Typo fix

.travis.yml

@@ -0,0 +1,12 @@
+branches:
+  only:
+    - master
+language: java
+jdk:
+  - oraclejdk8
+env:
+  - PATH=$PATH:.
+before_script:
+  - wget https://releases.hashicorp.com/vault/0.7.0/vault_0.7.0_linux_amd64.zip
+  - unzip vault_0.7.0_linux_amd64.zip
+  - rm vault_0.7.0_linux_amd64.zip

CHANGELOG.md

@@ -1,6 +1,12 @@
+## 0.5.0 [2017-03-18]
+* [feature] Convenience methods for DB credentials (#7)
+* [fix] Minor bugfix in TokenBuilder
+* [deprecation] `SecretResponse.getValue()` deprecated
+* [test] Tested against Vault 0.7.0
+
 ## 0.4.1 [2016-12-24]
 * [fix] Factory Null-tolerant for trusted certificate (#6)
-* [test] StackTraces testet for secret leaks
+* [test] StackTraces tested for secret leaks
 * [test] Tested against Vault 0.6.4
 
 ## 0.4.0 [2016-11-06]

README.md

@@ -1,12 +1,18 @@
-Java Vault Connector
+# Java Vault Connector 
-=========
+
+[![Build Status](https://travis-ci.org/stklcode/jvaultconnector.svg?branch=master)](https://travis-ci.org/stklcode/jvaultconnector)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/stklcode/jvaultconnector/blob/master/LICENSE.txt) 
+[![Maven Central](https://img.shields.io/maven-central/v/de.stklcode.jvault/connector.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22de.stklcode.jvault%22%20AND%20a%3A%22connector%22)
+
+![Logo](https://raw.githubusercontent.com/stklcode/jvaultconnector/master/assets/logo.png)
+
 Java Vault Connector is a connector library for [Vault](https://www.vaultproject.io) by [Hashicorp](https://www.hashicorp.com) written in Java. The connector allows simple usage of Vault's secret store in own applications.
 
-**Current available features:**
+## Features:
 
 * HTTP(S) backend connector
     *  Ability to provide or enforce custom CA certificate
-* Authorization methods:
+* Authorization methods
     * Token
     * Username/Password
     * AppID (register and authenticate) [_deprecated_]
@@ -22,45 +28,97 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
     * Renew/revoke leases
     * Raw secret content or JSON decoding
 * Connector Factory with builder pattern
-* Tested against Vault 0.6.4
+* Tested against Vault 0.7.0
 
-**Usage Example**
+
+## Maven Artifact
+```
+<dependency>
+    <groupId>de.stklcode.jvault</groupId>
+    <artifactId>connector</artifactId>
+    <version>0.5.0</version>
+</dependency>
+```
+
+## Usage Examples
+
+### Initialization
 
 ```java
-// Instanciate using builder pattern style factory
+// Instantiate using builder pattern style factory (TLS enabled by default)
 VaultConnector vault = VaultConnectorFactory.httpFactory()
  .withHost("127.0.0.1")
  .withPort(8200)
  .withTLS()
  .build();
 
-//authenticate with token
+// Instantiate with custom SSL context
+VaultConnector vault = VaultConnectorFactory.httpFactory()
+ .withHost("example.com")
+ .withPort(8200)
+ .withTrustedCA(Paths.get("/path/to/CA.pem"))
+ .build();
+```
+
+### Authentication
+
+```java
+// Authenticate with token
 vault.authToken("01234567-89ab-cdef-0123-456789abcdef");
 
-// retrieve secret
+// Authenticate with username and password
+vault.authUserPass("username", "p4ssw0rd");
+
+// Authenticate with AppID (secret - 2nd argument - is optional)
+vault.authAppId("01234567-89ab-cdef-0123-456789abcdef", "fedcba98-7654-3210-fedc-ba9876543210");
+```
+
+### Secret read & write
+
+```java
+// Retrieve secret (prefix "secret/" assumed, use read() to read arbitrary paths)
 String secret = vault.readSecret("some/secret/key").getValue();
+
+// Complex secret
+Map<String, Object> secretData = vault.readSecret("another/secret/key").getData();
+
+// Write simple secret
+vault.writeSecret("new/secret/key", "secret value");
+
+// Write complex data to arbitraty path
+Map<String, Object> map = [...]
+vault.write("any/path/to/write", map);
+
+// Delete secret
+vault.delete("any/path/to/write");
 ```
 
-**Maven Artifact**
+### Token and role creation
-```
+
-<dependency>
+```java
-    <groupId>de.stklcode.jvault</groupId>
+// Create token using TokenBuilder
-    <artifactId>connector</artifactId>
+Token token = new TokenBuilder().withId("token id")
-    <version>0.4.1</version>
+                                .withDisplayName("new test token")
-</dependency>
+                                .withPolicies("pol1", "pol2")
+                                .build();
+vault.createToken(token);
+
+// Create AppRole credentials
+vault.createAppRole("testrole", policyList);
+AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole");
 ```
 
-**Links**
+## Links
 
 [Project Page](http://jvault.stklcode.de)
 
 [JavaDoc API](http://jvault.stklcode.de/apidocs/)
 
-**Planned features:**
+## Planned features
 
 * Creation and modification of policies
 * Implement more authentication methods
 
-**License**
+## License
 
 The project is licensed under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0).

assets/logo.svg

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128">
+    <path d="M4,12 l60,104 l60,-104 z" stroke="none" fill="#000000" />
+    <circle cx="78" cy="24" r="6" stroke="none" fill="#00a9c7" />
+    <circle cx="78" cy="38" r="6" stroke="none" fill="#00a9c7" />
+    <circle cx="78" cy="52" r="6" stroke="none" fill="#00a9c7" />
+    <circle cx="78" cy="66" r="6" stroke="none" fill="#00a9c7" />
+    <circle cx="72" cy="78" r="6" stroke="none" fill="#00a9c7" />
+    <circle cx="58" cy="78" r="6" stroke="none" fill="#00a9c7" />
+    <circle cx="52" cy="66" r="6" stroke="none" fill="#00a9c7" />
+</svg>

pom.xml

@@ -2,11 +2,23 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
-    <name>jVaultConnector</name>
-
     <groupId>de.stklcode.jvault</groupId>
     <artifactId>connector</artifactId>
-    <version>0.4.1</version>
+    <version>0.5.0</version>
+
+    <packaging>jar</packaging>
+
+    <name>jVaultConnector</name>
+    <description>Connector artifact for Hashicorp's Vault secret management</description>
+    <url>https://jvault.stklcode.de</url>
+
+    <licenses>
+        <license>
+            <name>Apache License 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -17,7 +29,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.6.0</version>
+                <version>3.6.1</version>
                 <configuration>
                     <source>1.8</source>
                     <target>1.8</target>
@@ -25,28 +37,27 @@
             </plugin>
         </plugins>
     </build>
-    <packaging>jar</packaging>
 
     <dependencies>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpcore</artifactId>
-            <version>4.4.5</version>
+            <version>4.4.6</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.2</version>
+            <version>4.5.3</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
-            <version>2.8.5</version>
+            <version>2.8.7</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.8.5</version>
+            <version>2.8.7</version>
         </dependency>
 
         <dependency>

src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,7 +58,6 @@ public class HTTPVaultConnector implements VaultConnector {
     private static final String PATH_AUTH_USERPASS = "auth/userpass/login/";
     private static final String PATH_AUTH_APPID = "auth/app-id/";
     private static final String PATH_AUTH_APPROLE = "auth/approle/";
-    private static final String PATH_SECRET = "secret";
     private static final String PATH_REVOKE = "sys/revoke/";
 
     private final ObjectMapper jsonMapper;
@@ -463,12 +462,12 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public SecretResponse readSecret(final String key) throws VaultConnectorException {
+    public SecretResponse read(final String key) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
         /* Request HTTP response and parse Secret */
         try {
-            String response = requestGet(PATH_SECRET + "/" + key, new HashMap<>());
+            String response = requestGet(key, new HashMap<>());
             return jsonMapper.readValue(response, SecretResponse.class);
         } catch (IOException e) {
             throw new InvalidResponseException("Unable to parse response", e);
@@ -479,12 +478,12 @@ public class HTTPVaultConnector implements VaultConnector {
     }
 
     @Override
-    public List<String> listSecrets(final String path) throws VaultConnectorException {
+    public List<String> list(final String path) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
         try {
-            String response = requestGet(PATH_SECRET + "/" + path + "/?list=true", new HashMap<>());
+            String response = requestGet(path + "/?list=true", new HashMap<>());
             SecretListResponse secrets = jsonMapper.readValue(response, SecretListResponse.class);
             return secrets.getKeys();
         } catch (IOException e) {
@@ -495,27 +494,24 @@ public class HTTPVaultConnector implements VaultConnector {
         }
     }
 
-    @Override
+    public void write(final String key, final Map<String, Object> data) throws VaultConnectorException {
-    public void writeSecret(final String key, final String value) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
         if (key == null || key.isEmpty())
             throw new InvalidRequestException("Secret path must not be empty.");
 
-        Map<String, String> param = new HashMap<>();
+        if (!requestPost(key, data).equals(""))
-        param.put("value", value);
-        if (!requestPost(PATH_SECRET + "/" + key, param).equals(""))
             throw new InvalidResponseException("Received response where none was expected.");
     }
 
     @Override
-    public void deleteSecret(String key) throws VaultConnectorException {
+    public void delete(String key) throws VaultConnectorException {
         if (!isAuthorized())
             throw new AuthorizationRequiredException();
 
         /* Request HTTP response and expect empty result */
-        String response = requestDelete(PATH_SECRET + "/" + key);
+        String response = requestDelete(key);
 
         /* Response should be code 204 without content */
         if (!response.equals(""))

src/main/java/de/stklcode/jvault/connector/VaultConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,13 +16,12 @@
 
 package de.stklcode.jvault.connector;
 
-import de.stklcode.jvault.connector.exception.AuthorizationRequiredException;
+import de.stklcode.jvault.connector.exception.InvalidRequestException;
 import de.stklcode.jvault.connector.exception.VaultConnectorException;
 import de.stklcode.jvault.connector.model.*;
 import de.stklcode.jvault.connector.model.response.*;
 
-import java.util.ArrayList;
+import java.util.*;
-import java.util.List;
 
 /**
  * Vault Connector interface.
@@ -32,6 +31,8 @@ import java.util.List;
  * @since 0.1
  */
 public interface VaultConnector {
+    String PATH_SECRET = "secret";
+
     /**
      * Reset authorization information.
      */
@@ -358,39 +359,121 @@ public interface VaultConnector {
     boolean isAuthorized();
 
     /**
-     * Retrieve secret form Vault.
+     * Retrieve any nodes content from Vault.
+     *
+     * @param key Secret identifier
+     * @return Secret response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    SecretResponse read(final String key) throws VaultConnectorException;
+
+    /**
+     * Retrieve secret from Vault.
+     * Prefix "secret/" is automatically added to key.
      *
      * @param key Secret identifier
      * @return Secret response
      * @throws VaultConnectorException on error
      */
-    SecretResponse readSecret(final String key) throws VaultConnectorException;
+    default SecretResponse readSecret(final String key) throws VaultConnectorException {
+        return read(PATH_SECRET + "/" + key);
+    }
+
+    /**
+     * List available nodes from Vault.
+     *
+     * @param path Root path to search
+     * @return List of secret keys
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    List<String> list(final String path) throws VaultConnectorException;
 
     /**
      * List available secrets from Vault.
+     * Prefix "secret/" is automatically added to path.
      *
      * @param path Root path to search
      * @return List of secret keys
      * @throws VaultConnectorException on error
      */
-    List<String> listSecrets(final String path) throws VaultConnectorException;
+    default List<String> listSecrets(final String path) throws VaultConnectorException {
+        return list(PATH_SECRET + "/" + path);
+    }
+
+    /**
+     * Write simple value to Vault.
+     *
+     * @param key   Secret path
+     * @param value Secret value
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default void write(final String key, final String value) throws VaultConnectorException {
+        Map<String, Object> param = new HashMap<>();
+        param.put("value", value);
+        write(key, param);
+    }
+
+    /**
+     * Write value to Vault.
+     *
+     * @param key  Secret path
+     * @param data Secret content. Value must be be JSON serializable.
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    void write(final String key, final Map<String, Object> data) throws VaultConnectorException;
 
     /**
      * Write secret to Vault.
+     * Prefix "secret/" is automatically added to path.
      *
      * @param key   Secret path
      * @param value Secret value
      * @throws VaultConnectorException on error
      */
-    void writeSecret(final String key, final String value) throws VaultConnectorException;
+    default void writeSecret(final String key, final String value) throws VaultConnectorException {
+        Map<String, Object> param = new HashMap<>();
+        param.put("value", value);
+        writeSecret(key, param);
+    }
+
+    /**
+     * Write secret to Vault.
+     * Prefix "secret/" is automatically added to path.
+     *
+     * @param key  Secret path
+     * @param data Secret content. Value must be be JSON serializable.
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default void writeSecret(final String key, final Map<String, Object> data) throws VaultConnectorException {
+        if (key == null || key.isEmpty())
+            throw new InvalidRequestException("Secret path must not be empty.");
+        write(PATH_SECRET + "/" + key, data);
+    }
+
+    /**
+     * Delete key from Vault.
+     *
+     * @param key Secret path
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    void delete(final String key) throws VaultConnectorException;
 
     /**
      * Delete secret from Vault.
+     * Prefix "secret/" is automatically added to path.
      *
      * @param key Secret path
      * @throws VaultConnectorException on error
      */
-    void deleteSecret(final String key) throws VaultConnectorException;
+    default void deleteSecret(final String key) throws VaultConnectorException {
+        delete(PATH_SECRET + "/" + key);
+    }
 
     /**
      * Revoke given lease immediately.
@@ -403,7 +486,7 @@ public interface VaultConnector {
     /**
      * Renew lease with given ID.
      *
-     * @param leaseID   the lase ID
+     * @param leaseID the lase ID
      * @return Renewed lease
      * @throws VaultConnectorException on error
      */
@@ -458,4 +541,65 @@ public interface VaultConnector {
      * @throws VaultConnectorException on error
      */
     TokenResponse lookupToken(final String token) throws VaultConnectorException;
+
+    /**
+     * Read credentials for MySQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
+        return readDbCredentials(role, "mysql");
+    }
+
+    /**
+     * Read credentials for PostgreSQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
+        return readDbCredentials(role, "postgresql");
+    }
+
+    /**
+     * Read credentials for MSSQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
+        return readDbCredentials(role, "mssql");
+    }
+
+    /**
+     * Read credentials for MSSQL backend at default mount point
+     *
+     * @param role  the role name
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
+        return readDbCredentials(role, "mongodb");
+    }
+
+    /**
+     * Read credentials for SQL backends.
+     *
+     * @param role  the role name
+     * @param mount mount point of the SQL backend
+     * @return the credentials response
+     * @throws VaultConnectorException on error
+     * @since 0.5.0
+     */
+    default CredentialsResponse readDbCredentials(final String role, final String mount) throws VaultConnectorException {
+        return (CredentialsResponse) read(mount + "/creds/" + role);
+    }
 }

src/main/java/de/stklcode/jvault/connector/exception/AuthorizationRequiredException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/ConnectionException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/InvalidRequestException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/InvalidResponseException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/PermissionDeniedException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/TlsException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/exception/VaultConnectorException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/factory/HTTPVaultConnectorFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/factory/VaultConnectorFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/AppRole.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/AppRoleBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/AppRoleSecret.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.annotation.*;
 
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 

src/main/java/de/stklcode/jvault/connector/model/AuthBackend.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/Token.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/TokenBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,7 @@ package de.stklcode.jvault.connector.model;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 
-import java.util.ArrayList;
+import java.util.*;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
 
 /**
  * A builder for vault tokens.
@@ -144,6 +141,17 @@ public class TokenBuilder {
         return withNoDefaultPolicy(true);
     }
 
+    /**
+     * Add given policies
+     *
+     * @param policies the policies
+     * @return self
+     * @since 0.5.0
+     */
+    public TokenBuilder withPolicies(final String... policies) {
+        return withPolicies(Arrays.asList(policies));
+    }
+
     /**
      * Add given policies
      *

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AppRoleSecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/AuthResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/CredentialsResponse.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2016-2017 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model.response;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import de.stklcode.jvault.connector.exception.InvalidResponseException;
+import de.stklcode.jvault.connector.model.response.embedded.TokenData;
+
+import java.io.IOException;
+import java.util.Map;
+
+/**
+ * Vault response from credentials lookup. Simple wrapper for data objects containing username and password fields.
+ *
+ * @author  Stefan Kalscheuer
+ * @since   0.5.0
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class CredentialsResponse extends SecretResponse {
+
+    public String getUsername() {
+        if (get("username") != null)
+            return get("username").toString();
+        return null;
+    }
+
+    public String getPassword() {
+        if (get("username") != null)
+            return get("username").toString();
+        return null;
+    }
+}

src/main/java/de/stklcode/jvault/connector/model/response/ErrorResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/HelpResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/RawDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SealResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SecretListResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/SecretResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,9 @@ public class SecretResponse extends VaultDataResponse {
      * Method for backwards compatibility in case of simple secrets.
      *
      * @return the value
+     * @deprecated Deprecated artifact, will be removed at latest at v1.0.0
      */
+    @Deprecated
     public String getValue() {
         if (data.get("value") == null)
             return null;
@@ -79,7 +81,9 @@ public class SecretResponse extends VaultDataResponse {
      * @return Parsed object
      * @throws InvalidResponseException on parsing error
      * @since 0.3
+     * @deprecated Deprecated artifact, will be removed at latest at v1.0.0
      */
+    @Deprecated
     public <T> T getValue(Class<T> type) throws InvalidResponseException {
         return get("value", type);
     }

src/main/java/de/stklcode/jvault/connector/model/response/TokenResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/VaultDataResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/VaultResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthMethod.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package de.stklcode.jvault.connector.model.response.embedded;
 
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonSetter;
 import de.stklcode.jvault.connector.model.AuthBackend;
@@ -28,6 +29,7 @@ import java.util.Map;
  * @author  Stefan Kalscheuer
  * @since   0.1
  */
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class AuthMethod {
     private AuthBackend type;
     private String rawType;
@@ -38,6 +40,9 @@ public class AuthMethod {
     @JsonProperty("config")
     private Map<String, String> config;
 
+    @JsonProperty("local")
+    private boolean local;
+
     @JsonSetter("type")
     public void setType(String type) {
         this.rawType = type;
@@ -59,4 +64,8 @@ public class AuthMethod {
     public Map<String, String> getConfig() {
         return config;
     }
+
+    public boolean isLocal() {
+        return local;
+    }
 }

src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AppRoleBuilderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/AppRoleSecretTest.java

@@ -0,0 +1,215 @@
+/*
+ * Copyright 2016-2017 Stefan Kalscheuer
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package de.stklcode.jvault.connector.model;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.hamcrest.Matchers.emptyString;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.nullValue;
+import static org.hamcrest.junit.MatcherAssume.assumeThat;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+
+/**
+ * JUnit Test for AppRoleSecret model.
+ *
+ * @author Stefan Kalscheuer
+ * @since 0.5.0
+ */
+public class AppRoleSecretTest {
+
+    private static final String TEST_ID = "abc123";
+    private static final Map<String, Object> TEST_META = new HashMap<>();
+    private static final List<String> TEST_CIDR = Arrays.asList("203.0.113.0/24", "198.51.100.0/24");
+
+    static {
+        TEST_META.put("foo", "bar");
+        TEST_META.put("number", 1337);
+    }
+
+    /**
+     * Test constructors.
+     */
+    @Test
+    public void constructorTest() {
+        /* Empty constructor */
+        AppRoleSecret secret = new AppRoleSecret();
+        assertThat(secret.getId(), is(nullValue()));
+        assertThat(secret.getAccessor(), is(nullValue()));
+        assertThat(secret.getMetadata(), is(nullValue()));
+        assertThat(secret.getCidrList(), is(nullValue()));
+        assertThat(secret.getCidrListString(), is(emptyString()));
+        assertThat(secret.getCreationTime(), is(nullValue()));
+        assertThat(secret.getExpirationTime(), is(nullValue()));
+        assertThat(secret.getLastUpdatedTime(), is(nullValue()));
+        assertThat(secret.getNumUses(), is(nullValue()));
+        assertThat(secret.getTtl(), is(nullValue()));
+
+        /* Constructor with ID */
+        secret = new AppRoleSecret(TEST_ID);
+        assertThat(secret.getId(), is(TEST_ID));
+        assertThat(secret.getAccessor(), is(nullValue()));
+        assertThat(secret.getMetadata(), is(nullValue()));
+        assertThat(secret.getCidrList(), is(nullValue()));
+        assertThat(secret.getCidrListString(), is(emptyString()));
+        assertThat(secret.getCreationTime(), is(nullValue()));
+        assertThat(secret.getExpirationTime(), is(nullValue()));
+        assertThat(secret.getLastUpdatedTime(), is(nullValue()));
+        assertThat(secret.getNumUses(), is(nullValue()));
+        assertThat(secret.getTtl(), is(nullValue()));
+
+        /* Constructor with Metadata and CIDR bindings */
+        secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
+        assertThat(secret.getId(), is(TEST_ID));
+        assertThat(secret.getAccessor(), is(nullValue()));
+        assertThat(secret.getMetadata(), is(TEST_META));
+        assertThat(secret.getCidrList(), is(TEST_CIDR));
+        assertThat(secret.getCidrListString(), is(String.join(",", TEST_CIDR)));
+        assertThat(secret.getCreationTime(), is(nullValue()));
+        assertThat(secret.getExpirationTime(), is(nullValue()));
+        assertThat(secret.getLastUpdatedTime(), is(nullValue()));
+        assertThat(secret.getNumUses(), is(nullValue()));
+        assertThat(secret.getTtl(), is(nullValue()));
+    }
+
+    /**
+     * Test setter.
+     */
+    @Test
+    public void setterTest() {
+        AppRoleSecret secret = new AppRoleSecret(TEST_ID);
+        assertThat(secret.getCidrList(), is(nullValue()));
+        assertThat(secret.getCidrListString(), is(emptyString()));
+        secret.setCidrList(TEST_CIDR);
+        assertThat(secret.getCidrList(), is(TEST_CIDR));
+        assertThat(secret.getCidrListString(), is(String.join(",", TEST_CIDR)));
+        secret.setCidrList(null);
+        assertThat(secret.getCidrList(), is(nullValue()));
+        assertThat(secret.getCidrListString(), is(emptyString()));
+    }
+
+    /**
+     * Test JSON (de)serialization.
+     */
+    @Test
+    public void jsonTest() throws NoSuchFieldException, IllegalAccessException {
+        ObjectMapper mapper = new ObjectMapper();
+
+        /* A simple roundtrip first. All set fields should be present afterwards. */
+        AppRoleSecret secret = new AppRoleSecret(TEST_ID, TEST_META, TEST_CIDR);
+        String secretJson = "";
+        try {
+            secretJson = mapper.writeValueAsString(secret);
+        } catch (JsonProcessingException e) {
+            e.printStackTrace();
+            fail("Serialization failed");
+        }
+        /* CIDR list is comma-separated when used as input, but List otherwise, hence convert string to list */
+        secretJson = commaSeparatedToList(secretJson);
+
+        AppRoleSecret secret2;
+        try {
+            secret2 = mapper.readValue(secretJson, AppRoleSecret.class);
+            assertThat(secret.getId(), is(secret2.getId()));
+            assertThat(secret.getMetadata(), is(secret2.getMetadata()));
+            assertThat(secret.getCidrList(), is(secret2.getCidrList()));
+        } catch (IOException e) {
+            e.printStackTrace();
+            fail("Deserialization failed");
+        }
+
+        /* Test fields, that should not be written to JSON */
+        setPrivateField(secret, "accessor", "TEST_ACCESSOR");
+        assumeThat(secret.getAccessor(), is("TEST_ACCESSOR"));
+        setPrivateField(secret, "creationTime", "TEST_CREATION");
+        assumeThat(secret.getCreationTime(), is("TEST_CREATION"));
+        setPrivateField(secret, "expirationTime", "TEST_EXPIRATION");
+        assumeThat(secret.getExpirationTime(), is("TEST_EXPIRATION"));
+        setPrivateField(secret, "lastUpdatedTime", "TEST_UPDATETIME");
+        assumeThat(secret.getLastUpdatedTime(), is("TEST_UPDATETIME"));
+        setPrivateField(secret, "numUses", 678);
+        assumeThat(secret.getNumUses(), is(678));
+        setPrivateField(secret, "ttl", 12345);
+        assumeThat(secret.getTtl(), is(12345));
+        try {
+            secretJson = mapper.writeValueAsString(secret);
+        } catch (JsonProcessingException e) {
+            e.printStackTrace();
+            fail("Serialization failed");
+        }
+        try {
+            secret2 = mapper.readValue(commaSeparatedToList(secretJson), AppRoleSecret.class);
+            assertThat(secret.getId(), is(secret2.getId()));
+            assertThat(secret.getMetadata(), is(secret2.getMetadata()));
+            assertThat(secret.getCidrList(), is(secret2.getCidrList()));
+            assertThat(secret2.getAccessor(), is(nullValue()));
+            assertThat(secret2.getCreationTime(), is(nullValue()));
+            assertThat(secret2.getExpirationTime(), is(nullValue()));
+            assertThat(secret2.getLastUpdatedTime(), is(nullValue()));
+            assertThat(secret2.getNumUses(), is(nullValue()));
+            assertThat(secret2.getTtl(), is(nullValue()));
+        } catch (IOException e) {
+            e.printStackTrace();
+            fail("Deserialization failed");
+        }
+
+        /* Those fields should be deserialized from JSON though */
+        secretJson = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
+                "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
+                "\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
+                "\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
+        try {
+            secret2 = mapper.readValue(secretJson, AppRoleSecret.class);
+            assertThat(secret2.getAccessor(), is("TEST_ACCESSOR"));
+            assertThat(secret2.getCreationTime(), is("TEST_CREATION"));
+            assertThat(secret2.getExpirationTime(), is("TEST_EXPIRATION"));
+            assertThat(secret2.getLastUpdatedTime(), is("TEST_LASTUPDATE"));
+            assertThat(secret2.getNumUses(), is(678));
+            assertThat(secret2.getTtl(), is(12345));
+        } catch (IOException e) {
+            e.printStackTrace();
+            fail("Deserialization failed");
+        }
+
+    }
+
+    private static void setPrivateField(Object object, String fieldName, Object value) throws NoSuchFieldException, IllegalAccessException {
+        Field field = object.getClass().getDeclaredField(fieldName);
+        boolean accessible = field.isAccessible();
+        field.setAccessible(true);
+        field.set(object, value);
+        field.setAccessible(accessible);
+    }
+
+    private static String commaSeparatedToList(String json) {
+        return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":\\[$1\\]")
+                .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
+    }
+
+}

src/test/java/de/stklcode/jvault/connector/model/AuthBackendTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/model/TokenBuilderTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,7 +45,8 @@ public class TokenBuilderTest {
     private static final Integer NUM_USES = 4;
     private static final List<String> POLICIES = new ArrayList<>();
     private static final String POLICY = "policy";
-    private static final String POLICY_2 = "policy";
+    private static final String POLICY_2 = "policy2";
+    private static final String POLICY_3 = "policy3";
     private static final Map<String, String> META = new HashMap<>();
     private static final String META_KEY = "key";
     private static final String META_VALUE = "value";
@@ -138,11 +139,11 @@ public class TokenBuilderTest {
         assertThat(token.getPolicies(), hasSize(1));
         assertThat(token.getPolicies(), contains(POLICY_2));
         token = new TokenBuilder()
-                .withPolicies(POLICIES)
+                .withPolicies(POLICY, POLICY_2)
-                .withPolicy(POLICY_2)
+                .withPolicy(POLICY_3)
                 .build();
-        assertThat(token.getPolicies(), hasSize(2));
+        assertThat(token.getPolicies(), hasSize(3));
-        assertThat(token.getPolicies(), contains(POLICY, POLICY_2));
+        assertThat(token.getPolicies(), contains(POLICY, POLICY_2, POLICY_3));
 
         /* Add single metadata */
         token = new TokenBuilder().withMeta(META_KEY_2, META_VALUE_2).build();

src/test/java/de/stklcode/jvault/connector/test/Credentials.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

src/test/java/de/stklcode/jvault/connector/test/VaultConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Stefan Kalscheuer
+ * Copyright 2016-2017 Stefan Kalscheuer
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.