob.add(allowedPolicyGlob); + } + return this; + } + + /** + * Add allowed policy glob patterns. + * + * @param allowedPoliciesGlob list of allowed policy glob patterns + * @return self + * @since 1.1 + */ + public Builder withAllowedPoliciesGlob(final List allowedPoliciesGlob) { + if (allowedPoliciesGlob != null) { + if (this.allowedPoliciesGlob == null) { + this.allowedPoliciesGlob = new ArrayList<>(); + } + this.allowedPoliciesGlob.addAll(allowedPoliciesGlob); + } + return this; + } + /** * Add a disallowed policy. * @@ -336,6 +400,40 @@ public final class TokenRole implements Serializable { return this; } + /** + * Add an allowed policy glob pattern. + * + * @param disallowedPolicyGlob disallowed policy glob pattern to add + * @return self + * @since 1.1 + */ + public Builder withDisallowedPolicyGlob(final String disallowedPolicyGlob) { + if (disallowedPolicyGlob != null) { + if (this.disallowedPoliciesGlob == null) { + this.disallowedPoliciesGlob = new ArrayList<>(); + } + this.disallowedPoliciesGlob.add(disallowedPolicyGlob); + } + return this; + } + + /** + * Add disallowed policy glob patterns. + * + * @param disallowedPoliciesGlob list of disallowed policy glob patterns + * @return self + * @since 1.1 + */ + public Builder withDisallowedPoliciesGlob(final List disallowedPoliciesGlob) { + if (disallowedPoliciesGlob != null) { + if (this.disallowedPoliciesGlob == null) { + this.disallowedPoliciesGlob = new ArrayList<>(); + } + this.disallowedPoliciesGlob.addAll(disallowedPoliciesGlob); + } + return this; + } + /** * Set TRUE if the token role should be created orphan. * diff --git a/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java b/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java index 3ce431f..e8135b9 100644 --- a/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java +++ b/src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java @@ -37,10 +37,18 @@ class TokenRoleTest extends AbstractModelTest { private static final String ALLOWED_POLICY_2 = "apol-2"; private static final String ALLOWED_POLICY_3 = "apol-3"; private static final List ALLOWED_POLICIES = Arrays.asList(ALLOWED_POLICY_1, ALLOWED_POLICY_2); + private static final String ALLOWED_POLICY_GLOB_1 = "apol-g1*"; + private static final String ALLOWED_POLICY_GLOB_2 = "apol-g2*"; + private static final String ALLOWED_POLICY_GLOB_3 = "apol-g3*"; + private static final List ALLOWED_POLICIES_GLOB = Arrays.asList(ALLOWED_POLICY_GLOB_2, ALLOWED_POLICY_GLOB_3); private static final String DISALLOWED_POLICY_1 = "dpol-1"; private static final String DISALLOWED_POLICY_2 = "dpol-2"; private static final String DISALLOWED_POLICY_3 = "dpol-3"; private static final List DISALLOWED_POLICIES = Arrays.asList(DISALLOWED_POLICY_2, DISALLOWED_POLICY_3); + private static final String DISALLOWED_POLICY_GLOB_1 = "dpol-g1*"; + private static final String DISALLOWED_POLICY_GLOB_2 = "dpol-g2*"; + private static final String DISALLOWED_POLICY_GLOB_3 = "dpol-g3*"; + private static final List DISALLOWED_POLICIES_GLOB = Arrays.asList(DISALLOWED_POLICY_GLOB_1, DISALLOWED_POLICY_GLOB_2); private static final Boolean ORPHAN = false; private static final Boolean RENEWABLE = true; private static final String PATH_SUFFIX = "ps"; @@ -61,7 +69,9 @@ class TokenRoleTest extends AbstractModelTest { private static final String JSON_FULL = "{" + "\"name\":\"" + NAME + "\"," + "\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," + + "\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," + "\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," + + "\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," + "\"orphan\":" + ORPHAN + "," + "\"renewable\":" + RENEWABLE + "," + "\"path_suffix\":\"" + PATH_SUFFIX + "\"," + @@ -83,8 +93,12 @@ class TokenRoleTest extends AbstractModelTest { .forName(NAME) .withAllowedPolicies(ALLOWED_POLICIES) .withAllowedPolicy(ALLOWED_POLICY_3) + .withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1) + .withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB) .withDisallowedPolicy(DISALLOWED_POLICY_1) .withDisallowedPolicies(DISALLOWED_POLICIES) + .withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB) + .withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3) .orphan(ORPHAN) .renewable(RENEWABLE) .withPathSuffix(PATH_SUFFIX) @@ -175,8 +189,12 @@ class TokenRoleTest extends AbstractModelTest { assertEquals(NAME, role.getName()); assertEquals(ALLOWED_POLICIES.size() + 1, role.getAllowedPolicies().size()); assertTrue(role.getAllowedPolicies().containsAll(List.of(ALLOWED_POLICY_1, ALLOWED_POLICY_2, ALLOWED_POLICY_3))); + assertEquals(ALLOWED_POLICIES_GLOB.size() + 1, role.getAllowedPoliciesGlob().size()); + assertTrue(role.getAllowedPoliciesGlob().containsAll(List.of(ALLOWED_POLICY_GLOB_1, ALLOWED_POLICY_GLOB_2, ALLOWED_POLICY_GLOB_3))); assertEquals(DISALLOWED_POLICIES.size() + 1, role.getDisallowedPolicies().size()); assertTrue(role.getDisallowedPolicies().containsAll(List.of(DISALLOWED_POLICY_1, DISALLOWED_POLICY_2, DISALLOWED_POLICY_3))); + assertEquals(DISALLOWED_POLICIES_GLOB.size() + 1, role.getDisallowedPoliciesGlob().size()); + assertTrue(role.getDisallowedPoliciesGlob().containsAll(List.of(DISALLOWED_POLICY_GLOB_1, DISALLOWED_POLICY_GLOB_2, DISALLOWED_POLICY_GLOB_3))); assertEquals(ORPHAN, role.getOrphan()); assertEquals(RENEWABLE, role.getRenewable()); assertEquals(PATH_SUFFIX, role.getPathSuffix());