Compare commits
43 Commits
Author | SHA1 | Date | |
---|---|---|---|
5b9f1392d3
|
|||
da4fffc823
|
|||
91276e1615
|
|||
6d2313289c
|
|||
bcbb3a0926
|
|||
f03c05bd5b
|
|||
afdad92ae6
|
|||
9fa360393d
|
|||
d28c189ec2
|
|||
46fffcc711
|
|||
31d8f9b0aa
|
|||
505b360343
|
|||
51ab19cd8a
|
|||
|
c8f396a5df
|
||
4bd6039827
|
|||
80abbda46f
|
|||
a8e85b88d1
|
|||
91baed4fe5
|
|||
2ea261d36a
|
|||
43da0f5109
|
|||
cc5ca13aeb
|
|||
71842eb758
|
|||
e9aeda9a55
|
|||
d51af06e29
|
|||
7b2b137d53
|
|||
ee2543e3ad
|
|||
dad35023eb
|
|||
0127cf30be
|
|||
90f8bb7f20
|
|||
ff6d2140cf
|
|||
076cd8b607
|
|||
2e0d092cae
|
|||
d329af2c67
|
|||
f50f5c5de7
|
|||
c8a6015f3f
|
|||
835372eb3b
|
|||
11ece9974f
|
|||
0d0fbb5461
|
|||
6c9a1fc10e
|
|||
7e05f4937d
|
|||
fd9045d7cd
|
|||
e938f81954
|
|||
e5dd207c8c
|
4
.github/workflows/ci-it.yml
vendored
4
.github/workflows/ci-it.yml
vendored
@@ -15,10 +15,10 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
jdk: [ 11, 17, 21 ]
|
jdk: [ 11, 17, 21 ]
|
||||||
vault: [ '1.2.0', '1.18.2' ]
|
vault: [ '1.2.0', '1.20.0' ]
|
||||||
include:
|
include:
|
||||||
- jdk: 21
|
- jdk: 21
|
||||||
vault: '1.18.2'
|
vault: '1.20.0'
|
||||||
analysis: true
|
analysis: true
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
|
43
CHANGELOG.md
43
CHANGELOG.md
@@ -1,3 +1,46 @@
|
|||||||
|
## unreleased
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
* Updated Jackson to 2.19.1 (#101)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
* Use `Long` for numeric TTL fields (#103) (#104)
|
||||||
|
|
||||||
|
### Test
|
||||||
|
* Tested against Vault 1.2 to 1.20 (#102)
|
||||||
|
|
||||||
|
|
||||||
|
## 1.5.1 (2025-06-02)
|
||||||
|
|
||||||
|
### Improvements
|
||||||
|
* Use `lookup-self` for token check instead of `lookup` (#98) (#99)
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
* Updated Jackson to 2.19.0 (#97)
|
||||||
|
|
||||||
|
|
||||||
|
## 1.5.0 (2025-04-13)
|
||||||
|
|
||||||
|
### Deprecations
|
||||||
|
* `read...Credentials()` methods for specific database mounts (#92)
|
||||||
|
|
||||||
|
### Features
|
||||||
|
* Support Vault transit API (#89)
|
||||||
|
* Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
|
||||||
|
|
||||||
|
### Improvements
|
||||||
|
* Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
* Fix initialization from environment without explicit port
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
* Updated Jackson to 2.18.3 (#90)
|
||||||
|
|
||||||
|
### Test
|
||||||
|
* Tested against Vault 1.2 to 1.19
|
||||||
|
|
||||||
|
|
||||||
## 1.4.0 (2024-12-07)
|
## 1.4.0 (2024-12-07)
|
||||||
|
|
||||||
### Removal
|
### Removal
|
||||||
|
@@ -28,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
|
|||||||
* Delete secrets
|
* Delete secrets
|
||||||
* Renew/revoke leases
|
* Renew/revoke leases
|
||||||
* Raw secret content or JSON decoding
|
* Raw secret content or JSON decoding
|
||||||
* SQL secret handling
|
|
||||||
* KV v1 and v2 support
|
* KV v1 and v2 support
|
||||||
|
* Database secret handling
|
||||||
|
* Transit API support
|
||||||
* Connector Factory with builder pattern
|
* Connector Factory with builder pattern
|
||||||
* Tested against Vault 1.2 to 1.18
|
* Tested against Vault 1.2 to 1.20
|
||||||
|
|
||||||
|
|
||||||
## Maven Artifact
|
## Maven Artifact
|
||||||
@@ -39,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>de.stklcode.jvault</groupId>
|
<groupId>de.stklcode.jvault</groupId>
|
||||||
<artifactId>jvault-connector</artifactId>
|
<artifactId>jvault-connector</artifactId>
|
||||||
<version>1.4.0</version>
|
<version>1.5.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
81
pom.xml
81
pom.xml
@@ -1,10 +1,10 @@
|
|||||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
<groupId>de.stklcode.jvault</groupId>
|
<groupId>de.stklcode.jvault</groupId>
|
||||||
<artifactId>jvault-connector</artifactId>
|
<artifactId>jvault-connector</artifactId>
|
||||||
<version>1.4.0</version>
|
<version>1.5.2-SNAPSHOT</version>
|
||||||
|
|
||||||
<packaging>jar</packaging>
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
@@ -33,6 +33,7 @@
|
|||||||
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
|
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
|
||||||
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
|
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
|
||||||
<url>https://github.com/stklcode/jvaultconnector</url>
|
<url>https://github.com/stklcode/jvaultconnector</url>
|
||||||
|
<tag>HEAD</tag>
|
||||||
</scm>
|
</scm>
|
||||||
|
|
||||||
<issueManagement>
|
<issueManagement>
|
||||||
@@ -42,31 +43,31 @@
|
|||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
<argLine></argLine>
|
<argLine />
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.fasterxml.jackson.core</groupId>
|
<groupId>com.fasterxml.jackson.core</groupId>
|
||||||
<artifactId>jackson-databind</artifactId>
|
<artifactId>jackson-databind</artifactId>
|
||||||
<version>2.18.2</version>
|
<version>2.19.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.fasterxml.jackson.datatype</groupId>
|
<groupId>com.fasterxml.jackson.datatype</groupId>
|
||||||
<artifactId>jackson-datatype-jsr310</artifactId>
|
<artifactId>jackson-datatype-jsr310</artifactId>
|
||||||
<version>2.18.2</version>
|
<version>2.19.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.junit.jupiter</groupId>
|
<groupId>org.junit.jupiter</groupId>
|
||||||
<artifactId>junit-jupiter</artifactId>
|
<artifactId>junit-jupiter</artifactId>
|
||||||
<version>5.11.3</version>
|
<version>5.13.2</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.mockito</groupId>
|
<groupId>org.mockito</groupId>
|
||||||
<artifactId>mockito-core</artifactId>
|
<artifactId>mockito-core</artifactId>
|
||||||
<version>5.14.2</version>
|
<version>5.18.0</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
@@ -78,25 +79,25 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.wiremock</groupId>
|
<groupId>org.wiremock</groupId>
|
||||||
<artifactId>wiremock</artifactId>
|
<artifactId>wiremock</artifactId>
|
||||||
<version>3.10.0</version>
|
<version>3.13.1</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>commons-io</groupId>
|
<groupId>commons-io</groupId>
|
||||||
<artifactId>commons-io</artifactId>
|
<artifactId>commons-io</artifactId>
|
||||||
<version>2.18.0</version>
|
<version>2.19.0</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>nl.jqno.equalsverifier</groupId>
|
<groupId>nl.jqno.equalsverifier</groupId>
|
||||||
<artifactId>equalsverifier</artifactId>
|
<artifactId>equalsverifier</artifactId>
|
||||||
<version>3.17.5</version>
|
<version>3.19.4</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.awaitility</groupId>
|
<groupId>org.awaitility</groupId>
|
||||||
<artifactId>awaitility</artifactId>
|
<artifactId>awaitility</artifactId>
|
||||||
<version>4.2.2</version>
|
<version>4.3.0</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
@@ -107,7 +108,7 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-compiler-plugin</artifactId>
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
<version>3.13.0</version>
|
<version>3.14.0</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<release>11</release>
|
<release>11</release>
|
||||||
</configuration>
|
</configuration>
|
||||||
@@ -115,28 +116,29 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-clean-plugin</artifactId>
|
<artifactId>maven-clean-plugin</artifactId>
|
||||||
<version>3.4.0</version>
|
<version>3.5.0</version>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-deploy-plugin</artifactId>
|
<artifactId>maven-deploy-plugin</artifactId>
|
||||||
<version>3.1.3</version>
|
<version>3.1.4</version>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-failsafe-plugin</artifactId>
|
<artifactId>maven-failsafe-plugin</artifactId>
|
||||||
<version>3.5.2</version>
|
<version>3.5.3</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<argLine>
|
<argLine>
|
||||||
@{argLine}
|
@{argLine}
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
|
--add-opens
|
||||||
|
de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
|
||||||
</argLine>
|
</argLine>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-install-plugin</artifactId>
|
<artifactId>maven-install-plugin</artifactId>
|
||||||
<version>3.1.3</version>
|
<version>3.1.4</version>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
@@ -156,18 +158,11 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-surefire-plugin</artifactId>
|
<artifactId>maven-surefire-plugin</artifactId>
|
||||||
<version>3.5.2</version>
|
<version>3.5.3</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<argLine>
|
<argLine>
|
||||||
@{argLine}
|
@{argLine}
|
||||||
--add-opens java.base/java.util=ALL-UNNAMED
|
--add-opens java.base/java.util=ALL-UNNAMED
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector=ALL-UNNAMED
|
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.exception=ALL-UNNAMED
|
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model=ALL-UNNAMED
|
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
|
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
|
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
|
|
||||||
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
|
|
||||||
</argLine>
|
</argLine>
|
||||||
</configuration>
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
@@ -179,15 +174,41 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.jacoco</groupId>
|
<groupId>org.jacoco</groupId>
|
||||||
<artifactId>jacoco-maven-plugin</artifactId>
|
<artifactId>jacoco-maven-plugin</artifactId>
|
||||||
<version>0.8.12</version>
|
<version>0.8.13</version>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.sonarsource.scanner.maven</groupId>
|
<groupId>org.sonarsource.scanner.maven</groupId>
|
||||||
<artifactId>sonar-maven-plugin</artifactId>
|
<artifactId>sonar-maven-plugin</artifactId>
|
||||||
<version>5.0.0.4389</version>
|
<version>5.1.0.4751</version>
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</pluginManagement>
|
</pluginManagement>
|
||||||
|
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-enforcer-plugin</artifactId>
|
||||||
|
<version>3.5.0</version>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>enforce-versions</id>
|
||||||
|
<goals>
|
||||||
|
<goal>enforce</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<rules>
|
||||||
|
<requireMavenVersion>
|
||||||
|
<version>[3.6.3,)</version>
|
||||||
|
</requireMavenVersion>
|
||||||
|
<requireJavaVersion>
|
||||||
|
<version>[11,)</version>
|
||||||
|
</requireJavaVersion>
|
||||||
|
</rules>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
<profiles>
|
<profiles>
|
||||||
@@ -224,7 +245,7 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-javadoc-plugin</artifactId>
|
<artifactId>maven-javadoc-plugin</artifactId>
|
||||||
<version>3.11.1</version>
|
<version>3.11.2</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<source>11</source>
|
<source>11</source>
|
||||||
</configuration>
|
</configuration>
|
||||||
@@ -342,7 +363,7 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.owasp</groupId>
|
<groupId>org.owasp</groupId>
|
||||||
<artifactId>dependency-check-maven</artifactId>
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
<version>11.1.1</version>
|
<version>12.1.3</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
|
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
|
||||||
<nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
|
<nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
|
||||||
@@ -366,7 +387,7 @@
|
|||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.sonatype.central</groupId>
|
<groupId>org.sonatype.central</groupId>
|
||||||
<artifactId>central-publishing-maven-plugin</artifactId>
|
<artifactId>central-publishing-maven-plugin</artifactId>
|
||||||
<version>0.6.0</version>
|
<version>0.8.0</version>
|
||||||
<extensions>true</extensions>
|
<extensions>true</extensions>
|
||||||
<configuration>
|
<configuration>
|
||||||
<publishingServerId>central</publishingServerId>
|
<publishingServerId>central</publishingServerId>
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -54,6 +54,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
private static final String PATH_AUTH = "auth";
|
private static final String PATH_AUTH = "auth";
|
||||||
private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token";
|
private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token";
|
||||||
private static final String PATH_LOOKUP = "/lookup";
|
private static final String PATH_LOOKUP = "/lookup";
|
||||||
|
private static final String PATH_LOOKUP_SELF = "/lookup-self";
|
||||||
private static final String PATH_CREATE = "/create";
|
private static final String PATH_CREATE = "/create";
|
||||||
private static final String PATH_ROLES = "/roles";
|
private static final String PATH_ROLES = "/roles";
|
||||||
private static final String PATH_CREATE_ORPHAN = "/create-orphan";
|
private static final String PATH_CREATE_ORPHAN = "/create-orphan";
|
||||||
@@ -68,6 +69,11 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
private static final String PATH_UNDELETE = "/undelete/";
|
private static final String PATH_UNDELETE = "/undelete/";
|
||||||
private static final String PATH_DESTROY = "/destroy/";
|
private static final String PATH_DESTROY = "/destroy/";
|
||||||
|
|
||||||
|
private static final String PATH_TRANSIT = "transit";
|
||||||
|
private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
|
||||||
|
private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
|
||||||
|
private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
|
||||||
|
|
||||||
private final RequestHelper request;
|
private final RequestHelper request;
|
||||||
|
|
||||||
private boolean authorized = false; // Authorization status.
|
private boolean authorized = false; // Authorization status.
|
||||||
@@ -81,14 +87,14 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
*/
|
*/
|
||||||
HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
|
HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
|
||||||
this.request = new RequestHelper(
|
this.request = new RequestHelper(
|
||||||
((builder.isWithTLS()) ? "https" : "http") + "://" +
|
((builder.isWithTLS()) ? "https" : "http") + "://" +
|
||||||
builder.getHost() +
|
builder.getHost() +
|
||||||
((builder.getPort() != null) ? ":" + builder.getPort() : "") +
|
((builder.getPort() != null) ? ":" + builder.getPort() : "") +
|
||||||
builder.getPrefix(),
|
builder.getPrefix(),
|
||||||
builder.getNumberOfRetries(),
|
builder.getNumberOfRetries(),
|
||||||
builder.getTimeout(),
|
builder.getTimeout(),
|
||||||
builder.getTlsVersion(),
|
builder.getTlsVersion(),
|
||||||
builder.getTrustedCA()
|
builder.getTrustedCA()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -145,8 +151,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
@Override
|
@Override
|
||||||
public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
|
public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
|
||||||
Map<String, String> param = mapOfStrings(
|
Map<String, String> param = mapOfStrings(
|
||||||
"key", key,
|
"key", key,
|
||||||
"reset", reset
|
"reset", reset
|
||||||
);
|
);
|
||||||
|
|
||||||
return request.put(PATH_UNSEAL, param, token, SealResponse.class);
|
return request.put(PATH_UNSEAL, param, token, SealResponse.class);
|
||||||
@@ -156,15 +162,15 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
public HealthResponse getHealth() throws VaultConnectorException {
|
public HealthResponse getHealth() throws VaultConnectorException {
|
||||||
|
|
||||||
return request.get(
|
return request.get(
|
||||||
PATH_HEALTH,
|
PATH_HEALTH,
|
||||||
// Force status code to be 200, so we don't need to modify the request sequence.
|
// Force status code to be 200, so we don't need to modify the request sequence.
|
||||||
Map.of(
|
Map.of(
|
||||||
"standbycode", "200", // Default: 429.
|
"standbycode", "200", // Default: 429.
|
||||||
"sealedcode", "200", // Default: 503.
|
"sealedcode", "200", // Default: 503.
|
||||||
"uninitcode", "200" // Default: 501.
|
"uninitcode", "200" // Default: 501.
|
||||||
),
|
),
|
||||||
token,
|
token,
|
||||||
HealthResponse.class
|
HealthResponse.class
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -186,7 +192,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
/* set token */
|
/* set token */
|
||||||
this.token = token;
|
this.token = token;
|
||||||
this.tokenTTL = 0;
|
this.tokenTTL = 0;
|
||||||
TokenResponse res = request.post(PATH_AUTH_TOKEN + PATH_LOOKUP, emptyMap(), token, TokenResponse.class);
|
TokenResponse res = request.get(PATH_AUTH_TOKEN + PATH_LOOKUP_SELF, emptyMap(), token, TokenResponse.class);
|
||||||
authorized = true;
|
authorized = true;
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
@@ -194,7 +200,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final AuthResponse authUserPass(final String username, final String password)
|
public final AuthResponse authUserPass(final String username, final String password)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
final Map<String, String> payload = singletonMap("password", password);
|
final Map<String, String> payload = singletonMap("password", password);
|
||||||
return queryAuth(PATH_AUTH_USERPASS + username, payload);
|
return queryAuth(PATH_AUTH_USERPASS + username, payload);
|
||||||
}
|
}
|
||||||
@@ -202,8 +208,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
@Override
|
@Override
|
||||||
public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
|
public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
|
||||||
final Map<String, String> payload = mapOfStrings(
|
final Map<String, String> payload = mapOfStrings(
|
||||||
"role_id", roleID,
|
"role_id", roleID,
|
||||||
"secret_id", secretID
|
"secret_id", secretID
|
||||||
);
|
);
|
||||||
return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
|
return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
|
||||||
}
|
}
|
||||||
@@ -217,7 +223,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
* @throws VaultConnectorException on errors
|
* @throws VaultConnectorException on errors
|
||||||
*/
|
*/
|
||||||
private AuthResponse queryAuth(final String path, final Map<String, String> payload)
|
private AuthResponse queryAuth(final String path, final Map<String, String> payload)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
/* Issue request and parse response */
|
/* Issue request and parse response */
|
||||||
AuthResponse auth = request.post(path, payload, token, AuthResponse.class);
|
AuthResponse auth = request.post(path, payload, token, AuthResponse.class);
|
||||||
/* verify response */
|
/* verify response */
|
||||||
@@ -244,10 +250,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
requireAuth();
|
requireAuth();
|
||||||
/* Request HTTP response and parse Secret */
|
/* Request HTTP response and parse Secret */
|
||||||
return request.get(
|
return request.get(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
|
||||||
emptyMap(),
|
emptyMap(),
|
||||||
token,
|
token,
|
||||||
AppRoleResponse.class
|
AppRoleResponse.class
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -266,10 +272,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
requireAuth();
|
requireAuth();
|
||||||
/* Issue request, parse response and extract Role ID */
|
/* Issue request, parse response and extract Role ID */
|
||||||
return request.get(
|
return request.get(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
||||||
emptyMap(),
|
emptyMap(),
|
||||||
token,
|
token,
|
||||||
RawDataResponse.class
|
RawDataResponse.class
|
||||||
).getData().get("role_id").toString();
|
).getData().get("role_id").toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -279,9 +285,9 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
/* Issue request and expect code 204 with empty response */
|
/* Issue request and expect code 204 with empty response */
|
||||||
request.postWithoutResponse(
|
request.postWithoutResponse(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
|
||||||
singletonMap("role_id", roleID),
|
singletonMap("role_id", roleID),
|
||||||
token
|
token
|
||||||
);
|
);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
@@ -289,49 +295,49 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
|
public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
if (secret.getId() != null && !secret.getId().isEmpty()) {
|
if (secret.getId() != null && !secret.getId().isEmpty()) {
|
||||||
return request.post(
|
return request.post(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
|
||||||
secret,
|
secret,
|
||||||
token,
|
token,
|
||||||
AppRoleSecretResponse.class
|
AppRoleSecretResponse.class
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
return request.post(
|
return request.post(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
|
||||||
secret, token,
|
secret, token,
|
||||||
AppRoleSecretResponse.class
|
AppRoleSecretResponse.class
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
|
public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
/* Issue request and parse secret response */
|
/* Issue request and parse secret response */
|
||||||
return request.post(
|
return request.post(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
|
||||||
new AppRoleSecret(secretID),
|
new AppRoleSecret(secretID),
|
||||||
token,
|
token,
|
||||||
AppRoleSecretResponse.class
|
AppRoleSecretResponse.class
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
|
public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
/* Issue request and expect code 204 with empty response */
|
/* Issue request and expect code 204 with empty response */
|
||||||
request.postWithoutResponse(
|
request.postWithoutResponse(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
|
||||||
new AppRoleSecret(secretID),
|
new AppRoleSecret(secretID),
|
||||||
token);
|
token);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@@ -341,10 +347,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
SecretListResponse secrets = request.get(
|
SecretListResponse secrets = request.get(
|
||||||
PATH_AUTH_APPROLE + "/role?list=true",
|
PATH_AUTH_APPROLE + "/role?list=true",
|
||||||
emptyMap(),
|
emptyMap(),
|
||||||
token,
|
token,
|
||||||
SecretListResponse.class
|
SecretListResponse.class
|
||||||
);
|
);
|
||||||
|
|
||||||
return secrets.getKeys();
|
return secrets.getKeys();
|
||||||
@@ -355,10 +361,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
SecretListResponse secrets = request.get(
|
SecretListResponse secrets = request.get(
|
||||||
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
|
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
|
||||||
emptyMap(),
|
emptyMap(),
|
||||||
token,
|
token,
|
||||||
SecretListResponse.class
|
SecretListResponse.class
|
||||||
);
|
);
|
||||||
|
|
||||||
return secrets.getKeys();
|
return secrets.getKeys();
|
||||||
@@ -373,7 +379,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
|
public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
requireAuth();
|
requireAuth();
|
||||||
/* Request HTTP response and parse secret metadata */
|
/* Request HTTP response and parse secret metadata */
|
||||||
Map<String, String> args = mapOfStrings("version", version);
|
Map<String, String> args = mapOfStrings("version", version);
|
||||||
@@ -383,7 +389,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final MetadataResponse readSecretMetadata(final String mount, final String key)
|
public final MetadataResponse readSecretMetadata(final String mount, final String key)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
/* Request HTTP response and parse secret metadata */
|
/* Request HTTP response and parse secret metadata */
|
||||||
@@ -398,8 +404,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
Map<String, Object> payload = mapOf(
|
Map<String, Object> payload = mapOf(
|
||||||
"max_versions", maxVersions,
|
"max_versions", maxVersions,
|
||||||
"cas_required", casRequired
|
"cas_required", casRequired
|
||||||
);
|
);
|
||||||
|
|
||||||
write(mount + PATH_METADATA + key, payload);
|
write(mount + PATH_METADATA + key, payload);
|
||||||
@@ -421,13 +427,13 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
/* Issue request and parse metadata response */
|
/* Issue request and parse metadata response */
|
||||||
return request.post(
|
return request.post(
|
||||||
mount + PATH_DATA + key,
|
mount + PATH_DATA + key,
|
||||||
Map.of(
|
Map.of(
|
||||||
"data", data,
|
"data", data,
|
||||||
"options", options
|
"options", options
|
||||||
),
|
),
|
||||||
token,
|
token,
|
||||||
SecretVersionResponse.class
|
SecretVersionResponse.class
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -442,7 +448,7 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
|
public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
if (key == null || key.isEmpty()) {
|
if (key == null || key.isEmpty()) {
|
||||||
@@ -455,8 +461,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
// If options are given, split payload in two parts.
|
// If options are given, split payload in two parts.
|
||||||
if (options != null) {
|
if (options != null) {
|
||||||
payload = Map.of(
|
payload = Map.of(
|
||||||
"data", data,
|
"data", data,
|
||||||
"options", options
|
"options", options
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -484,19 +490,19 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final void deleteSecretVersions(final String mount, final String key, final int... versions)
|
public final void deleteSecretVersions(final String mount, final String key, final int... versions)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
handleSecretVersions(mount, PATH_DELETE, key, versions);
|
handleSecretVersions(mount, PATH_DELETE, key, versions);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
|
public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
handleSecretVersions(mount, PATH_UNDELETE, key, versions);
|
handleSecretVersions(mount, PATH_UNDELETE, key, versions);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public final void destroySecretVersions(final String mount, final String key, final int... versions)
|
public final void destroySecretVersions(final String mount, final String key, final int... versions)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
handleSecretVersions(mount, PATH_DESTROY, key, versions);
|
handleSecretVersions(mount, PATH_DESTROY, key, versions);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -536,8 +542,8 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
requireAuth();
|
requireAuth();
|
||||||
|
|
||||||
Map<String, String> payload = mapOfStrings(
|
Map<String, String> payload = mapOfStrings(
|
||||||
"lease_id", leaseID,
|
"lease_id", leaseID,
|
||||||
"increment", increment
|
"increment", increment
|
||||||
);
|
);
|
||||||
|
|
||||||
/* Issue request and parse secret response */
|
/* Issue request and parse secret response */
|
||||||
@@ -594,10 +600,10 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
|
|
||||||
/* Request HTTP response and parse Secret */
|
/* Request HTTP response and parse Secret */
|
||||||
return request.get(
|
return request.get(
|
||||||
PATH_AUTH_TOKEN + PATH_LOOKUP,
|
PATH_AUTH_TOKEN + PATH_LOOKUP,
|
||||||
singletonMap("token", token),
|
singletonMap("token", token),
|
||||||
token,
|
token,
|
||||||
TokenResponse.class
|
TokenResponse.class
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -646,6 +652,47 @@ public class HTTPVaultConnector implements VaultConnector {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
|
||||||
|
throws VaultConnectorException {
|
||||||
|
requireAuth();
|
||||||
|
|
||||||
|
Map<String, Object> payload = mapOf(
|
||||||
|
"plaintext", plaintext
|
||||||
|
);
|
||||||
|
|
||||||
|
return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
|
||||||
|
throws VaultConnectorException {
|
||||||
|
requireAuth();
|
||||||
|
|
||||||
|
Map<String, Object> payload = mapOf(
|
||||||
|
"ciphertext", ciphertext
|
||||||
|
);
|
||||||
|
|
||||||
|
return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public final TransitResponse transitHash(final String algorithm, final String input, final String format)
|
||||||
|
throws VaultConnectorException {
|
||||||
|
if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
|
||||||
|
throw new IllegalArgumentException("Unsupported format " + format);
|
||||||
|
}
|
||||||
|
|
||||||
|
requireAuth();
|
||||||
|
|
||||||
|
Map<String, Object> payload = mapOf(
|
||||||
|
"input", input,
|
||||||
|
"format", format
|
||||||
|
);
|
||||||
|
|
||||||
|
return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check for required authorization.
|
* Check for required authorization.
|
||||||
*
|
*
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
|
|||||||
import de.stklcode.jvault.connector.exception.TlsException;
|
import de.stklcode.jvault.connector.exception.TlsException;
|
||||||
import de.stklcode.jvault.connector.exception.VaultConnectorException;
|
import de.stklcode.jvault.connector.exception.VaultConnectorException;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.MalformedURLException;
|
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.net.URL;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.CertificateFactory;
|
import java.security.cert.CertificateFactory;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Objects;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Vault Connector Builder implementation for HTTP Vault connectors.
|
* Vault Connector Builder implementation for HTTP Vault connectors.
|
||||||
@@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
|
|||||||
* @since 1.0
|
* @since 1.0
|
||||||
*/
|
*/
|
||||||
public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
|
public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
|
||||||
return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), ""))))
|
String path = baseURL.getPath();
|
||||||
.withHost(baseURL.getHost())
|
if (path == null || path.isBlank()) {
|
||||||
.withPort(baseURL.getPort())
|
path = DEFAULT_PREFIX;
|
||||||
.withPrefix(baseURL.getPath());
|
}
|
||||||
|
return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
|
||||||
|
.withHost(baseURL.getHost())
|
||||||
|
.withPort(baseURL.getPort())
|
||||||
|
.withPrefix(path);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
|
|||||||
*/
|
*/
|
||||||
public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
|
public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
|
||||||
/* Parse URL from environment variable */
|
/* Parse URL from environment variable */
|
||||||
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) {
|
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
|
||||||
try {
|
try {
|
||||||
var url = new URL(System.getenv(ENV_VAULT_ADDR));
|
withBaseURL(System.getenv(ENV_VAULT_ADDR));
|
||||||
this.host = url.getHost();
|
} catch (URISyntaxException e) {
|
||||||
this.port = url.getPort();
|
|
||||||
this.tls = url.getProtocol().equals("https");
|
|
||||||
} catch (MalformedURLException e) {
|
|
||||||
throw new ConnectionException("URL provided in environment variable malformed", e);
|
throw new ConnectionException("URL provided in environment variable malformed", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
|
|||||||
/* Read number of retries */
|
/* Read number of retries */
|
||||||
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
|
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
|
||||||
try {
|
try {
|
||||||
numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES));
|
withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
|
||||||
} catch (NumberFormatException ignored) {
|
} catch (NumberFormatException ignored) {
|
||||||
/* Ignore malformed values. */
|
/* Ignore malformed values. */
|
||||||
}
|
}
|
||||||
@@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
|
|||||||
token = System.getenv(ENV_VAULT_TOKEN);
|
token = System.getenv(ENV_VAULT_TOKEN);
|
||||||
|
|
||||||
/* Parse certificate, if set */
|
/* Parse certificate, if set */
|
||||||
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) {
|
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
|
||||||
return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT)));
|
X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
|
||||||
|
if (cert == null) {
|
||||||
|
cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
|
||||||
|
}
|
||||||
|
return withTrustedCA(cert);
|
||||||
}
|
}
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
@@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
|
|||||||
return con;
|
return con;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Read given certificate file to X.509 certificate.
|
||||||
|
*
|
||||||
|
* @param cert Certificate string (optionally PEM)
|
||||||
|
* @return X.509 Certificate object if parseable, else {@code null}
|
||||||
|
* @throws TlsException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
private X509Certificate certificateFromString(final String cert) throws TlsException {
|
||||||
|
// Check if PEM header is present in given string
|
||||||
|
if (cert.contains("-BEGIN ") && cert.contains("-END")) {
|
||||||
|
try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
|
||||||
|
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
|
||||||
|
} catch (IOException | CertificateException e) {
|
||||||
|
throw new TlsException("Unable to read certificate.", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Not am PEM string, skip
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Read given certificate file to X.509 certificate.
|
* Read given certificate file to X.509 certificate.
|
||||||
*
|
*
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
|
|||||||
import de.stklcode.jvault.connector.model.response.*;
|
import de.stklcode.jvault.connector.model.response.*;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
import java.util.ArrayList;
|
import java.util.*;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Vault Connector interface.
|
* Vault Connector interface.
|
||||||
@@ -194,7 +191,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.4.0
|
* @since 0.4.0
|
||||||
*/
|
*/
|
||||||
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
|
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
|
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -260,7 +257,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.4.0
|
* @since 0.4.0
|
||||||
*/
|
*/
|
||||||
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
|
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
|
return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -274,7 +271,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.4.0
|
* @since 0.4.0
|
||||||
*/
|
*/
|
||||||
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
|
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Lookup an AppRole secret.
|
* Lookup an AppRole secret.
|
||||||
@@ -286,7 +283,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.4.0
|
* @since 0.4.0
|
||||||
*/
|
*/
|
||||||
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
|
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroy an AppRole secret.
|
* Destroy an AppRole secret.
|
||||||
@@ -401,7 +398,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
|
SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve secret metadata from Vault.
|
* Retrieve secret metadata from Vault.
|
||||||
@@ -479,7 +476,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.8 {@code options} parameter added
|
* @since 0.8 {@code options} parameter added
|
||||||
*/
|
*/
|
||||||
void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
|
void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Delete key from Vault.
|
* Delete key from Vault.
|
||||||
@@ -527,7 +524,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
void deleteSecretVersions(final String mount, final String key, final int... versions)
|
void deleteSecretVersions(final String mount, final String key, final int... versions)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Undelete (restore) secret versions from Vault.
|
* Undelete (restore) secret versions from Vault.
|
||||||
@@ -540,7 +537,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
void undeleteSecretVersions(final String mount, final String key, final int... versions)
|
void undeleteSecretVersions(final String mount, final String key, final int... versions)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroy secret versions from Vault.
|
* Destroy secret versions from Vault.
|
||||||
@@ -553,7 +550,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
void destroySecretVersions(final String mount, final String key, final int... versions)
|
void destroySecretVersions(final String mount, final String key, final int... versions)
|
||||||
throws VaultConnectorException;
|
throws VaultConnectorException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Revoke given lease immediately.
|
* Revoke given lease immediately.
|
||||||
@@ -674,6 +671,82 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
*/
|
*/
|
||||||
boolean deleteTokenRole(final String name) throws VaultConnectorException;
|
boolean deleteTokenRole(final String name) throws VaultConnectorException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Encrypt plaintext via transit engine from Vault.
|
||||||
|
*
|
||||||
|
* @param keyName Transit key name
|
||||||
|
* @param plaintext Text to encrypt (Base64 encoded)
|
||||||
|
* @return Transit response
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Encrypt plaintext via transit engine from Vault.
|
||||||
|
*
|
||||||
|
* @param keyName Transit key name
|
||||||
|
* @param plaintext Binary data to encrypt
|
||||||
|
* @return Transit response
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
|
||||||
|
throws VaultConnectorException {
|
||||||
|
return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Decrypt ciphertext via transit engine from Vault.
|
||||||
|
*
|
||||||
|
* @param keyName Transit key name
|
||||||
|
* @param ciphertext Text to decrypt
|
||||||
|
* @return Transit response
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Hash data in hex format via transit engine from Vault.
|
||||||
|
*
|
||||||
|
* @param algorithm Specifies the hash algorithm to use
|
||||||
|
* @param input Data to hash
|
||||||
|
* @return Transit response
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
|
||||||
|
return transitHash(algorithm, input, "hex");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Hash data via transit engine from Vault.
|
||||||
|
*
|
||||||
|
* @param algorithm Specifies the hash algorithm to use
|
||||||
|
* @param input Data to hash (Base64 encoded)
|
||||||
|
* @param format Specifies the output encoding (hex/base64)
|
||||||
|
* @return Transit response
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
TransitResponse transitHash(final String algorithm, final String input, final String format)
|
||||||
|
throws VaultConnectorException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Hash data via transit engine from Vault.
|
||||||
|
*
|
||||||
|
* @param algorithm Specifies the hash algorithm to use
|
||||||
|
* @param input Data to hash
|
||||||
|
* @return Transit response
|
||||||
|
* @throws VaultConnectorException on error
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
|
||||||
|
throws VaultConnectorException {
|
||||||
|
return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Read credentials for MySQL backend at default mount point.
|
* Read credentials for MySQL backend at default mount point.
|
||||||
*
|
*
|
||||||
@@ -681,7 +754,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @return the credentials response
|
* @return the credentials response
|
||||||
* @throws VaultConnectorException on error
|
* @throws VaultConnectorException on error
|
||||||
* @since 0.5.0
|
* @since 0.5.0
|
||||||
|
* @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
|
||||||
*/
|
*/
|
||||||
|
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||||
default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
|
default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
|
||||||
return readDbCredentials(role, "mysql");
|
return readDbCredentials(role, "mysql");
|
||||||
}
|
}
|
||||||
@@ -693,7 +768,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @return the credentials response
|
* @return the credentials response
|
||||||
* @throws VaultConnectorException on error
|
* @throws VaultConnectorException on error
|
||||||
* @since 0.5.0
|
* @since 0.5.0
|
||||||
|
* @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
|
||||||
*/
|
*/
|
||||||
|
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||||
default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
|
default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
|
||||||
return readDbCredentials(role, "postgresql");
|
return readDbCredentials(role, "postgresql");
|
||||||
}
|
}
|
||||||
@@ -705,34 +782,38 @@ public interface VaultConnector extends AutoCloseable, Serializable {
|
|||||||
* @return the credentials response
|
* @return the credentials response
|
||||||
* @throws VaultConnectorException on error
|
* @throws VaultConnectorException on error
|
||||||
* @since 0.5.0
|
* @since 0.5.0
|
||||||
|
* @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
|
||||||
*/
|
*/
|
||||||
|
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||||
default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
|
default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
|
||||||
return readDbCredentials(role, "mssql");
|
return readDbCredentials(role, "mssql");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Read credentials for MSSQL backend at default mount point.
|
* Read credentials for MongoDB backend at default mount point.
|
||||||
*
|
*
|
||||||
* @param role the role name
|
* @param role the role name
|
||||||
* @return the credentials response
|
* @return the credentials response
|
||||||
* @throws VaultConnectorException on error
|
* @throws VaultConnectorException on error
|
||||||
* @since 0.5.0
|
* @since 0.5.0
|
||||||
|
* @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
|
||||||
*/
|
*/
|
||||||
|
@Deprecated(since = "1.5.0", forRemoval = true)
|
||||||
default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
|
default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
|
||||||
return readDbCredentials(role, "mongodb");
|
return readDbCredentials(role, "mongodb");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Read credentials for SQL backends.
|
* Read credentials for database backends.
|
||||||
*
|
*
|
||||||
* @param role the role name
|
* @param role the role name
|
||||||
* @param mount mount point of the SQL backend
|
* @param mount mount point of the database backend
|
||||||
* @return the credentials response
|
* @return the credentials response
|
||||||
* @throws VaultConnectorException on error
|
* @throws VaultConnectorException on error
|
||||||
* @since 0.5.0
|
* @since 0.5.0
|
||||||
*/
|
*/
|
||||||
default CredentialsResponse readDbCredentials(final String role, final String mount)
|
default CredentialsResponse readDbCredentials(final String role, final String mount)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
return (CredentialsResponse) read(mount + "/creds/" + role);
|
return (CredentialsResponse) read(mount + "/creds/" + role);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
|
|||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
||||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||||
|
import com.fasterxml.jackson.databind.json.JsonMapper;
|
||||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||||
import de.stklcode.jvault.connector.exception.*;
|
import de.stklcode.jvault.connector.exception.*;
|
||||||
import de.stklcode.jvault.connector.model.response.ErrorResponse;
|
import de.stklcode.jvault.connector.model.response.ErrorResponse;
|
||||||
@@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
private final int retries; // Number of retries on 5xx errors.
|
private final int retries; // Number of retries on 5xx errors.
|
||||||
private final String tlsVersion; // TLS version (#22).
|
private final String tlsVersion; // TLS version (#22).
|
||||||
private final X509Certificate trustedCaCert; // Trusted CA certificate.
|
private final X509Certificate trustedCaCert; // Trusted CA certificate.
|
||||||
private final ObjectMapper jsonMapper;
|
private final JsonMapper jsonMapper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor of the request helper.
|
* Constructor of the request helper.
|
||||||
@@ -65,10 +65,11 @@ public final class RequestHelper implements Serializable {
|
|||||||
this.timeout = timeout;
|
this.timeout = timeout;
|
||||||
this.tlsVersion = tlsVersion;
|
this.tlsVersion = tlsVersion;
|
||||||
this.trustedCaCert = trustedCaCert;
|
this.trustedCaCert = trustedCaCert;
|
||||||
this.jsonMapper = new ObjectMapper()
|
this.jsonMapper = JsonMapper.builder()
|
||||||
.registerModule(new JavaTimeModule())
|
.addModule(new JavaTimeModule())
|
||||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
|
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
|
||||||
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -115,7 +116,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
|
public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
try {
|
try {
|
||||||
String response = post(path, payload, token);
|
String response = post(path, payload, token);
|
||||||
return jsonMapper.readValue(response, target);
|
return jsonMapper.readValue(response, target);
|
||||||
@@ -134,7 +135,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
public void postWithoutResponse(final String path, final Object payload, final String token)
|
public void postWithoutResponse(final String path, final Object payload, final String token)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
if (!post(path, payload, token).isEmpty()) {
|
if (!post(path, payload, token).isEmpty()) {
|
||||||
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
|
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
|
||||||
}
|
}
|
||||||
@@ -151,7 +152,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8 Added {@code token} parameter.
|
* @since 0.8 Added {@code token} parameter.
|
||||||
*/
|
*/
|
||||||
public String put(final String path, final Map<String, String> payload, final String token)
|
public String put(final String path, final Map<String, String> payload, final String token)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
// Initialize PUT.
|
// Initialize PUT.
|
||||||
var req = HttpRequest.newBuilder(URI.create(baseURL + path));
|
var req = HttpRequest.newBuilder(URI.create(baseURL + path));
|
||||||
|
|
||||||
@@ -185,7 +186,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
|
public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
try {
|
try {
|
||||||
String response = put(path, payload, token);
|
String response = put(path, payload, token);
|
||||||
return jsonMapper.readValue(response, target);
|
return jsonMapper.readValue(response, target);
|
||||||
@@ -204,7 +205,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
|
public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
if (!put(path, payload, token).isEmpty()) {
|
if (!put(path, payload, token).isEmpty()) {
|
||||||
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
|
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
|
||||||
}
|
}
|
||||||
@@ -256,15 +257,15 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8 Added {@code token} parameter.
|
* @since 0.8 Added {@code token} parameter.
|
||||||
*/
|
*/
|
||||||
public String get(final String path, final Map<String, String> payload, final String token)
|
public String get(final String path, final Map<String, String> payload, final String token)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
// Add parameters to URI.
|
// Add parameters to URI.
|
||||||
var uriBuilder = new StringBuilder(baseURL + path);
|
var uriBuilder = new StringBuilder(baseURL + path);
|
||||||
|
|
||||||
if (!payload.isEmpty()) {
|
if (!payload.isEmpty()) {
|
||||||
uriBuilder.append("?").append(
|
uriBuilder.append("?").append(
|
||||||
payload.entrySet().stream().map(par ->
|
payload.entrySet().stream().map(par ->
|
||||||
URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
|
URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
|
||||||
).collect(Collectors.joining("&"))
|
).collect(Collectors.joining("&"))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -297,7 +298,7 @@ public final class RequestHelper implements Serializable {
|
|||||||
* @since 0.8
|
* @since 0.8
|
||||||
*/
|
*/
|
||||||
public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
|
public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
|
||||||
throws VaultConnectorException {
|
throws VaultConnectorException {
|
||||||
try {
|
try {
|
||||||
String response = get(path, payload, token);
|
String response = get(path, payload, token);
|
||||||
return jsonMapper.readValue(response, target);
|
return jsonMapper.readValue(response, target);
|
||||||
@@ -333,8 +334,8 @@ public final class RequestHelper implements Serializable {
|
|||||||
// Execute request.
|
// Execute request.
|
||||||
try {
|
try {
|
||||||
HttpResponse<InputStream> response = client.sendAsync(
|
HttpResponse<InputStream> response = client.sendAsync(
|
||||||
requestBuilder.build(),
|
requestBuilder.build(),
|
||||||
HttpResponse.BodyHandlers.ofInputStream()
|
HttpResponse.BodyHandlers.ofInputStream()
|
||||||
).join();
|
).join();
|
||||||
|
|
||||||
/* Check if response is valid */
|
/* Check if response is valid */
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -32,7 +32,7 @@ import java.util.Objects;
|
|||||||
*/
|
*/
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||||
public final class AppRole implements Serializable {
|
public final class AppRole implements Serializable {
|
||||||
private static final long serialVersionUID = 693228837510483448L;
|
private static final long serialVersionUID = 1546673231280751679L;
|
||||||
|
|
||||||
@JsonProperty("role_name")
|
@JsonProperty("role_name")
|
||||||
private String name;
|
private String name;
|
||||||
@@ -53,7 +53,7 @@ public final class AppRole implements Serializable {
|
|||||||
|
|
||||||
@JsonProperty("secret_id_ttl")
|
@JsonProperty("secret_id_ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer secretIdTtl;
|
private Long secretIdTtl;
|
||||||
|
|
||||||
@JsonProperty("local_secret_ids")
|
@JsonProperty("local_secret_ids")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
@@ -61,11 +61,11 @@ public final class AppRole implements Serializable {
|
|||||||
|
|
||||||
@JsonProperty("token_ttl")
|
@JsonProperty("token_ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer tokenTtl;
|
private Long tokenTtl;
|
||||||
|
|
||||||
@JsonProperty("token_max_ttl")
|
@JsonProperty("token_max_ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer tokenMaxTtl;
|
private Long tokenMaxTtl;
|
||||||
|
|
||||||
private List<String> tokenPolicies;
|
private List<String> tokenPolicies;
|
||||||
|
|
||||||
@@ -75,7 +75,7 @@ public final class AppRole implements Serializable {
|
|||||||
|
|
||||||
@JsonProperty("token_explicit_max_ttl")
|
@JsonProperty("token_explicit_max_ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer tokenExplicitMaxTtl;
|
private Long tokenExplicitMaxTtl;
|
||||||
|
|
||||||
@JsonProperty("token_no_default_policy")
|
@JsonProperty("token_no_default_policy")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
@@ -255,7 +255,7 @@ public final class AppRole implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return maximum TTL in seconds for secrets
|
* @return maximum TTL in seconds for secrets
|
||||||
*/
|
*/
|
||||||
public Integer getSecretIdTtl() {
|
public Long getSecretIdTtl() {
|
||||||
return secretIdTtl;
|
return secretIdTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -271,14 +271,14 @@ public final class AppRole implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return token TTL in seconds
|
* @return token TTL in seconds
|
||||||
*/
|
*/
|
||||||
public Integer getTokenTtl() {
|
public Long getTokenTtl() {
|
||||||
return tokenTtl;
|
return tokenTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return maximum token TTL in seconds, including renewals
|
* @return maximum token TTL in seconds, including renewals
|
||||||
*/
|
*/
|
||||||
public Integer getTokenMaxTtl() {
|
public Long getTokenMaxTtl() {
|
||||||
return tokenMaxTtl;
|
return tokenMaxTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -286,7 +286,7 @@ public final class AppRole implements Serializable {
|
|||||||
* @return explicit maximum token TTL in seconds, including renewals
|
* @return explicit maximum token TTL in seconds, including renewals
|
||||||
* @since 0.9
|
* @since 0.9
|
||||||
*/
|
*/
|
||||||
public Integer getTokenExplicitMaxTtl() {
|
public Long getTokenExplicitMaxTtl() {
|
||||||
return tokenExplicitMaxTtl;
|
return tokenExplicitMaxTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -331,28 +331,28 @@ public final class AppRole implements Serializable {
|
|||||||
}
|
}
|
||||||
AppRole appRole = (AppRole) o;
|
AppRole appRole = (AppRole) o;
|
||||||
return Objects.equals(name, appRole.name) &&
|
return Objects.equals(name, appRole.name) &&
|
||||||
Objects.equals(id, appRole.id) &&
|
Objects.equals(id, appRole.id) &&
|
||||||
Objects.equals(bindSecretId, appRole.bindSecretId) &&
|
Objects.equals(bindSecretId, appRole.bindSecretId) &&
|
||||||
Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
|
Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
|
||||||
Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
|
Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
|
||||||
Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
|
Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
|
||||||
Objects.equals(localSecretIds, appRole.localSecretIds) &&
|
Objects.equals(localSecretIds, appRole.localSecretIds) &&
|
||||||
Objects.equals(tokenTtl, appRole.tokenTtl) &&
|
Objects.equals(tokenTtl, appRole.tokenTtl) &&
|
||||||
Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
|
Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
|
||||||
Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
|
Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
|
||||||
Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
|
Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
|
||||||
Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
|
Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
|
||||||
Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
|
Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
|
||||||
Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
|
Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
|
||||||
Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
|
Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
|
||||||
Objects.equals(tokenType, appRole.tokenType);
|
Objects.equals(tokenType, appRole.tokenType);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
|
return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
|
||||||
localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
|
localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -370,12 +370,12 @@ public final class AppRole implements Serializable {
|
|||||||
private List<String> secretIdBoundCidrs;
|
private List<String> secretIdBoundCidrs;
|
||||||
private List<String> tokenPolicies;
|
private List<String> tokenPolicies;
|
||||||
private Integer secretIdNumUses;
|
private Integer secretIdNumUses;
|
||||||
private Integer secretIdTtl;
|
private Long secretIdTtl;
|
||||||
private Boolean localSecretIds;
|
private Boolean localSecretIds;
|
||||||
private Integer tokenTtl;
|
private Long tokenTtl;
|
||||||
private Integer tokenMaxTtl;
|
private Long tokenMaxTtl;
|
||||||
private List<String> tokenBoundCidrs;
|
private List<String> tokenBoundCidrs;
|
||||||
private Integer tokenExplicitMaxTtl;
|
private Long tokenExplicitMaxTtl;
|
||||||
private Boolean tokenNoDefaultPolicy;
|
private Boolean tokenNoDefaultPolicy;
|
||||||
private Integer tokenNumUses;
|
private Integer tokenNumUses;
|
||||||
private Integer tokenPeriod;
|
private Integer tokenPeriod;
|
||||||
@@ -520,7 +520,7 @@ public final class AppRole implements Serializable {
|
|||||||
* @param secretIdTtl the TTL
|
* @param secretIdTtl the TTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withSecretIdTtl(final Integer secretIdTtl) {
|
public Builder withSecretIdTtl(final Long secretIdTtl) {
|
||||||
this.secretIdTtl = secretIdTtl;
|
this.secretIdTtl = secretIdTtl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
@@ -544,7 +544,7 @@ public final class AppRole implements Serializable {
|
|||||||
* @param tokenTtl the TTL
|
* @param tokenTtl the TTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withTokenTtl(final Integer tokenTtl) {
|
public Builder withTokenTtl(final Long tokenTtl) {
|
||||||
this.tokenTtl = tokenTtl;
|
this.tokenTtl = tokenTtl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
@@ -555,7 +555,7 @@ public final class AppRole implements Serializable {
|
|||||||
* @param tokenMaxTtl the TTL
|
* @param tokenMaxTtl the TTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withTokenMaxTtl(final Integer tokenMaxTtl) {
|
public Builder withTokenMaxTtl(final Long tokenMaxTtl) {
|
||||||
this.tokenMaxTtl = tokenMaxTtl;
|
this.tokenMaxTtl = tokenMaxTtl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
@@ -596,7 +596,7 @@ public final class AppRole implements Serializable {
|
|||||||
* @param tokenExplicitMaxTtl the TTL
|
* @param tokenExplicitMaxTtl the TTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
|
public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
|
||||||
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
|
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -181,19 +181,19 @@ public final class AppRoleSecret implements Serializable {
|
|||||||
}
|
}
|
||||||
AppRoleSecret that = (AppRoleSecret) o;
|
AppRoleSecret that = (AppRoleSecret) o;
|
||||||
return Objects.equals(id, that.id) &&
|
return Objects.equals(id, that.id) &&
|
||||||
Objects.equals(accessor, that.accessor) &&
|
Objects.equals(accessor, that.accessor) &&
|
||||||
Objects.equals(metadata, that.metadata) &&
|
Objects.equals(metadata, that.metadata) &&
|
||||||
Objects.equals(cidrList, that.cidrList) &&
|
Objects.equals(cidrList, that.cidrList) &&
|
||||||
Objects.equals(creationTime, that.creationTime) &&
|
Objects.equals(creationTime, that.creationTime) &&
|
||||||
Objects.equals(expirationTime, that.expirationTime) &&
|
Objects.equals(expirationTime, that.expirationTime) &&
|
||||||
Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
|
Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
|
||||||
Objects.equals(numUses, that.numUses) &&
|
Objects.equals(numUses, that.numUses) &&
|
||||||
Objects.equals(ttl, that.ttl);
|
Objects.equals(ttl, that.ttl);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
|
return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
|
||||||
ttl);
|
ttl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -32,7 +32,7 @@ import java.util.*;
|
|||||||
*/
|
*/
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||||
public final class Token implements Serializable {
|
public final class Token implements Serializable {
|
||||||
private static final long serialVersionUID = 5208508683665365287L;
|
private static final long serialVersionUID = 7003016071684507115L;
|
||||||
|
|
||||||
@JsonProperty("id")
|
@JsonProperty("id")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
@@ -56,11 +56,11 @@ public final class Token implements Serializable {
|
|||||||
|
|
||||||
@JsonProperty("ttl")
|
@JsonProperty("ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer ttl;
|
private Long ttl;
|
||||||
|
|
||||||
@JsonProperty("explicit_max_ttl")
|
@JsonProperty("explicit_max_ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer explicitMaxTtl;
|
private Long explicitMaxTtl;
|
||||||
|
|
||||||
@JsonProperty("num_uses")
|
@JsonProperty("num_uses")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
@@ -162,7 +162,7 @@ public final class Token implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return Time-to-live in seconds
|
* @return Time-to-live in seconds
|
||||||
*/
|
*/
|
||||||
public Integer getTtl() {
|
public Long getTtl() {
|
||||||
return ttl;
|
return ttl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -170,7 +170,7 @@ public final class Token implements Serializable {
|
|||||||
* @return Explicit maximum time-to-live in seconds
|
* @return Explicit maximum time-to-live in seconds
|
||||||
* @since 0.9
|
* @since 0.9
|
||||||
*/
|
*/
|
||||||
public Integer getExplicitMaxTtl() {
|
public Long getExplicitMaxTtl() {
|
||||||
return explicitMaxTtl;
|
return explicitMaxTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -227,24 +227,24 @@ public final class Token implements Serializable {
|
|||||||
}
|
}
|
||||||
Token token = (Token) o;
|
Token token = (Token) o;
|
||||||
return Objects.equals(id, token.id) &&
|
return Objects.equals(id, token.id) &&
|
||||||
Objects.equals(type, token.type) &&
|
Objects.equals(type, token.type) &&
|
||||||
Objects.equals(displayName, token.displayName) &&
|
Objects.equals(displayName, token.displayName) &&
|
||||||
Objects.equals(noParent, token.noParent) &&
|
Objects.equals(noParent, token.noParent) &&
|
||||||
Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
|
Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
|
||||||
Objects.equals(ttl, token.ttl) &&
|
Objects.equals(ttl, token.ttl) &&
|
||||||
Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
|
Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
|
||||||
Objects.equals(numUses, token.numUses) &&
|
Objects.equals(numUses, token.numUses) &&
|
||||||
Objects.equals(policies, token.policies) &&
|
Objects.equals(policies, token.policies) &&
|
||||||
Objects.equals(meta, token.meta) &&
|
Objects.equals(meta, token.meta) &&
|
||||||
Objects.equals(renewable, token.renewable) &&
|
Objects.equals(renewable, token.renewable) &&
|
||||||
Objects.equals(period, token.period) &&
|
Objects.equals(period, token.period) &&
|
||||||
Objects.equals(entityAlias, token.entityAlias);
|
Objects.equals(entityAlias, token.entityAlias);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies,
|
return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies,
|
||||||
meta, renewable, period, entityAlias);
|
meta, renewable, period, entityAlias);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -282,8 +282,8 @@ public final class Token implements Serializable {
|
|||||||
private String displayName;
|
private String displayName;
|
||||||
private Boolean noParent;
|
private Boolean noParent;
|
||||||
private Boolean noDefaultPolicy;
|
private Boolean noDefaultPolicy;
|
||||||
private Integer ttl;
|
private Long ttl;
|
||||||
private Integer explicitMaxTtl;
|
private Long explicitMaxTtl;
|
||||||
private Integer numUses;
|
private Integer numUses;
|
||||||
private List<String> policies;
|
private List<String> policies;
|
||||||
private Map<String, String> meta;
|
private Map<String, String> meta;
|
||||||
@@ -331,7 +331,7 @@ public final class Token implements Serializable {
|
|||||||
* @param ttl the ttl
|
* @param ttl the ttl
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withTtl(final Integer ttl) {
|
public Builder withTtl(final Long ttl) {
|
||||||
this.ttl = ttl;
|
this.ttl = ttl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
@@ -342,7 +342,7 @@ public final class Token implements Serializable {
|
|||||||
* @param explicitMaxTtl the explicit max. TTL
|
* @param explicitMaxTtl the explicit max. TTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withExplicitMaxTtl(final Integer explicitMaxTtl) {
|
public Builder withExplicitMaxTtl(final Long explicitMaxTtl) {
|
||||||
this.explicitMaxTtl = explicitMaxTtl;
|
this.explicitMaxTtl = explicitMaxTtl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -34,7 +34,7 @@ import java.util.Objects;
|
|||||||
*/
|
*/
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||||
public final class TokenRole implements Serializable {
|
public final class TokenRole implements Serializable {
|
||||||
private static final long serialVersionUID = -3505215215838576321L;
|
private static final long serialVersionUID = -4856948364869438439L;
|
||||||
|
|
||||||
@JsonProperty("name")
|
@JsonProperty("name")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
@@ -78,7 +78,7 @@ public final class TokenRole implements Serializable {
|
|||||||
|
|
||||||
@JsonProperty("token_explicit_max_ttl")
|
@JsonProperty("token_explicit_max_ttl")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
private Integer tokenExplicitMaxTtl;
|
private Long tokenExplicitMaxTtl;
|
||||||
|
|
||||||
@JsonProperty("token_no_default_policy")
|
@JsonProperty("token_no_default_policy")
|
||||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||||
@@ -204,7 +204,7 @@ public final class TokenRole implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return Token explicit maximum TTL
|
* @return Token explicit maximum TTL
|
||||||
*/
|
*/
|
||||||
public Integer getTokenExplicitMaxTtl() {
|
public Long getTokenExplicitMaxTtl() {
|
||||||
return tokenExplicitMaxTtl;
|
return tokenExplicitMaxTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -245,27 +245,27 @@ public final class TokenRole implements Serializable {
|
|||||||
}
|
}
|
||||||
TokenRole tokenRole = (TokenRole) o;
|
TokenRole tokenRole = (TokenRole) o;
|
||||||
return Objects.equals(name, tokenRole.name) &&
|
return Objects.equals(name, tokenRole.name) &&
|
||||||
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
|
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
|
||||||
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
|
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
|
||||||
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
|
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
|
||||||
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
|
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
|
||||||
Objects.equals(orphan, tokenRole.orphan) &&
|
Objects.equals(orphan, tokenRole.orphan) &&
|
||||||
Objects.equals(renewable, tokenRole.renewable) &&
|
Objects.equals(renewable, tokenRole.renewable) &&
|
||||||
Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
|
Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
|
||||||
Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
|
Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
|
||||||
Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
|
Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
|
||||||
Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
|
Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
|
||||||
Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
|
Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
|
||||||
Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
|
Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
|
||||||
Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
|
Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
|
||||||
Objects.equals(tokenType, tokenRole.tokenType);
|
Objects.equals(tokenType, tokenRole.tokenType);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
|
return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
|
||||||
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
|
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -285,7 +285,7 @@ public final class TokenRole implements Serializable {
|
|||||||
private String pathSuffix;
|
private String pathSuffix;
|
||||||
private List<String> allowedEntityAliases;
|
private List<String> allowedEntityAliases;
|
||||||
private List<String> tokenBoundCidrs;
|
private List<String> tokenBoundCidrs;
|
||||||
private Integer tokenExplicitMaxTtl;
|
private Long tokenExplicitMaxTtl;
|
||||||
private Boolean tokenNoDefaultPolicy;
|
private Boolean tokenNoDefaultPolicy;
|
||||||
private Integer tokenNumUses;
|
private Integer tokenNumUses;
|
||||||
private Integer tokenPeriod;
|
private Integer tokenPeriod;
|
||||||
@@ -537,7 +537,7 @@ public final class TokenRole implements Serializable {
|
|||||||
* @param tokenExplicitMaxTtl explicit maximum TTL
|
* @param tokenExplicitMaxTtl explicit maximum TTL
|
||||||
* @return self
|
* @return self
|
||||||
*/
|
*/
|
||||||
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
|
public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
|
||||||
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
|
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -187,19 +187,19 @@ public final class HealthResponse implements VaultResponse {
|
|||||||
}
|
}
|
||||||
HealthResponse that = (HealthResponse) o;
|
HealthResponse that = (HealthResponse) o;
|
||||||
return Objects.equals(clusterID, that.clusterID) &&
|
return Objects.equals(clusterID, that.clusterID) &&
|
||||||
Objects.equals(clusterName, that.clusterName) &&
|
Objects.equals(clusterName, that.clusterName) &&
|
||||||
Objects.equals(version, that.version) &&
|
Objects.equals(version, that.version) &&
|
||||||
Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
|
Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
|
||||||
Objects.equals(standby, that.standby) &&
|
Objects.equals(standby, that.standby) &&
|
||||||
Objects.equals(sealed, that.sealed) &&
|
Objects.equals(sealed, that.sealed) &&
|
||||||
Objects.equals(initialized, that.initialized) &&
|
Objects.equals(initialized, that.initialized) &&
|
||||||
Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
|
Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
|
||||||
Objects.equals(replicationDrMode, that.replicationDrMode) &&
|
Objects.equals(replicationDrMode, that.replicationDrMode) &&
|
||||||
Objects.equals(performanceStandby, that.performanceStandby) &&
|
Objects.equals(performanceStandby, that.performanceStandby) &&
|
||||||
Objects.equals(echoDurationMs, that.echoDurationMs) &&
|
Objects.equals(echoDurationMs, that.echoDurationMs) &&
|
||||||
Objects.equals(clockSkewMs, that.clockSkewMs) &&
|
Objects.equals(clockSkewMs, that.clockSkewMs) &&
|
||||||
Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
|
Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
|
||||||
Objects.equals(enterprise, that.enterprise);
|
Objects.equals(enterprise, that.enterprise);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2021 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2021 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -191,24 +191,24 @@ public final class SealResponse implements VaultResponse {
|
|||||||
}
|
}
|
||||||
SealResponse that = (SealResponse) o;
|
SealResponse that = (SealResponse) o;
|
||||||
return sealed == that.sealed &&
|
return sealed == that.sealed &&
|
||||||
initialized == that.initialized &&
|
initialized == that.initialized &&
|
||||||
Objects.equals(type, that.type) &&
|
Objects.equals(type, that.type) &&
|
||||||
Objects.equals(threshold, that.threshold) &&
|
Objects.equals(threshold, that.threshold) &&
|
||||||
Objects.equals(numberOfShares, that.numberOfShares) &&
|
Objects.equals(numberOfShares, that.numberOfShares) &&
|
||||||
Objects.equals(progress, that.progress) &&
|
Objects.equals(progress, that.progress) &&
|
||||||
Objects.equals(version, that.version) &&
|
Objects.equals(version, that.version) &&
|
||||||
Objects.equals(buildDate, that.buildDate) &&
|
Objects.equals(buildDate, that.buildDate) &&
|
||||||
Objects.equals(nonce, that.nonce) &&
|
Objects.equals(nonce, that.nonce) &&
|
||||||
Objects.equals(clusterName, that.clusterName) &&
|
Objects.equals(clusterName, that.clusterName) &&
|
||||||
Objects.equals(clusterId, that.clusterId) &&
|
Objects.equals(clusterId, that.clusterId) &&
|
||||||
Objects.equals(migration, that.migration) &&
|
Objects.equals(migration, that.migration) &&
|
||||||
Objects.equals(recoverySeal, that.recoverySeal) &&
|
Objects.equals(recoverySeal, that.recoverySeal) &&
|
||||||
Objects.equals(storageType, that.storageType);
|
Objects.equals(storageType, that.storageType);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
|
return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
|
||||||
clusterName, clusterId, migration, recoverySeal, storageType);
|
clusterName, clusterId, migration, recoverySeal, storageType);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
|
|||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
||||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
||||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||||
|
import com.fasterxml.jackson.databind.json.JsonMapper;
|
||||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||||
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
||||||
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
|
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
|
||||||
@@ -85,10 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
|
|||||||
} else if (type.isInstance(rawValue)) {
|
} else if (type.isInstance(rawValue)) {
|
||||||
return type.cast(rawValue);
|
return type.cast(rawValue);
|
||||||
} else {
|
} else {
|
||||||
var om = new ObjectMapper()
|
var om = JsonMapper.builder()
|
||||||
.registerModule(new JavaTimeModule())
|
.addModule(new JavaTimeModule())
|
||||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
|
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
|
||||||
|
.build();
|
||||||
|
|
||||||
if (rawValue instanceof String) {
|
if (rawValue instanceof String) {
|
||||||
return om.readValue((String) rawValue, type);
|
return om.readValue((String) rawValue, type);
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -0,0 +1,92 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.annotation.JsonSetter;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Objects;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Response entity for transit operations.
|
||||||
|
*
|
||||||
|
* @author Stefan Kalscheuer
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
public class TransitResponse extends VaultDataResponse {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 6873804240772242771L;
|
||||||
|
|
||||||
|
private String ciphertext;
|
||||||
|
private String plaintext;
|
||||||
|
private String sum;
|
||||||
|
|
||||||
|
@JsonSetter("data")
|
||||||
|
private void setData(Map<String, String> data) {
|
||||||
|
ciphertext = data.get("ciphertext");
|
||||||
|
plaintext = data.get("plaintext");
|
||||||
|
sum = data.get("sum");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get ciphertext.
|
||||||
|
* Populated after encryption.
|
||||||
|
*
|
||||||
|
* @return Ciphertext
|
||||||
|
*/
|
||||||
|
public String getCiphertext() {
|
||||||
|
return ciphertext;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get plaintext.
|
||||||
|
* Base64 encoded, populated after decryption.
|
||||||
|
*
|
||||||
|
* @return Plaintext
|
||||||
|
*/
|
||||||
|
public String getPlaintext() {
|
||||||
|
return plaintext;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get hash sum.
|
||||||
|
* Hex or Base64 string. Populated after hashing.
|
||||||
|
*
|
||||||
|
* @return Hash sum
|
||||||
|
*/
|
||||||
|
public String getSum() {
|
||||||
|
return sum;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean equals(Object o) {
|
||||||
|
if (this == o) {
|
||||||
|
return true;
|
||||||
|
} else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
TransitResponse that = (TransitResponse) o;
|
||||||
|
return Objects.equals(ciphertext, that.ciphertext) &&
|
||||||
|
Objects.equals(plaintext, that.plaintext) &&
|
||||||
|
Objects.equals(sum, that.sum);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int hashCode() {
|
||||||
|
return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
|
||||||
|
}
|
||||||
|
}
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -115,6 +115,7 @@ public abstract class VaultDataResponse implements VaultResponse {
|
|||||||
public final String getMountType() {
|
public final String getMountType() {
|
||||||
return mountType;
|
return mountType;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean equals(Object o) {
|
public boolean equals(Object o) {
|
||||||
if (this == o) {
|
if (this == o) {
|
||||||
@@ -124,13 +125,13 @@ public abstract class VaultDataResponse implements VaultResponse {
|
|||||||
}
|
}
|
||||||
VaultDataResponse that = (VaultDataResponse) o;
|
VaultDataResponse that = (VaultDataResponse) o;
|
||||||
return renewable == that.renewable &&
|
return renewable == that.renewable &&
|
||||||
Objects.equals(requestId, that.requestId) &&
|
Objects.equals(requestId, that.requestId) &&
|
||||||
Objects.equals(leaseId, that.leaseId) &&
|
Objects.equals(leaseId, that.leaseId) &&
|
||||||
Objects.equals(leaseDuration, that.leaseDuration) &&
|
Objects.equals(leaseDuration, that.leaseDuration) &&
|
||||||
Objects.equals(warnings, that.warnings) &&
|
Objects.equals(warnings, that.warnings) &&
|
||||||
Objects.equals(wrapInfo, that.wrapInfo) &&
|
Objects.equals(wrapInfo, that.wrapInfo) &&
|
||||||
Objects.equals(auth, that.auth) &&
|
Objects.equals(auth, that.auth) &&
|
||||||
Objects.equals(mountType, that.mountType);
|
Objects.equals(mountType, that.mountType);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -171,22 +171,22 @@ public final class AuthData implements Serializable {
|
|||||||
}
|
}
|
||||||
AuthData authData = (AuthData) o;
|
AuthData authData = (AuthData) o;
|
||||||
return renewable == authData.renewable &&
|
return renewable == authData.renewable &&
|
||||||
orphan == authData.orphan &&
|
orphan == authData.orphan &&
|
||||||
Objects.equals(clientToken, authData.clientToken) &&
|
Objects.equals(clientToken, authData.clientToken) &&
|
||||||
Objects.equals(accessor, authData.accessor) &&
|
Objects.equals(accessor, authData.accessor) &&
|
||||||
Objects.equals(policies, authData.policies) &&
|
Objects.equals(policies, authData.policies) &&
|
||||||
Objects.equals(tokenPolicies, authData.tokenPolicies) &&
|
Objects.equals(tokenPolicies, authData.tokenPolicies) &&
|
||||||
Objects.equals(metadata, authData.metadata) &&
|
Objects.equals(metadata, authData.metadata) &&
|
||||||
Objects.equals(leaseDuration, authData.leaseDuration) &&
|
Objects.equals(leaseDuration, authData.leaseDuration) &&
|
||||||
Objects.equals(entityId, authData.entityId) &&
|
Objects.equals(entityId, authData.entityId) &&
|
||||||
Objects.equals(tokenType, authData.tokenType) &&
|
Objects.equals(tokenType, authData.tokenType) &&
|
||||||
Objects.equals(numUses, authData.numUses) &&
|
Objects.equals(numUses, authData.numUses) &&
|
||||||
Objects.equals(mfaRequirement, authData.mfaRequirement);
|
Objects.equals(mfaRequirement, authData.mfaRequirement);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
|
return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
|
||||||
entityId, tokenType, orphan, numUses, mfaRequirement);
|
entityId, tokenType, orphan, numUses, mfaRequirement);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -202,19 +202,19 @@ public final class AuthMethod implements Serializable {
|
|||||||
}
|
}
|
||||||
AuthMethod that = (AuthMethod) o;
|
AuthMethod that = (AuthMethod) o;
|
||||||
return local == that.local &&
|
return local == that.local &&
|
||||||
type == that.type &&
|
type == that.type &&
|
||||||
externalEntropyAccess == that.externalEntropyAccess &&
|
externalEntropyAccess == that.externalEntropyAccess &&
|
||||||
sealWrap == that.sealWrap &&
|
sealWrap == that.sealWrap &&
|
||||||
Objects.equals(rawType, that.rawType) &&
|
Objects.equals(rawType, that.rawType) &&
|
||||||
Objects.equals(accessor, that.accessor) &&
|
Objects.equals(accessor, that.accessor) &&
|
||||||
Objects.equals(deprecationStatus, that.deprecationStatus) &&
|
Objects.equals(deprecationStatus, that.deprecationStatus) &&
|
||||||
Objects.equals(description, that.description) &&
|
Objects.equals(description, that.description) &&
|
||||||
Objects.equals(config, that.config) &&
|
Objects.equals(config, that.config) &&
|
||||||
Objects.equals(options, that.options) &&
|
Objects.equals(options, that.options) &&
|
||||||
Objects.equals(pluginVersion, that.pluginVersion) &&
|
Objects.equals(pluginVersion, that.pluginVersion) &&
|
||||||
Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
|
Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
|
||||||
Objects.equals(runningSha256, that.runningSha256) &&
|
Objects.equals(runningSha256, that.runningSha256) &&
|
||||||
Objects.equals(uuid, that.uuid);
|
Objects.equals(uuid, that.uuid);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -15,13 +15,13 @@ import java.util.Objects;
|
|||||||
*/
|
*/
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||||
public class MountConfig implements Serializable {
|
public class MountConfig implements Serializable {
|
||||||
private static final long serialVersionUID = -8653909672663717792L;
|
private static final long serialVersionUID = 7241631159224756605L;
|
||||||
|
|
||||||
@JsonProperty("default_lease_ttl")
|
@JsonProperty("default_lease_ttl")
|
||||||
private Integer defaultLeaseTtl;
|
private Long defaultLeaseTtl;
|
||||||
|
|
||||||
@JsonProperty("max_lease_ttl")
|
@JsonProperty("max_lease_ttl")
|
||||||
private Integer maxLeaseTtl;
|
private Long maxLeaseTtl;
|
||||||
|
|
||||||
@JsonProperty("force_no_cache")
|
@JsonProperty("force_no_cache")
|
||||||
private Boolean forceNoCache;
|
private Boolean forceNoCache;
|
||||||
@@ -56,14 +56,14 @@ public class MountConfig implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return Default lease TTL
|
* @return Default lease TTL
|
||||||
*/
|
*/
|
||||||
public Integer getDefaultLeaseTtl() {
|
public Long getDefaultLeaseTtl() {
|
||||||
return defaultLeaseTtl;
|
return defaultLeaseTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return Maximum lease TTL
|
* @return Maximum lease TTL
|
||||||
*/
|
*/
|
||||||
public Integer getMaxLeaseTtl() {
|
public Long getMaxLeaseTtl() {
|
||||||
return maxLeaseTtl;
|
return maxLeaseTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -138,14 +138,14 @@ public final class SecretMetadata implements Serializable {
|
|||||||
}
|
}
|
||||||
SecretMetadata that = (SecretMetadata) o;
|
SecretMetadata that = (SecretMetadata) o;
|
||||||
return Objects.equals(createdTime, that.createdTime) &&
|
return Objects.equals(createdTime, that.createdTime) &&
|
||||||
Objects.equals(currentVersion, that.currentVersion) &&
|
Objects.equals(currentVersion, that.currentVersion) &&
|
||||||
Objects.equals(maxVersions, that.maxVersions) &&
|
Objects.equals(maxVersions, that.maxVersions) &&
|
||||||
Objects.equals(oldestVersion, that.oldestVersion) &&
|
Objects.equals(oldestVersion, that.oldestVersion) &&
|
||||||
Objects.equals(updatedTime, that.updatedTime) &&
|
Objects.equals(updatedTime, that.updatedTime) &&
|
||||||
Objects.equals(versions, that.versions) &&
|
Objects.equals(versions, that.versions) &&
|
||||||
Objects.equals(casRequired, that.casRequired) &&
|
Objects.equals(casRequired, that.casRequired) &&
|
||||||
Objects.equals(customMetadata, that.customMetadata) &&
|
Objects.equals(customMetadata, that.customMetadata) &&
|
||||||
Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
|
Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -34,7 +34,7 @@ import java.util.Objects;
|
|||||||
*/
|
*/
|
||||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||||
public final class TokenData implements Serializable {
|
public final class TokenData implements Serializable {
|
||||||
private static final long serialVersionUID = -5749716740973138916L;
|
private static final long serialVersionUID = -4168046151053509784L;
|
||||||
|
|
||||||
@JsonProperty("accessor")
|
@JsonProperty("accessor")
|
||||||
private String accessor;
|
private String accessor;
|
||||||
@@ -43,7 +43,7 @@ public final class TokenData implements Serializable {
|
|||||||
private Integer creationTime;
|
private Integer creationTime;
|
||||||
|
|
||||||
@JsonProperty("creation_ttl")
|
@JsonProperty("creation_ttl")
|
||||||
private Integer creationTtl;
|
private Long creationTtl;
|
||||||
|
|
||||||
@JsonProperty("display_name")
|
@JsonProperty("display_name")
|
||||||
private String name;
|
private String name;
|
||||||
@@ -55,7 +55,7 @@ public final class TokenData implements Serializable {
|
|||||||
private ZonedDateTime expireTime;
|
private ZonedDateTime expireTime;
|
||||||
|
|
||||||
@JsonProperty("explicit_max_ttl")
|
@JsonProperty("explicit_max_ttl")
|
||||||
private Integer explicitMaxTtl;
|
private Long explicitMaxTtl;
|
||||||
|
|
||||||
@JsonProperty("id")
|
@JsonProperty("id")
|
||||||
private String id;
|
private String id;
|
||||||
@@ -82,7 +82,7 @@ public final class TokenData implements Serializable {
|
|||||||
private boolean renewable;
|
private boolean renewable;
|
||||||
|
|
||||||
@JsonProperty("ttl")
|
@JsonProperty("ttl")
|
||||||
private Integer ttl;
|
private Long ttl;
|
||||||
|
|
||||||
@JsonProperty("type")
|
@JsonProperty("type")
|
||||||
private String type;
|
private String type;
|
||||||
@@ -104,7 +104,7 @@ public final class TokenData implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return Creation TTL (in seconds)
|
* @return Creation TTL (in seconds)
|
||||||
*/
|
*/
|
||||||
public Integer getCreationTtl() {
|
public Long getCreationTtl() {
|
||||||
return creationTtl;
|
return creationTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -135,7 +135,7 @@ public final class TokenData implements Serializable {
|
|||||||
* @return Explicit maximum TTL
|
* @return Explicit maximum TTL
|
||||||
* @since 0.9
|
* @since 0.9
|
||||||
*/
|
*/
|
||||||
public Integer getExplicitMaxTtl() {
|
public Long getExplicitMaxTtl() {
|
||||||
return explicitMaxTtl;
|
return explicitMaxTtl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -202,7 +202,7 @@ public final class TokenData implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* @return Token TTL (in seconds)
|
* @return Token TTL (in seconds)
|
||||||
*/
|
*/
|
||||||
public Integer getTtl() {
|
public Long getTtl() {
|
||||||
return ttl;
|
return ttl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -222,27 +222,27 @@ public final class TokenData implements Serializable {
|
|||||||
}
|
}
|
||||||
TokenData tokenData = (TokenData) o;
|
TokenData tokenData = (TokenData) o;
|
||||||
return orphan == tokenData.orphan &&
|
return orphan == tokenData.orphan &&
|
||||||
renewable == tokenData.renewable &&
|
renewable == tokenData.renewable &&
|
||||||
Objects.equals(accessor, tokenData.accessor) &&
|
Objects.equals(accessor, tokenData.accessor) &&
|
||||||
Objects.equals(creationTime, tokenData.creationTime) &&
|
Objects.equals(creationTime, tokenData.creationTime) &&
|
||||||
Objects.equals(creationTtl, tokenData.creationTtl) &&
|
Objects.equals(creationTtl, tokenData.creationTtl) &&
|
||||||
Objects.equals(name, tokenData.name) &&
|
Objects.equals(name, tokenData.name) &&
|
||||||
Objects.equals(entityId, tokenData.entityId) &&
|
Objects.equals(entityId, tokenData.entityId) &&
|
||||||
Objects.equals(expireTime, tokenData.expireTime) &&
|
Objects.equals(expireTime, tokenData.expireTime) &&
|
||||||
Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
|
Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
|
||||||
Objects.equals(id, tokenData.id) &&
|
Objects.equals(id, tokenData.id) &&
|
||||||
Objects.equals(issueTime, tokenData.issueTime) &&
|
Objects.equals(issueTime, tokenData.issueTime) &&
|
||||||
Objects.equals(meta, tokenData.meta) &&
|
Objects.equals(meta, tokenData.meta) &&
|
||||||
Objects.equals(numUses, tokenData.numUses) &&
|
Objects.equals(numUses, tokenData.numUses) &&
|
||||||
Objects.equals(path, tokenData.path) &&
|
Objects.equals(path, tokenData.path) &&
|
||||||
Objects.equals(policies, tokenData.policies) &&
|
Objects.equals(policies, tokenData.policies) &&
|
||||||
Objects.equals(ttl, tokenData.ttl) &&
|
Objects.equals(ttl, tokenData.ttl) &&
|
||||||
Objects.equals(type, tokenData.type);
|
Objects.equals(type, tokenData.type);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id,
|
return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id,
|
||||||
issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
|
issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -96,10 +96,10 @@ public final class VersionMetadata implements Serializable {
|
|||||||
}
|
}
|
||||||
VersionMetadata that = (VersionMetadata) o;
|
VersionMetadata that = (VersionMetadata) o;
|
||||||
return destroyed == that.destroyed &&
|
return destroyed == that.destroyed &&
|
||||||
Objects.equals(createdTime, that.createdTime) &&
|
Objects.equals(createdTime, that.createdTime) &&
|
||||||
Objects.equals(deletionTime, that.deletionTime) &&
|
Objects.equals(deletionTime, that.deletionTime) &&
|
||||||
Objects.equals(version, that.version) &&
|
Objects.equals(version, that.version) &&
|
||||||
Objects.equals(customMetadata, that.customMetadata);
|
Objects.equals(customMetadata, that.customMetadata);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -80,9 +80,9 @@ public class WrapInfo implements Serializable {
|
|||||||
}
|
}
|
||||||
WrapInfo that = (WrapInfo) o;
|
WrapInfo that = (WrapInfo) o;
|
||||||
return Objects.equals(token, that.token) &&
|
return Objects.equals(token, that.token) &&
|
||||||
Objects.equals(ttl, that.ttl) &&
|
Objects.equals(ttl, that.ttl) &&
|
||||||
Objects.equals(creationTime, that.creationTime) &&
|
Objects.equals(creationTime, that.creationTime) &&
|
||||||
Objects.equals(creationPath, that.creationPath);
|
Objects.equals(creationPath, that.creationPath);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
|
|||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.lang.reflect.Field;
|
import java.lang.reflect.Field;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
|
import java.nio.file.Files;
|
||||||
import java.nio.file.NoSuchFileException;
|
import java.nio.file.NoSuchFileException;
|
||||||
|
import java.nio.file.Paths;
|
||||||
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
|
|
||||||
import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
|
import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
import static org.junit.jupiter.api.Assertions.*;
|
||||||
@@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
|
|||||||
*/
|
*/
|
||||||
class HTTPVaultConnectorBuilderTest {
|
class HTTPVaultConnectorBuilderTest {
|
||||||
private static final String VAULT_ADDR = "https://localhost:8201";
|
private static final String VAULT_ADDR = "https://localhost:8201";
|
||||||
|
private static final String VAULT_ADDR_2 = "http://localhost";
|
||||||
|
private static final String VAULT_ADDR_3 = "https://localhost/vault/";
|
||||||
private static final Integer VAULT_MAX_RETRIES = 13;
|
private static final Integer VAULT_MAX_RETRIES = 13;
|
||||||
private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
|
private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
|
||||||
|
|
||||||
@@ -58,12 +63,12 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
|
|
||||||
// Specify all options.
|
// Specify all options.
|
||||||
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
|
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
|
||||||
.withHost("vault2.example.com")
|
.withHost("vault2.example.com")
|
||||||
.withoutTLS()
|
.withoutTLS()
|
||||||
.withPort(1234)
|
.withPort(1234)
|
||||||
.withPrefix("/foo/")
|
.withPrefix("/foo/")
|
||||||
.withTimeout(5678)
|
.withTimeout(5678)
|
||||||
.withNumberOfRetries(9);
|
.withNumberOfRetries(9);
|
||||||
connector = builder.build();
|
connector = builder.build();
|
||||||
|
|
||||||
assertEquals("http://vault2.example.com:1234/foo/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
|
assertEquals("http://vault2.example.com:1234/foo/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
|
||||||
@@ -74,13 +79,13 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
|
|
||||||
// Initialization from URL.
|
// Initialization from URL.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
URISyntaxException.class,
|
URISyntaxException.class,
|
||||||
() -> HTTPVaultConnector.builder().withBaseURL("foo:/\\1nv4l1d_UrL"),
|
() -> HTTPVaultConnector.builder().withBaseURL("foo:/\\1nv4l1d_UrL"),
|
||||||
"Initialization from invalid URL should fail"
|
"Initialization from invalid URL should fail"
|
||||||
);
|
);
|
||||||
connector = assertDoesNotThrow(
|
connector = assertDoesNotThrow(
|
||||||
() -> HTTPVaultConnector.builder().withBaseURL("https://vault3.example.com:5678/bar/").build(),
|
() -> HTTPVaultConnector.builder().withBaseURL("https://vault3.example.com:5678/bar/").build(),
|
||||||
"Initialization from valid URL should not fail"
|
"Initialization from valid URL should not fail"
|
||||||
);
|
);
|
||||||
assertEquals("https://vault3.example.com:5678/bar/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
|
assertEquals("https://vault3.example.com:5678/bar/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
|
||||||
|
|
||||||
@@ -101,8 +106,8 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
// Provide address only should be enough.
|
// Provide address only should be enough.
|
||||||
withVaultEnv(VAULT_ADDR, null, null, null).execute(() -> {
|
withVaultEnv(VAULT_ADDR, null, null, null).execute(() -> {
|
||||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
"Factory creation from minimal environment failed"
|
"Factory creation from minimal environment failed"
|
||||||
);
|
);
|
||||||
HTTPVaultConnector connector = builder.build();
|
HTTPVaultConnector connector = builder.build();
|
||||||
|
|
||||||
@@ -112,12 +117,28 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
|
|
||||||
return null;
|
return null;
|
||||||
});
|
});
|
||||||
|
withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
|
||||||
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
|
"Factory creation from minimal environment failed"
|
||||||
|
);
|
||||||
|
assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
|
||||||
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
|
"Factory creation from minimal environment failed"
|
||||||
|
);
|
||||||
|
assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
|
||||||
// Provide address and number of retries.
|
// Provide address and number of retries.
|
||||||
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
||||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
"Factory creation from environment failed"
|
"Factory creation from environment failed"
|
||||||
);
|
);
|
||||||
HTTPVaultConnector connector = builder.build();
|
HTTPVaultConnector connector = builder.build();
|
||||||
|
|
||||||
@@ -128,24 +149,11 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
return null;
|
return null;
|
||||||
});
|
});
|
||||||
|
|
||||||
// Provide CA certificate.
|
|
||||||
String vaultCacert = tempDir.toString() + "/doesnotexist";
|
|
||||||
withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
|
||||||
TlsException e = assertThrows(
|
|
||||||
TlsException.class,
|
|
||||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
|
||||||
"Creation with unknown cert path failed"
|
|
||||||
);
|
|
||||||
assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
|
|
||||||
|
|
||||||
return null;
|
|
||||||
});
|
|
||||||
|
|
||||||
// Automatic authentication.
|
// Automatic authentication.
|
||||||
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
|
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
|
||||||
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
"Factory creation from minimal environment failed"
|
"Factory creation from minimal environment failed"
|
||||||
);
|
);
|
||||||
assertEquals(VAULT_TOKEN, getPrivate(builder, "token"), "Token not set correctly");
|
assertEquals(VAULT_TOKEN, getPrivate(builder, "token"), "Token not set correctly");
|
||||||
|
|
||||||
@@ -155,20 +163,73 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
// Invalid URL.
|
// Invalid URL.
|
||||||
withVaultEnv("This is not a valid URL!", null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
|
withVaultEnv("This is not a valid URL!", null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
|
||||||
assertThrows(
|
assertThrows(
|
||||||
ConnectionException.class,
|
ConnectionException.class,
|
||||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
"Invalid URL from environment should raise an exception"
|
"Invalid URL from environment should raise an exception"
|
||||||
);
|
);
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test CA certificate handling from environment variables
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
void testCertificateFromEnv() throws Exception {
|
||||||
|
// From direct PEM content
|
||||||
|
String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
|
||||||
|
AtomicReference<Object> certFromPem = new AtomicReference<>();
|
||||||
|
withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
|
||||||
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
|
"Builder with PEM certificate from environment failed"
|
||||||
|
);
|
||||||
|
HTTPVaultConnector connector = builder.build();
|
||||||
|
|
||||||
|
certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
|
||||||
|
assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
|
||||||
|
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
|
||||||
|
// From file path
|
||||||
|
String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
|
||||||
|
AtomicReference<Object> certFromFile = new AtomicReference<>();
|
||||||
|
withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
|
||||||
|
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
|
||||||
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
|
"Builder with certificate path from environment failed"
|
||||||
|
);
|
||||||
|
HTTPVaultConnector connector = builder.build();
|
||||||
|
|
||||||
|
certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
|
||||||
|
assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
|
||||||
|
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
|
||||||
|
assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
|
||||||
|
|
||||||
|
// Non-existing path CA certificate path
|
||||||
|
String doesNotExist = tempDir.toString() + "/doesnotexist";
|
||||||
|
withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
|
||||||
|
TlsException e = assertThrows(
|
||||||
|
TlsException.class,
|
||||||
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
|
"Creation with unknown cert path failed"
|
||||||
|
);
|
||||||
|
assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
|
||||||
|
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
|
private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
|
||||||
return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
|
return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
|
||||||
.and("VAULT_CACERT", vaultCacert)
|
.and("VAULT_CACERT", vaultCacert)
|
||||||
.and("VAULT_MAX_RETRIES", vaultMaxRetries)
|
.and("VAULT_MAX_RETRIES", vaultMaxRetries)
|
||||||
.and("VAULT_TOKEN", vaultToken);
|
.and("VAULT_TOKEN", vaultToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {
|
private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
|||||||
* @since 0.1
|
* @since 0.1
|
||||||
*/
|
*/
|
||||||
class HTTPVaultConnectorIT {
|
class HTTPVaultConnectorIT {
|
||||||
private static String VAULT_VERSION = "1.18.2"; // The vault version this test is supposed to run against.
|
private static String VAULT_VERSION = "1.20.0"; // The vault version this test is supposed to run against.
|
||||||
private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
|
private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
|
||||||
private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
|
private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
|
||||||
private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
|
private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
|
||||||
@@ -86,9 +86,9 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Initialize connector.
|
// Initialize connector.
|
||||||
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
|
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
|
||||||
.withHost(config.getHost())
|
.withHost(config.getHost())
|
||||||
.withPort(config.getPort())
|
.withPort(config.getPort())
|
||||||
.withTLS(isTls);
|
.withTLS(isTls);
|
||||||
if (isTls) {
|
if (isTls) {
|
||||||
builder.withTrustedCA(Paths.get(getClass().getResource("/tls/ca.pem").getPath()));
|
builder.withTrustedCA(Paths.get(getClass().getResource("/tls/ca.pem").getPath()));
|
||||||
}
|
}
|
||||||
@@ -134,9 +134,9 @@ class HTTPVaultConnectorIT {
|
|||||||
final String invalidPath = "secret/invalid/path";
|
final String invalidPath = "secret/invalid/path";
|
||||||
|
|
||||||
VaultConnectorException e = assertThrows(
|
VaultConnectorException e = assertThrows(
|
||||||
PermissionDeniedException.class,
|
PermissionDeniedException.class,
|
||||||
() -> connector.read(invalidPath),
|
() -> connector.read(invalidPath),
|
||||||
"Invalid secret path should raise an exception"
|
"Invalid secret path should raise an exception"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Assert that the exception does not reveal secret or credentials.
|
// Assert that the exception does not reveal secret or credentials.
|
||||||
@@ -147,15 +147,15 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to read accessible path with known value.
|
// Try to read accessible path with known value.
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY),
|
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY),
|
||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertEquals(SECRET_VALUE, res.get("value"), "Known secret returned invalid value");
|
assertEquals(SECRET_VALUE, res.get("value"), "Known secret returned invalid value");
|
||||||
|
|
||||||
// Try to read accessible path with JSON value.
|
// Try to read accessible path with JSON value.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON),
|
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON),
|
||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.get("value"), "Known secret returned null value");
|
assertNotNull(res.get("value"), "Known secret returned null value");
|
||||||
|
|
||||||
@@ -167,8 +167,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to read accessible path with JSON value.
|
// Try to read accessible path with JSON value.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON),
|
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON),
|
||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.get("value"), "Known secret returned null value");
|
assertNotNull(res.get("value"), "Known secret returned null value");
|
||||||
|
|
||||||
@@ -180,8 +180,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to read accessible complex secret.
|
// Try to read accessible complex secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_COMPLEX),
|
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_COMPLEX),
|
||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getData(), "Known secret returned null value");
|
assertNotNull(res.getData(), "Known secret returned null value");
|
||||||
assertEquals(Map.of("key1", "value1", "key2", "value2"), res.getData(), "Unexpected data");
|
assertEquals(Map.of("key1", "value1", "key2", "value2"), res.getData(), "Unexpected data");
|
||||||
@@ -198,8 +198,8 @@ class HTTPVaultConnectorIT {
|
|||||||
assumeTrue(connector.isAuthorized());
|
assumeTrue(connector.isAuthorized());
|
||||||
// Try to list secrets from valid path.
|
// Try to list secrets from valid path.
|
||||||
List<String> secrets = assertDoesNotThrow(
|
List<String> secrets = assertDoesNotThrow(
|
||||||
() -> connector.list(SECRET_PATH),
|
() -> connector.list(SECRET_PATH),
|
||||||
"Secrets could not be listed"
|
"Secrets could not be listed"
|
||||||
);
|
);
|
||||||
assertNotEquals(0, secrets.size(), "Invalid number of secrets");
|
assertNotEquals(0, secrets.size(), "Invalid number of secrets");
|
||||||
assertTrue(secrets.contains(SECRET_KEY), "Known secret key not found");
|
assertTrue(secrets.contains(SECRET_KEY), "Known secret key not found");
|
||||||
@@ -217,33 +217,33 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to write to null path.
|
// Try to write to null path.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidRequestException.class,
|
InvalidRequestException.class,
|
||||||
() -> connector.write(null, "someValue"),
|
() -> connector.write(null, "someValue"),
|
||||||
"Secret written to null path"
|
"Secret written to null path"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Try to write to invalid path.
|
// Try to write to invalid path.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidRequestException.class,
|
InvalidRequestException.class,
|
||||||
() -> connector.write("", "someValue"),
|
() -> connector.write("", "someValue"),
|
||||||
"Secret written to invalid path"
|
"Secret written to invalid path"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Try to write to a path the user has no access for.
|
// Try to write to a path the user has no access for.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
PermissionDeniedException.class,
|
PermissionDeniedException.class,
|
||||||
() -> connector.write("invalid/path", "someValue"),
|
() -> connector.write("invalid/path", "someValue"),
|
||||||
"Secret written to inaccessible path"
|
"Secret written to inaccessible path"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Perform a valid write/read roundtrip to valid path. Also check UTF8-encoding.
|
// Perform a valid write/read roundtrip to valid path. Also check UTF8-encoding.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.write(SECRET_PATH + "/temp", "Abc123äöü,!"),
|
() -> connector.write(SECRET_PATH + "/temp", "Abc123äöü,!"),
|
||||||
"Failed to write secret to accessible path"
|
"Failed to write secret to accessible path"
|
||||||
);
|
);
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/temp"),
|
() -> connector.read(SECRET_PATH + "/temp"),
|
||||||
"Written secret could not be read"
|
"Written secret could not be read"
|
||||||
);
|
);
|
||||||
assertEquals("Abc123äöü,!", res.get("value"));
|
assertEquals("Abc123äöü,!", res.get("value"));
|
||||||
}
|
}
|
||||||
@@ -260,26 +260,26 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Write a test secret to vault.
|
// Write a test secret to vault.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.write(SECRET_PATH + "/toDelete", "secret content"),
|
() -> connector.write(SECRET_PATH + "/toDelete", "secret content"),
|
||||||
"Secret written to inaccessible path"
|
"Secret written to inaccessible path"
|
||||||
);
|
);
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/toDelete"),
|
() -> connector.read(SECRET_PATH + "/toDelete"),
|
||||||
"Written secret could not be read"
|
"Written secret could not be read"
|
||||||
);
|
);
|
||||||
assumeTrue(res != null);
|
assumeTrue(res != null);
|
||||||
|
|
||||||
// Delete secret.
|
// Delete secret.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.delete(SECRET_PATH + "/toDelete"),
|
() -> connector.delete(SECRET_PATH + "/toDelete"),
|
||||||
"Revocation threw unexpected exception"
|
"Revocation threw unexpected exception"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Try to read again.
|
// Try to read again.
|
||||||
InvalidResponseException e = assertThrows(
|
InvalidResponseException e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.read(SECRET_PATH + "/toDelete"),
|
() -> connector.read(SECRET_PATH + "/toDelete"),
|
||||||
"Successfully read deleted secret"
|
"Successfully read deleted secret"
|
||||||
);
|
);
|
||||||
assertEquals(404, e.getStatusCode());
|
assertEquals(404, e.getStatusCode());
|
||||||
}
|
}
|
||||||
@@ -296,19 +296,19 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Write a test secret to vault.
|
// Write a test secret to vault.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.write(SECRET_PATH + "/toRevoke", "secret content"),
|
() -> connector.write(SECRET_PATH + "/toRevoke", "secret content"),
|
||||||
"Secret written to inaccessible path"
|
"Secret written to inaccessible path"
|
||||||
);
|
);
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/toRevoke"),
|
() -> connector.read(SECRET_PATH + "/toRevoke"),
|
||||||
"Written secret could not be read"
|
"Written secret could not be read"
|
||||||
);
|
);
|
||||||
assumeTrue(res != null);
|
assumeTrue(res != null);
|
||||||
|
|
||||||
// Revoke secret.
|
// Revoke secret.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.revoke(SECRET_PATH + "/toRevoke"),
|
() -> connector.revoke(SECRET_PATH + "/toRevoke"),
|
||||||
"Revocation threw unexpected exception"
|
"Revocation threw unexpected exception"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -337,8 +337,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to read accessible path with known value.
|
// Try to read accessible path with known value.
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
||||||
assertEquals(2, res.getMetadata().getVersion(), "Unexpected secret version");
|
assertEquals(2, res.getMetadata().getVersion(), "Unexpected secret version");
|
||||||
@@ -346,8 +346,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to read different version of same secret.
|
// Try to read different version of same secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1),
|
() -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1),
|
||||||
"Valid secret version could not be read"
|
"Valid secret version could not be read"
|
||||||
);
|
);
|
||||||
assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
|
assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
|
||||||
assertEquals(SECRET2_VALUE1, res.get("value"), "Known secret returned invalid value");
|
assertEquals(SECRET2_VALUE1, res.get("value"), "Known secret returned invalid value");
|
||||||
@@ -365,8 +365,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// First get the current version of the secret.
|
// First get the current version of the secret.
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret metadata failed"
|
"Reading secret metadata failed"
|
||||||
);
|
);
|
||||||
int currentVersion = res.getMetadata().getCurrentVersion();
|
int currentVersion = res.getMetadata().getCurrentVersion();
|
||||||
|
|
||||||
@@ -374,25 +374,25 @@ class HTTPVaultConnectorIT {
|
|||||||
Map<String, Object> data = new HashMap<>();
|
Map<String, Object> data = new HashMap<>();
|
||||||
data.put("value", SECRET2_VALUE3);
|
data.put("value", SECRET2_VALUE3);
|
||||||
SecretVersionResponse res2 = assertDoesNotThrow(
|
SecretVersionResponse res2 = assertDoesNotThrow(
|
||||||
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data),
|
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data),
|
||||||
"Writing secret to KV v2 store failed"
|
"Writing secret to KV v2 store failed"
|
||||||
);
|
);
|
||||||
assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
|
assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
|
||||||
int currentVersion2 = res2.getMetadata().getVersion();
|
int currentVersion2 = res2.getMetadata().getVersion();
|
||||||
|
|
||||||
// Verify the content.
|
// Verify the content.
|
||||||
SecretResponse res3 = assertDoesNotThrow(
|
SecretResponse res3 = assertDoesNotThrow(
|
||||||
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret from KV v2 store failed"
|
"Reading secret from KV v2 store failed"
|
||||||
);
|
);
|
||||||
assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
|
assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
|
||||||
|
|
||||||
// Now try with explicit CAS value (invalid).
|
// Now try with explicit CAS value (invalid).
|
||||||
Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4);
|
Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4);
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1),
|
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1),
|
||||||
"Writing secret to KV v2 with invalid CAS value succeeded"
|
"Writing secret to KV v2 with invalid CAS value succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
// And finally with a correct CAS value.
|
// And finally with a correct CAS value.
|
||||||
@@ -412,22 +412,22 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Read current metadata first.
|
// Read current metadata first.
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret metadata failed"
|
"Reading secret metadata failed"
|
||||||
);
|
);
|
||||||
Integer maxVersions = res.getMetadata().getMaxVersions();
|
Integer maxVersions = res.getMetadata().getMaxVersions();
|
||||||
assumeTrue(10 == res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
assumeTrue(10 == res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
||||||
|
|
||||||
// Now update the metadata.
|
// Now update the metadata.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
|
() -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
|
||||||
"Updating secret metadata failed"
|
"Updating secret metadata failed"
|
||||||
);
|
);
|
||||||
|
|
||||||
// And verify the result.
|
// And verify the result.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret metadata failed"
|
"Reading secret metadata failed"
|
||||||
);
|
);
|
||||||
assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
||||||
}
|
}
|
||||||
@@ -444,8 +444,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to read accessible path with known value.
|
// Try to read accessible path with known value.
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
||||||
assertEquals(2, res.getMetadata().getCurrentVersion(), "Unexpected secret version");
|
assertEquals(2, res.getMetadata().getCurrentVersion(), "Unexpected secret version");
|
||||||
@@ -467,79 +467,79 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Try to delete non-existing versions.
|
// Try to delete non-existing versions.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42),
|
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42),
|
||||||
"Revealed non-existence of secret versions"
|
"Revealed non-existence of secret versions"
|
||||||
);
|
);
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Revealed non-existence of secret versions"
|
"Revealed non-existence of secret versions"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Now delete existing version and verify.
|
// Now delete existing version and verify.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
|
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
|
||||||
"Deleting existing version failed"
|
"Deleting existing version failed"
|
||||||
);
|
);
|
||||||
MetadataResponse meta = assertDoesNotThrow(
|
MetadataResponse meta = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading deleted secret metadata failed"
|
"Reading deleted secret metadata failed"
|
||||||
);
|
);
|
||||||
assertNotNull(
|
assertNotNull(
|
||||||
meta.getMetadata().getVersions().get(1).getDeletionTime(),
|
meta.getMetadata().getVersions().get(1).getDeletionTime(),
|
||||||
"Expected deletion time for secret 1"
|
"Expected deletion time for secret 1"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Undelete the just deleted version.
|
// Undelete the just deleted version.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
|
() -> connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
|
||||||
"Undeleting existing version failed"
|
"Undeleting existing version failed"
|
||||||
);
|
);
|
||||||
meta = assertDoesNotThrow(
|
meta = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading deleted secret metadata failed"
|
"Reading deleted secret metadata failed"
|
||||||
);
|
);
|
||||||
assertNull(
|
assertNull(
|
||||||
meta.getMetadata().getVersions().get(1).getDeletionTime(),
|
meta.getMetadata().getVersions().get(1).getDeletionTime(),
|
||||||
"Expected deletion time for secret 1 to be reset"
|
"Expected deletion time for secret 1 to be reset"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Now destroy it.
|
// Now destroy it.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
|
() -> connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
|
||||||
"Destroying existing version failed"
|
"Destroying existing version failed"
|
||||||
);
|
);
|
||||||
meta = assertDoesNotThrow(
|
meta = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading destroyed secret metadata failed"
|
"Reading destroyed secret metadata failed"
|
||||||
);
|
);
|
||||||
assertTrue(
|
assertTrue(
|
||||||
meta.getMetadata().getVersions().get(1).isDestroyed(),
|
meta.getMetadata().getVersions().get(1).isDestroyed(),
|
||||||
"Expected secret 1 to be marked destroyed"
|
"Expected secret 1 to be marked destroyed"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Delete latest version.
|
// Delete latest version.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Deleting latest version failed"
|
"Deleting latest version failed"
|
||||||
);
|
);
|
||||||
meta = assertDoesNotThrow(
|
meta = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading deleted secret metadata failed"
|
"Reading deleted secret metadata failed"
|
||||||
);
|
);
|
||||||
assertNotNull(
|
assertNotNull(
|
||||||
meta.getMetadata().getVersions().get(2).getDeletionTime(),
|
meta.getMetadata().getVersions().get(2).getDeletionTime(),
|
||||||
"Expected secret 2 to be deleted"
|
"Expected secret 2 to be deleted"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Delete all versions.
|
// Delete all versions.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Deleting latest version failed"
|
"Deleting latest version failed"
|
||||||
);
|
);
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading metadata of deleted secret should not succeed"
|
"Reading metadata of deleted secret should not succeed"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -566,17 +566,17 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Authenticate with correct credentials.
|
// Authenticate with correct credentials.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.authAppRole(APPROLE_ROLE, APPROLE_SECRET),
|
() -> connector.authAppRole(APPROLE_ROLE, APPROLE_SECRET),
|
||||||
"Failed to authenticate using AppRole"
|
"Failed to authenticate using AppRole"
|
||||||
);
|
);
|
||||||
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
|
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
|
||||||
|
|
||||||
// Authenticate with valid secret ID against unknown role.
|
// Authenticate with valid secret ID against unknown role.
|
||||||
final String invalidRole = "foo";
|
final String invalidRole = "foo";
|
||||||
InvalidResponseException e = assertThrows(
|
InvalidResponseException e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.authAppRole(invalidRole, APPROLE_SECRET),
|
() -> connector.authAppRole(invalidRole, APPROLE_SECRET),
|
||||||
"Successfully logged in with unknown role"
|
"Successfully logged in with unknown role"
|
||||||
);
|
);
|
||||||
// Assert that the exception does not reveal role ID or secret.
|
// Assert that the exception does not reveal role ID or secret.
|
||||||
assertFalse(stackTrace(e).contains(invalidRole));
|
assertFalse(stackTrace(e).contains(invalidRole));
|
||||||
@@ -585,9 +585,9 @@ class HTTPVaultConnectorIT {
|
|||||||
// Authenticate without wrong secret ID.
|
// Authenticate without wrong secret ID.
|
||||||
final String invalidSecret = "foo";
|
final String invalidSecret = "foo";
|
||||||
e = assertThrows(
|
e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.authAppRole(APPROLE_ROLE, "foo"),
|
() -> connector.authAppRole(APPROLE_ROLE, "foo"),
|
||||||
"Successfully logged in without secret ID"
|
"Successfully logged in without secret ID"
|
||||||
);
|
);
|
||||||
// Assert that the exception does not reveal role ID or secret.
|
// Assert that the exception does not reveal role ID or secret.
|
||||||
assertFalse(stackTrace(e).contains(APPROLE_ROLE));
|
assertFalse(stackTrace(e).contains(APPROLE_ROLE));
|
||||||
@@ -595,17 +595,17 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Authenticate without secret ID.
|
// Authenticate without secret ID.
|
||||||
e = assertThrows(
|
e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.authAppRole(APPROLE_ROLE),
|
() -> connector.authAppRole(APPROLE_ROLE),
|
||||||
"Successfully logged in without secret ID"
|
"Successfully logged in without secret ID"
|
||||||
);
|
);
|
||||||
// Assert that the exception does not reveal role ID.
|
// Assert that the exception does not reveal role ID.
|
||||||
assertFalse(stackTrace(e).contains(APPROLE_ROLE));
|
assertFalse(stackTrace(e).contains(APPROLE_ROLE));
|
||||||
|
|
||||||
// Authenticate with secret ID on role with CIDR whitelist.
|
// Authenticate with secret ID on role with CIDR whitelist.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.authAppRole(APPROLE_ROLE2, APPROLE_SECRET),
|
() -> connector.authAppRole(APPROLE_ROLE2, APPROLE_SECRET),
|
||||||
"Failed to log in without secret ID"
|
"Failed to log in without secret ID"
|
||||||
);
|
);
|
||||||
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
|
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
|
||||||
}
|
}
|
||||||
@@ -687,8 +687,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Update role model with custom flags.
|
// Update role model with custom flags.
|
||||||
AppRole role2 = AppRole.builder(roleName)
|
AppRole role2 = AppRole.builder(roleName)
|
||||||
.withTokenPeriod(321)
|
.withTokenPeriod(321)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
// Create role.
|
// Create role.
|
||||||
boolean res3 = assertDoesNotThrow(() -> connector.createAppRole(role2), "Role creation failed");
|
boolean res3 = assertDoesNotThrow(() -> connector.createAppRole(role2), "Role creation failed");
|
||||||
@@ -717,8 +717,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Create role by name with policies.
|
// Create role by name with policies.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")),
|
() -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")),
|
||||||
"Creation of role by name failed"
|
"Creation of role by name failed"
|
||||||
);
|
);
|
||||||
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
|
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
|
||||||
// Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
|
// Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
|
||||||
@@ -727,9 +727,9 @@ class HTTPVaultConnectorIT {
|
|||||||
// Delete role.
|
// Delete role.
|
||||||
assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed");
|
assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed");
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.lookupAppRole(roleName3),
|
() -> connector.lookupAppRole(roleName3),
|
||||||
"Deleted role could be looked up"
|
"Deleted role could be looked up"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -745,35 +745,35 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Create default (random) secret for existing role.
|
// Create default (random) secret for existing role.
|
||||||
AppRoleSecretResponse res = assertDoesNotThrow(
|
AppRoleSecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME),
|
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME),
|
||||||
"AppRole secret creation failed"
|
"AppRole secret creation failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getSecret(), "No secret returned");
|
assertNotNull(res.getSecret(), "No secret returned");
|
||||||
|
|
||||||
// Create secret with custom ID.
|
// Create secret with custom ID.
|
||||||
String secretID = "customSecretId";
|
String secretID = "customSecretId";
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"AppRole secret creation failed"
|
"AppRole secret creation failed"
|
||||||
);
|
);
|
||||||
assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
|
assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
|
||||||
|
|
||||||
// Lookup secret.
|
// Lookup secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"AppRole secret lookup failed"
|
"AppRole secret lookup failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getSecret(), "No secret information returned");
|
assertNotNull(res.getSecret(), "No secret information returned");
|
||||||
|
|
||||||
// Destroy secret.
|
// Destroy secret.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"AppRole secret destruction failed"
|
"AppRole secret destruction failed"
|
||||||
);
|
);
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"Destroyed AppRole secret successfully read"
|
"Destroyed AppRole secret successfully read"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -791,17 +791,17 @@ class HTTPVaultConnectorIT {
|
|||||||
void authTokenTest() {
|
void authTokenTest() {
|
||||||
final String invalidToken = "52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6";
|
final String invalidToken = "52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6";
|
||||||
VaultConnectorException e = assertThrows(
|
VaultConnectorException e = assertThrows(
|
||||||
VaultConnectorException.class,
|
VaultConnectorException.class,
|
||||||
() -> connector.authToken(invalidToken),
|
() -> connector.authToken(invalidToken),
|
||||||
"Logged in with invalid token"
|
"Logged in with invalid token"
|
||||||
);
|
);
|
||||||
// Assert that the exception does not reveal the token.
|
// Assert that the exception does not reveal the token.
|
||||||
assertFalse(stackTrace(e).contains(invalidToken));
|
assertFalse(stackTrace(e).contains(invalidToken));
|
||||||
|
|
||||||
|
|
||||||
TokenResponse res = assertDoesNotThrow(
|
TokenResponse res = assertDoesNotThrow(
|
||||||
() -> connector.authToken(TOKEN_ROOT),
|
() -> connector.authToken(TOKEN_ROOT),
|
||||||
"Login failed with valid token"
|
"Login failed with valid token"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Login failed with valid token");
|
assertNotNull(res, "Login failed with valid token");
|
||||||
assertTrue(connector.isAuthorized(), "Login failed with valid token");
|
assertTrue(connector.isAuthorized(), "Login failed with valid token");
|
||||||
@@ -819,10 +819,10 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Create token.
|
// Create token.
|
||||||
Token token = Token.builder()
|
Token token = Token.builder()
|
||||||
.withId("test-id")
|
.withId("test-id")
|
||||||
.withType(Token.Type.SERVICE)
|
.withType(Token.Type.SERVICE)
|
||||||
.withDisplayName("test name")
|
.withDisplayName("test name")
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
// Create token.
|
// Create token.
|
||||||
AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
|
AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
|
||||||
@@ -841,12 +841,12 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Create token with attributes.
|
// Create token with attributes.
|
||||||
Token token2 = Token.builder()
|
Token token2 = Token.builder()
|
||||||
.withId("test-id2")
|
.withId("test-id2")
|
||||||
.withDisplayName("test name 2")
|
.withDisplayName("test name 2")
|
||||||
.withPolicies(Collections.singletonList("testpolicy"))
|
.withPolicies(Collections.singletonList("testpolicy"))
|
||||||
.withoutDefaultPolicy()
|
.withoutDefaultPolicy()
|
||||||
.withMeta("foo", "bar")
|
.withMeta("foo", "bar")
|
||||||
.build();
|
.build();
|
||||||
res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed");
|
res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed");
|
||||||
assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
|
assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
|
||||||
assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned");
|
assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned");
|
||||||
@@ -856,18 +856,18 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Overwrite token should fail as of Vault 0.8.0.
|
// Overwrite token should fail as of Vault 0.8.0.
|
||||||
Token token3 = Token.builder()
|
Token token3 = Token.builder()
|
||||||
.withId("test-id2")
|
.withId("test-id2")
|
||||||
.withDisplayName("test name 3")
|
.withDisplayName("test name 3")
|
||||||
.withPolicies(Arrays.asList("pol1", "pol2"))
|
.withPolicies(Arrays.asList("pol1", "pol2"))
|
||||||
.withDefaultPolicy()
|
.withDefaultPolicy()
|
||||||
.withMeta("test", "success")
|
.withMeta("test", "success")
|
||||||
.withMeta("key", "value")
|
.withMeta("key", "value")
|
||||||
.withTtl(1234)
|
.withTtl(1234L)
|
||||||
.build();
|
.build();
|
||||||
InvalidResponseException e = assertThrows(
|
InvalidResponseException e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.createToken(token3),
|
() -> connector.createToken(token3),
|
||||||
"Overwriting token should fail as of Vault 0.8.0"
|
"Overwriting token should fail as of Vault 0.8.0"
|
||||||
);
|
);
|
||||||
assertEquals(400, e.getStatusCode());
|
assertEquals(400, e.getStatusCode());
|
||||||
// Assert that the exception does not reveal token ID.
|
// Assert that the exception does not reveal token ID.
|
||||||
@@ -875,16 +875,16 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Create token with batch type.
|
// Create token with batch type.
|
||||||
Token token4 = Token.builder()
|
Token token4 = Token.builder()
|
||||||
.withDisplayName("test name 3")
|
.withDisplayName("test name 3")
|
||||||
.withPolicy("batchpolicy")
|
.withPolicy("batchpolicy")
|
||||||
.withoutDefaultPolicy()
|
.withoutDefaultPolicy()
|
||||||
.withType(Token.Type.BATCH)
|
.withType(Token.Type.BATCH)
|
||||||
.build();
|
.build();
|
||||||
res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed");
|
res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed");
|
||||||
assertTrue(
|
assertTrue(
|
||||||
// Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before.
|
// Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before.
|
||||||
res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."),
|
res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."),
|
||||||
"Unexpected token prefix"
|
"Unexpected token prefix"
|
||||||
);
|
);
|
||||||
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
|
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
|
||||||
assertTrue(res.getAuth().getPolicies().contains("batchpolicy"), "Custom policy policy not set");
|
assertTrue(res.getAuth().getPolicies().contains("batchpolicy"), "Custom policy policy not set");
|
||||||
@@ -905,9 +905,9 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Create token with attributes.
|
// Create token with attributes.
|
||||||
Token token = Token.builder()
|
Token token = Token.builder()
|
||||||
.withId("my-token")
|
.withId("my-token")
|
||||||
.withType(Token.Type.SERVICE)
|
.withType(Token.Type.SERVICE)
|
||||||
.build();
|
.build();
|
||||||
assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
|
assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
|
||||||
|
|
||||||
authRoot();
|
authRoot();
|
||||||
@@ -936,15 +936,15 @@ class HTTPVaultConnectorIT {
|
|||||||
final TokenRole role = TokenRole.builder().build();
|
final TokenRole role = TokenRole.builder().build();
|
||||||
|
|
||||||
boolean creationRes = assertDoesNotThrow(
|
boolean creationRes = assertDoesNotThrow(
|
||||||
() -> connector.createOrUpdateTokenRole(roleName, role),
|
() -> connector.createOrUpdateTokenRole(roleName, role),
|
||||||
"Token role creation failed"
|
"Token role creation failed"
|
||||||
);
|
);
|
||||||
assertTrue(creationRes, "Token role creation failed");
|
assertTrue(creationRes, "Token role creation failed");
|
||||||
|
|
||||||
// Read the role.
|
// Read the role.
|
||||||
TokenRoleResponse res = assertDoesNotThrow(
|
TokenRoleResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readTokenRole(roleName),
|
() -> connector.readTokenRole(roleName),
|
||||||
"Reading token role failed"
|
"Reading token role failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Token role response must not be null");
|
assertNotNull(res, "Token role response must not be null");
|
||||||
assertNotNull(res.getData(), "Token role must not be null");
|
assertNotNull(res.getData(), "Token role must not be null");
|
||||||
@@ -955,16 +955,16 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Update the role, i.e. change some attributes.
|
// Update the role, i.e. change some attributes.
|
||||||
final TokenRole role2 = TokenRole.builder()
|
final TokenRole role2 = TokenRole.builder()
|
||||||
.forName(roleName)
|
.forName(roleName)
|
||||||
.withPathSuffix("suffix")
|
.withPathSuffix("suffix")
|
||||||
.orphan(true)
|
.orphan(true)
|
||||||
.renewable(false)
|
.renewable(false)
|
||||||
.withTokenNumUses(42)
|
.withTokenNumUses(42)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
creationRes = assertDoesNotThrow(
|
creationRes = assertDoesNotThrow(
|
||||||
() -> connector.createOrUpdateTokenRole(role2),
|
() -> connector.createOrUpdateTokenRole(role2),
|
||||||
"Token role update failed"
|
"Token role update failed"
|
||||||
);
|
);
|
||||||
assertTrue(creationRes, "Token role update failed");
|
assertTrue(creationRes, "Token role update failed");
|
||||||
|
|
||||||
@@ -989,6 +989,75 @@ class HTTPVaultConnectorIT {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Nested
|
||||||
|
@DisplayName("Transit Tests")
|
||||||
|
class TransitTests {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@DisplayName("Transit encryption")
|
||||||
|
void transitEncryptTest() {
|
||||||
|
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
|
||||||
|
assumeTrue(connector.isAuthorized());
|
||||||
|
|
||||||
|
TransitResponse transitResponse = assertDoesNotThrow(
|
||||||
|
() -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
|
||||||
|
"Failed to encrypt via transit"
|
||||||
|
);
|
||||||
|
assertNotNull(transitResponse.getCiphertext());
|
||||||
|
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
|
||||||
|
|
||||||
|
transitResponse = assertDoesNotThrow(
|
||||||
|
() -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
|
||||||
|
"Failed to encrypt binary data via transit"
|
||||||
|
);
|
||||||
|
assertNotNull(transitResponse.getCiphertext());
|
||||||
|
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@DisplayName("Transit decryption")
|
||||||
|
void transitDecryptTest() {
|
||||||
|
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
|
||||||
|
assumeTrue(connector.isAuthorized());
|
||||||
|
|
||||||
|
TransitResponse transitResponse = assertDoesNotThrow(
|
||||||
|
() -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
|
||||||
|
"Failed to decrypt via transit"
|
||||||
|
);
|
||||||
|
|
||||||
|
assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@DisplayName("Transit hash")
|
||||||
|
void transitHashText() {
|
||||||
|
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
|
||||||
|
assumeTrue(connector.isAuthorized());
|
||||||
|
|
||||||
|
TransitResponse transitResponse = assertDoesNotThrow(
|
||||||
|
() -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
|
||||||
|
"Failed to hash via transit"
|
||||||
|
);
|
||||||
|
|
||||||
|
assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
|
||||||
|
|
||||||
|
TransitResponse transitResponseBase64 = assertDoesNotThrow(
|
||||||
|
() -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
|
||||||
|
"Failed to hash via transit with base64 output"
|
||||||
|
);
|
||||||
|
|
||||||
|
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
|
||||||
|
|
||||||
|
transitResponseBase64 = assertDoesNotThrow(
|
||||||
|
() -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
|
||||||
|
"Failed to hash binary data via transit"
|
||||||
|
);
|
||||||
|
|
||||||
|
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Nested
|
@Nested
|
||||||
@DisplayName("Misc Tests")
|
@DisplayName("Misc Tests")
|
||||||
class MiscTests {
|
class MiscTests {
|
||||||
@@ -1003,8 +1072,8 @@ class HTTPVaultConnectorIT {
|
|||||||
assumeTrue(connector.isAuthorized());
|
assumeTrue(connector.isAuthorized());
|
||||||
|
|
||||||
List<AuthBackend> supportedBackends = assertDoesNotThrow(
|
List<AuthBackend> supportedBackends = assertDoesNotThrow(
|
||||||
() -> connector.getAuthBackends(),
|
() -> connector.getAuthBackends(),
|
||||||
"Could not list supported auth backends"
|
"Could not list supported auth backends"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(3, supportedBackends.size());
|
assertEquals(3, supportedBackends.size());
|
||||||
@@ -1020,17 +1089,17 @@ class HTTPVaultConnectorIT {
|
|||||||
final String invalidUser = "foo";
|
final String invalidUser = "foo";
|
||||||
final String invalidPass = "bar";
|
final String invalidPass = "bar";
|
||||||
VaultConnectorException e = assertThrows(
|
VaultConnectorException e = assertThrows(
|
||||||
VaultConnectorException.class,
|
VaultConnectorException.class,
|
||||||
() -> connector.authUserPass(invalidUser, invalidPass),
|
() -> connector.authUserPass(invalidUser, invalidPass),
|
||||||
"Logged in with invalid credentials"
|
"Logged in with invalid credentials"
|
||||||
);
|
);
|
||||||
// Assert that the exception does not reveal credentials.
|
// Assert that the exception does not reveal credentials.
|
||||||
assertFalse(stackTrace(e).contains(invalidUser));
|
assertFalse(stackTrace(e).contains(invalidUser));
|
||||||
assertFalse(stackTrace(e).contains(invalidPass));
|
assertFalse(stackTrace(e).contains(invalidPass));
|
||||||
|
|
||||||
AuthResponse res = assertDoesNotThrow(
|
AuthResponse res = assertDoesNotThrow(
|
||||||
() -> connector.authUserPass(USER_VALID, PASS_VALID),
|
() -> connector.authUserPass(USER_VALID, PASS_VALID),
|
||||||
"Login failed with valid credentials: Exception thrown"
|
"Login failed with valid credentials: Exception thrown"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getAuth(), "Login failed with valid credentials: Response not available");
|
assertNotNull(res.getAuth(), "Login failed with valid credentials: Response not available");
|
||||||
assertTrue(connector.isAuthorized(), "Login failed with valid credentials: Connector not authorized");
|
assertTrue(connector.isAuthorized(), "Login failed with valid credentials: Connector not authorized");
|
||||||
@@ -1044,14 +1113,14 @@ class HTTPVaultConnectorIT {
|
|||||||
@DisplayName("TLS connection test")
|
@DisplayName("TLS connection test")
|
||||||
void tlsConnectionTest() {
|
void tlsConnectionTest() {
|
||||||
assertThrows(
|
assertThrows(
|
||||||
VaultConnectorException.class,
|
VaultConnectorException.class,
|
||||||
() -> connector.authToken("52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6"),
|
() -> connector.authToken("52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6"),
|
||||||
"Logged in with invalid token"
|
"Logged in with invalid token"
|
||||||
);
|
);
|
||||||
|
|
||||||
TokenResponse res = assertDoesNotThrow(
|
TokenResponse res = assertDoesNotThrow(
|
||||||
() -> connector.authToken(TOKEN_ROOT),
|
() -> connector.authToken(TOKEN_ROOT),
|
||||||
"Login failed with valid token"
|
"Login failed with valid token"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Login failed with valid token");
|
assertNotNull(res, "Login failed with valid token");
|
||||||
assertTrue(connector.isAuthorized(), "Login failed with valid token");
|
assertTrue(connector.isAuthorized(), "Login failed with valid token");
|
||||||
@@ -1138,22 +1207,22 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
// Generate vault local unencrypted configuration.
|
// Generate vault local unencrypted configuration.
|
||||||
VaultConfiguration config = new VaultConfiguration()
|
VaultConfiguration config = new VaultConfiguration()
|
||||||
.withHost("localhost")
|
.withHost("localhost")
|
||||||
.withPort(getFreePort())
|
.withPort(getFreePort())
|
||||||
.withDataLocation(dataDir.toPath())
|
.withDataLocation(dataDir.toPath())
|
||||||
.disableMlock();
|
.disableMlock();
|
||||||
|
|
||||||
// Enable TLS with custom certificate and key, if required.
|
// Enable TLS with custom certificate and key, if required.
|
||||||
if (tls) {
|
if (tls) {
|
||||||
config.enableTLS()
|
config.enableTLS()
|
||||||
.withCert(getClass().getResource("/tls/server.pem").getPath())
|
.withCert(getClass().getResource("/tls/server.pem").getPath())
|
||||||
.withKey(getClass().getResource("/tls/server.key").getPath());
|
.withKey(getClass().getResource("/tls/server.key").getPath());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write configuration file.
|
// Write configuration file.
|
||||||
File configFile = new File(dir, "vault.conf");
|
File configFile = new File(dir, "vault.conf");
|
||||||
try {
|
try {
|
||||||
Files.write(configFile.toPath(), config.toString().getBytes(UTF_8));
|
Files.writeString(configFile.toPath(), config.toString(), UTF_8);
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw new IllegalStateException("Unable to generate config file", e);
|
throw new IllegalStateException("Unable to generate config file", e);
|
||||||
}
|
}
|
||||||
@@ -1213,10 +1282,8 @@ class HTTPVaultConnectorIT {
|
|||||||
|
|
||||||
return socket.getLocalPort();
|
return socket.getLocalPort();
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
e.printStackTrace();
|
throw new IllegalStateException("Unable to find a free TCP port", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new IllegalStateException("Unable to find a free TCP port");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -17,13 +17,13 @@
|
|||||||
package de.stklcode.jvault.connector;
|
package de.stklcode.jvault.connector;
|
||||||
|
|
||||||
import com.github.tomakehurst.wiremock.client.WireMock;
|
import com.github.tomakehurst.wiremock.client.WireMock;
|
||||||
import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
|
import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
|
||||||
|
import com.github.tomakehurst.wiremock.junit5.WireMockTest;
|
||||||
import de.stklcode.jvault.connector.exception.ConnectionException;
|
import de.stklcode.jvault.connector.exception.ConnectionException;
|
||||||
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
||||||
import de.stklcode.jvault.connector.exception.PermissionDeniedException;
|
import de.stklcode.jvault.connector.exception.PermissionDeniedException;
|
||||||
import de.stklcode.jvault.connector.exception.VaultConnectorException;
|
import de.stklcode.jvault.connector.exception.VaultConnectorException;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.extension.RegisterExtension;
|
|
||||||
import org.junit.jupiter.api.function.Executable;
|
import org.junit.jupiter.api.function.Executable;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
|
|||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
||||||
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
|
import static com.github.tomakehurst.wiremock.client.WireMock.*;
|
||||||
import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
|
|
||||||
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
|
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
import static org.junit.jupiter.api.Assertions.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -48,26 +46,23 @@ import static org.junit.jupiter.api.Assertions.*;
|
|||||||
* @author Stefan Kalscheuer
|
* @author Stefan Kalscheuer
|
||||||
* @since 0.7.0
|
* @since 0.7.0
|
||||||
*/
|
*/
|
||||||
|
@WireMockTest
|
||||||
class HTTPVaultConnectorTest {
|
class HTTPVaultConnectorTest {
|
||||||
@RegisterExtension
|
|
||||||
static WireMockExtension wireMock = WireMockExtension.newInstance()
|
|
||||||
.options(wireMockConfig().dynamicPort())
|
|
||||||
.build();
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test exceptions thrown during request.
|
* Test exceptions thrown during request.
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
void requestExceptionTest() throws IOException, URISyntaxException {
|
void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
|
||||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
|
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
|
||||||
|
|
||||||
// Test invalid response code.
|
// Test invalid response code.
|
||||||
final int responseCode = 400;
|
final int responseCode = 400;
|
||||||
mockHttpResponse(responseCode, "", "application/json");
|
mockHttpResponse(responseCode, "", "application/json");
|
||||||
VaultConnectorException e = assertThrows(
|
VaultConnectorException e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
connector::getHealth,
|
connector::getHealth,
|
||||||
"Querying health status succeeded on invalid instance"
|
"Querying health status succeeded on invalid instance"
|
||||||
);
|
);
|
||||||
assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
|
assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
|
||||||
assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception");
|
assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception");
|
||||||
@@ -76,9 +71,9 @@ class HTTPVaultConnectorTest {
|
|||||||
// Simulate permission denied response.
|
// Simulate permission denied response.
|
||||||
mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
|
mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
|
||||||
assertThrows(
|
assertThrows(
|
||||||
PermissionDeniedException.class,
|
PermissionDeniedException.class,
|
||||||
connector::getHealth,
|
connector::getHealth,
|
||||||
"Querying health status succeeded on invalid instance"
|
"Querying health status succeeded on invalid instance"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Test exception thrown during request.
|
// Test exception thrown during request.
|
||||||
@@ -86,22 +81,22 @@ class HTTPVaultConnectorTest {
|
|||||||
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
|
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
|
||||||
}
|
}
|
||||||
e = assertThrows(
|
e = assertThrows(
|
||||||
ConnectionException.class,
|
ConnectionException.class,
|
||||||
connector::getHealth,
|
connector::getHealth,
|
||||||
"Querying health status succeeded on invalid instance"
|
"Querying health status succeeded on invalid instance"
|
||||||
);
|
);
|
||||||
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
||||||
assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
|
assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
|
||||||
|
|
||||||
// Now simulate a failing request that succeeds on second try.
|
// Now simulate a failing request that succeeds on second try.
|
||||||
connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build();
|
connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
|
||||||
|
|
||||||
wireMock.stubFor(
|
stubFor(
|
||||||
WireMock.any(anyUrl())
|
WireMock.any(anyUrl())
|
||||||
.willReturn(aResponse().withStatus(500))
|
.willReturn(aResponse().withStatus(500))
|
||||||
.willReturn(aResponse().withStatus(500))
|
.willReturn(aResponse().withStatus(500))
|
||||||
.willReturn(aResponse().withStatus(500))
|
.willReturn(aResponse().withStatus(500))
|
||||||
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
|
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
|
||||||
);
|
);
|
||||||
assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
|
assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
|
||||||
}
|
}
|
||||||
@@ -164,9 +159,9 @@ class HTTPVaultConnectorTest {
|
|||||||
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build();
|
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build();
|
||||||
}
|
}
|
||||||
ConnectionException e = assertThrows(
|
ConnectionException e = assertThrows(
|
||||||
ConnectionException.class,
|
ConnectionException.class,
|
||||||
connector::sealStatus,
|
connector::sealStatus,
|
||||||
"Querying seal status succeeded on invalid instance"
|
"Querying seal status succeeded on invalid instance"
|
||||||
);
|
);
|
||||||
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
||||||
}
|
}
|
||||||
@@ -182,9 +177,9 @@ class HTTPVaultConnectorTest {
|
|||||||
connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build();
|
connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build();
|
||||||
}
|
}
|
||||||
ConnectionException e = assertThrows(
|
ConnectionException e = assertThrows(
|
||||||
ConnectionException.class,
|
ConnectionException.class,
|
||||||
connector::getHealth,
|
connector::getHealth,
|
||||||
"Querying health status succeeded on invalid instance"
|
"Querying health status succeeded on invalid instance"
|
||||||
);
|
);
|
||||||
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
|
||||||
}
|
}
|
||||||
@@ -193,8 +188,8 @@ class HTTPVaultConnectorTest {
|
|||||||
* Test behavior on unparsable responses.
|
* Test behavior on unparsable responses.
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
void parseExceptionTest() throws URISyntaxException {
|
void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
|
||||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
|
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
|
||||||
// Mock authorization.
|
// Mock authorization.
|
||||||
setPrivate(connector, "authorized", true);
|
setPrivate(connector, "authorized", true);
|
||||||
// Mock response.
|
// Mock response.
|
||||||
@@ -227,8 +222,8 @@ class HTTPVaultConnectorTest {
|
|||||||
* Test requests that expect an empty response with code 204, but receive a 200 body.
|
* Test requests that expect an empty response with code 204, but receive a 200 body.
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
void nonEmpty204ResponseTest() throws URISyntaxException {
|
void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
|
||||||
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build();
|
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
|
||||||
// Mock authorization.
|
// Mock authorization.
|
||||||
setPrivate(connector, "authorized", true);
|
setPrivate(connector, "authorized", true);
|
||||||
// Mock response.
|
// Mock response.
|
||||||
@@ -236,45 +231,45 @@ class HTTPVaultConnectorTest {
|
|||||||
|
|
||||||
// Now test the methods expecting a 204.
|
// Now test the methods expecting a 204.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.createAppRole("appID", Collections.singletonList("policy")),
|
() -> connector.createAppRole("appID", Collections.singletonList("policy")),
|
||||||
"createAppRole() with 200 response succeeded"
|
"createAppRole() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.deleteAppRole("roleName"),
|
() -> connector.deleteAppRole("roleName"),
|
||||||
"deleteAppRole() with 200 response succeeded"
|
"deleteAppRole() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.setAppRoleID("roleName", "roleID"),
|
() -> connector.setAppRoleID("roleName", "roleID"),
|
||||||
"setAppRoleID() with 200 response succeeded"
|
"setAppRoleID() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.destroyAppRoleSecret("roleName", "secretID"),
|
() -> connector.destroyAppRoleSecret("roleName", "secretID"),
|
||||||
"destroyAppRoleSecret() with 200 response succeeded"
|
"destroyAppRoleSecret() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.destroyAppRoleSecret("roleName", "secretUD"),
|
() -> connector.destroyAppRoleSecret("roleName", "secretUD"),
|
||||||
"destroyAppRoleSecret() with 200 response succeeded"
|
"destroyAppRoleSecret() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.delete("key"),
|
() -> connector.delete("key"),
|
||||||
"delete() with 200 response succeeded"
|
"delete() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.revoke("leaseID"),
|
() -> connector.revoke("leaseID"),
|
||||||
"destroyAppRoleSecret() with 200 response succeeded"
|
"destroyAppRoleSecret() with 200 response succeeded"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -310,10 +305,10 @@ class HTTPVaultConnectorTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void mockHttpResponse(int status, String body, String contentType) {
|
private void mockHttpResponse(int status, String body, String contentType) {
|
||||||
wireMock.stubFor(
|
stubFor(
|
||||||
WireMock.any(anyUrl()).willReturn(
|
WireMock.any(anyUrl()).willReturn(
|
||||||
aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
|
aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
|
|||||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||||
|
import com.fasterxml.jackson.databind.json.JsonMapper;
|
||||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||||
import nl.jqno.equalsverifier.EqualsVerifier;
|
import nl.jqno.equalsverifier.EqualsVerifier;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
|
|||||||
*/
|
*/
|
||||||
protected AbstractModelTest(Class<T> modelClass) {
|
protected AbstractModelTest(Class<T> modelClass) {
|
||||||
this.modelClass = modelClass;
|
this.modelClass = modelClass;
|
||||||
this.objectMapper = new ObjectMapper()
|
this.objectMapper = JsonMapper.builder()
|
||||||
.registerModule(new JavaTimeModule())
|
.addModule(new JavaTimeModule())
|
||||||
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
|
||||||
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE);
|
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
|
||||||
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -35,8 +35,8 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
|||||||
class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
|
class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
|
||||||
private static final String TEST_ID = "abc123";
|
private static final String TEST_ID = "abc123";
|
||||||
private static final Map<String, Object> TEST_META = Map.of(
|
private static final Map<String, Object> TEST_META = Map.of(
|
||||||
"foo", "bar",
|
"foo", "bar",
|
||||||
"number", 1337
|
"number", 1337
|
||||||
);
|
);
|
||||||
private static final List<String> TEST_CIDR = List.of("203.0.113.0/24", "198.51.100.0/24");
|
private static final List<String> TEST_CIDR = List.of("203.0.113.0/24", "198.51.100.0/24");
|
||||||
|
|
||||||
@@ -122,8 +122,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
|
|||||||
String secretJson2 = commaSeparatedToList(secretJson);
|
String secretJson2 = commaSeparatedToList(secretJson);
|
||||||
|
|
||||||
AppRoleSecret secret2 = assertDoesNotThrow(
|
AppRoleSecret secret2 = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(secretJson2, AppRoleSecret.class),
|
() -> objectMapper.readValue(secretJson2, AppRoleSecret.class),
|
||||||
"Deserialization failed"
|
"Deserialization failed"
|
||||||
);
|
);
|
||||||
assertEquals(secret2.getId(), secret.getId());
|
assertEquals(secret2.getId(), secret.getId());
|
||||||
assertEquals(secret2.getMetadata(), secret.getMetadata());
|
assertEquals(secret2.getMetadata(), secret.getMetadata());
|
||||||
@@ -144,8 +144,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
|
|||||||
assumeTrue(secret.getTtl() == 12345);
|
assumeTrue(secret.getTtl() == 12345);
|
||||||
String secretJson3 = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
|
String secretJson3 = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
|
||||||
secret2 = assertDoesNotThrow(
|
secret2 = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class),
|
() -> objectMapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class),
|
||||||
"Deserialization failed"
|
"Deserialization failed"
|
||||||
);
|
);
|
||||||
assertEquals(secret2.getId(), secret.getId());
|
assertEquals(secret2.getId(), secret.getId());
|
||||||
assertEquals(secret2.getMetadata(), secret.getMetadata());
|
assertEquals(secret2.getMetadata(), secret.getMetadata());
|
||||||
@@ -159,9 +159,9 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
|
|||||||
|
|
||||||
// Those fields should be deserialized from JSON though.
|
// Those fields should be deserialized from JSON though.
|
||||||
String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
|
String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
|
||||||
"\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
|
"\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
|
||||||
"\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
|
"\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
|
||||||
"\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
|
"\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
|
||||||
secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
|
secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
|
||||||
assertEquals("TEST_ACCESSOR", secret2.getAccessor());
|
assertEquals("TEST_ACCESSOR", secret2.getAccessor());
|
||||||
assertEquals("TEST_CREATION", secret2.getCreationTime());
|
assertEquals("TEST_CREATION", secret2.getCreationTime());
|
||||||
@@ -181,6 +181,6 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
|
|||||||
|
|
||||||
private static String commaSeparatedToList(String json) {
|
private static String commaSeparatedToList(String json) {
|
||||||
return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
|
return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
|
||||||
.replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
|
.replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -42,18 +42,18 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
|
|||||||
private static final String POLICY = "policy";
|
private static final String POLICY = "policy";
|
||||||
private static final String POLICY_2 = "policy2";
|
private static final String POLICY_2 = "policy2";
|
||||||
private static final Integer SECRET_ID_NUM_USES = 10;
|
private static final Integer SECRET_ID_NUM_USES = 10;
|
||||||
private static final Integer SECRET_ID_TTL = 7200;
|
private static final Long SECRET_ID_TTL = 7200L;
|
||||||
private static final Boolean LOCAL_SECRET_IDS = false;
|
private static final Boolean LOCAL_SECRET_IDS = false;
|
||||||
private static final Integer TOKEN_TTL = 4800;
|
private static final Long TOKEN_TTL = 4800L;
|
||||||
private static final Integer TOKEN_MAX_TTL = 9600;
|
private static final Long TOKEN_MAX_TTL = 9600L;
|
||||||
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
|
private static final Long TOKEN_EXPLICIT_MAX_TTL = 14400L;
|
||||||
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
|
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
|
||||||
private static final Integer TOKEN_NUM_USES = 42;
|
private static final Integer TOKEN_NUM_USES = 42;
|
||||||
private static final Integer TOKEN_PERIOD = 1234;
|
private static final Integer TOKEN_PERIOD = 1234;
|
||||||
private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
|
private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
|
||||||
private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
|
private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
|
||||||
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
|
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
|
||||||
NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
|
NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
|
||||||
|
|
||||||
AppRoleTest() {
|
AppRoleTest() {
|
||||||
super(AppRole.class);
|
super(AppRole.class);
|
||||||
@@ -62,22 +62,22 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
|
|||||||
@Override
|
@Override
|
||||||
protected AppRole createFull() {
|
protected AppRole createFull() {
|
||||||
return AppRole.builder(NAME)
|
return AppRole.builder(NAME)
|
||||||
.withId(ID)
|
.withId(ID)
|
||||||
.withBindSecretID(BIND_SECRET_ID)
|
.withBindSecretID(BIND_SECRET_ID)
|
||||||
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
|
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
|
||||||
.withTokenPolicies(POLICIES)
|
.withTokenPolicies(POLICIES)
|
||||||
.withSecretIdNumUses(SECRET_ID_NUM_USES)
|
.withSecretIdNumUses(SECRET_ID_NUM_USES)
|
||||||
.withSecretIdTtl(SECRET_ID_TTL)
|
.withSecretIdTtl(SECRET_ID_TTL)
|
||||||
.withLocalSecretIds(LOCAL_SECRET_IDS)
|
.withLocalSecretIds(LOCAL_SECRET_IDS)
|
||||||
.withTokenTtl(TOKEN_TTL)
|
.withTokenTtl(TOKEN_TTL)
|
||||||
.withTokenMaxTtl(TOKEN_MAX_TTL)
|
.withTokenMaxTtl(TOKEN_MAX_TTL)
|
||||||
.withTokenBoundCidrs(BOUND_CIDR_LIST)
|
.withTokenBoundCidrs(BOUND_CIDR_LIST)
|
||||||
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
|
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
|
||||||
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
|
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
|
||||||
.withTokenNumUses(TOKEN_NUM_USES)
|
.withTokenNumUses(TOKEN_NUM_USES)
|
||||||
.withTokenPeriod(TOKEN_PERIOD)
|
.withTokenPeriod(TOKEN_PERIOD)
|
||||||
.withTokenType(TOKEN_TYPE)
|
.withTokenType(TOKEN_TYPE)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeAll
|
@BeforeAll
|
||||||
@@ -159,11 +159,11 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
|
|||||||
assertEquals(1, role.getTokenBoundCidrs().size());
|
assertEquals(1, role.getTokenBoundCidrs().size());
|
||||||
assertEquals(CIDR_2, role.getTokenBoundCidrs().get(0));
|
assertEquals(CIDR_2, role.getTokenBoundCidrs().get(0));
|
||||||
role = AppRole.builder(NAME)
|
role = AppRole.builder(NAME)
|
||||||
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
|
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
|
||||||
.withSecretBoundCidr(CIDR_2)
|
.withSecretBoundCidr(CIDR_2)
|
||||||
.withTokenBoundCidrs(BOUND_CIDR_LIST)
|
.withTokenBoundCidrs(BOUND_CIDR_LIST)
|
||||||
.withTokenBoundCidr(CIDR_2)
|
.withTokenBoundCidr(CIDR_2)
|
||||||
.build();
|
.build();
|
||||||
assertEquals(2, role.getSecretIdBoundCidrs().size());
|
assertEquals(2, role.getSecretIdBoundCidrs().size());
|
||||||
assertTrue(role.getSecretIdBoundCidrs().containsAll(List.of(CIDR_1, CIDR_2)));
|
assertTrue(role.getSecretIdBoundCidrs().containsAll(List.of(CIDR_1, CIDR_2)));
|
||||||
assertEquals(2, role.getTokenBoundCidrs().size());
|
assertEquals(2, role.getTokenBoundCidrs().size());
|
||||||
@@ -174,9 +174,9 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
|
|||||||
assertEquals(1, role.getTokenPolicies().size());
|
assertEquals(1, role.getTokenPolicies().size());
|
||||||
assertEquals(POLICY_2, role.getTokenPolicies().get(0));
|
assertEquals(POLICY_2, role.getTokenPolicies().get(0));
|
||||||
role = AppRole.builder(NAME)
|
role = AppRole.builder(NAME)
|
||||||
.withTokenPolicies(POLICIES)
|
.withTokenPolicies(POLICIES)
|
||||||
.withTokenPolicy(POLICY_2)
|
.withTokenPolicy(POLICY_2)
|
||||||
.build();
|
.build();
|
||||||
assertEquals(2, role.getTokenPolicies().size());
|
assertEquals(2, role.getTokenPolicies().size());
|
||||||
assertTrue(role.getTokenPolicies().containsAll(List.of(POLICY, POLICY_2)));
|
assertTrue(role.getTokenPolicies().containsAll(List.of(POLICY, POLICY_2)));
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -59,28 +59,28 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
|||||||
private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
|
private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
|
||||||
private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
|
private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
|
||||||
private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
|
private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
|
||||||
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 1234;
|
private static final Long TOKEN_EXPLICIT_MAX_TTL = 1234L;
|
||||||
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
|
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
|
||||||
private static final Integer TOKEN_NUM_USES = 5;
|
private static final Integer TOKEN_NUM_USES = 5;
|
||||||
private static final Integer TOKEN_PERIOD = 2345;
|
private static final Integer TOKEN_PERIOD = 2345;
|
||||||
private static final Token.Type TOKEN_TYPE = Token.Type.SERVICE;
|
private static final Token.Type TOKEN_TYPE = Token.Type.SERVICE;
|
||||||
|
|
||||||
private static final String JSON_FULL = "{" +
|
private static final String JSON_FULL = "{" +
|
||||||
"\"name\":\"" + NAME + "\"," +
|
"\"name\":\"" + NAME + "\"," +
|
||||||
"\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," +
|
"\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," +
|
||||||
"\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," +
|
"\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," +
|
||||||
"\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," +
|
"\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," +
|
||||||
"\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," +
|
"\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," +
|
||||||
"\"orphan\":" + ORPHAN + "," +
|
"\"orphan\":" + ORPHAN + "," +
|
||||||
"\"renewable\":" + RENEWABLE + "," +
|
"\"renewable\":" + RENEWABLE + "," +
|
||||||
"\"path_suffix\":\"" + PATH_SUFFIX + "\"," +
|
"\"path_suffix\":\"" + PATH_SUFFIX + "\"," +
|
||||||
"\"allowed_entity_aliases\":[\"" + ALLOWED_ENTITY_ALIAS_1 + "\",\"" + ALLOWED_ENTITY_ALIAS_3 + "\",\"" + ALLOWED_ENTITY_ALIAS_2 + "\"]," +
|
"\"allowed_entity_aliases\":[\"" + ALLOWED_ENTITY_ALIAS_1 + "\",\"" + ALLOWED_ENTITY_ALIAS_3 + "\",\"" + ALLOWED_ENTITY_ALIAS_2 + "\"]," +
|
||||||
"\"token_bound_cidrs\":[\"" + TOKEN_BOUND_CIDR_3 + "\",\"" + TOKEN_BOUND_CIDR_2 + "\",\"" + TOKEN_BOUND_CIDR_1 + "\"]," +
|
"\"token_bound_cidrs\":[\"" + TOKEN_BOUND_CIDR_3 + "\",\"" + TOKEN_BOUND_CIDR_2 + "\",\"" + TOKEN_BOUND_CIDR_1 + "\"]," +
|
||||||
"\"token_explicit_max_ttl\":" + TOKEN_EXPLICIT_MAX_TTL + "," +
|
"\"token_explicit_max_ttl\":" + TOKEN_EXPLICIT_MAX_TTL + "," +
|
||||||
"\"token_no_default_policy\":" + TOKEN_NO_DEFAULT_POLICY + "," +
|
"\"token_no_default_policy\":" + TOKEN_NO_DEFAULT_POLICY + "," +
|
||||||
"\"token_num_uses\":" + TOKEN_NUM_USES + "," +
|
"\"token_num_uses\":" + TOKEN_NUM_USES + "," +
|
||||||
"\"token_period\":" + TOKEN_PERIOD + "," +
|
"\"token_period\":" + TOKEN_PERIOD + "," +
|
||||||
"\"token_type\":\"" + TOKEN_TYPE.value() + "\"}";
|
"\"token_type\":\"" + TOKEN_TYPE.value() + "\"}";
|
||||||
|
|
||||||
TokenRoleTest() {
|
TokenRoleTest() {
|
||||||
super(TokenRole.class);
|
super(TokenRole.class);
|
||||||
@@ -89,28 +89,28 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
|||||||
@Override
|
@Override
|
||||||
protected TokenRole createFull() {
|
protected TokenRole createFull() {
|
||||||
return TokenRole.builder()
|
return TokenRole.builder()
|
||||||
.forName(NAME)
|
.forName(NAME)
|
||||||
.withAllowedPolicies(ALLOWED_POLICIES)
|
.withAllowedPolicies(ALLOWED_POLICIES)
|
||||||
.withAllowedPolicy(ALLOWED_POLICY_3)
|
.withAllowedPolicy(ALLOWED_POLICY_3)
|
||||||
.withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1)
|
.withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1)
|
||||||
.withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB)
|
.withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB)
|
||||||
.withDisallowedPolicy(DISALLOWED_POLICY_1)
|
.withDisallowedPolicy(DISALLOWED_POLICY_1)
|
||||||
.withDisallowedPolicies(DISALLOWED_POLICIES)
|
.withDisallowedPolicies(DISALLOWED_POLICIES)
|
||||||
.withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB)
|
.withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB)
|
||||||
.withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3)
|
.withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3)
|
||||||
.orphan(ORPHAN)
|
.orphan(ORPHAN)
|
||||||
.renewable(RENEWABLE)
|
.renewable(RENEWABLE)
|
||||||
.withPathSuffix(PATH_SUFFIX)
|
.withPathSuffix(PATH_SUFFIX)
|
||||||
.withAllowedEntityAliases(ALLOWED_ENTITY_ALIASES)
|
.withAllowedEntityAliases(ALLOWED_ENTITY_ALIASES)
|
||||||
.withAllowedEntityAlias(ALLOWED_ENTITY_ALIAS_2)
|
.withAllowedEntityAlias(ALLOWED_ENTITY_ALIAS_2)
|
||||||
.withTokenBoundCidr(TOKEN_BOUND_CIDR_3)
|
.withTokenBoundCidr(TOKEN_BOUND_CIDR_3)
|
||||||
.withTokenBoundCidrs(TOKEN_BOUND_CIDRS)
|
.withTokenBoundCidrs(TOKEN_BOUND_CIDRS)
|
||||||
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
|
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
|
||||||
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
|
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
|
||||||
.withTokenNumUses(TOKEN_NUM_USES)
|
.withTokenNumUses(TOKEN_NUM_USES)
|
||||||
.withTokenPeriod(TOKEN_PERIOD)
|
.withTokenPeriod(TOKEN_PERIOD)
|
||||||
.withTokenType(TOKEN_TYPE)
|
.withTokenType(TOKEN_TYPE)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -141,24 +141,24 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
|||||||
@Test
|
@Test
|
||||||
void buildNullTest() throws JsonProcessingException {
|
void buildNullTest() throws JsonProcessingException {
|
||||||
TokenRole role = TokenRole.builder()
|
TokenRole role = TokenRole.builder()
|
||||||
.forName(null)
|
.forName(null)
|
||||||
.withAllowedPolicies(null)
|
.withAllowedPolicies(null)
|
||||||
.withAllowedPolicy(null)
|
.withAllowedPolicy(null)
|
||||||
.withDisallowedPolicy(null)
|
.withDisallowedPolicy(null)
|
||||||
.withDisallowedPolicies(null)
|
.withDisallowedPolicies(null)
|
||||||
.orphan(null)
|
.orphan(null)
|
||||||
.renewable(null)
|
.renewable(null)
|
||||||
.withPathSuffix(null)
|
.withPathSuffix(null)
|
||||||
.withAllowedEntityAliases(null)
|
.withAllowedEntityAliases(null)
|
||||||
.withAllowedEntityAlias(null)
|
.withAllowedEntityAlias(null)
|
||||||
.withTokenBoundCidr(null)
|
.withTokenBoundCidr(null)
|
||||||
.withTokenBoundCidrs(null)
|
.withTokenBoundCidrs(null)
|
||||||
.withTokenExplicitMaxTtl(null)
|
.withTokenExplicitMaxTtl(null)
|
||||||
.withTokenNoDefaultPolicy(null)
|
.withTokenNoDefaultPolicy(null)
|
||||||
.withTokenNumUses(null)
|
.withTokenNumUses(null)
|
||||||
.withTokenPeriod(null)
|
.withTokenPeriod(null)
|
||||||
.withTokenType(null)
|
.withTokenType(null)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
assertNull(role.getAllowedPolicies());
|
assertNull(role.getAllowedPolicies());
|
||||||
assertNull(role.getDisallowedPolicies());
|
assertNull(role.getDisallowedPolicies());
|
||||||
@@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
|||||||
assertNull(role.getTokenType());
|
assertNull(role.getTokenType());
|
||||||
|
|
||||||
// Empty builder should be equal to no-arg construction.
|
// Empty builder should be equal to no-arg construction.
|
||||||
assertEquals(role, new TokenRole());
|
assertEquals(new TokenRole(), role);
|
||||||
|
|
||||||
// Optional fields should be ignored, so JSON string should be empty.
|
// Optional fields should be ignored, so JSON string should be empty.
|
||||||
assertEquals("{}", objectMapper.writeValueAsString(role));
|
assertEquals("{}", objectMapper.writeValueAsString(role));
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -35,8 +35,8 @@ class TokenTest extends AbstractModelTest<Token> {
|
|||||||
private static final String DISPLAY_NAME = "display-name";
|
private static final String DISPLAY_NAME = "display-name";
|
||||||
private static final Boolean NO_PARENT = false;
|
private static final Boolean NO_PARENT = false;
|
||||||
private static final Boolean NO_DEFAULT_POLICY = false;
|
private static final Boolean NO_DEFAULT_POLICY = false;
|
||||||
private static final Integer TTL = 123;
|
private static final Long TTL = 123L;
|
||||||
private static final Integer EXPLICIT_MAX_TTL = 456;
|
private static final Long EXPLICIT_MAX_TTL = 456L;
|
||||||
private static final Integer NUM_USES = 4;
|
private static final Integer NUM_USES = 4;
|
||||||
private static final List<String> POLICIES = new ArrayList<>();
|
private static final List<String> POLICIES = new ArrayList<>();
|
||||||
private static final String POLICY = "policy";
|
private static final String POLICY = "policy";
|
||||||
@@ -59,20 +59,20 @@ class TokenTest extends AbstractModelTest<Token> {
|
|||||||
@Override
|
@Override
|
||||||
protected Token createFull() {
|
protected Token createFull() {
|
||||||
return Token.builder()
|
return Token.builder()
|
||||||
.withId(ID)
|
.withId(ID)
|
||||||
.withType(Token.Type.SERVICE)
|
.withType(Token.Type.SERVICE)
|
||||||
.withDisplayName(DISPLAY_NAME)
|
.withDisplayName(DISPLAY_NAME)
|
||||||
.withNoParent(NO_PARENT)
|
.withNoParent(NO_PARENT)
|
||||||
.withNoDefaultPolicy(NO_DEFAULT_POLICY)
|
.withNoDefaultPolicy(NO_DEFAULT_POLICY)
|
||||||
.withTtl(TTL)
|
.withTtl(TTL)
|
||||||
.withExplicitMaxTtl(EXPLICIT_MAX_TTL)
|
.withExplicitMaxTtl(EXPLICIT_MAX_TTL)
|
||||||
.withNumUses(NUM_USES)
|
.withNumUses(NUM_USES)
|
||||||
.withPolicies(POLICIES)
|
.withPolicies(POLICIES)
|
||||||
.withMeta(META)
|
.withMeta(META)
|
||||||
.withRenewable(RENEWABLE)
|
.withRenewable(RENEWABLE)
|
||||||
.withPeriod(PERIOD)
|
.withPeriod(PERIOD)
|
||||||
.withEntityAlias(ENTITY_ALIAS)
|
.withEntityAlias(ENTITY_ALIAS)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeAll
|
@BeforeAll
|
||||||
@@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
|
|||||||
assertEquals("{}", objectMapper.writeValueAsString(token));
|
assertEquals("{}", objectMapper.writeValueAsString(token));
|
||||||
|
|
||||||
// Empty builder should be equal to no-arg construction.
|
// Empty builder should be equal to no-arg construction.
|
||||||
assertEquals(token, new Token());
|
assertEquals(new Token(), token);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -159,9 +159,9 @@ class TokenTest extends AbstractModelTest<Token> {
|
|||||||
assertEquals(1, token.getPolicies().size());
|
assertEquals(1, token.getPolicies().size());
|
||||||
assertEquals(List.of(POLICY_2), token.getPolicies());
|
assertEquals(List.of(POLICY_2), token.getPolicies());
|
||||||
token = Token.builder()
|
token = Token.builder()
|
||||||
.withPolicies(POLICY, POLICY_2)
|
.withPolicies(POLICY, POLICY_2)
|
||||||
.withPolicy(POLICY_3)
|
.withPolicy(POLICY_3)
|
||||||
.build();
|
.build();
|
||||||
assertEquals(3, token.getPolicies().size());
|
assertEquals(3, token.getPolicies().size());
|
||||||
assertTrue(token.getPolicies().containsAll(List.of(POLICY, POLICY_2, POLICY_3)));
|
assertTrue(token.getPolicies().containsAll(List.of(POLICY, POLICY_2, POLICY_3)));
|
||||||
|
|
||||||
@@ -171,9 +171,9 @@ class TokenTest extends AbstractModelTest<Token> {
|
|||||||
assertEquals(Set.of(META_KEY_2), token.getMeta().keySet());
|
assertEquals(Set.of(META_KEY_2), token.getMeta().keySet());
|
||||||
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
|
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
|
||||||
token = Token.builder()
|
token = Token.builder()
|
||||||
.withMeta(META)
|
.withMeta(META)
|
||||||
.withMeta(META_KEY_2, META_VALUE_2)
|
.withMeta(META_KEY_2, META_VALUE_2)
|
||||||
.build();
|
.build();
|
||||||
assertEquals(2, token.getMeta().size());
|
assertEquals(2, token.getMeta().size());
|
||||||
assertEquals(META_VALUE, token.getMeta().get(META_KEY));
|
assertEquals(META_VALUE, token.getMeta().get(META_KEY));
|
||||||
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
|
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import de.stklcode.jvault.connector.model.AppRole;
|
import de.stklcode.jvault.connector.model.AppRole;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@@ -32,34 +31,34 @@ import static org.junit.jupiter.api.Assertions.*;
|
|||||||
* @since 0.6.2
|
* @since 0.6.2
|
||||||
*/
|
*/
|
||||||
class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
|
class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
|
||||||
private static final Integer ROLE_TOKEN_TTL = 1200;
|
private static final Long ROLE_TOKEN_TTL = 1200L;
|
||||||
private static final Integer ROLE_TOKEN_MAX_TTL = 1800;
|
private static final Long ROLE_TOKEN_MAX_TTL = 1800L;
|
||||||
private static final Integer ROLE_SECRET_TTL = 600;
|
private static final Long ROLE_SECRET_TTL = 600L;
|
||||||
private static final Integer ROLE_SECRET_NUM_USES = 40;
|
private static final Integer ROLE_SECRET_NUM_USES = 40;
|
||||||
private static final String ROLE_POLICY = "default";
|
private static final String ROLE_POLICY = "default";
|
||||||
private static final Integer ROLE_PERIOD = 0;
|
private static final Integer ROLE_PERIOD = 0;
|
||||||
private static final Boolean ROLE_BIND_SECRET = true;
|
private static final Boolean ROLE_BIND_SECRET = true;
|
||||||
|
|
||||||
private static final String RES_JSON = "{\n" +
|
private static final String RES_JSON = "{\n" +
|
||||||
" \"auth\": null,\n" +
|
" \"auth\": null,\n" +
|
||||||
" \"warnings\": null,\n" +
|
" \"warnings\": null,\n" +
|
||||||
" \"wrap_info\": null,\n" +
|
" \"wrap_info\": null,\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"token_ttl\": " + ROLE_TOKEN_TTL + ",\n" +
|
" \"token_ttl\": " + ROLE_TOKEN_TTL + ",\n" +
|
||||||
" \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
|
" \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
|
||||||
" \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
|
" \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
|
||||||
" \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
|
" \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
|
||||||
" \"token_policies\": [\n" +
|
" \"token_policies\": [\n" +
|
||||||
" \"" + ROLE_POLICY + "\"\n" +
|
" \"" + ROLE_POLICY + "\"\n" +
|
||||||
" ],\n" +
|
" ],\n" +
|
||||||
" \"token_period\": " + ROLE_PERIOD + ",\n" +
|
" \"token_period\": " + ROLE_PERIOD + ",\n" +
|
||||||
" \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
|
" \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
|
||||||
" \"bound_cidr_list\": \"\"\n" +
|
" \"bound_cidr_list\": \"\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"lease_duration\": 0,\n" +
|
" \"lease_duration\": 0,\n" +
|
||||||
" \"renewable\": false,\n" +
|
" \"renewable\": false,\n" +
|
||||||
" \"lease_id\": \"\"\n" +
|
" \"lease_id\": \"\"\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
AppRoleResponseTest() {
|
AppRoleResponseTest() {
|
||||||
super(AppRoleResponse.class);
|
super(AppRoleResponse.class);
|
||||||
@@ -67,12 +66,10 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AppRoleResponse createFull() {
|
protected AppRoleResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_JSON, AppRoleResponse.class);
|
() -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -91,8 +88,8 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
AppRoleResponse res = assertDoesNotThrow(
|
AppRoleResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
|
() -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
|
||||||
"AuthResponse deserialization failed"
|
"AuthResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
// Extract role data.
|
// Extract role data.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import de.stklcode.jvault.connector.model.AuthBackend;
|
import de.stklcode.jvault.connector.model.AuthBackend;
|
||||||
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
|
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
|
||||||
@@ -45,44 +44,44 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
|
|||||||
private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741";
|
private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741";
|
||||||
private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
|
private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
|
||||||
private static final String TK_DESCR = "token based credentials";
|
private static final String TK_DESCR = "token based credentials";
|
||||||
private static final Integer TK_LEASE_TTL = 0;
|
private static final Long TK_LEASE_TTL = 0L;
|
||||||
private static final Boolean TK_FORCE_NO_CACHE = false;
|
private static final Boolean TK_FORCE_NO_CACHE = false;
|
||||||
private static final Integer TK_MAX_LEASE_TTL = 0;
|
private static final Long TK_MAX_LEASE_TTL = 0L;
|
||||||
private static final String TK_TOKEN_TYPE = "default-service";
|
private static final String TK_TOKEN_TYPE = "default-service";
|
||||||
private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
|
private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
|
||||||
|
|
||||||
private static final String RES_JSON = "{\n" +
|
private static final String RES_JSON = "{\n" +
|
||||||
" \"data\": {" +
|
" \"data\": {" +
|
||||||
" \"" + GH_PATH + "\": {\n" +
|
" \"" + GH_PATH + "\": {\n" +
|
||||||
" \"uuid\": \"" + GH_UUID + "\",\n" +
|
" \"uuid\": \"" + GH_UUID + "\",\n" +
|
||||||
" \"type\": \"" + GH_TYPE + "\",\n" +
|
" \"type\": \"" + GH_TYPE + "\",\n" +
|
||||||
" \"accessor\": \"" + GH_ACCESSOR + "\",\n" +
|
" \"accessor\": \"" + GH_ACCESSOR + "\",\n" +
|
||||||
" \"description\": \"" + GH_DESCR + "\",\n" +
|
" \"description\": \"" + GH_DESCR + "\",\n" +
|
||||||
" \"external_entropy_access\": false,\n" +
|
" \"external_entropy_access\": false,\n" +
|
||||||
" \"local\": false,\n" +
|
" \"local\": false,\n" +
|
||||||
" \"seal_wrap\": false\n" +
|
" \"seal_wrap\": false\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"" + TK_PATH + "\": {\n" +
|
" \"" + TK_PATH + "\": {\n" +
|
||||||
" \"config\": {\n" +
|
" \"config\": {\n" +
|
||||||
" \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
|
" \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
|
||||||
" \"force_no_cache\": " + TK_FORCE_NO_CACHE + ",\n" +
|
" \"force_no_cache\": " + TK_FORCE_NO_CACHE + ",\n" +
|
||||||
" \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + ",\n" +
|
" \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + ",\n" +
|
||||||
" \"token_type\": \"" + TK_TOKEN_TYPE + "\"\n" +
|
" \"token_type\": \"" + TK_TOKEN_TYPE + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"description\": \"" + TK_DESCR + "\",\n" +
|
" \"description\": \"" + TK_DESCR + "\",\n" +
|
||||||
" \"options\": null,\n" +
|
" \"options\": null,\n" +
|
||||||
" \"plugin_version\": \"\",\n" +
|
" \"plugin_version\": \"\",\n" +
|
||||||
" \"running_plugin_version\": \"" + TK_RUNNING_PLUGIN_VERSION + "\",\n" +
|
" \"running_plugin_version\": \"" + TK_RUNNING_PLUGIN_VERSION + "\",\n" +
|
||||||
" \"running_sha256\": \"\",\n" +
|
" \"running_sha256\": \"\",\n" +
|
||||||
" \"type\": \"" + TK_TYPE + "\",\n" +
|
" \"type\": \"" + TK_TYPE + "\",\n" +
|
||||||
" \"uuid\": \"" + TK_UUID + "\",\n" +
|
" \"uuid\": \"" + TK_UUID + "\",\n" +
|
||||||
" \"accessor\": \"" + TK_ACCESSOR + "\",\n" +
|
" \"accessor\": \"" + TK_ACCESSOR + "\",\n" +
|
||||||
" \"external_entropy_access\": false,\n" +
|
" \"external_entropy_access\": false,\n" +
|
||||||
" \"local\": true,\n" +
|
" \"local\": true,\n" +
|
||||||
" \"seal_wrap\": false\n" +
|
" \"seal_wrap\": false\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
AuthMethodsResponseTest() {
|
AuthMethodsResponseTest() {
|
||||||
super(AuthMethodsResponse.class);
|
super(AuthMethodsResponse.class);
|
||||||
@@ -90,12 +89,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AuthMethodsResponse createFull() {
|
protected AuthMethodsResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_JSON, AuthMethodsResponse.class);
|
() -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -114,8 +111,8 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
AuthMethodsResponse res = assertDoesNotThrow(
|
AuthMethodsResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
|
() -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
|
||||||
"AuthResponse deserialization failed"
|
"AuthResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
// Extract auth data.
|
// Extract auth data.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import de.stklcode.jvault.connector.model.response.embedded.AuthData;
|
import de.stklcode.jvault.connector.model.response.embedded.AuthData;
|
||||||
import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
|
import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
|
||||||
@@ -101,12 +100,10 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AuthResponse createFull() {
|
protected AuthResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_JSON, AuthResponse.class);
|
() -> objectMapper.readValue(RES_JSON, AuthResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -122,8 +119,8 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
AuthResponse res = assertDoesNotThrow(
|
AuthResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_JSON, AuthResponse.class),
|
() -> objectMapper.readValue(RES_JSON, AuthResponse.class),
|
||||||
"AuthResponse deserialization failed"
|
"AuthResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
// Extract auth data.
|
// Extract auth data.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -32,16 +31,16 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
|
|||||||
private static final String VAL_USER = "testUserName";
|
private static final String VAL_USER = "testUserName";
|
||||||
private static final String VAL_PASS = "5up3r5ecr3tP455";
|
private static final String VAL_PASS = "5up3r5ecr3tP455";
|
||||||
private static final String JSON = "{\n" +
|
private static final String JSON = "{\n" +
|
||||||
" \"request_id\": \"68315073-6658-e3ff-2da7-67939fb91bbd\",\n" +
|
" \"request_id\": \"68315073-6658-e3ff-2da7-67939fb91bbd\",\n" +
|
||||||
" \"lease_id\": \"\",\n" +
|
" \"lease_id\": \"\",\n" +
|
||||||
" \"lease_duration\": 2764800,\n" +
|
" \"lease_duration\": 2764800,\n" +
|
||||||
" \"renewable\": false,\n" +
|
" \"renewable\": false,\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"username\": \"" + VAL_USER + "\",\n" +
|
" \"username\": \"" + VAL_USER + "\",\n" +
|
||||||
" \"password\": \"" + VAL_PASS + "\"\n" +
|
" \"password\": \"" + VAL_PASS + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"warnings\": null\n" +
|
" \"warnings\": null\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
CredentialsResponseTest() {
|
CredentialsResponseTest() {
|
||||||
super(CredentialsResponse.class);
|
super(CredentialsResponse.class);
|
||||||
@@ -49,12 +48,10 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected CredentialsResponse createFull() {
|
protected CredentialsResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(JSON, CredentialsResponse.class);
|
() -> objectMapper.readValue(JSON, CredentialsResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -68,8 +65,8 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
|
|||||||
assertNull(res.getPassword(), "Password not present in data map should not return anything");
|
assertNull(res.getPassword(), "Password not present in data map should not return anything");
|
||||||
|
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(JSON, CredentialsResponse.class),
|
() -> objectMapper.readValue(JSON, CredentialsResponse.class),
|
||||||
"Deserialization of CredentialsResponse failed"
|
"Deserialization of CredentialsResponse failed"
|
||||||
);
|
);
|
||||||
assertEquals(VAL_USER, res.getUsername(), "Incorrect username");
|
assertEquals(VAL_USER, res.getUsername(), "Incorrect username");
|
||||||
assertEquals(VAL_PASS, res.getPassword(), "Incorrect password");
|
assertEquals(VAL_PASS, res.getPassword(), "Incorrect password");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2021 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -42,12 +41,10 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected ErrorResponse createFull() {
|
protected ErrorResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(JSON, ErrorResponse.class);
|
() -> objectMapper.readValue(JSON, ErrorResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -56,15 +53,15 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
ErrorResponse res = assertDoesNotThrow(
|
ErrorResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(JSON, ErrorResponse.class),
|
() -> objectMapper.readValue(JSON, ErrorResponse.class),
|
||||||
"ErrorResponse deserialization failed"
|
"ErrorResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(List.of(ERROR_1, ERROR_2), res.getErrors(), "Unexpected error messages");
|
assertEquals(List.of(ERROR_1, ERROR_2), res.getErrors(), "Unexpected error messages");
|
||||||
assertEquals(
|
assertEquals(
|
||||||
JSON,
|
JSON,
|
||||||
assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "ErrorResponse serialization failed"),
|
assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "ErrorResponse serialization failed"),
|
||||||
"Unexpected JSON string after serialization"
|
"Unexpected JSON string after serialization"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -72,14 +69,14 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void testToString() {
|
void testToString() {
|
||||||
ErrorResponse res = assertDoesNotThrow(
|
ErrorResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(JSON, ErrorResponse.class),
|
() -> objectMapper.readValue(JSON, ErrorResponse.class),
|
||||||
"ErrorResponse deserialization failed"
|
"ErrorResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertEquals(ERROR_1, res.toString());
|
assertEquals(ERROR_1, res.toString());
|
||||||
|
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(JSON_EMPTY, ErrorResponse.class),
|
() -> objectMapper.readValue(JSON_EMPTY, ErrorResponse.class),
|
||||||
"ErrorResponse deserialization failed with empty list"
|
"ErrorResponse deserialization failed with empty list"
|
||||||
);
|
);
|
||||||
assertEquals("error response", res.toString());
|
assertEquals("error response", res.toString());
|
||||||
|
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -45,21 +44,21 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
|
|||||||
private static final Boolean ENTERPRISE = false;
|
private static final Boolean ENTERPRISE = false;
|
||||||
|
|
||||||
private static final String RES_JSON = "{\n" +
|
private static final String RES_JSON = "{\n" +
|
||||||
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
|
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
|
||||||
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
|
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
|
||||||
" \"version\": \"" + VERSION + "\",\n" +
|
" \"version\": \"" + VERSION + "\",\n" +
|
||||||
" \"server_time_utc\": " + SERVER_TIME_UTC + ",\n" +
|
" \"server_time_utc\": " + SERVER_TIME_UTC + ",\n" +
|
||||||
" \"standby\": " + STANDBY + ",\n" +
|
" \"standby\": " + STANDBY + ",\n" +
|
||||||
" \"sealed\": " + SEALED + ",\n" +
|
" \"sealed\": " + SEALED + ",\n" +
|
||||||
" \"initialized\": " + INITIALIZED + ",\n" +
|
" \"initialized\": " + INITIALIZED + ",\n" +
|
||||||
" \"replication_performance_mode\": \"" + REPL_PERF_MODE + "\",\n" +
|
" \"replication_performance_mode\": \"" + REPL_PERF_MODE + "\",\n" +
|
||||||
" \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
|
" \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
|
||||||
" \"performance_standby\": " + PERF_STANDBY + ",\n" +
|
" \"performance_standby\": " + PERF_STANDBY + ",\n" +
|
||||||
" \"echo_duration_ms\": " + ECHO_DURATION + ",\n" +
|
" \"echo_duration_ms\": " + ECHO_DURATION + ",\n" +
|
||||||
" \"clock_skew_ms\": " + CLOCK_SKEW + ",\n" +
|
" \"clock_skew_ms\": " + CLOCK_SKEW + ",\n" +
|
||||||
" \"replication_primary_canary_age_ms\": " + REPL_PRIM_CANARY_AGE + ",\n" +
|
" \"replication_primary_canary_age_ms\": " + REPL_PRIM_CANARY_AGE + ",\n" +
|
||||||
" \"enterprise\": " + ENTERPRISE + "\n" +
|
" \"enterprise\": " + ENTERPRISE + "\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
HealthResponseTest() {
|
HealthResponseTest() {
|
||||||
super(HealthResponse.class);
|
super(HealthResponse.class);
|
||||||
@@ -67,12 +66,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected HealthResponse createFull() {
|
protected HealthResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_JSON, HealthResponse.class);
|
() -> objectMapper.readValue(RES_JSON, HealthResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -81,8 +78,8 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
HealthResponse res = assertDoesNotThrow(
|
HealthResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_JSON, HealthResponse.class),
|
() -> objectMapper.readValue(RES_JSON, HealthResponse.class),
|
||||||
"Health deserialization failed"
|
"Health deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID");
|
assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2021 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -38,12 +37,10 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected HelpResponse createFull() {
|
protected HelpResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(JSON, HelpResponse.class);
|
() -> objectMapper.readValue(JSON, HelpResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -52,15 +49,15 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
HelpResponse res = assertDoesNotThrow(
|
HelpResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(JSON, HelpResponse.class),
|
() -> objectMapper.readValue(JSON, HelpResponse.class),
|
||||||
"HelpResponse deserialization failed"
|
"HelpResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(HELP, res.getHelp(), "Unexpected help text");
|
assertEquals(HELP, res.getHelp(), "Unexpected help text");
|
||||||
assertEquals(
|
assertEquals(
|
||||||
JSON,
|
JSON,
|
||||||
assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "HelpResponse serialization failed"),
|
assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "HelpResponse serialization failed"),
|
||||||
"Unexpected JSON string after serialization"
|
"Unexpected JSON string after serialization"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -47,47 +46,47 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
|
|||||||
private static final String CUSTOM_META_VAL = "bar";
|
private static final String CUSTOM_META_VAL = "bar";
|
||||||
|
|
||||||
private static final String SECRET_JSON_V2 = "{\n" +
|
private static final String SECRET_JSON_V2 = "{\n" +
|
||||||
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
|
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
|
||||||
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
|
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
|
||||||
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
|
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
|
||||||
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
|
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
|
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
|
||||||
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
|
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"metadata\": {\n" +
|
" \"metadata\": {\n" +
|
||||||
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
|
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
|
||||||
" \"custom_metadata\": null,\n" +
|
" \"custom_metadata\": null,\n" +
|
||||||
" \"deletion_time\": \"\",\n" +
|
" \"deletion_time\": \"\",\n" +
|
||||||
" \"destroyed\": false,\n" +
|
" \"destroyed\": false,\n" +
|
||||||
" \"version\": 1\n" +
|
" \"version\": 1\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"warnings\": " + SECRET_WARNINGS + "\n" +
|
" \"warnings\": " + SECRET_WARNINGS + "\n" +
|
||||||
"}";
|
"}";
|
||||||
private static final String SECRET_JSON_V2_2 = "{\n" +
|
private static final String SECRET_JSON_V2_2 = "{\n" +
|
||||||
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
|
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
|
||||||
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
|
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
|
||||||
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
|
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
|
||||||
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
|
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
|
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
|
||||||
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
|
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"metadata\": {\n" +
|
" \"metadata\": {\n" +
|
||||||
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
|
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
|
||||||
" \"custom_metadata\": {" +
|
" \"custom_metadata\": {" +
|
||||||
" \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
|
" \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
|
" \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
|
||||||
" \"destroyed\": true,\n" +
|
" \"destroyed\": true,\n" +
|
||||||
" \"version\": 2\n" +
|
" \"version\": 2\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"warnings\": " + SECRET_WARNINGS + "\n" +
|
" \"warnings\": " + SECRET_WARNINGS + "\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
MetaSecretResponseTest() {
|
MetaSecretResponseTest() {
|
||||||
super(MetaSecretResponse.class);
|
super(MetaSecretResponse.class);
|
||||||
@@ -95,12 +94,10 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected MetaSecretResponse createFull() {
|
protected MetaSecretResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class);
|
() -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -110,8 +107,8 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
// KV v2 secret.
|
// KV v2 secret.
|
||||||
MetaSecretResponse res = assertDoesNotThrow(
|
MetaSecretResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
|
() -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
|
||||||
"SecretResponse deserialization failed"
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertSecretData(res);
|
assertSecretData(res);
|
||||||
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
||||||
@@ -123,8 +120,8 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
|
|||||||
|
|
||||||
// Deleted KV v2 secret.
|
// Deleted KV v2 secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(SECRET_JSON_V2_2, MetaSecretResponse.class),
|
() -> objectMapper.readValue(SECRET_JSON_V2_2, MetaSecretResponse.class),
|
||||||
"SecretResponse deserialization failed"
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertSecretData(res);
|
assertSecretData(res);
|
||||||
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -43,36 +42,36 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
|
|||||||
private static final String DELETE_VERSION_AFTER = "0s";
|
private static final String DELETE_VERSION_AFTER = "0s";
|
||||||
|
|
||||||
private static final String META_JSON = "{\n" +
|
private static final String META_JSON = "{\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"cas_required\": " + CAS_REQUIRED + ",\n" +
|
" \"cas_required\": " + CAS_REQUIRED + ",\n" +
|
||||||
" \"created_time\": \"" + V1_TIME + "\",\n" +
|
" \"created_time\": \"" + V1_TIME + "\",\n" +
|
||||||
" \"current_version\": " + CURRENT_VERSION + ",\n" +
|
" \"current_version\": " + CURRENT_VERSION + ",\n" +
|
||||||
" \"custom_metadata\": {" +
|
" \"custom_metadata\": {" +
|
||||||
" \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
|
" \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"delete_version_after\": \"" + DELETE_VERSION_AFTER + "\"," +
|
" \"delete_version_after\": \"" + DELETE_VERSION_AFTER + "\"," +
|
||||||
" \"max_versions\": " + MAX_VERSIONS + ",\n" +
|
" \"max_versions\": " + MAX_VERSIONS + ",\n" +
|
||||||
" \"oldest_version\": " + OLDEST_VERSION + ",\n" +
|
" \"oldest_version\": " + OLDEST_VERSION + ",\n" +
|
||||||
" \"updated_time\": \"" + V3_TIME + "\",\n" +
|
" \"updated_time\": \"" + V3_TIME + "\",\n" +
|
||||||
" \"versions\": {\n" +
|
" \"versions\": {\n" +
|
||||||
" \"1\": {\n" +
|
" \"1\": {\n" +
|
||||||
" \"created_time\": \"" + V1_TIME + "\",\n" +
|
" \"created_time\": \"" + V1_TIME + "\",\n" +
|
||||||
" \"deletion_time\": \"" + V2_TIME + "\",\n" +
|
" \"deletion_time\": \"" + V2_TIME + "\",\n" +
|
||||||
" \"destroyed\": true\n" +
|
" \"destroyed\": true\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"2\": {\n" +
|
" \"2\": {\n" +
|
||||||
" \"created_time\": \"" + V2_TIME + "\",\n" +
|
" \"created_time\": \"" + V2_TIME + "\",\n" +
|
||||||
" \"deletion_time\": \"\",\n" +
|
" \"deletion_time\": \"\",\n" +
|
||||||
" \"destroyed\": false\n" +
|
" \"destroyed\": false\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"3\": {\n" +
|
" \"3\": {\n" +
|
||||||
" \"created_time\": \"" + V3_TIME + "\",\n" +
|
" \"created_time\": \"" + V3_TIME + "\",\n" +
|
||||||
" \"deletion_time\": \"\",\n" +
|
" \"deletion_time\": \"\",\n" +
|
||||||
" \"destroyed\": false\n" +
|
" \"destroyed\": false\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
MetadataResponseTest() {
|
MetadataResponseTest() {
|
||||||
super(MetadataResponse.class);
|
super(MetadataResponse.class);
|
||||||
@@ -80,12 +79,10 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected MetadataResponse createFull() {
|
protected MetadataResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(META_JSON, MetadataResponse.class);
|
() -> objectMapper.readValue(META_JSON, MetadataResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -94,8 +91,8 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(META_JSON, MetadataResponse.class),
|
() -> objectMapper.readValue(META_JSON, MetadataResponse.class),
|
||||||
"MetadataResponse deserialization failed"
|
"MetadataResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
|
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2021 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -17,7 +17,6 @@
|
|||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
import de.stklcode.jvault.connector.exception.InvalidResponseException;
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@@ -43,16 +42,16 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
|
|||||||
private static final String SECRET_DATA_V2 = "world";
|
private static final String SECRET_DATA_V2 = "world";
|
||||||
private static final List<String> SECRET_WARNINGS = null;
|
private static final List<String> SECRET_WARNINGS = null;
|
||||||
private static final String SECRET_JSON = "{\n" +
|
private static final String SECRET_JSON = "{\n" +
|
||||||
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
|
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
|
||||||
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
|
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
|
||||||
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
|
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
|
||||||
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
|
" \"renewable\": " + SECRET_RENEWABLE + ",\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
|
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
|
||||||
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
|
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"warnings\": " + SECRET_WARNINGS + "\n" +
|
" \"warnings\": " + SECRET_WARNINGS + "\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
PlainSecretResponseTest() {
|
PlainSecretResponseTest() {
|
||||||
super(PlainSecretResponse.class);
|
super(PlainSecretResponse.class);
|
||||||
@@ -60,12 +59,10 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected PlainSecretResponse createFull() {
|
protected PlainSecretResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class);
|
() -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -74,8 +71,8 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
|
() -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
|
||||||
"SecretResponse deserialization failed"
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
@@ -106,74 +103,74 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
|
|||||||
final var complexVal = new ComplexType("val1", 678);
|
final var complexVal = new ComplexType("val1", 678);
|
||||||
|
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(
|
() -> objectMapper.readValue(
|
||||||
"{\n" +
|
"{\n" +
|
||||||
" \"request_id\": \"req-id\",\n" +
|
" \"request_id\": \"req-id\",\n" +
|
||||||
" \"lease_id\": \"lea-id\",\n" +
|
" \"lease_id\": \"lea-id\",\n" +
|
||||||
" \"lease_duration\": " + 123456 + ",\n" +
|
" \"lease_duration\": " + 123456 + ",\n" +
|
||||||
" \"renewable\": true,\n" +
|
" \"renewable\": true,\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"" + stringKey + "\": \"" + stringVal + "\",\n" +
|
" \"" + stringKey + "\": \"" + stringVal + "\",\n" +
|
||||||
" \"" + numberKey + "\": \"" + numberVal + "\",\n" +
|
" \"" + numberKey + "\": \"" + numberVal + "\",\n" +
|
||||||
" \"" + listKey + "\": [\"" + String.join("\", \"", listVal) + "\"],\n" +
|
" \"" + listKey + "\": [\"" + String.join("\", \"", listVal) + "\"],\n" +
|
||||||
" \"" + complexKey + "\": {" +
|
" \"" + complexKey + "\": {" +
|
||||||
" \"field1\": \"" + complexVal.field1 + "\",\n" +
|
" \"field1\": \"" + complexVal.field1 + "\",\n" +
|
||||||
" \"field2\": " + complexVal.field2 + "\n" +
|
" \"field2\": " + complexVal.field2 + "\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"" + complexKey + "Json\": \"" + objectMapper.writeValueAsString(complexVal).replace("\"", "\\\"") + "\"\n" +
|
" \"" + complexKey + "Json\": \"" + objectMapper.writeValueAsString(complexVal).replace("\"", "\\\"") + "\"\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
"}",
|
"}",
|
||||||
PlainSecretResponse.class
|
PlainSecretResponse.class
|
||||||
),
|
),
|
||||||
"SecretResponse deserialization failed"
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(stringVal, res.get(stringKey), "unexpected value for string (implicit)");
|
assertEquals(stringVal, res.get(stringKey), "unexpected value for string (implicit)");
|
||||||
assertEquals(
|
assertEquals(
|
||||||
stringVal,
|
stringVal,
|
||||||
assertDoesNotThrow(() -> res.get(stringKey, String.class), "getting string failed"),
|
assertDoesNotThrow(() -> res.get(stringKey, String.class), "getting string failed"),
|
||||||
"unexpected value for string (explicit)"
|
"unexpected value for string (explicit)"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(String.valueOf(numberVal), res.get(numberKey), "unexpected value for number (implicit)");
|
assertEquals(String.valueOf(numberVal), res.get(numberKey), "unexpected value for number (implicit)");
|
||||||
assertEquals(
|
assertEquals(
|
||||||
numberVal,
|
numberVal,
|
||||||
assertDoesNotThrow(() -> res.get(numberKey, Double.class), "getting number failed"),
|
assertDoesNotThrow(() -> res.get(numberKey, Double.class), "getting number failed"),
|
||||||
"unexpected value for number (explicit)"
|
"unexpected value for number (explicit)"
|
||||||
);
|
);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
String.valueOf(numberVal),
|
String.valueOf(numberVal),
|
||||||
assertDoesNotThrow(() -> res.get(numberKey, String.class), "getting number as string failed"),
|
assertDoesNotThrow(() -> res.get(numberKey, String.class), "getting number as string failed"),
|
||||||
"unexpected value for number as string (explicit)"
|
"unexpected value for number as string (explicit)"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(listVal, res.get(listKey), "unexpected value for list (implicit)");
|
assertEquals(listVal, res.get(listKey), "unexpected value for list (implicit)");
|
||||||
assertEquals(
|
assertEquals(
|
||||||
listVal,
|
listVal,
|
||||||
assertDoesNotThrow(() -> res.get(listKey, ArrayList.class), "getting list failed"),
|
assertDoesNotThrow(() -> res.get(listKey, ArrayList.class), "getting list failed"),
|
||||||
"unexpected value for list (explicit)"
|
"unexpected value for list (explicit)"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(complexVal.toMap(), res.get(complexKey), "unexpected value for complex type (implicit)");
|
assertEquals(complexVal.toMap(), res.get(complexKey), "unexpected value for complex type (implicit)");
|
||||||
assertEquals(
|
assertEquals(
|
||||||
complexVal.toMap(),
|
complexVal.toMap(),
|
||||||
assertDoesNotThrow(() -> res.get(complexKey, HashMap.class), "getting complex type as map failed"),
|
assertDoesNotThrow(() -> res.get(complexKey, HashMap.class), "getting complex type as map failed"),
|
||||||
"unexpected value for complex type as map (explicit)"
|
"unexpected value for complex type as map (explicit)"
|
||||||
);
|
);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
complexVal,
|
complexVal,
|
||||||
assertDoesNotThrow(() -> res.get(complexKey, ComplexType.class), "getting complex type failed"),
|
assertDoesNotThrow(() -> res.get(complexKey, ComplexType.class), "getting complex type failed"),
|
||||||
"unexpected value for complex type (explicit)"
|
"unexpected value for complex type (explicit)"
|
||||||
);
|
);
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> res.get(complexKey, Integer.class),
|
() -> res.get(complexKey, Integer.class),
|
||||||
"getting complex type as integer should fail"
|
"getting complex type as integer should fail"
|
||||||
);
|
);
|
||||||
assertEquals(
|
assertEquals(
|
||||||
complexVal,
|
complexVal,
|
||||||
assertDoesNotThrow(() -> res.get(complexKey + "Json", ComplexType.class), "getting complex type from JSON string failed"),
|
assertDoesNotThrow(() -> res.get(complexKey + "Json", ComplexType.class), "getting complex type from JSON string failed"),
|
||||||
"unexpected value for complex type from JSON string"
|
"unexpected value for complex type from JSON string"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -199,8 +196,8 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
|
|||||||
|
|
||||||
private Map<String, Object> toMap() {
|
private Map<String, Object> toMap() {
|
||||||
return Map.of(
|
return Map.of(
|
||||||
"field1", field1,
|
"field1", field1,
|
||||||
"field2", field2
|
"field2", field2
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -46,36 +45,36 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
|
|||||||
private static final String STORAGE_TYPE = "file";
|
private static final String STORAGE_TYPE = "file";
|
||||||
|
|
||||||
private static final String RES_SEALED = "{\n" +
|
private static final String RES_SEALED = "{\n" +
|
||||||
" \"type\": \"" + TYPE + "\",\n" +
|
" \"type\": \"" + TYPE + "\",\n" +
|
||||||
" \"sealed\": true,\n" +
|
" \"sealed\": true,\n" +
|
||||||
" \"initialized\": true,\n" +
|
" \"initialized\": true,\n" +
|
||||||
" \"t\": " + THRESHOLD + ",\n" +
|
" \"t\": " + THRESHOLD + ",\n" +
|
||||||
" \"n\": " + SHARES + ",\n" +
|
" \"n\": " + SHARES + ",\n" +
|
||||||
" \"progress\": " + PROGRESS_SEALED + ",\n" +
|
" \"progress\": " + PROGRESS_SEALED + ",\n" +
|
||||||
" \"nonce\": \"\",\n" +
|
" \"nonce\": \"\",\n" +
|
||||||
" \"version\": \"" + VERSION + "\",\n" +
|
" \"version\": \"" + VERSION + "\",\n" +
|
||||||
" \"build_date\": \"" + BUILD_DATE + "\",\n" +
|
" \"build_date\": \"" + BUILD_DATE + "\",\n" +
|
||||||
" \"migration\": \"" + MIGRATION + "\",\n" +
|
" \"migration\": \"" + MIGRATION + "\",\n" +
|
||||||
" \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
|
" \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
|
||||||
" \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
|
" \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
private static final String RES_UNSEALED = "{\n" +
|
private static final String RES_UNSEALED = "{\n" +
|
||||||
" \"type\": \"" + TYPE + "\",\n" +
|
" \"type\": \"" + TYPE + "\",\n" +
|
||||||
" \"sealed\": false,\n" +
|
" \"sealed\": false,\n" +
|
||||||
" \"initialized\": true,\n" +
|
" \"initialized\": true,\n" +
|
||||||
" \"t\": " + THRESHOLD + ",\n" +
|
" \"t\": " + THRESHOLD + ",\n" +
|
||||||
" \"n\": " + SHARES + ",\n" +
|
" \"n\": " + SHARES + ",\n" +
|
||||||
" \"progress\": " + PROGRESS_UNSEALED + ",\n" +
|
" \"progress\": " + PROGRESS_UNSEALED + ",\n" +
|
||||||
" \"version\": \"" + VERSION + "\",\n" +
|
" \"version\": \"" + VERSION + "\",\n" +
|
||||||
" \"build_date\": \"" + BUILD_DATE + "\",\n" +
|
" \"build_date\": \"" + BUILD_DATE + "\",\n" +
|
||||||
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
|
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
|
||||||
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
|
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
|
||||||
" \"nonce\": \"" + NONCE + "\",\n" +
|
" \"nonce\": \"" + NONCE + "\",\n" +
|
||||||
" \"migration\": \"" + MIGRATION + "\",\n" +
|
" \"migration\": \"" + MIGRATION + "\",\n" +
|
||||||
" \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
|
" \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
|
||||||
" \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
|
" \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
SealResponseTest() {
|
SealResponseTest() {
|
||||||
super(SealResponse.class);
|
super(SealResponse.class);
|
||||||
@@ -83,12 +82,10 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected SealResponse createFull() {
|
protected SealResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_UNSEALED, SealResponse.class);
|
() -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -98,8 +95,8 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
|
|||||||
void jsonRoundtripSealed() {
|
void jsonRoundtripSealed() {
|
||||||
// First test sealed Vault's response.
|
// First test sealed Vault's response.
|
||||||
SealResponse res = assertDoesNotThrow(
|
SealResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_SEALED, SealResponse.class),
|
() -> objectMapper.readValue(RES_SEALED, SealResponse.class),
|
||||||
"SealResponse deserialization failed"
|
"SealResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
||||||
@@ -121,8 +118,8 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
|
|||||||
|
|
||||||
// Not test unsealed Vault's response.
|
// Not test unsealed Vault's response.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
|
() -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
|
||||||
"SealResponse deserialization failed"
|
"SealResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,13 +16,13 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* JUnit Test for {@link SecretListResponse} model.
|
* JUnit Test for {@link SecretListResponse} model.
|
||||||
@@ -34,17 +34,17 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
|
|||||||
private static final String KEY1 = "key1";
|
private static final String KEY1 = "key1";
|
||||||
private static final String KEY2 = "key-2";
|
private static final String KEY2 = "key-2";
|
||||||
private static final String JSON = "{\n" +
|
private static final String JSON = "{\n" +
|
||||||
" \"auth\": null,\n" +
|
" \"auth\": null,\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"keys\": [" +
|
" \"keys\": [" +
|
||||||
" \"" + KEY1 + "\",\n" +
|
" \"" + KEY1 + "\",\n" +
|
||||||
" \"" + KEY2 + "\"\n" +
|
" \"" + KEY2 + "\"\n" +
|
||||||
" ]\n" +
|
" ]\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"lease_duration\": 2764800,\n" +
|
" \"lease_duration\": 2764800,\n" +
|
||||||
" \"lease_id\": \"\",\n" +
|
" \"lease_id\": \"\",\n" +
|
||||||
" \"renewable\": false\n" +
|
" \"renewable\": false\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
SecretListResponseTest() {
|
SecretListResponseTest() {
|
||||||
super(SecretListResponse.class);
|
super(SecretListResponse.class);
|
||||||
@@ -52,12 +52,10 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected SecretListResponse createFull() {
|
protected SecretListResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(JSON, SecretListResponse.class);
|
() -> objectMapper.readValue(JSON, SecretListResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -66,8 +64,8 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void getKeysTest() {
|
void getKeysTest() {
|
||||||
SecretListResponse res = assertDoesNotThrow(
|
SecretListResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(JSON, SecretListResponse.class),
|
() -> objectMapper.readValue(JSON, SecretListResponse.class),
|
||||||
"SecretListResponse deserialization failed"
|
"SecretListResponse deserialization failed"
|
||||||
);
|
);
|
||||||
|
|
||||||
assertEquals(List.of(KEY1, KEY2), res.getKeys(), "Unexpected secret keys");
|
assertEquals(List.of(KEY1, KEY2), res.getKeys(), "Unexpected secret keys");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -34,13 +33,13 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
|
|||||||
private static final Integer VERSION = 42;
|
private static final Integer VERSION = 42;
|
||||||
|
|
||||||
private static final String META_JSON = "{\n" +
|
private static final String META_JSON = "{\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"created_time\": \"" + CREATION_TIME + "\",\n" +
|
" \"created_time\": \"" + CREATION_TIME + "\",\n" +
|
||||||
" \"deletion_time\": \"" + DELETION_TIME + "\",\n" +
|
" \"deletion_time\": \"" + DELETION_TIME + "\",\n" +
|
||||||
" \"destroyed\": false,\n" +
|
" \"destroyed\": false,\n" +
|
||||||
" \"version\": " + VERSION + "\n" +
|
" \"version\": " + VERSION + "\n" +
|
||||||
" }\n" +
|
" }\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
SecretVersionResponseTest() {
|
SecretVersionResponseTest() {
|
||||||
super(SecretVersionResponse.class);
|
super(SecretVersionResponse.class);
|
||||||
@@ -48,12 +47,10 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected SecretVersionResponse createFull() {
|
protected SecretVersionResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(META_JSON, SecretVersionResponse.class);
|
() -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -62,8 +59,8 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
SecretVersionResponse res = assertDoesNotThrow(
|
SecretVersionResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
|
() -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
|
||||||
"SecretVersionResponse deserialization failed"
|
"SecretVersionResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
|
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -16,7 +16,6 @@
|
|||||||
|
|
||||||
package de.stklcode.jvault.connector.model.response;
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import de.stklcode.jvault.connector.model.response.embedded.TokenData;
|
import de.stklcode.jvault.connector.model.response.embedded.TokenData;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
@@ -35,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.*;
|
|||||||
*/
|
*/
|
||||||
class TokenResponseTest extends AbstractModelTest<TokenResponse> {
|
class TokenResponseTest extends AbstractModelTest<TokenResponse> {
|
||||||
private static final Integer TOKEN_CREATION_TIME = 1457533232;
|
private static final Integer TOKEN_CREATION_TIME = 1457533232;
|
||||||
private static final Integer TOKEN_TTL = 2764800;
|
private static final Long TOKEN_TTL = 2764800L;
|
||||||
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 0;
|
private static final Long TOKEN_EXPLICIT_MAX_TTL = 0L;
|
||||||
private static final String TOKEN_DISPLAY_NAME = "token";
|
private static final String TOKEN_DISPLAY_NAME = "token";
|
||||||
private static final String TOKEN_META_KEY = "foo";
|
private static final String TOKEN_META_KEY = "foo";
|
||||||
private static final String TOKEN_META_VALUE = "bar";
|
private static final String TOKEN_META_VALUE = "bar";
|
||||||
@@ -47,7 +46,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
|
|||||||
private static final String TOKEN_POLICY_1 = "default";
|
private static final String TOKEN_POLICY_1 = "default";
|
||||||
private static final String TOKEN_POLICY_2 = "web";
|
private static final String TOKEN_POLICY_2 = "web";
|
||||||
private static final Boolean RES_RENEWABLE = false;
|
private static final Boolean RES_RENEWABLE = false;
|
||||||
private static final Integer RES_TTL = 2591976;
|
private static final Long RES_TTL = 2591976L;
|
||||||
private static final Integer RES_LEASE_DURATION = 0;
|
private static final Integer RES_LEASE_DURATION = 0;
|
||||||
private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
|
private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
|
||||||
private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
|
private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
|
||||||
@@ -58,37 +57,37 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
|
|||||||
private static final String MOUNT_TYPE = "token";
|
private static final String MOUNT_TYPE = "token";
|
||||||
|
|
||||||
private static final String RES_JSON = "{\n" +
|
private static final String RES_JSON = "{\n" +
|
||||||
" \"lease_id\": \"\",\n" +
|
" \"lease_id\": \"\",\n" +
|
||||||
" \"renewable\": " + RES_RENEWABLE + ",\n" +
|
" \"renewable\": " + RES_RENEWABLE + ",\n" +
|
||||||
" \"lease_duration\": " + RES_LEASE_DURATION + ",\n" +
|
" \"lease_duration\": " + RES_LEASE_DURATION + ",\n" +
|
||||||
" \"data\": {\n" +
|
" \"data\": {\n" +
|
||||||
" \"accessor\": \"" + TOKEN_ACCESSOR + "\",\n" +
|
" \"accessor\": \"" + TOKEN_ACCESSOR + "\",\n" +
|
||||||
" \"creation_time\": " + TOKEN_CREATION_TIME + ",\n" +
|
" \"creation_time\": " + TOKEN_CREATION_TIME + ",\n" +
|
||||||
" \"creation_ttl\": " + TOKEN_TTL + ",\n" +
|
" \"creation_ttl\": " + TOKEN_TTL + ",\n" +
|
||||||
" \"display_name\": \"" + TOKEN_DISPLAY_NAME + "\",\n" +
|
" \"display_name\": \"" + TOKEN_DISPLAY_NAME + "\",\n" +
|
||||||
" \"entity_id\": \"" + TOKEN_ENTITY_ID + "\",\n" +
|
" \"entity_id\": \"" + TOKEN_ENTITY_ID + "\",\n" +
|
||||||
" \"expire_time\": \"" + TOKEN_EXPIRE_TIME + "\",\n" +
|
" \"expire_time\": \"" + TOKEN_EXPIRE_TIME + "\",\n" +
|
||||||
" \"explicit_max_ttl\": \"" + TOKEN_EXPLICIT_MAX_TTL + "\",\n" +
|
" \"explicit_max_ttl\": \"" + TOKEN_EXPLICIT_MAX_TTL + "\",\n" +
|
||||||
" \"id\": \"" + TOKEN_ID + "\",\n" +
|
" \"id\": \"" + TOKEN_ID + "\",\n" +
|
||||||
" \"issue_time\": \"" + TOKEN_ISSUE_TIME + "\",\n" +
|
" \"issue_time\": \"" + TOKEN_ISSUE_TIME + "\",\n" +
|
||||||
" \"meta\": {\n" +
|
" \"meta\": {\n" +
|
||||||
" \"" + TOKEN_META_KEY + "\": \"" + TOKEN_META_VALUE + "\"\n" +
|
" \"" + TOKEN_META_KEY + "\": \"" + TOKEN_META_VALUE + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"num_uses\": " + TOKEN_NUM_USES + ",\n" +
|
" \"num_uses\": " + TOKEN_NUM_USES + ",\n" +
|
||||||
" \"orphan\": " + TOKEN_ORPHAN + ",\n" +
|
" \"orphan\": " + TOKEN_ORPHAN + ",\n" +
|
||||||
" \"path\": \"" + TOKEN_PATH + "\",\n" +
|
" \"path\": \"" + TOKEN_PATH + "\",\n" +
|
||||||
" \"policies\": [\n" +
|
" \"policies\": [\n" +
|
||||||
" \"" + TOKEN_POLICY_1 + "\", \n" +
|
" \"" + TOKEN_POLICY_1 + "\", \n" +
|
||||||
" \"" + TOKEN_POLICY_2 + "\"\n" +
|
" \"" + TOKEN_POLICY_2 + "\"\n" +
|
||||||
" ],\n" +
|
" ],\n" +
|
||||||
" \"renewable\": " + TOKEN_RENEWABLE + ",\n" +
|
" \"renewable\": " + TOKEN_RENEWABLE + ",\n" +
|
||||||
" \"ttl\": " + RES_TTL + ",\n" +
|
" \"ttl\": " + RES_TTL + ",\n" +
|
||||||
" \"type\": \"" + TOKEN_TYPE + "\"\n" +
|
" \"type\": \"" + TOKEN_TYPE + "\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
" \"warnings\": null,\n" +
|
" \"warnings\": null,\n" +
|
||||||
" \"auth\": null,\n" +
|
" \"auth\": null,\n" +
|
||||||
" \"mount_type\": \"" + MOUNT_TYPE + "\"\n" +
|
" \"mount_type\": \"" + MOUNT_TYPE + "\"\n" +
|
||||||
"}";
|
"}";
|
||||||
|
|
||||||
TokenResponseTest() {
|
TokenResponseTest() {
|
||||||
super(TokenResponse.class);
|
super(TokenResponse.class);
|
||||||
@@ -96,12 +95,10 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected TokenResponse createFull() {
|
protected TokenResponse createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_JSON, TokenResponse.class);
|
() -> objectMapper.readValue(RES_JSON, TokenResponse.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -120,8 +117,8 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
|
|||||||
@Test
|
@Test
|
||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
TokenResponse res = assertDoesNotThrow(
|
TokenResponse res = assertDoesNotThrow(
|
||||||
() -> objectMapper.readValue(RES_JSON, TokenResponse.class),
|
() -> objectMapper.readValue(RES_JSON, TokenResponse.class),
|
||||||
"TokenResponse deserialization failed"
|
"TokenResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
|
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
|
||||||
|
@@ -0,0 +1,134 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package de.stklcode.jvault.connector.model.response;
|
||||||
|
|
||||||
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* JUnit Test for {@link TransitResponse} model.
|
||||||
|
*
|
||||||
|
* @author Stefan Kalscheuer
|
||||||
|
* @since 1.5.0
|
||||||
|
*/
|
||||||
|
class TransitResponseTest extends AbstractModelTest<TransitResponse> {
|
||||||
|
private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
|
||||||
|
private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
|
||||||
|
private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
|
||||||
|
|
||||||
|
TransitResponseTest() {
|
||||||
|
super(TransitResponse.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected TransitResponse createFull() {
|
||||||
|
return assertDoesNotThrow(
|
||||||
|
() -> objectMapper.readValue(
|
||||||
|
json(
|
||||||
|
"\"ciphertext\": \"" + CIPHERTEXT + "\", " +
|
||||||
|
"\"plaintext\": \"" + PLAINTEXT + "\", " +
|
||||||
|
"\"sum\": \"" + SUM + "\""
|
||||||
|
),
|
||||||
|
TransitResponse.class
|
||||||
|
),
|
||||||
|
"Creation of full model failed"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void encryptionTest() {
|
||||||
|
TransitResponse res = assertDoesNotThrow(
|
||||||
|
() -> objectMapper.readValue(
|
||||||
|
json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
|
||||||
|
TransitResponse.class
|
||||||
|
),
|
||||||
|
"TransitResponse deserialization failed"
|
||||||
|
);
|
||||||
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
|
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
|
||||||
|
assertEquals("", res.getLeaseId(), "Unexpected lease id");
|
||||||
|
assertFalse(res.isRenewable(), "Unexpected renewable flag");
|
||||||
|
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
|
||||||
|
assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
|
||||||
|
assertNull(res.getPlaintext(), "Unexpected plaintext");
|
||||||
|
assertNull(res.getSum(), "Unexpected sum");
|
||||||
|
assertNull(res.getWrapInfo(), "Unexpected wrap info");
|
||||||
|
assertNull(res.getWarnings(), "Unexpected warnings");
|
||||||
|
assertNull(res.getAuth(), "Unexpected auth");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void decryptionTest() {
|
||||||
|
TransitResponse res = assertDoesNotThrow(
|
||||||
|
() -> objectMapper.readValue(
|
||||||
|
json("\"plaintext\": \"" + PLAINTEXT + "\""),
|
||||||
|
TransitResponse.class
|
||||||
|
),
|
||||||
|
"TransitResponse deserialization failed"
|
||||||
|
);
|
||||||
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
|
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
|
||||||
|
assertEquals("", res.getLeaseId(), "Unexpected lease id");
|
||||||
|
assertFalse(res.isRenewable(), "Unexpected renewable flag");
|
||||||
|
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
|
||||||
|
assertNull(res.getCiphertext(), "Unexpected ciphertext");
|
||||||
|
assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
|
||||||
|
assertNull(res.getSum(), "Unexpected sum");
|
||||||
|
assertNull(res.getWrapInfo(), "Unexpected wrap info");
|
||||||
|
assertNull(res.getWarnings(), "Unexpected warnings");
|
||||||
|
assertNull(res.getAuth(), "Unexpected auth");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void hashTest() {
|
||||||
|
TransitResponse res = assertDoesNotThrow(
|
||||||
|
() -> objectMapper.readValue(
|
||||||
|
json("\"sum\": \"" + SUM + "\""),
|
||||||
|
TransitResponse.class
|
||||||
|
),
|
||||||
|
"TransitResponse deserialization failed"
|
||||||
|
);
|
||||||
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
|
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
|
||||||
|
assertEquals("", res.getLeaseId(), "Unexpected lease id");
|
||||||
|
assertFalse(res.isRenewable(), "Unexpected renewable flag");
|
||||||
|
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
|
||||||
|
assertNull(res.getCiphertext(), "Unexpected ciphertext");
|
||||||
|
assertNull(res.getPlaintext(), "Unexpected plaintext");
|
||||||
|
assertEquals(SUM, res.getSum(), "Incorrect sum");
|
||||||
|
assertNull(res.getWrapInfo(), "Unexpected wrap info");
|
||||||
|
assertNull(res.getWarnings(), "Unexpected warnings");
|
||||||
|
assertNull(res.getAuth(), "Unexpected auth");
|
||||||
|
}
|
||||||
|
|
||||||
|
private static String json(String data) {
|
||||||
|
return "{\n" +
|
||||||
|
" \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
|
||||||
|
" \"lease_id\" : \"\",\n" +
|
||||||
|
" \"renewable\" : false,\n" +
|
||||||
|
" \"lease_duration\" : 0,\n" +
|
||||||
|
" \"data\" : {\n" +
|
||||||
|
" " + data + "\n" +
|
||||||
|
" },\n" +
|
||||||
|
" \"wrap_info\" : null,\n" +
|
||||||
|
" \"warnings\" : null,\n" +
|
||||||
|
" \"auth\" : null\n" +
|
||||||
|
"}";
|
||||||
|
}
|
||||||
|
}
|
@@ -1,6 +1,5 @@
|
|||||||
package de.stklcode.jvault.connector.model.response.embedded;
|
package de.stklcode.jvault.connector.model.response.embedded;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
import de.stklcode.jvault.connector.model.AbstractModelTest;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
@@ -14,8 +13,8 @@ import static org.junit.jupiter.api.Assertions.*;
|
|||||||
* @author Stefan Kalscheuer
|
* @author Stefan Kalscheuer
|
||||||
*/
|
*/
|
||||||
class MountConfigTest extends AbstractModelTest<MountConfig> {
|
class MountConfigTest extends AbstractModelTest<MountConfig> {
|
||||||
private static final Integer DEFAULT_LEASE_TTL = 1800;
|
private static final Long DEFAULT_LEASE_TTL = 1800L;
|
||||||
private static final Integer MAX_LEASE_TTL = 3600;
|
private static final Long MAX_LEASE_TTL = 3600L;
|
||||||
private static final Boolean FORCE_NO_CACHE = false;
|
private static final Boolean FORCE_NO_CACHE = false;
|
||||||
private static final String TOKEN_TYPE = "default-service";
|
private static final String TOKEN_TYPE = "default-service";
|
||||||
private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
|
private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
|
||||||
@@ -62,12 +61,10 @@ class MountConfigTest extends AbstractModelTest<MountConfig> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected MountConfig createFull() {
|
protected MountConfig createFull() {
|
||||||
try {
|
return assertDoesNotThrow(
|
||||||
return objectMapper.readValue(RES_JSON, MountConfig.class);
|
() -> objectMapper.readValue(RES_JSON, MountConfig.class),
|
||||||
} catch (JsonProcessingException e) {
|
"Creation of full model instance failed"
|
||||||
fail("Creation of full model instance failed", e);
|
);
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2016-2024 Stefan Kalscheuer
|
* Copyright 2016-2025 Stefan Kalscheuer
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@@ -93,14 +93,14 @@ public class VaultConfiguration {
|
|||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
return "storage \"file\" {\n" +
|
return "storage \"file\" {\n" +
|
||||||
" path = \"" + dataLocation + "\"\n" +
|
" path = \"" + dataLocation + "\"\n" +
|
||||||
"}\n" +
|
"}\n" +
|
||||||
"listener \"tcp\" {\n" +
|
"listener \"tcp\" {\n" +
|
||||||
" address = \"" + host + ":" + port + "\"\n" +
|
" address = \"" + host + ":" + port + "\"\n" +
|
||||||
((disableTLS) ? " tls_disable = 1\n" : "") +
|
((disableTLS) ? " tls_disable = 1\n" : "") +
|
||||||
((certFile != null) ? " tls_cert_file = \"" + certFile + "\"\n" : "") +
|
((certFile != null) ? " tls_cert_file = \"" + certFile + "\"\n" : "") +
|
||||||
((keyFile != null) ? " tls_key_file = \"" + keyFile + "\"\n" : "") +
|
((keyFile != null) ? " tls_key_file = \"" + keyFile + "\"\n" : "") +
|
||||||
"}\n" +
|
"}\n" +
|
||||||
((disableMlock) ? "disable_mlock = true" : "");
|
((disableMlock) ? "disable_mlock = true" : "");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -1 +1 @@
|
|||||||
{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="}
|
{"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}
|
||||||
|
@@ -0,0 +1 @@
|
|||||||
|
{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}
|
@@ -0,0 +1 @@
|
|||||||
|
{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}
|
Reference in New Issue
Block a user