model: add support for (dis)allowed policy glob patterns in TokenRole

CHANGELOG.md

@@ -10,6 +10,7 @@
 * Model and response classes implement `Serializable` (#57)
 * Split `SercretResponse`  into `PlainSecretResponse` and `MetaSecretResponse` subclasses (common API unchanged)
 * Add missing fields to `AuthMethod` model
+* Add support for (dis)allowed policy glob patterns in `TokenRole`
 
 ### Test
 * Tested against Vault 1.10.1

src/main/java/de/stklcode/jvault/connector/model/TokenRole.java

@@ -34,7 +34,7 @@ import java.util.Objects;
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenRole implements Serializable {
-    private static final long serialVersionUID = -6159563751115867561L;
+    private static final long serialVersionUID = -3505215215838576321L;
 
     /**
      * Get {@link Builder} instance.
@@ -53,10 +53,18 @@ public final class TokenRole implements Serializable {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private List<String> allowedPolicies;
 
+    @JsonProperty("allowed_policies_glob")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private List<String> allowedPoliciesGlob;
+
     @JsonProperty("disallowed_policies")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private List<String> disallowedPolicies;
 
+    @JsonProperty("disallowed_policies_glob")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private List<String> disallowedPoliciesGlob;
+
     @JsonProperty("orphan")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Boolean orphan;
@@ -106,7 +114,9 @@ public final class TokenRole implements Serializable {
     public TokenRole(final Builder builder) {
         this.name = builder.name;
         this.allowedPolicies = builder.allowedPolicies;
+        this.allowedPoliciesGlob = builder.allowedPoliciesGlob;
         this.disallowedPolicies = builder.disallowedPolicies;
+        this.disallowedPoliciesGlob = builder.disallowedPoliciesGlob;
         this.orphan = builder.orphan;
         this.renewable = builder.renewable;
         this.pathSuffix = builder.pathSuffix;
@@ -133,6 +143,14 @@ public final class TokenRole implements Serializable {
         return allowedPolicies;
     }
 
+    /**
+     * @return List of allowed policy glob patterns
+     * @since 1.1
+     */
+    public List<String> getAllowedPoliciesGlob() {
+        return allowedPoliciesGlob;
+    }
+
     /**
      * @return List of disallowed policies
      */
@@ -140,6 +158,14 @@ public final class TokenRole implements Serializable {
         return disallowedPolicies;
     }
 
+    /**
+     * @return List of disallowed policy glob patterns
+     * @since 1.1
+     */
+    public List<String> getDisallowedPoliciesGlob() {
+        return disallowedPoliciesGlob;
+    }
+
     /**
      * @return Is Token Role orphan?
      */
@@ -220,7 +246,9 @@ public final class TokenRole implements Serializable {
         TokenRole tokenRole = (TokenRole) o;
         return Objects.equals(name, tokenRole.name) &&
                 Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
+                Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
                 Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
+                Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
                 Objects.equals(orphan, tokenRole.orphan) &&
                 Objects.equals(renewable, tokenRole.renewable) &&
                 Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
@@ -235,9 +263,9 @@ public final class TokenRole implements Serializable {
 
     @Override
     public int hashCode() {
-        return Objects.hash(name, allowedPolicies, disallowedPolicies, orphan, renewable, pathSuffix,
+        return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
-                allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl, tokenNoDefaultPolicy, tokenNumUses,
+                orphan, renewable,  pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
-                tokenPeriod, tokenType);
+                tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
     }
 
     /**
@@ -249,7 +277,9 @@ public final class TokenRole implements Serializable {
     public static final class Builder {
         private String name;
         private List<String> allowedPolicies;
+        private List<String> allowedPoliciesGlob;
         private List<String> disallowedPolicies;
+        private List<String> disallowedPoliciesGlob;
         private Boolean orphan;
         private Boolean renewable;
         private String pathSuffix;
@@ -304,6 +334,40 @@ public final class TokenRole implements Serializable {
             return this;
         }
 
+        /**
+         * Add an allowed policy glob pattern.
+         *
+         * @param allowedPolicyGlob allowed policy glob pattern to add
+         * @return self
+         * @since 1.1
+         */
+        public Builder withAllowedPolicyGlob(final String allowedPolicyGlob) {
+            if (allowedPolicyGlob != null) {
+                if (this.allowedPoliciesGlob == null) {
+                    this.allowedPoliciesGlob = new ArrayList<>();
+                }
+                this.allowedPoliciesGlob.add(allowedPolicyGlob);
+            }
+            return this;
+        }
+
+        /**
+         * Add allowed policy glob patterns.
+         *
+         * @param allowedPoliciesGlob list of allowed policy glob patterns
+         * @return self
+         * @since 1.1
+         */
+        public Builder withAllowedPoliciesGlob(final List<String> allowedPoliciesGlob) {
+            if (allowedPoliciesGlob != null) {
+                if (this.allowedPoliciesGlob == null) {
+                    this.allowedPoliciesGlob = new ArrayList<>();
+                }
+                this.allowedPoliciesGlob.addAll(allowedPoliciesGlob);
+            }
+            return this;
+        }
+
         /**
          * Add a disallowed policy.
          *
@@ -336,6 +400,40 @@ public final class TokenRole implements Serializable {
             return this;
         }
 
+        /**
+         * Add an allowed policy glob pattern.
+         *
+         * @param disallowedPolicyGlob disallowed policy glob pattern to add
+         * @return self
+         * @since 1.1
+         */
+        public Builder withDisallowedPolicyGlob(final String disallowedPolicyGlob) {
+            if (disallowedPolicyGlob != null) {
+                if (this.disallowedPoliciesGlob == null) {
+                    this.disallowedPoliciesGlob = new ArrayList<>();
+                }
+                this.disallowedPoliciesGlob.add(disallowedPolicyGlob);
+            }
+            return this;
+        }
+
+        /**
+         * Add disallowed policy glob patterns.
+         *
+         * @param disallowedPoliciesGlob list of disallowed policy glob patterns
+         * @return self
+         * @since 1.1
+         */
+        public Builder withDisallowedPoliciesGlob(final List<String> disallowedPoliciesGlob) {
+            if (disallowedPoliciesGlob != null) {
+                if (this.disallowedPoliciesGlob == null) {
+                    this.disallowedPoliciesGlob = new ArrayList<>();
+                }
+                this.disallowedPoliciesGlob.addAll(disallowedPoliciesGlob);
+            }
+            return this;
+        }
+
         /**
          * Set TRUE if the token role should be created orphan.
          *

src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java

@@ -37,10 +37,18 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
     private static final String ALLOWED_POLICY_2 = "apol-2";
     private static final String ALLOWED_POLICY_3 = "apol-3";
     private static final List<String> ALLOWED_POLICIES = Arrays.asList(ALLOWED_POLICY_1, ALLOWED_POLICY_2);
+    private static final String ALLOWED_POLICY_GLOB_1 = "apol-g1*";
+    private static final String ALLOWED_POLICY_GLOB_2 = "apol-g2*";
+    private static final String ALLOWED_POLICY_GLOB_3 = "apol-g3*";
+    private static final List<String> ALLOWED_POLICIES_GLOB = Arrays.asList(ALLOWED_POLICY_GLOB_2, ALLOWED_POLICY_GLOB_3);
     private static final String DISALLOWED_POLICY_1 = "dpol-1";
     private static final String DISALLOWED_POLICY_2 = "dpol-2";
     private static final String DISALLOWED_POLICY_3 = "dpol-3";
     private static final List<String> DISALLOWED_POLICIES = Arrays.asList(DISALLOWED_POLICY_2, DISALLOWED_POLICY_3);
+    private static final String DISALLOWED_POLICY_GLOB_1 = "dpol-g1*";
+    private static final String DISALLOWED_POLICY_GLOB_2 = "dpol-g2*";
+    private static final String DISALLOWED_POLICY_GLOB_3 = "dpol-g3*";
+    private static final List<String> DISALLOWED_POLICIES_GLOB = Arrays.asList(DISALLOWED_POLICY_GLOB_1, DISALLOWED_POLICY_GLOB_2);
     private static final Boolean ORPHAN = false;
     private static final Boolean RENEWABLE = true;
     private static final String PATH_SUFFIX = "ps";
@@ -61,7 +69,9 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
     private static final String JSON_FULL = "{" +
             "\"name\":\"" + NAME + "\"," +
             "\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," +
+            "\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," +
             "\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," +
+            "\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," +
             "\"orphan\":" + ORPHAN + "," +
             "\"renewable\":" + RENEWABLE + "," +
             "\"path_suffix\":\"" + PATH_SUFFIX + "\"," +
@@ -83,8 +93,12 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
                 .forName(NAME)
                 .withAllowedPolicies(ALLOWED_POLICIES)
                 .withAllowedPolicy(ALLOWED_POLICY_3)
+                .withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1)
+                .withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB)
                 .withDisallowedPolicy(DISALLOWED_POLICY_1)
                 .withDisallowedPolicies(DISALLOWED_POLICIES)
+                .withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB)
+                .withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3)
                 .orphan(ORPHAN)
                 .renewable(RENEWABLE)
                 .withPathSuffix(PATH_SUFFIX)
@@ -175,8 +189,12 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
         assertEquals(NAME, role.getName());
         assertEquals(ALLOWED_POLICIES.size() + 1, role.getAllowedPolicies().size());
         assertTrue(role.getAllowedPolicies().containsAll(List.of(ALLOWED_POLICY_1, ALLOWED_POLICY_2, ALLOWED_POLICY_3)));
+        assertEquals(ALLOWED_POLICIES_GLOB.size() + 1, role.getAllowedPoliciesGlob().size());
+        assertTrue(role.getAllowedPoliciesGlob().containsAll(List.of(ALLOWED_POLICY_GLOB_1, ALLOWED_POLICY_GLOB_2, ALLOWED_POLICY_GLOB_3)));
         assertEquals(DISALLOWED_POLICIES.size() + 1, role.getDisallowedPolicies().size());
         assertTrue(role.getDisallowedPolicies().containsAll(List.of(DISALLOWED_POLICY_1, DISALLOWED_POLICY_2, DISALLOWED_POLICY_3)));
+        assertEquals(DISALLOWED_POLICIES_GLOB.size() + 1, role.getDisallowedPoliciesGlob().size());
+        assertTrue(role.getDisallowedPoliciesGlob().containsAll(List.of(DISALLOWED_POLICY_GLOB_1, DISALLOWED_POLICY_GLOB_2, DISALLOWED_POLICY_GLOB_3)));
         assertEquals(ORPHAN, role.getOrphan());
         assertEquals(RENEWABLE, role.getRenewable());
         assertEquals(PATH_SUFFIX, role.getPathSuffix());