Using the /lookup-self to retrieve information about the current token
requires less permissions than the general /lookup API and yields the
same results, if accessible.
Instead of applying configuration to a new ObjectMapper instance we use
the JsonMapper builder pattern to create our mapper.
The resulting mappers are not yet fully immutable, but the old way will
be removed in Jackson 3.0.
We can just pass the environment variable to other pre-existing methods
instead of parsing the URL twice. This also fixes URLs without explicit
ports where we should not store "-1" in this case.
Vault CLI and the connector up to 1.4 support providing a path to a CA
certificate file. Introduce support for providing PEM encoded content
directly which might be convenient in container environments to provide
a certificate e.g. from secrets without mounting it to some path.
The interface has some methods to read database credentials from
specific mountpoints like "mysql". While ann database mounts share
the same credential endpoints, the mount point itself can have any
name. Let's clean up some methods of low benefit and deprecate the
convenience methods.
Trivial replacement is `getDbCredentials()` with explicit mount point,
if it's actually mounted on that path.
App-ID is deprecated since Vault 0.6 and was removed in 1.12.
Our compatibility methods are deprecated since Connector 0.4. It's time
to drop it for good.
The Java HTTP client implements AutoCloseable since JDK 21. Closing the
client ensures that asynchronous operations and streams are properly
terminated.
As we support Java 11, we add any old school "finally" wrapper and
conditionally close the client when running on a modern platform.
Timestamps have been stored with their String representation from the
API with convenience methods to convert them into ZonedDateTime.
We now use the Jackson JavaTimeModule to parse them directly and swap
the real and convenience getters.
Mapping a JSON string into String using a JSON parser will fail, so we
should use the string directly instead of applying double conversion.
Fixes: f3e1f01e38
Converting the payload using toString() is not an appropriate way to
feed a JSON parser. We now use JSON roundtrip for type mapping and
introduce shortcuts of the type already matches the target type.
We create payload maps with conditional argument sets in several
places. Combine the generation into subroutines, to keep the actual
endpoint calls short and clear.
Explicitly declare mapping of the "data" field in response classes.
Therefore, the JSON setter setData() is no longer used. SecretResponse
is split into subclasses for secret with and without metadata.
The official docs incorrectly state "replication_perf_mode" which was
renamed to "replication_performance_mode" way back in Vault 0.9. We now
use the correct field name that is emitted by the API.
This constant was left over from the RequestHelper refactoring. It is
not used anywhere in our code and likely not used by any downstream
project, so we remove it now.
