We create payload maps with conditional argument sets in several
places. Combine the generation into subroutines, to keep the actual
endpoint calls short and clear.
We've only tested the connector against the latest Vault version
available at release time. However, we do support a wider range.
Test against the oldest supported release, the latest with AppID
and the actual latest.
The AppID auth backend is removed in Vault 1.12 and prevents the process
from starting. We now enable the legacy tests conditionally depending on
the actual Vault version.
The Ubuntu Focal base image does not ship "unzip" by default, so using
the current Maven/JDK image we cannot extract the Vault binary.
Add an additional setup step to solve this problem.
Explicitly declare mapping of the "data" field in response classes.
Therefore, the JSON setter setData() is no longer used. SecretResponse
is split into subclasses for secret with and without metadata.
The official docs incorrectly state "replication_perf_mode" which was
renamed to "replication_performance_mode" way back in Vault 0.9. We now
use the correct field name that is emitted by the API.
This constant was left over from the RequestHelper refactoring. It is
not used anywhere in our code and likely not used by any downstream
project, so we remove it now.
Illegal access permission is no longer available with JDK 17.
To allow System Lambda to mock the environment, we open the java.util
package explicitly for testing.