43 Commits
v1.4.0 ... main

Author SHA1 Message Date
5b9f1392d3 build: restore argLine to fix code coverage
Some checks failed
CI / build-with-it (11, 1.2.0) (push) Successful in 49s
CI / build-with-it (11, 1.20.0) (push) Successful in 1m6s
CI / build-with-it (17, 1.2.0) (push) Successful in 44s
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m26s
CI / build-with-it (21, 1.2.0) (push) Failing after 14m11s
CI / build-with-it (17, 1.20.0) (push) Failing after 14m36s
Partially reverts da4fffc823
2025-07-15 08:41:46 +02:00
da4fffc823 build remove unused test module access flags
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 40s
CI / build-with-it (11, 1.20.0) (push) Successful in 51s
CI / build-with-it (17, 1.2.0) (push) Successful in 39s
CI / build-with-it (17, 1.20.0) (push) Successful in 50s
CI / build-with-it (21, 1.2.0) (push) Successful in 41s
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 48s
Remove redundant module opens directives and argLine property
inheritance, keeping only essential module access config for tests.
2025-07-13 18:38:47 +02:00
91276e1615 test: autoformat test code
All checks were successful
CI / build (11) (push) Successful in 34s
CI / build (17) (push) Successful in 32s
CI / build (true, 21) (push) Successful in 28s
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
CI / build-with-it (11, 1.20.0) (push) Successful in 1m7s
CI / build-with-it (17, 1.2.0) (push) Successful in 45s
CI / build-with-it (17, 1.20.0) (push) Successful in 1m7s
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 59s
2025-07-13 18:19:56 +02:00
6d2313289c test: use Files.writeString() for config creation 2025-07-13 18:19:45 +02:00
bcbb3a0926 test: use assertDoesNotThrow instead of try-catch-fail for createFull() 2025-07-13 18:17:48 +02:00
f03c05bd5b fix: use Long for numeric TTL fields (#103) (#104)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 55s
CI / build-with-it (11, 1.20.0) (push) Successful in 1m8s
CI / build-with-it (17, 1.2.0) (push) Successful in 43s
CI / build-with-it (17, 1.20.0) (push) Successful in 1m3s
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 53s
Mapping these fields as Integer limits the possible maximum TTL value to
roughly 68 years. This may or may not be a reasonable value, but is
technically a valid number in the JSON response. Convert all TTL-related
fields to Long, so we can map such values.
2025-07-01 20:05:05 +02:00
afdad92ae6 test: run IT against Vault 1.20.0 (#102)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 59s
CI / build-with-it (11, 1.20.0) (push) Successful in 1m7s
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
CI / build-with-it (17, 1.20.0) (push) Successful in 1m5s
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m0s
2025-06-26 18:17:23 +02:00
9fa360393d deps: update build and test dependencies 2025-06-26 18:12:42 +02:00
d28c189ec2 deps: update jackson to 2.19.1 (#101)
All checks were successful
CI / build-with-it (21, 1.2.0) (push) Successful in 1m1s
CI / build-with-it (true, 21, 1.19.5) (push) Successful in 1m9s
CI / build-with-it (11, 1.2.0) (push) Successful in 1m1s
CI / build-with-it (11, 1.19.5) (push) Successful in 1m7s
CI / build-with-it (17, 1.2.0) (push) Successful in 1m3s
CI / build-with-it (17, 1.19.5) (push) Successful in 1m11s
2025-06-20 20:28:52 +02:00
46fffcc711 prepare for next development iteration
All checks were successful
CI / build (11) (push) Successful in 39s
CI / build (17) (push) Successful in 39s
CI / build (true, 21) (push) Successful in 29s
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
CI / build-with-it (11, 1.19.5) (push) Successful in 1m6s
CI / build-with-it (17, 1.19.5) (push) Successful in 1m3s
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
CI / build-with-it (21, 1.2.0) (push) Successful in 51s
CI / build-with-it (true, 21, 1.19.5) (push) Successful in 1m1s
2025-06-02 16:59:30 +02:00
31d8f9b0aa prepare release v1.5.1
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 59s
CI / build-with-it (11, 1.19.5) (push) Successful in 1m8s
CI / build-with-it (17, 1.19.5) (push) Successful in 1m9s
CI / build-with-it (17, 1.2.0) (push) Successful in 1m2s
CI / build-with-it (21, 1.2.0) (push) Successful in 53s
CI / build-with-it (true, 21, 1.19.5) (push) Successful in 1m0s
2025-06-02 16:59:29 +02:00
505b360343 test: run IT against Vault 1.19.5
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 58s
CI / build-with-it (11, 1.19.5) (push) Successful in 1m6s
CI / build-with-it (17, 1.19.5) (push) Successful in 59s
CI / build-with-it (17, 1.2.0) (push) Successful in 53s
CI / build-with-it (21, 1.2.0) (push) Successful in 50s
CI / build-with-it (true, 21, 1.19.5) (push) Successful in 56s
2025-06-01 18:31:41 +02:00
51ab19cd8a deps: update test dependencies
All checks were successful
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
CI / build-with-it (17, 1.2.0) (push) Successful in 50s
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 53s
2025-05-29 15:49:32 +02:00
Lehel Balázs
c8f396a5df use lookup-self for token check instead of lookup (#98) (#99)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 54s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m0s
CI / build-with-it (17, 1.2.0) (push) Successful in 53s
CI / build-with-it (17, 1.19.0) (push) Successful in 58s
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
Using the /lookup-self to retrieve information about the current token
requires less permissions than the general /lookup API and yields the
same results, if accessible.
2025-05-28 18:09:08 +03:00
4bd6039827 deps: update jackson to 2.19.0 (#97)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 53s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m0s
CI / build-with-it (17, 1.2.0) (push) Successful in 55s
CI / build-with-it (17, 1.19.0) (push) Successful in 1m0s
CI / build-with-it (21, 1.2.0) (push) Successful in 50s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 56s
2025-04-27 17:25:23 +02:00
80abbda46f docs: update version and features in README
All checks were successful
CI / build (11) (push) Successful in 39s
CI / build (17) (push) Successful in 39s
CI / build (true, 21) (push) Successful in 34s
CI / build-with-it (11, 1.2.0) (push) Successful in 55s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m2s
CI / build-with-it (17, 1.2.0) (push) Successful in 54s
CI / build-with-it (17, 1.19.0) (push) Successful in 1m0s
CI / build-with-it (21, 1.2.0) (push) Successful in 52s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 59s
2025-04-24 18:36:36 +02:00
a8e85b88d1 test: use WireMockTest annotation 2025-04-24 18:30:32 +02:00
91baed4fe5 test: update wiremock to 3.13.0 2025-04-24 18:30:04 +02:00
2ea261d36a prepare for next development iteration
All checks were successful
CI / build (11) (push) Successful in 36s
CI / build (17) (push) Successful in 36s
CI / build (true, 21) (push) Successful in 28s
2025-04-13 12:25:18 +02:00
43da0f5109 prepare release v1.5.0
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
CI / build-with-it (11, 1.19.0) (push) Successful in 59s
CI / build-with-it (21, 1.2.0) (push) Successful in 49s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
2025-04-13 11:25:49 +02:00
cc5ca13aeb refactor: use builder to instantiate ObjectMapper (#95)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 54s
Instead of applying configuration to a new ObjectMapper instance we use
the JsonMapper builder pattern to create our mapper.

The resulting mappers are not yet fully immutable, but the old way will
be removed in Jackson 3.0.
2025-04-13 10:49:42 +02:00
71842eb758 deps: update test dependencies
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
CI / build-with-it (17, 1.2.0) (push) Successful in 51s
CI / build-with-it (17, 1.19.0) (push) Successful in 1m1s
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 58s
2025-04-13 10:31:58 +02:00
e9aeda9a55 style: trim multiline indentation to 4 spaces
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 56s
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
CI / build-with-it (21, 1.2.0) (push) Successful in 51s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 57s
CI / build-with-it (17, 1.19.0) (push) Successful in 49s
CI / build-with-it (11, 1.19.0) (push) Successful in 51s
2025-04-11 17:20:24 +02:00
d51af06e29 build: update jacoco-maven-plugin to 0.8.13
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 49s
CI / build-with-it (11, 1.19.0) (push) Successful in 55s
CI / build-with-it (17, 1.2.0) (push) Successful in 49s
CI / build-with-it (17, 1.19.0) (push) Successful in 55s
CI / build-with-it (21, 1.2.0) (push) Successful in 45s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 51s
2025-04-03 11:04:23 +02:00
7b2b137d53 build: update surefire and failsafe plugin to 3.5.3 2025-04-03 11:03:50 +02:00
ee2543e3ad reuse builder methods when initializing from environment
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 51s
CI / build-with-it (17, 1.19.0) (push) Successful in 54s
CI / build-with-it (17, 1.2.0) (push) Successful in 51s
CI / build-with-it (21, 1.2.0) (push) Successful in 46s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
CI / build-with-it (11, 1.19.0) (push) Successful in 48s
We can just pass the environment variable to other pre-existing methods
instead of parsing the URL twice. This also fixes URLs without explicit
ports where we should not store "-1" in this case.
2025-03-29 11:50:29 +01:00
dad35023eb replace deprecated java.net.URL usage with java.net.URI (#94)
Deprecated in Java 20. Migrate URL parsing to backward compatible URI.
2025-03-28 18:30:37 +01:00
0127cf30be feat: introduce methods for transit API interaction (#89)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
CI / build-with-it (11, 1.19.0) (push) Successful in 55s
CI / build-with-it (17, 1.2.0) (push) Successful in 50s
CI / build-with-it (17, 1.19.0) (push) Successful in 56s
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 54s
Support hashing and de-/encryption using Vault's transit API.
2025-03-02 18:24:16 +01:00
90f8bb7f20 build: update sonar-maven-plugin to 5.1.0.4751
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 52s
CI / build-with-it (11, 1.19.0) (push) Successful in 58s
CI / build-with-it (17, 1.2.0) (push) Successful in 51s
CI / build-with-it (21, 1.2.0) (push) Successful in 46s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
CI / build-with-it (17, 1.19.0) (push) Successful in 46s
2025-03-28 18:03:27 +01:00
ff6d2140cf feat: support PEM certificate string from VAULT_CACERT env var (#93)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 53s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m0s
CI / build-with-it (17, 1.19.0) (push) Successful in 57s
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 54s
Vault CLI and the connector up to 1.4 support providing a path to a CA
certificate file. Introduce support for providing PEM encoded content
directly which might be convenient in container environments to provide
a certificate e.g. from secrets without mounting it to some path.
2025-03-23 12:10:15 +01:00
076cd8b607 replace trim/isEmpty with isBlank
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 53s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m1s
CI / build-with-it (17, 1.2.0) (push) Successful in 53s
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 55s
CI / build-with-it (17, 1.19.0) (push) Successful in 49s
2025-03-22 18:39:39 +01:00
2e0d092cae deps: update test dependencies 2025-03-22 18:36:41 +01:00
d329af2c67 deprecate default methods to read specific database credentials (#92)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m3s
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
CI / build-with-it (17, 1.19.0) (push) Successful in 1m4s
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 1m2s
The interface has some methods to read database credentials from
specific mountpoints like "mysql". While ann database mounts share
the same credential endpoints, the mount point itself can have any
name. Let's clean up some methods of low benefit and deprecate the
convenience methods.

Trivial replacement is `getDbCredentials()` with explicit mount point,
if it's actually mounted on that path.
2025-03-09 11:43:15 +01:00
f50f5c5de7 test: run IT against Vault 1.19.0 (#91)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 59s
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
CI / build-with-it (17, 1.19.0) (push) Successful in 1m2s
CI / build-with-it (21, 1.2.0) (push) Successful in 50s
CI / build-with-it (true, 21, 1.19.0) (push) Successful in 57s
CI / build-with-it (11, 1.19.0) (push) Successful in 1m4s
2025-03-07 20:30:48 +01:00
c8a6015f3f deps: update jackson to 2.18.3 (#90)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 55s
CI / build-with-it (11, 1.18.2) (push) Successful in 1m0s
CI / build-with-it (17, 1.2.0) (push) Successful in 54s
CI / build-with-it (17, 1.18.2) (push) Successful in 1m0s
CI / build-with-it (21, 1.2.0) (push) Successful in 42s
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 49s
2025-03-02 18:40:01 +01:00
835372eb3b test: swap expected and actual arguments in some assertions
All checks were successful
CI / build (11) (push) Successful in 38s
CI / build (17) (push) Successful in 37s
CI / build (true, 21) (push) Successful in 29s
CI / build-with-it (11, 1.2.0) (push) Successful in 56s
CI / build-with-it (11, 1.18.2) (push) Successful in 59s
CI / build-with-it (17, 1.2.0) (push) Successful in 54s
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 54s
CI / build-with-it (17, 1.18.2) (push) Successful in 51s
2025-03-02 18:28:20 +01:00
11ece9974f build: update Maven plugins
All checks were successful
CI / build-with-it (21, 1.2.0) (push) Successful in 52s
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 59s
CI / build-with-it (11, 1.2.0) (push) Successful in 58s
CI / build-with-it (11, 1.18.2) (push) Successful in 1m5s
CI / build-with-it (17, 1.18.2) (push) Successful in 1m1s
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
CI / build (11) (push) Successful in 40s
CI / build (17) (push) Successful in 41s
CI / build (true, 21) (push) Successful in 31s
2025-02-23 14:00:08 +01:00
0d0fbb5461 deps: update test dependencies 2025-02-23 13:57:57 +01:00
6c9a1fc10e build: update dependency-check-maven to v12.1.0
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
CI / build-with-it (11, 1.18.2) (push) Successful in 1m3s
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
CI / build-with-it (21, 1.2.0) (push) Successful in 52s
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 59s
CI / build-with-it (17, 1.18.2) (push) Successful in 50s
2025-02-23 13:56:01 +01:00
7e05f4937d build: update dependency-check-maven to v12.0.2 2025-01-31 18:04:47 +01:00
fd9045d7cd build: add maven-enforcer-plugin
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 1m5s
CI / build-with-it (17, 1.2.0) (push) Successful in 1m1s
CI / build-with-it (21, 1.2.0) (push) Successful in 59s
CI / build-with-it (17, 1.18.2) (push) Successful in 57s
CI / build-with-it (11, 1.18.2) (push) Successful in 56s
CI / build-with-it (true, 21, 1.18.2) (push) Successful in 1m3s
2025-01-07 17:44:39 +01:00
e938f81954 deps: update test dependencies and maven plugins
* equalsverifier 3.18
* junit-jupiter 5.11.4
* mockito-core 5.15.2

* maven-javadoc-plugin 3.11.2
2025-01-07 17:44:20 +01:00
e5dd207c8c update license headers to 2025 2025-01-07 17:35:54 +01:00
89 changed files with 1838 additions and 1307 deletions

View File

@@ -15,10 +15,10 @@ jobs:
strategy: strategy:
matrix: matrix:
jdk: [ 11, 17, 21 ] jdk: [ 11, 17, 21 ]
vault: [ '1.2.0', '1.18.2' ] vault: [ '1.2.0', '1.20.0' ]
include: include:
- jdk: 21 - jdk: 21
vault: '1.18.2' vault: '1.20.0'
analysis: true analysis: true
steps: steps:
- name: Checkout - name: Checkout

View File

@@ -1,3 +1,46 @@
## unreleased
### Dependencies
* Updated Jackson to 2.19.1 (#101)
### Fix
* Use `Long` for numeric TTL fields (#103) (#104)
### Test
* Tested against Vault 1.2 to 1.20 (#102)
## 1.5.1 (2025-06-02)
### Improvements
* Use `lookup-self` for token check instead of `lookup` (#98) (#99)
### Dependencies
* Updated Jackson to 2.19.0 (#97)
## 1.5.0 (2025-04-13)
### Deprecations
* `read...Credentials()` methods for specific database mounts (#92)
### Features
* Support Vault transit API (#89)
* Support PEM certificate string from `VAULT_CACERT` environment variable (#93)
### Improvements
* Replace deprecated `java.net.URL` usage with `java.net.URI` (#94)
### Fix
* Fix initialization from environment without explicit port
### Dependencies
* Updated Jackson to 2.18.3 (#90)
### Test
* Tested against Vault 1.2 to 1.19
## 1.4.0 (2024-12-07) ## 1.4.0 (2024-12-07)
### Removal ### Removal

View File

@@ -28,10 +28,11 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
* Delete secrets * Delete secrets
* Renew/revoke leases * Renew/revoke leases
* Raw secret content or JSON decoding * Raw secret content or JSON decoding
* SQL secret handling
* KV v1 and v2 support * KV v1 and v2 support
* Database secret handling
* Transit API support
* Connector Factory with builder pattern * Connector Factory with builder pattern
* Tested against Vault 1.2 to 1.18 * Tested against Vault 1.2 to 1.20
## Maven Artifact ## Maven Artifact
@@ -39,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
<dependency> <dependency>
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>1.4.0</version> <version>1.5.1</version>
</dependency> </dependency>
``` ```

81
pom.xml
View File

@@ -1,10 +1,10 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>1.4.0</version> <version>1.5.2-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>
@@ -33,6 +33,7 @@
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection> <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection> <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
<url>https://github.com/stklcode/jvaultconnector</url> <url>https://github.com/stklcode/jvaultconnector</url>
<tag>HEAD</tag>
</scm> </scm>
<issueManagement> <issueManagement>
@@ -42,31 +43,31 @@
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<argLine></argLine> <argLine />
</properties> </properties>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId> <artifactId>jackson-databind</artifactId>
<version>2.18.2</version> <version>2.19.1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.datatype</groupId> <groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId> <artifactId>jackson-datatype-jsr310</artifactId>
<version>2.18.2</version> <version>2.19.1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.junit.jupiter</groupId> <groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId> <artifactId>junit-jupiter</artifactId>
<version>5.11.3</version> <version>5.13.2</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.mockito</groupId> <groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId> <artifactId>mockito-core</artifactId>
<version>5.14.2</version> <version>5.18.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
@@ -78,25 +79,25 @@
<dependency> <dependency>
<groupId>org.wiremock</groupId> <groupId>org.wiremock</groupId>
<artifactId>wiremock</artifactId> <artifactId>wiremock</artifactId>
<version>3.10.0</version> <version>3.13.1</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>commons-io</groupId>
<artifactId>commons-io</artifactId> <artifactId>commons-io</artifactId>
<version>2.18.0</version> <version>2.19.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>nl.jqno.equalsverifier</groupId> <groupId>nl.jqno.equalsverifier</groupId>
<artifactId>equalsverifier</artifactId> <artifactId>equalsverifier</artifactId>
<version>3.17.5</version> <version>3.19.4</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.awaitility</groupId> <groupId>org.awaitility</groupId>
<artifactId>awaitility</artifactId> <artifactId>awaitility</artifactId>
<version>4.2.2</version> <version>4.3.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>
@@ -107,7 +108,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version> <version>3.14.0</version>
<configuration> <configuration>
<release>11</release> <release>11</release>
</configuration> </configuration>
@@ -115,28 +116,29 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId> <artifactId>maven-clean-plugin</artifactId>
<version>3.4.0</version> <version>3.5.0</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId> <artifactId>maven-deploy-plugin</artifactId>
<version>3.1.3</version> <version>3.1.4</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId> <artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.2</version> <version>3.5.3</version>
<configuration> <configuration>
<argLine> <argLine>
@{argLine} @{argLine}
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind --add-opens
de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
</argLine> </argLine>
</configuration> </configuration>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId> <artifactId>maven-install-plugin</artifactId>
<version>3.1.3</version> <version>3.1.4</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
@@ -156,18 +158,11 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId> <artifactId>maven-surefire-plugin</artifactId>
<version>3.5.2</version> <version>3.5.3</version>
<configuration> <configuration>
<argLine> <argLine>
@{argLine} @{argLine}
--add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.exception=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
</argLine> </argLine>
</configuration> </configuration>
</plugin> </plugin>
@@ -179,15 +174,41 @@
<plugin> <plugin>
<groupId>org.jacoco</groupId> <groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId> <artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.12</version> <version>0.8.13</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.sonarsource.scanner.maven</groupId> <groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId> <artifactId>sonar-maven-plugin</artifactId>
<version>5.0.0.4389</version> <version>5.1.0.4751</version>
</plugin> </plugin>
</plugins> </plugins>
</pluginManagement> </pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<id>enforce-versions</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<version>[3.6.3,)</version>
</requireMavenVersion>
<requireJavaVersion>
<version>[11,)</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build> </build>
<profiles> <profiles>
@@ -224,7 +245,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId> <artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.1</version> <version>3.11.2</version>
<configuration> <configuration>
<source>11</source> <source>11</source>
</configuration> </configuration>
@@ -342,7 +363,7 @@
<plugin> <plugin>
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>11.1.1</version> <version>12.1.3</version>
<configuration> <configuration>
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey> <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
<nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl> <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@@ -366,7 +387,7 @@
<plugin> <plugin>
<groupId>org.sonatype.central</groupId> <groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId> <artifactId>central-publishing-maven-plugin</artifactId>
<version>0.6.0</version> <version>0.8.0</version>
<extensions>true</extensions> <extensions>true</extensions>
<configuration> <configuration>
<publishingServerId>central</publishingServerId> <publishingServerId>central</publishingServerId>

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -54,6 +54,7 @@ public class HTTPVaultConnector implements VaultConnector {
private static final String PATH_AUTH = "auth"; private static final String PATH_AUTH = "auth";
private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token"; private static final String PATH_AUTH_TOKEN = PATH_AUTH + "/token";
private static final String PATH_LOOKUP = "/lookup"; private static final String PATH_LOOKUP = "/lookup";
private static final String PATH_LOOKUP_SELF = "/lookup-self";
private static final String PATH_CREATE = "/create"; private static final String PATH_CREATE = "/create";
private static final String PATH_ROLES = "/roles"; private static final String PATH_ROLES = "/roles";
private static final String PATH_CREATE_ORPHAN = "/create-orphan"; private static final String PATH_CREATE_ORPHAN = "/create-orphan";
@@ -68,6 +69,11 @@ public class HTTPVaultConnector implements VaultConnector {
private static final String PATH_UNDELETE = "/undelete/"; private static final String PATH_UNDELETE = "/undelete/";
private static final String PATH_DESTROY = "/destroy/"; private static final String PATH_DESTROY = "/destroy/";
private static final String PATH_TRANSIT = "transit";
private static final String PATH_TRANSIT_ENCRYPT = PATH_TRANSIT + "/encrypt/";
private static final String PATH_TRANSIT_DECRYPT = PATH_TRANSIT + "/decrypt/";
private static final String PATH_TRANSIT_HASH = PATH_TRANSIT + "/hash/";
private final RequestHelper request; private final RequestHelper request;
private boolean authorized = false; // Authorization status. private boolean authorized = false; // Authorization status.
@@ -81,14 +87,14 @@ public class HTTPVaultConnector implements VaultConnector {
*/ */
HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) { HTTPVaultConnector(final HTTPVaultConnectorBuilder builder) {
this.request = new RequestHelper( this.request = new RequestHelper(
((builder.isWithTLS()) ? "https" : "http") + "://" + ((builder.isWithTLS()) ? "https" : "http") + "://" +
builder.getHost() + builder.getHost() +
((builder.getPort() != null) ? ":" + builder.getPort() : "") + ((builder.getPort() != null) ? ":" + builder.getPort() : "") +
builder.getPrefix(), builder.getPrefix(),
builder.getNumberOfRetries(), builder.getNumberOfRetries(),
builder.getTimeout(), builder.getTimeout(),
builder.getTlsVersion(), builder.getTlsVersion(),
builder.getTrustedCA() builder.getTrustedCA()
); );
} }
@@ -145,8 +151,8 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException { public final SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException {
Map<String, String> param = mapOfStrings( Map<String, String> param = mapOfStrings(
"key", key, "key", key,
"reset", reset "reset", reset
); );
return request.put(PATH_UNSEAL, param, token, SealResponse.class); return request.put(PATH_UNSEAL, param, token, SealResponse.class);
@@ -156,15 +162,15 @@ public class HTTPVaultConnector implements VaultConnector {
public HealthResponse getHealth() throws VaultConnectorException { public HealthResponse getHealth() throws VaultConnectorException {
return request.get( return request.get(
PATH_HEALTH, PATH_HEALTH,
// Force status code to be 200, so we don't need to modify the request sequence. // Force status code to be 200, so we don't need to modify the request sequence.
Map.of( Map.of(
"standbycode", "200", // Default: 429. "standbycode", "200", // Default: 429.
"sealedcode", "200", // Default: 503. "sealedcode", "200", // Default: 503.
"uninitcode", "200" // Default: 501. "uninitcode", "200" // Default: 501.
), ),
token, token,
HealthResponse.class HealthResponse.class
); );
} }
@@ -186,7 +192,7 @@ public class HTTPVaultConnector implements VaultConnector {
/* set token */ /* set token */
this.token = token; this.token = token;
this.tokenTTL = 0; this.tokenTTL = 0;
TokenResponse res = request.post(PATH_AUTH_TOKEN + PATH_LOOKUP, emptyMap(), token, TokenResponse.class); TokenResponse res = request.get(PATH_AUTH_TOKEN + PATH_LOOKUP_SELF, emptyMap(), token, TokenResponse.class);
authorized = true; authorized = true;
return res; return res;
@@ -194,7 +200,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final AuthResponse authUserPass(final String username, final String password) public final AuthResponse authUserPass(final String username, final String password)
throws VaultConnectorException { throws VaultConnectorException {
final Map<String, String> payload = singletonMap("password", password); final Map<String, String> payload = singletonMap("password", password);
return queryAuth(PATH_AUTH_USERPASS + username, payload); return queryAuth(PATH_AUTH_USERPASS + username, payload);
} }
@@ -202,8 +208,8 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException { public final AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException {
final Map<String, String> payload = mapOfStrings( final Map<String, String> payload = mapOfStrings(
"role_id", roleID, "role_id", roleID,
"secret_id", secretID "secret_id", secretID
); );
return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload); return queryAuth(PATH_AUTH_APPROLE + PATH_LOGIN, payload);
} }
@@ -217,7 +223,7 @@ public class HTTPVaultConnector implements VaultConnector {
* @throws VaultConnectorException on errors * @throws VaultConnectorException on errors
*/ */
private AuthResponse queryAuth(final String path, final Map<String, String> payload) private AuthResponse queryAuth(final String path, final Map<String, String> payload)
throws VaultConnectorException { throws VaultConnectorException {
/* Issue request and parse response */ /* Issue request and parse response */
AuthResponse auth = request.post(path, payload, token, AuthResponse.class); AuthResponse auth = request.post(path, payload, token, AuthResponse.class);
/* verify response */ /* verify response */
@@ -244,10 +250,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
/* Request HTTP response and parse Secret */ /* Request HTTP response and parse Secret */
return request.get( return request.get(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""), String.format(PATH_AUTH_APPROLE_ROLE, roleName, ""),
emptyMap(), emptyMap(),
token, token,
AppRoleResponse.class AppRoleResponse.class
); );
} }
@@ -266,10 +272,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
/* Issue request, parse response and extract Role ID */ /* Issue request, parse response and extract Role ID */
return request.get( return request.get(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
emptyMap(), emptyMap(),
token, token,
RawDataResponse.class RawDataResponse.class
).getData().get("role_id").toString(); ).getData().get("role_id").toString();
} }
@@ -279,9 +285,9 @@ public class HTTPVaultConnector implements VaultConnector {
/* Issue request and expect code 204 with empty response */ /* Issue request and expect code 204 with empty response */
request.postWithoutResponse( request.postWithoutResponse(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/role-id"),
singletonMap("role_id", roleID), singletonMap("role_id", roleID),
token token
); );
return true; return true;
@@ -289,49 +295,49 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) public final AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
if (secret.getId() != null && !secret.getId().isEmpty()) { if (secret.getId() != null && !secret.getId().isEmpty()) {
return request.post( return request.post(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/custom-secret-id"),
secret, secret,
token, token,
AppRoleSecretResponse.class AppRoleSecretResponse.class
); );
} else { } else {
return request.post( return request.post(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id"),
secret, token, secret, token,
AppRoleSecretResponse.class AppRoleSecretResponse.class
); );
} }
} }
@Override @Override
public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) public final AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Issue request and parse secret response */ /* Issue request and parse secret response */
return request.post( return request.post(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/lookup"),
new AppRoleSecret(secretID), new AppRoleSecret(secretID),
token, token,
AppRoleSecretResponse.class AppRoleSecretResponse.class
); );
} }
@Override @Override
public final boolean destroyAppRoleSecret(final String roleName, final String secretID) public final boolean destroyAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Issue request and expect code 204 with empty response */ /* Issue request and expect code 204 with empty response */
request.postWithoutResponse( request.postWithoutResponse(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id/destroy"),
new AppRoleSecret(secretID), new AppRoleSecret(secretID),
token); token);
return true; return true;
} }
@@ -341,10 +347,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
SecretListResponse secrets = request.get( SecretListResponse secrets = request.get(
PATH_AUTH_APPROLE + "/role?list=true", PATH_AUTH_APPROLE + "/role?list=true",
emptyMap(), emptyMap(),
token, token,
SecretListResponse.class SecretListResponse.class
); );
return secrets.getKeys(); return secrets.getKeys();
@@ -355,10 +361,10 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
SecretListResponse secrets = request.get( SecretListResponse secrets = request.get(
String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"), String.format(PATH_AUTH_APPROLE_ROLE, roleName, "/secret-id?list=true"),
emptyMap(), emptyMap(),
token, token,
SecretListResponse.class SecretListResponse.class
); );
return secrets.getKeys(); return secrets.getKeys();
@@ -373,7 +379,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version) public final SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Request HTTP response and parse secret metadata */ /* Request HTTP response and parse secret metadata */
Map<String, String> args = mapOfStrings("version", version); Map<String, String> args = mapOfStrings("version", version);
@@ -383,7 +389,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final MetadataResponse readSecretMetadata(final String mount, final String key) public final MetadataResponse readSecretMetadata(final String mount, final String key)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
/* Request HTTP response and parse secret metadata */ /* Request HTTP response and parse secret metadata */
@@ -398,8 +404,8 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
Map<String, Object> payload = mapOf( Map<String, Object> payload = mapOf(
"max_versions", maxVersions, "max_versions", maxVersions,
"cas_required", casRequired "cas_required", casRequired
); );
write(mount + PATH_METADATA + key, payload); write(mount + PATH_METADATA + key, payload);
@@ -421,13 +427,13 @@ public class HTTPVaultConnector implements VaultConnector {
/* Issue request and parse metadata response */ /* Issue request and parse metadata response */
return request.post( return request.post(
mount + PATH_DATA + key, mount + PATH_DATA + key,
Map.of( Map.of(
"data", data, "data", data,
"options", options "options", options
), ),
token, token,
SecretVersionResponse.class SecretVersionResponse.class
); );
} }
@@ -442,7 +448,7 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options) public final void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
throws VaultConnectorException { throws VaultConnectorException {
requireAuth(); requireAuth();
if (key == null || key.isEmpty()) { if (key == null || key.isEmpty()) {
@@ -455,8 +461,8 @@ public class HTTPVaultConnector implements VaultConnector {
// If options are given, split payload in two parts. // If options are given, split payload in two parts.
if (options != null) { if (options != null) {
payload = Map.of( payload = Map.of(
"data", data, "data", data,
"options", options "options", options
); );
} }
@@ -484,19 +490,19 @@ public class HTTPVaultConnector implements VaultConnector {
@Override @Override
public final void deleteSecretVersions(final String mount, final String key, final int... versions) public final void deleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException { throws VaultConnectorException {
handleSecretVersions(mount, PATH_DELETE, key, versions); handleSecretVersions(mount, PATH_DELETE, key, versions);
} }
@Override @Override
public final void undeleteSecretVersions(final String mount, final String key, final int... versions) public final void undeleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException { throws VaultConnectorException {
handleSecretVersions(mount, PATH_UNDELETE, key, versions); handleSecretVersions(mount, PATH_UNDELETE, key, versions);
} }
@Override @Override
public final void destroySecretVersions(final String mount, final String key, final int... versions) public final void destroySecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException { throws VaultConnectorException {
handleSecretVersions(mount, PATH_DESTROY, key, versions); handleSecretVersions(mount, PATH_DESTROY, key, versions);
} }
@@ -536,8 +542,8 @@ public class HTTPVaultConnector implements VaultConnector {
requireAuth(); requireAuth();
Map<String, String> payload = mapOfStrings( Map<String, String> payload = mapOfStrings(
"lease_id", leaseID, "lease_id", leaseID,
"increment", increment "increment", increment
); );
/* Issue request and parse secret response */ /* Issue request and parse secret response */
@@ -594,10 +600,10 @@ public class HTTPVaultConnector implements VaultConnector {
/* Request HTTP response and parse Secret */ /* Request HTTP response and parse Secret */
return request.get( return request.get(
PATH_AUTH_TOKEN + PATH_LOOKUP, PATH_AUTH_TOKEN + PATH_LOOKUP,
singletonMap("token", token), singletonMap("token", token),
token, token,
TokenResponse.class TokenResponse.class
); );
} }
@@ -646,6 +652,47 @@ public class HTTPVaultConnector implements VaultConnector {
return true; return true;
} }
@Override
public final TransitResponse transitEncrypt(final String keyName, final String plaintext)
throws VaultConnectorException {
requireAuth();
Map<String, Object> payload = mapOf(
"plaintext", plaintext
);
return request.post(PATH_TRANSIT_ENCRYPT + keyName, payload, token, TransitResponse.class);
}
@Override
public final TransitResponse transitDecrypt(final String keyName, final String ciphertext)
throws VaultConnectorException {
requireAuth();
Map<String, Object> payload = mapOf(
"ciphertext", ciphertext
);
return request.post(PATH_TRANSIT_DECRYPT + keyName, payload, token, TransitResponse.class);
}
@Override
public final TransitResponse transitHash(final String algorithm, final String input, final String format)
throws VaultConnectorException {
if (format != null && !"hex".equals(format) && !"base64".equals(format)) {
throw new IllegalArgumentException("Unsupported format " + format);
}
requireAuth();
Map<String, Object> payload = mapOf(
"input", input,
"format", format
);
return request.post(PATH_TRANSIT_HASH + algorithm, payload, token, TransitResponse.class);
}
/** /**
* Check for required authorization. * Check for required authorization.
* *

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -20,18 +20,17 @@ import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.TlsException; import de.stklcode.jvault.connector.exception.TlsException;
import de.stklcode.jvault.connector.exception.VaultConnectorException; import de.stklcode.jvault.connector.exception.VaultConnectorException;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.net.URL; import java.nio.charset.StandardCharsets;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Objects;
/** /**
* Vault Connector Builder implementation for HTTP Vault connectors. * Vault Connector Builder implementation for HTTP Vault connectors.
@@ -96,10 +95,14 @@ public final class HTTPVaultConnectorBuilder {
* @since 1.0 * @since 1.0
*/ */
public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) { public HTTPVaultConnectorBuilder withBaseURL(final URI baseURL) {
return withTLS(!("http".equalsIgnoreCase(Objects.requireNonNullElse(baseURL.getScheme(), "")))) String path = baseURL.getPath();
.withHost(baseURL.getHost()) if (path == null || path.isBlank()) {
.withPort(baseURL.getPort()) path = DEFAULT_PREFIX;
.withPrefix(baseURL.getPath()); }
return withTLS(!("http".equalsIgnoreCase(baseURL.getScheme())))
.withHost(baseURL.getHost())
.withPort(baseURL.getPort())
.withPrefix(path);
} }
/** /**
@@ -301,13 +304,10 @@ public final class HTTPVaultConnectorBuilder {
*/ */
public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException { public HTTPVaultConnectorBuilder fromEnv() throws VaultConnectorException {
/* Parse URL from environment variable */ /* Parse URL from environment variable */
if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).trim().isEmpty()) { if (System.getenv(ENV_VAULT_ADDR) != null && !System.getenv(ENV_VAULT_ADDR).isBlank()) {
try { try {
var url = new URL(System.getenv(ENV_VAULT_ADDR)); withBaseURL(System.getenv(ENV_VAULT_ADDR));
this.host = url.getHost(); } catch (URISyntaxException e) {
this.port = url.getPort();
this.tls = url.getProtocol().equals("https");
} catch (MalformedURLException e) {
throw new ConnectionException("URL provided in environment variable malformed", e); throw new ConnectionException("URL provided in environment variable malformed", e);
} }
} }
@@ -315,7 +315,7 @@ public final class HTTPVaultConnectorBuilder {
/* Read number of retries */ /* Read number of retries */
if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) { if (System.getenv(ENV_VAULT_MAX_RETRIES) != null) {
try { try {
numberOfRetries = Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)); withNumberOfRetries(Integer.parseInt(System.getenv(ENV_VAULT_MAX_RETRIES)));
} catch (NumberFormatException ignored) { } catch (NumberFormatException ignored) {
/* Ignore malformed values. */ /* Ignore malformed values. */
} }
@@ -325,8 +325,12 @@ public final class HTTPVaultConnectorBuilder {
token = System.getenv(ENV_VAULT_TOKEN); token = System.getenv(ENV_VAULT_TOKEN);
/* Parse certificate, if set */ /* Parse certificate, if set */
if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).trim().isEmpty()) { if (System.getenv(ENV_VAULT_CACERT) != null && !System.getenv(ENV_VAULT_CACERT).isBlank()) {
return withTrustedCA(Paths.get(System.getenv(ENV_VAULT_CACERT))); X509Certificate cert = certificateFromString(System.getenv(ENV_VAULT_CACERT));
if (cert == null) {
cert = certificateFromFile(Paths.get(System.getenv(ENV_VAULT_CACERT)));
}
return withTrustedCA(cert);
} }
return this; return this;
} }
@@ -398,6 +402,28 @@ public final class HTTPVaultConnectorBuilder {
return con; return con;
} }
/**
* Read given certificate file to X.509 certificate.
*
* @param cert Certificate string (optionally PEM)
* @return X.509 Certificate object if parseable, else {@code null}
* @throws TlsException on error
* @since 1.5.0
*/
private X509Certificate certificateFromString(final String cert) throws TlsException {
// Check if PEM header is present in given string
if (cert.contains("-BEGIN ") && cert.contains("-END")) {
try (var is = new ByteArrayInputStream(cert.getBytes(StandardCharsets.UTF_8))) {
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
} catch (IOException | CertificateException e) {
throw new TlsException("Unable to read certificate.", e);
}
}
// Not am PEM string, skip
return null;
}
/** /**
* Read given certificate file to X.509 certificate. * Read given certificate file to X.509 certificate.
* *

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -21,10 +21,7 @@ import de.stklcode.jvault.connector.model.*;
import de.stklcode.jvault.connector.model.response.*; import de.stklcode.jvault.connector.model.response.*;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.*;
import java.util.Collections;
import java.util.List;
import java.util.Map;
/** /**
* Vault Connector interface. * Vault Connector interface.
@@ -194,7 +191,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID) default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
throws VaultConnectorException { throws VaultConnectorException {
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build()); return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
} }
@@ -260,7 +257,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID) default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException { throws VaultConnectorException {
return createAppRoleSecret(roleName, new AppRoleSecret(secretID)); return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
} }
@@ -274,7 +271,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret) AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Lookup an AppRole secret. * Lookup an AppRole secret.
@@ -286,7 +283,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.4.0 * @since 0.4.0
*/ */
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID) AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Destroy an AppRole secret. * Destroy an AppRole secret.
@@ -401,7 +398,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
SecretResponse readSecretVersion(final String mount, final String key, final Integer version) SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Retrieve secret metadata from Vault. * Retrieve secret metadata from Vault.
@@ -479,7 +476,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 {@code options} parameter added * @since 0.8 {@code options} parameter added
*/ */
void write(final String key, final Map<String, Object> data, final Map<String, Object> options) void write(final String key, final Map<String, Object> data, final Map<String, Object> options)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Delete key from Vault. * Delete key from Vault.
@@ -527,7 +524,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
void deleteSecretVersions(final String mount, final String key, final int... versions) void deleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Undelete (restore) secret versions from Vault. * Undelete (restore) secret versions from Vault.
@@ -540,7 +537,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
void undeleteSecretVersions(final String mount, final String key, final int... versions) void undeleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Destroy secret versions from Vault. * Destroy secret versions from Vault.
@@ -553,7 +550,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @since 0.8 * @since 0.8
*/ */
void destroySecretVersions(final String mount, final String key, final int... versions) void destroySecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException; throws VaultConnectorException;
/** /**
* Revoke given lease immediately. * Revoke given lease immediately.
@@ -674,6 +671,82 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/ */
boolean deleteTokenRole(final String name) throws VaultConnectorException; boolean deleteTokenRole(final String name) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Text to encrypt (Base64 encoded)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Binary data to encrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
throws VaultConnectorException {
return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
}
/**
* Decrypt ciphertext via transit engine from Vault.
*
* @param keyName Transit key name
* @param ciphertext Text to decrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
/**
* Hash data in hex format via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
return transitHash(algorithm, input, "hex");
}
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash (Base64 encoded)
* @param format Specifies the output encoding (hex/base64)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitHash(final String algorithm, final String input, final String format)
throws VaultConnectorException;
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
throws VaultConnectorException {
return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
}
/** /**
* Read credentials for MySQL backend at default mount point. * Read credentials for MySQL backend at default mount point.
* *
@@ -681,7 +754,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your MySQL mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readMySqlCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "mysql"); return readDbCredentials(role, "mysql");
} }
@@ -693,7 +768,9 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your PostgreSQL mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readPostgreSqlCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "postgresql"); return readDbCredentials(role, "postgresql");
} }
@@ -705,34 +782,38 @@ public interface VaultConnector extends AutoCloseable, Serializable {
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your MSSQL mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readMsSqlCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "mssql"); return readDbCredentials(role, "mssql");
} }
/** /**
* Read credentials for MSSQL backend at default mount point. * Read credentials for MongoDB backend at default mount point.
* *
* @param role the role name * @param role the role name
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
* @deprecated use {@link #readDbCredentials(String, String)} your MongoDB mountpoint
*/ */
@Deprecated(since = "1.5.0", forRemoval = true)
default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException { default CredentialsResponse readMongoDbCredentials(final String role) throws VaultConnectorException {
return readDbCredentials(role, "mongodb"); return readDbCredentials(role, "mongodb");
} }
/** /**
* Read credentials for SQL backends. * Read credentials for database backends.
* *
* @param role the role name * @param role the role name
* @param mount mount point of the SQL backend * @param mount mount point of the database backend
* @return the credentials response * @return the credentials response
* @throws VaultConnectorException on error * @throws VaultConnectorException on error
* @since 0.5.0 * @since 0.5.0
*/ */
default CredentialsResponse readDbCredentials(final String role, final String mount) default CredentialsResponse readDbCredentials(final String role, final String mount)
throws VaultConnectorException { throws VaultConnectorException {
return (CredentialsResponse) read(mount + "/creds/" + role); return (CredentialsResponse) read(mount + "/creds/" + role);
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -2,8 +2,8 @@ package de.stklcode.jvault.connector.internal;
import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import de.stklcode.jvault.connector.exception.*; import de.stklcode.jvault.connector.exception.*;
import de.stklcode.jvault.connector.model.response.ErrorResponse; import de.stklcode.jvault.connector.model.response.ErrorResponse;
@@ -44,7 +44,7 @@ public final class RequestHelper implements Serializable {
private final int retries; // Number of retries on 5xx errors. private final int retries; // Number of retries on 5xx errors.
private final String tlsVersion; // TLS version (#22). private final String tlsVersion; // TLS version (#22).
private final X509Certificate trustedCaCert; // Trusted CA certificate. private final X509Certificate trustedCaCert; // Trusted CA certificate.
private final ObjectMapper jsonMapper; private final JsonMapper jsonMapper;
/** /**
* Constructor of the request helper. * Constructor of the request helper.
@@ -65,10 +65,11 @@ public final class RequestHelper implements Serializable {
this.timeout = timeout; this.timeout = timeout;
this.tlsVersion = tlsVersion; this.tlsVersion = tlsVersion;
this.trustedCaCert = trustedCaCert; this.trustedCaCert = trustedCaCert;
this.jsonMapper = new ObjectMapper() this.jsonMapper = JsonMapper.builder()
.registerModule(new JavaTimeModule()) .addModule(new JavaTimeModule())
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE); .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
.build();
} }
/** /**
@@ -115,7 +116,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public <T> T post(final String path, final Object payload, final String token, final Class<T> target) public <T> T post(final String path, final Object payload, final String token, final Class<T> target)
throws VaultConnectorException { throws VaultConnectorException {
try { try {
String response = post(path, payload, token); String response = post(path, payload, token);
return jsonMapper.readValue(response, target); return jsonMapper.readValue(response, target);
@@ -134,7 +135,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public void postWithoutResponse(final String path, final Object payload, final String token) public void postWithoutResponse(final String path, final Object payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
if (!post(path, payload, token).isEmpty()) { if (!post(path, payload, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE); throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
} }
@@ -151,7 +152,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 Added {@code token} parameter. * @since 0.8 Added {@code token} parameter.
*/ */
public String put(final String path, final Map<String, String> payload, final String token) public String put(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
// Initialize PUT. // Initialize PUT.
var req = HttpRequest.newBuilder(URI.create(baseURL + path)); var req = HttpRequest.newBuilder(URI.create(baseURL + path));
@@ -185,7 +186,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target) public <T> T put(final String path, final Map<String, String> payload, final String token, final Class<T> target)
throws VaultConnectorException { throws VaultConnectorException {
try { try {
String response = put(path, payload, token); String response = put(path, payload, token);
return jsonMapper.readValue(response, target); return jsonMapper.readValue(response, target);
@@ -204,7 +205,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public void putWithoutResponse(final String path, final Map<String, String> payload, final String token) public void putWithoutResponse(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
if (!put(path, payload, token).isEmpty()) { if (!put(path, payload, token).isEmpty()) {
throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE); throw new InvalidResponseException(Error.UNEXPECTED_RESPONSE);
} }
@@ -256,15 +257,15 @@ public final class RequestHelper implements Serializable {
* @since 0.8 Added {@code token} parameter. * @since 0.8 Added {@code token} parameter.
*/ */
public String get(final String path, final Map<String, String> payload, final String token) public String get(final String path, final Map<String, String> payload, final String token)
throws VaultConnectorException { throws VaultConnectorException {
// Add parameters to URI. // Add parameters to URI.
var uriBuilder = new StringBuilder(baseURL + path); var uriBuilder = new StringBuilder(baseURL + path);
if (!payload.isEmpty()) { if (!payload.isEmpty()) {
uriBuilder.append("?").append( uriBuilder.append("?").append(
payload.entrySet().stream().map(par -> payload.entrySet().stream().map(par ->
URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8) URLEncoder.encode(par.getKey(), UTF_8) + "=" + URLEncoder.encode(par.getValue(), UTF_8)
).collect(Collectors.joining("&")) ).collect(Collectors.joining("&"))
); );
} }
@@ -297,7 +298,7 @@ public final class RequestHelper implements Serializable {
* @since 0.8 * @since 0.8
*/ */
public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target) public <T> T get(final String path, final Map<String, String> payload, final String token, final Class<T> target)
throws VaultConnectorException { throws VaultConnectorException {
try { try {
String response = get(path, payload, token); String response = get(path, payload, token);
return jsonMapper.readValue(response, target); return jsonMapper.readValue(response, target);
@@ -333,8 +334,8 @@ public final class RequestHelper implements Serializable {
// Execute request. // Execute request.
try { try {
HttpResponse<InputStream> response = client.sendAsync( HttpResponse<InputStream> response = client.sendAsync(
requestBuilder.build(), requestBuilder.build(),
HttpResponse.BodyHandlers.ofInputStream() HttpResponse.BodyHandlers.ofInputStream()
).join(); ).join();
/* Check if response is valid */ /* Check if response is valid */

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class AppRole implements Serializable { public final class AppRole implements Serializable {
private static final long serialVersionUID = 693228837510483448L; private static final long serialVersionUID = 1546673231280751679L;
@JsonProperty("role_name") @JsonProperty("role_name")
private String name; private String name;
@@ -53,7 +53,7 @@ public final class AppRole implements Serializable {
@JsonProperty("secret_id_ttl") @JsonProperty("secret_id_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer secretIdTtl; private Long secretIdTtl;
@JsonProperty("local_secret_ids") @JsonProperty("local_secret_ids")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -61,11 +61,11 @@ public final class AppRole implements Serializable {
@JsonProperty("token_ttl") @JsonProperty("token_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenTtl; private Long tokenTtl;
@JsonProperty("token_max_ttl") @JsonProperty("token_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenMaxTtl; private Long tokenMaxTtl;
private List<String> tokenPolicies; private List<String> tokenPolicies;
@@ -75,7 +75,7 @@ public final class AppRole implements Serializable {
@JsonProperty("token_explicit_max_ttl") @JsonProperty("token_explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
@JsonProperty("token_no_default_policy") @JsonProperty("token_no_default_policy")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -255,7 +255,7 @@ public final class AppRole implements Serializable {
/** /**
* @return maximum TTL in seconds for secrets * @return maximum TTL in seconds for secrets
*/ */
public Integer getSecretIdTtl() { public Long getSecretIdTtl() {
return secretIdTtl; return secretIdTtl;
} }
@@ -271,14 +271,14 @@ public final class AppRole implements Serializable {
/** /**
* @return token TTL in seconds * @return token TTL in seconds
*/ */
public Integer getTokenTtl() { public Long getTokenTtl() {
return tokenTtl; return tokenTtl;
} }
/** /**
* @return maximum token TTL in seconds, including renewals * @return maximum token TTL in seconds, including renewals
*/ */
public Integer getTokenMaxTtl() { public Long getTokenMaxTtl() {
return tokenMaxTtl; return tokenMaxTtl;
} }
@@ -286,7 +286,7 @@ public final class AppRole implements Serializable {
* @return explicit maximum token TTL in seconds, including renewals * @return explicit maximum token TTL in seconds, including renewals
* @since 0.9 * @since 0.9
*/ */
public Integer getTokenExplicitMaxTtl() { public Long getTokenExplicitMaxTtl() {
return tokenExplicitMaxTtl; return tokenExplicitMaxTtl;
} }
@@ -331,28 +331,28 @@ public final class AppRole implements Serializable {
} }
AppRole appRole = (AppRole) o; AppRole appRole = (AppRole) o;
return Objects.equals(name, appRole.name) && return Objects.equals(name, appRole.name) &&
Objects.equals(id, appRole.id) && Objects.equals(id, appRole.id) &&
Objects.equals(bindSecretId, appRole.bindSecretId) && Objects.equals(bindSecretId, appRole.bindSecretId) &&
Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) && Objects.equals(secretIdBoundCidrs, appRole.secretIdBoundCidrs) &&
Objects.equals(secretIdNumUses, appRole.secretIdNumUses) && Objects.equals(secretIdNumUses, appRole.secretIdNumUses) &&
Objects.equals(secretIdTtl, appRole.secretIdTtl) && Objects.equals(secretIdTtl, appRole.secretIdTtl) &&
Objects.equals(localSecretIds, appRole.localSecretIds) && Objects.equals(localSecretIds, appRole.localSecretIds) &&
Objects.equals(tokenTtl, appRole.tokenTtl) && Objects.equals(tokenTtl, appRole.tokenTtl) &&
Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) && Objects.equals(tokenMaxTtl, appRole.tokenMaxTtl) &&
Objects.equals(tokenPolicies, appRole.tokenPolicies) && Objects.equals(tokenPolicies, appRole.tokenPolicies) &&
Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) && Objects.equals(tokenBoundCidrs, appRole.tokenBoundCidrs) &&
Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) && Objects.equals(tokenExplicitMaxTtl, appRole.tokenExplicitMaxTtl) &&
Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) && Objects.equals(tokenNoDefaultPolicy, appRole.tokenNoDefaultPolicy) &&
Objects.equals(tokenNumUses, appRole.tokenNumUses) && Objects.equals(tokenNumUses, appRole.tokenNumUses) &&
Objects.equals(tokenPeriod, appRole.tokenPeriod) && Objects.equals(tokenPeriod, appRole.tokenPeriod) &&
Objects.equals(tokenType, appRole.tokenType); Objects.equals(tokenType, appRole.tokenType);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl, return Objects.hash(name, id, bindSecretId, secretIdBoundCidrs, secretIdNumUses, secretIdTtl,
localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl, localSecretIds, tokenTtl, tokenMaxTtl, tokenPolicies, tokenBoundCidrs, tokenExplicitMaxTtl,
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType); tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
} }
@@ -370,12 +370,12 @@ public final class AppRole implements Serializable {
private List<String> secretIdBoundCidrs; private List<String> secretIdBoundCidrs;
private List<String> tokenPolicies; private List<String> tokenPolicies;
private Integer secretIdNumUses; private Integer secretIdNumUses;
private Integer secretIdTtl; private Long secretIdTtl;
private Boolean localSecretIds; private Boolean localSecretIds;
private Integer tokenTtl; private Long tokenTtl;
private Integer tokenMaxTtl; private Long tokenMaxTtl;
private List<String> tokenBoundCidrs; private List<String> tokenBoundCidrs;
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
private Boolean tokenNoDefaultPolicy; private Boolean tokenNoDefaultPolicy;
private Integer tokenNumUses; private Integer tokenNumUses;
private Integer tokenPeriod; private Integer tokenPeriod;
@@ -520,7 +520,7 @@ public final class AppRole implements Serializable {
* @param secretIdTtl the TTL * @param secretIdTtl the TTL
* @return self * @return self
*/ */
public Builder withSecretIdTtl(final Integer secretIdTtl) { public Builder withSecretIdTtl(final Long secretIdTtl) {
this.secretIdTtl = secretIdTtl; this.secretIdTtl = secretIdTtl;
return this; return this;
} }
@@ -544,7 +544,7 @@ public final class AppRole implements Serializable {
* @param tokenTtl the TTL * @param tokenTtl the TTL
* @return self * @return self
*/ */
public Builder withTokenTtl(final Integer tokenTtl) { public Builder withTokenTtl(final Long tokenTtl) {
this.tokenTtl = tokenTtl; this.tokenTtl = tokenTtl;
return this; return this;
} }
@@ -555,7 +555,7 @@ public final class AppRole implements Serializable {
* @param tokenMaxTtl the TTL * @param tokenMaxTtl the TTL
* @return self * @return self
*/ */
public Builder withTokenMaxTtl(final Integer tokenMaxTtl) { public Builder withTokenMaxTtl(final Long tokenMaxTtl) {
this.tokenMaxTtl = tokenMaxTtl; this.tokenMaxTtl = tokenMaxTtl;
return this; return this;
} }
@@ -596,7 +596,7 @@ public final class AppRole implements Serializable {
* @param tokenExplicitMaxTtl the TTL * @param tokenExplicitMaxTtl the TTL
* @return self * @return self
*/ */
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) { public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl; this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this; return this;
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -181,19 +181,19 @@ public final class AppRoleSecret implements Serializable {
} }
AppRoleSecret that = (AppRoleSecret) o; AppRoleSecret that = (AppRoleSecret) o;
return Objects.equals(id, that.id) && return Objects.equals(id, that.id) &&
Objects.equals(accessor, that.accessor) && Objects.equals(accessor, that.accessor) &&
Objects.equals(metadata, that.metadata) && Objects.equals(metadata, that.metadata) &&
Objects.equals(cidrList, that.cidrList) && Objects.equals(cidrList, that.cidrList) &&
Objects.equals(creationTime, that.creationTime) && Objects.equals(creationTime, that.creationTime) &&
Objects.equals(expirationTime, that.expirationTime) && Objects.equals(expirationTime, that.expirationTime) &&
Objects.equals(lastUpdatedTime, that.lastUpdatedTime) && Objects.equals(lastUpdatedTime, that.lastUpdatedTime) &&
Objects.equals(numUses, that.numUses) && Objects.equals(numUses, that.numUses) &&
Objects.equals(ttl, that.ttl); Objects.equals(ttl, that.ttl);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses, return Objects.hash(id, accessor, metadata, cidrList, creationTime, expirationTime, lastUpdatedTime, numUses,
ttl); ttl);
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ import java.util.*;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class Token implements Serializable { public final class Token implements Serializable {
private static final long serialVersionUID = 5208508683665365287L; private static final long serialVersionUID = 7003016071684507115L;
@JsonProperty("id") @JsonProperty("id")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -56,11 +56,11 @@ public final class Token implements Serializable {
@JsonProperty("ttl") @JsonProperty("ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer ttl; private Long ttl;
@JsonProperty("explicit_max_ttl") @JsonProperty("explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer explicitMaxTtl; private Long explicitMaxTtl;
@JsonProperty("num_uses") @JsonProperty("num_uses")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -162,7 +162,7 @@ public final class Token implements Serializable {
/** /**
* @return Time-to-live in seconds * @return Time-to-live in seconds
*/ */
public Integer getTtl() { public Long getTtl() {
return ttl; return ttl;
} }
@@ -170,7 +170,7 @@ public final class Token implements Serializable {
* @return Explicit maximum time-to-live in seconds * @return Explicit maximum time-to-live in seconds
* @since 0.9 * @since 0.9
*/ */
public Integer getExplicitMaxTtl() { public Long getExplicitMaxTtl() {
return explicitMaxTtl; return explicitMaxTtl;
} }
@@ -227,24 +227,24 @@ public final class Token implements Serializable {
} }
Token token = (Token) o; Token token = (Token) o;
return Objects.equals(id, token.id) && return Objects.equals(id, token.id) &&
Objects.equals(type, token.type) && Objects.equals(type, token.type) &&
Objects.equals(displayName, token.displayName) && Objects.equals(displayName, token.displayName) &&
Objects.equals(noParent, token.noParent) && Objects.equals(noParent, token.noParent) &&
Objects.equals(noDefaultPolicy, token.noDefaultPolicy) && Objects.equals(noDefaultPolicy, token.noDefaultPolicy) &&
Objects.equals(ttl, token.ttl) && Objects.equals(ttl, token.ttl) &&
Objects.equals(explicitMaxTtl, token.explicitMaxTtl) && Objects.equals(explicitMaxTtl, token.explicitMaxTtl) &&
Objects.equals(numUses, token.numUses) && Objects.equals(numUses, token.numUses) &&
Objects.equals(policies, token.policies) && Objects.equals(policies, token.policies) &&
Objects.equals(meta, token.meta) && Objects.equals(meta, token.meta) &&
Objects.equals(renewable, token.renewable) && Objects.equals(renewable, token.renewable) &&
Objects.equals(period, token.period) && Objects.equals(period, token.period) &&
Objects.equals(entityAlias, token.entityAlias); Objects.equals(entityAlias, token.entityAlias);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies, return Objects.hash(id, type, displayName, noParent, noDefaultPolicy, ttl, explicitMaxTtl, numUses, policies,
meta, renewable, period, entityAlias); meta, renewable, period, entityAlias);
} }
/** /**
@@ -282,8 +282,8 @@ public final class Token implements Serializable {
private String displayName; private String displayName;
private Boolean noParent; private Boolean noParent;
private Boolean noDefaultPolicy; private Boolean noDefaultPolicy;
private Integer ttl; private Long ttl;
private Integer explicitMaxTtl; private Long explicitMaxTtl;
private Integer numUses; private Integer numUses;
private List<String> policies; private List<String> policies;
private Map<String, String> meta; private Map<String, String> meta;
@@ -331,7 +331,7 @@ public final class Token implements Serializable {
* @param ttl the ttl * @param ttl the ttl
* @return self * @return self
*/ */
public Builder withTtl(final Integer ttl) { public Builder withTtl(final Long ttl) {
this.ttl = ttl; this.ttl = ttl;
return this; return this;
} }
@@ -342,7 +342,7 @@ public final class Token implements Serializable {
* @param explicitMaxTtl the explicit max. TTL * @param explicitMaxTtl the explicit max. TTL
* @return self * @return self
*/ */
public Builder withExplicitMaxTtl(final Integer explicitMaxTtl) { public Builder withExplicitMaxTtl(final Long explicitMaxTtl) {
this.explicitMaxTtl = explicitMaxTtl; this.explicitMaxTtl = explicitMaxTtl;
return this; return this;
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class TokenRole implements Serializable { public final class TokenRole implements Serializable {
private static final long serialVersionUID = -3505215215838576321L; private static final long serialVersionUID = -4856948364869438439L;
@JsonProperty("name") @JsonProperty("name")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -78,7 +78,7 @@ public final class TokenRole implements Serializable {
@JsonProperty("token_explicit_max_ttl") @JsonProperty("token_explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
@JsonProperty("token_no_default_policy") @JsonProperty("token_no_default_policy")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -204,7 +204,7 @@ public final class TokenRole implements Serializable {
/** /**
* @return Token explicit maximum TTL * @return Token explicit maximum TTL
*/ */
public Integer getTokenExplicitMaxTtl() { public Long getTokenExplicitMaxTtl() {
return tokenExplicitMaxTtl; return tokenExplicitMaxTtl;
} }
@@ -245,27 +245,27 @@ public final class TokenRole implements Serializable {
} }
TokenRole tokenRole = (TokenRole) o; TokenRole tokenRole = (TokenRole) o;
return Objects.equals(name, tokenRole.name) && return Objects.equals(name, tokenRole.name) &&
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) && Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) && Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) && Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) && Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
Objects.equals(orphan, tokenRole.orphan) && Objects.equals(orphan, tokenRole.orphan) &&
Objects.equals(renewable, tokenRole.renewable) && Objects.equals(renewable, tokenRole.renewable) &&
Objects.equals(pathSuffix, tokenRole.pathSuffix) && Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) && Objects.equals(allowedEntityAliases, tokenRole.allowedEntityAliases) &&
Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) && Objects.equals(tokenBoundCidrs, tokenRole.tokenBoundCidrs) &&
Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) && Objects.equals(tokenExplicitMaxTtl, tokenRole.tokenExplicitMaxTtl) &&
Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) && Objects.equals(tokenNoDefaultPolicy, tokenRole.tokenNoDefaultPolicy) &&
Objects.equals(tokenNumUses, tokenRole.tokenNumUses) && Objects.equals(tokenNumUses, tokenRole.tokenNumUses) &&
Objects.equals(tokenPeriod, tokenRole.tokenPeriod) && Objects.equals(tokenPeriod, tokenRole.tokenPeriod) &&
Objects.equals(tokenType, tokenRole.tokenType); Objects.equals(tokenType, tokenRole.tokenType);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob, return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl, orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType); tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
} }
/** /**
@@ -285,7 +285,7 @@ public final class TokenRole implements Serializable {
private String pathSuffix; private String pathSuffix;
private List<String> allowedEntityAliases; private List<String> allowedEntityAliases;
private List<String> tokenBoundCidrs; private List<String> tokenBoundCidrs;
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
private Boolean tokenNoDefaultPolicy; private Boolean tokenNoDefaultPolicy;
private Integer tokenNumUses; private Integer tokenNumUses;
private Integer tokenPeriod; private Integer tokenPeriod;
@@ -537,7 +537,7 @@ public final class TokenRole implements Serializable {
* @param tokenExplicitMaxTtl explicit maximum TTL * @param tokenExplicitMaxTtl explicit maximum TTL
* @return self * @return self
*/ */
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) { public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl; this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this; return this;
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -187,19 +187,19 @@ public final class HealthResponse implements VaultResponse {
} }
HealthResponse that = (HealthResponse) o; HealthResponse that = (HealthResponse) o;
return Objects.equals(clusterID, that.clusterID) && return Objects.equals(clusterID, that.clusterID) &&
Objects.equals(clusterName, that.clusterName) && Objects.equals(clusterName, that.clusterName) &&
Objects.equals(version, that.version) && Objects.equals(version, that.version) &&
Objects.equals(serverTimeUTC, that.serverTimeUTC) && Objects.equals(serverTimeUTC, that.serverTimeUTC) &&
Objects.equals(standby, that.standby) && Objects.equals(standby, that.standby) &&
Objects.equals(sealed, that.sealed) && Objects.equals(sealed, that.sealed) &&
Objects.equals(initialized, that.initialized) && Objects.equals(initialized, that.initialized) &&
Objects.equals(replicationPerfMode, that.replicationPerfMode) && Objects.equals(replicationPerfMode, that.replicationPerfMode) &&
Objects.equals(replicationDrMode, that.replicationDrMode) && Objects.equals(replicationDrMode, that.replicationDrMode) &&
Objects.equals(performanceStandby, that.performanceStandby) && Objects.equals(performanceStandby, that.performanceStandby) &&
Objects.equals(echoDurationMs, that.echoDurationMs) && Objects.equals(echoDurationMs, that.echoDurationMs) &&
Objects.equals(clockSkewMs, that.clockSkewMs) && Objects.equals(clockSkewMs, that.clockSkewMs) &&
Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) && Objects.equals(replicationPrimaryCanaryAgeMs, that.replicationPrimaryCanaryAgeMs) &&
Objects.equals(enterprise, that.enterprise); Objects.equals(enterprise, that.enterprise);
} }
@Override @Override

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -191,24 +191,24 @@ public final class SealResponse implements VaultResponse {
} }
SealResponse that = (SealResponse) o; SealResponse that = (SealResponse) o;
return sealed == that.sealed && return sealed == that.sealed &&
initialized == that.initialized && initialized == that.initialized &&
Objects.equals(type, that.type) && Objects.equals(type, that.type) &&
Objects.equals(threshold, that.threshold) && Objects.equals(threshold, that.threshold) &&
Objects.equals(numberOfShares, that.numberOfShares) && Objects.equals(numberOfShares, that.numberOfShares) &&
Objects.equals(progress, that.progress) && Objects.equals(progress, that.progress) &&
Objects.equals(version, that.version) && Objects.equals(version, that.version) &&
Objects.equals(buildDate, that.buildDate) && Objects.equals(buildDate, that.buildDate) &&
Objects.equals(nonce, that.nonce) && Objects.equals(nonce, that.nonce) &&
Objects.equals(clusterName, that.clusterName) && Objects.equals(clusterName, that.clusterName) &&
Objects.equals(clusterId, that.clusterId) && Objects.equals(clusterId, that.clusterId) &&
Objects.equals(migration, that.migration) && Objects.equals(migration, that.migration) &&
Objects.equals(recoverySeal, that.recoverySeal) && Objects.equals(recoverySeal, that.recoverySeal) &&
Objects.equals(storageType, that.storageType); Objects.equals(storageType, that.storageType);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce, return Objects.hash(type, sealed, initialized, threshold, numberOfShares, progress, version, buildDate, nonce,
clusterName, clusterId, migration, recoverySeal, storageType); clusterName, clusterId, migration, recoverySeal, storageType);
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -18,8 +18,8 @@ package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import de.stklcode.jvault.connector.exception.InvalidResponseException; import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata; import de.stklcode.jvault.connector.model.response.embedded.VersionMetadata;
@@ -85,10 +85,11 @@ public abstract class SecretResponse extends VaultDataResponse {
} else if (type.isInstance(rawValue)) { } else if (type.isInstance(rawValue)) {
return type.cast(rawValue); return type.cast(rawValue);
} else { } else {
var om = new ObjectMapper() var om = JsonMapper.builder()
.registerModule(new JavaTimeModule()) .addModule(new JavaTimeModule())
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE); .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
.build();
if (rawValue instanceof String) { if (rawValue instanceof String) {
return om.readValue((String) rawValue, type); return om.readValue((String) rawValue, type);

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -0,0 +1,92 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonSetter;
import java.util.Map;
import java.util.Objects;
/**
* Response entity for transit operations.
*
* @author Stefan Kalscheuer
* @since 1.5.0
*/
public class TransitResponse extends VaultDataResponse {
private static final long serialVersionUID = 6873804240772242771L;
private String ciphertext;
private String plaintext;
private String sum;
@JsonSetter("data")
private void setData(Map<String, String> data) {
ciphertext = data.get("ciphertext");
plaintext = data.get("plaintext");
sum = data.get("sum");
}
/**
* Get ciphertext.
* Populated after encryption.
*
* @return Ciphertext
*/
public String getCiphertext() {
return ciphertext;
}
/**
* Get plaintext.
* Base64 encoded, populated after decryption.
*
* @return Plaintext
*/
public String getPlaintext() {
return plaintext;
}
/**
* Get hash sum.
* Hex or Base64 string. Populated after hashing.
*
* @return Hash sum
*/
public String getSum() {
return sum;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
} else if (o == null || getClass() != o.getClass() || !super.equals(o)) {
return false;
}
TransitResponse that = (TransitResponse) o;
return Objects.equals(ciphertext, that.ciphertext) &&
Objects.equals(plaintext, that.plaintext) &&
Objects.equals(sum, that.sum);
}
@Override
public int hashCode() {
return Objects.hash(super.hashCode(), ciphertext, plaintext, sum);
}
}

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -115,6 +115,7 @@ public abstract class VaultDataResponse implements VaultResponse {
public final String getMountType() { public final String getMountType() {
return mountType; return mountType;
} }
@Override @Override
public boolean equals(Object o) { public boolean equals(Object o) {
if (this == o) { if (this == o) {
@@ -124,13 +125,13 @@ public abstract class VaultDataResponse implements VaultResponse {
} }
VaultDataResponse that = (VaultDataResponse) o; VaultDataResponse that = (VaultDataResponse) o;
return renewable == that.renewable && return renewable == that.renewable &&
Objects.equals(requestId, that.requestId) && Objects.equals(requestId, that.requestId) &&
Objects.equals(leaseId, that.leaseId) && Objects.equals(leaseId, that.leaseId) &&
Objects.equals(leaseDuration, that.leaseDuration) && Objects.equals(leaseDuration, that.leaseDuration) &&
Objects.equals(warnings, that.warnings) && Objects.equals(warnings, that.warnings) &&
Objects.equals(wrapInfo, that.wrapInfo) && Objects.equals(wrapInfo, that.wrapInfo) &&
Objects.equals(auth, that.auth) && Objects.equals(auth, that.auth) &&
Objects.equals(mountType, that.mountType); Objects.equals(mountType, that.mountType);
} }
@Override @Override

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -171,22 +171,22 @@ public final class AuthData implements Serializable {
} }
AuthData authData = (AuthData) o; AuthData authData = (AuthData) o;
return renewable == authData.renewable && return renewable == authData.renewable &&
orphan == authData.orphan && orphan == authData.orphan &&
Objects.equals(clientToken, authData.clientToken) && Objects.equals(clientToken, authData.clientToken) &&
Objects.equals(accessor, authData.accessor) && Objects.equals(accessor, authData.accessor) &&
Objects.equals(policies, authData.policies) && Objects.equals(policies, authData.policies) &&
Objects.equals(tokenPolicies, authData.tokenPolicies) && Objects.equals(tokenPolicies, authData.tokenPolicies) &&
Objects.equals(metadata, authData.metadata) && Objects.equals(metadata, authData.metadata) &&
Objects.equals(leaseDuration, authData.leaseDuration) && Objects.equals(leaseDuration, authData.leaseDuration) &&
Objects.equals(entityId, authData.entityId) && Objects.equals(entityId, authData.entityId) &&
Objects.equals(tokenType, authData.tokenType) && Objects.equals(tokenType, authData.tokenType) &&
Objects.equals(numUses, authData.numUses) && Objects.equals(numUses, authData.numUses) &&
Objects.equals(mfaRequirement, authData.mfaRequirement); Objects.equals(mfaRequirement, authData.mfaRequirement);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable, return Objects.hash(clientToken, accessor, policies, tokenPolicies, metadata, leaseDuration, renewable,
entityId, tokenType, orphan, numUses, mfaRequirement); entityId, tokenType, orphan, numUses, mfaRequirement);
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -202,19 +202,19 @@ public final class AuthMethod implements Serializable {
} }
AuthMethod that = (AuthMethod) o; AuthMethod that = (AuthMethod) o;
return local == that.local && return local == that.local &&
type == that.type && type == that.type &&
externalEntropyAccess == that.externalEntropyAccess && externalEntropyAccess == that.externalEntropyAccess &&
sealWrap == that.sealWrap && sealWrap == that.sealWrap &&
Objects.equals(rawType, that.rawType) && Objects.equals(rawType, that.rawType) &&
Objects.equals(accessor, that.accessor) && Objects.equals(accessor, that.accessor) &&
Objects.equals(deprecationStatus, that.deprecationStatus) && Objects.equals(deprecationStatus, that.deprecationStatus) &&
Objects.equals(description, that.description) && Objects.equals(description, that.description) &&
Objects.equals(config, that.config) && Objects.equals(config, that.config) &&
Objects.equals(options, that.options) && Objects.equals(options, that.options) &&
Objects.equals(pluginVersion, that.pluginVersion) && Objects.equals(pluginVersion, that.pluginVersion) &&
Objects.equals(runningPluginVersion, that.runningPluginVersion) && Objects.equals(runningPluginVersion, that.runningPluginVersion) &&
Objects.equals(runningSha256, that.runningSha256) && Objects.equals(runningSha256, that.runningSha256) &&
Objects.equals(uuid, that.uuid); Objects.equals(uuid, that.uuid);
} }
@Override @Override

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -15,13 +15,13 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public class MountConfig implements Serializable { public class MountConfig implements Serializable {
private static final long serialVersionUID = -8653909672663717792L; private static final long serialVersionUID = 7241631159224756605L;
@JsonProperty("default_lease_ttl") @JsonProperty("default_lease_ttl")
private Integer defaultLeaseTtl; private Long defaultLeaseTtl;
@JsonProperty("max_lease_ttl") @JsonProperty("max_lease_ttl")
private Integer maxLeaseTtl; private Long maxLeaseTtl;
@JsonProperty("force_no_cache") @JsonProperty("force_no_cache")
private Boolean forceNoCache; private Boolean forceNoCache;
@@ -56,14 +56,14 @@ public class MountConfig implements Serializable {
/** /**
* @return Default lease TTL * @return Default lease TTL
*/ */
public Integer getDefaultLeaseTtl() { public Long getDefaultLeaseTtl() {
return defaultLeaseTtl; return defaultLeaseTtl;
} }
/** /**
* @return Maximum lease TTL * @return Maximum lease TTL
*/ */
public Integer getMaxLeaseTtl() { public Long getMaxLeaseTtl() {
return maxLeaseTtl; return maxLeaseTtl;
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -138,14 +138,14 @@ public final class SecretMetadata implements Serializable {
} }
SecretMetadata that = (SecretMetadata) o; SecretMetadata that = (SecretMetadata) o;
return Objects.equals(createdTime, that.createdTime) && return Objects.equals(createdTime, that.createdTime) &&
Objects.equals(currentVersion, that.currentVersion) && Objects.equals(currentVersion, that.currentVersion) &&
Objects.equals(maxVersions, that.maxVersions) && Objects.equals(maxVersions, that.maxVersions) &&
Objects.equals(oldestVersion, that.oldestVersion) && Objects.equals(oldestVersion, that.oldestVersion) &&
Objects.equals(updatedTime, that.updatedTime) && Objects.equals(updatedTime, that.updatedTime) &&
Objects.equals(versions, that.versions) && Objects.equals(versions, that.versions) &&
Objects.equals(casRequired, that.casRequired) && Objects.equals(casRequired, that.casRequired) &&
Objects.equals(customMetadata, that.customMetadata) && Objects.equals(customMetadata, that.customMetadata) &&
Objects.equals(deleteVersionAfter, that.deleteVersionAfter); Objects.equals(deleteVersionAfter, that.deleteVersionAfter);
} }
@Override @Override

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class TokenData implements Serializable { public final class TokenData implements Serializable {
private static final long serialVersionUID = -5749716740973138916L; private static final long serialVersionUID = -4168046151053509784L;
@JsonProperty("accessor") @JsonProperty("accessor")
private String accessor; private String accessor;
@@ -43,7 +43,7 @@ public final class TokenData implements Serializable {
private Integer creationTime; private Integer creationTime;
@JsonProperty("creation_ttl") @JsonProperty("creation_ttl")
private Integer creationTtl; private Long creationTtl;
@JsonProperty("display_name") @JsonProperty("display_name")
private String name; private String name;
@@ -55,7 +55,7 @@ public final class TokenData implements Serializable {
private ZonedDateTime expireTime; private ZonedDateTime expireTime;
@JsonProperty("explicit_max_ttl") @JsonProperty("explicit_max_ttl")
private Integer explicitMaxTtl; private Long explicitMaxTtl;
@JsonProperty("id") @JsonProperty("id")
private String id; private String id;
@@ -82,7 +82,7 @@ public final class TokenData implements Serializable {
private boolean renewable; private boolean renewable;
@JsonProperty("ttl") @JsonProperty("ttl")
private Integer ttl; private Long ttl;
@JsonProperty("type") @JsonProperty("type")
private String type; private String type;
@@ -104,7 +104,7 @@ public final class TokenData implements Serializable {
/** /**
* @return Creation TTL (in seconds) * @return Creation TTL (in seconds)
*/ */
public Integer getCreationTtl() { public Long getCreationTtl() {
return creationTtl; return creationTtl;
} }
@@ -135,7 +135,7 @@ public final class TokenData implements Serializable {
* @return Explicit maximum TTL * @return Explicit maximum TTL
* @since 0.9 * @since 0.9
*/ */
public Integer getExplicitMaxTtl() { public Long getExplicitMaxTtl() {
return explicitMaxTtl; return explicitMaxTtl;
} }
@@ -202,7 +202,7 @@ public final class TokenData implements Serializable {
/** /**
* @return Token TTL (in seconds) * @return Token TTL (in seconds)
*/ */
public Integer getTtl() { public Long getTtl() {
return ttl; return ttl;
} }
@@ -222,27 +222,27 @@ public final class TokenData implements Serializable {
} }
TokenData tokenData = (TokenData) o; TokenData tokenData = (TokenData) o;
return orphan == tokenData.orphan && return orphan == tokenData.orphan &&
renewable == tokenData.renewable && renewable == tokenData.renewable &&
Objects.equals(accessor, tokenData.accessor) && Objects.equals(accessor, tokenData.accessor) &&
Objects.equals(creationTime, tokenData.creationTime) && Objects.equals(creationTime, tokenData.creationTime) &&
Objects.equals(creationTtl, tokenData.creationTtl) && Objects.equals(creationTtl, tokenData.creationTtl) &&
Objects.equals(name, tokenData.name) && Objects.equals(name, tokenData.name) &&
Objects.equals(entityId, tokenData.entityId) && Objects.equals(entityId, tokenData.entityId) &&
Objects.equals(expireTime, tokenData.expireTime) && Objects.equals(expireTime, tokenData.expireTime) &&
Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) && Objects.equals(explicitMaxTtl, tokenData.explicitMaxTtl) &&
Objects.equals(id, tokenData.id) && Objects.equals(id, tokenData.id) &&
Objects.equals(issueTime, tokenData.issueTime) && Objects.equals(issueTime, tokenData.issueTime) &&
Objects.equals(meta, tokenData.meta) && Objects.equals(meta, tokenData.meta) &&
Objects.equals(numUses, tokenData.numUses) && Objects.equals(numUses, tokenData.numUses) &&
Objects.equals(path, tokenData.path) && Objects.equals(path, tokenData.path) &&
Objects.equals(policies, tokenData.policies) && Objects.equals(policies, tokenData.policies) &&
Objects.equals(ttl, tokenData.ttl) && Objects.equals(ttl, tokenData.ttl) &&
Objects.equals(type, tokenData.type); Objects.equals(type, tokenData.type);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id, return Objects.hash(accessor, creationTime, creationTtl, name, entityId, expireTime, explicitMaxTtl, id,
issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type); issueTime, meta, numUses, orphan, path, policies, renewable, ttl, type);
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -96,10 +96,10 @@ public final class VersionMetadata implements Serializable {
} }
VersionMetadata that = (VersionMetadata) o; VersionMetadata that = (VersionMetadata) o;
return destroyed == that.destroyed && return destroyed == that.destroyed &&
Objects.equals(createdTime, that.createdTime) && Objects.equals(createdTime, that.createdTime) &&
Objects.equals(deletionTime, that.deletionTime) && Objects.equals(deletionTime, that.deletionTime) &&
Objects.equals(version, that.version) && Objects.equals(version, that.version) &&
Objects.equals(customMetadata, that.customMetadata); Objects.equals(customMetadata, that.customMetadata);
} }
@Override @Override

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -80,9 +80,9 @@ public class WrapInfo implements Serializable {
} }
WrapInfo that = (WrapInfo) o; WrapInfo that = (WrapInfo) o;
return Objects.equals(token, that.token) && return Objects.equals(token, that.token) &&
Objects.equals(ttl, that.ttl) && Objects.equals(ttl, that.ttl) &&
Objects.equals(creationTime, that.creationTime) && Objects.equals(creationTime, that.creationTime) &&
Objects.equals(creationPath, that.creationPath); Objects.equals(creationPath, that.creationPath);
} }
@Override @Override

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -25,7 +25,10 @@ import org.junit.jupiter.api.io.TempDir;
import java.io.File; import java.io.File;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException; import java.nio.file.NoSuchFileException;
import java.nio.file.Paths;
import java.util.concurrent.atomic.AtomicReference;
import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable; import static com.github.stefanbirkner.systemlambda.SystemLambda.withEnvironmentVariable;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
@@ -38,6 +41,8 @@ import static org.junit.jupiter.api.Assertions.*;
*/ */
class HTTPVaultConnectorBuilderTest { class HTTPVaultConnectorBuilderTest {
private static final String VAULT_ADDR = "https://localhost:8201"; private static final String VAULT_ADDR = "https://localhost:8201";
private static final String VAULT_ADDR_2 = "http://localhost";
private static final String VAULT_ADDR_3 = "https://localhost/vault/";
private static final Integer VAULT_MAX_RETRIES = 13; private static final Integer VAULT_MAX_RETRIES = 13;
private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777"; private static final String VAULT_TOKEN = "00001111-2222-3333-4444-555566667777";
@@ -58,12 +63,12 @@ class HTTPVaultConnectorBuilderTest {
// Specify all options. // Specify all options.
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder() HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
.withHost("vault2.example.com") .withHost("vault2.example.com")
.withoutTLS() .withoutTLS()
.withPort(1234) .withPort(1234)
.withPrefix("/foo/") .withPrefix("/foo/")
.withTimeout(5678) .withTimeout(5678)
.withNumberOfRetries(9); .withNumberOfRetries(9);
connector = builder.build(); connector = builder.build();
assertEquals("http://vault2.example.com:1234/foo/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly"); assertEquals("http://vault2.example.com:1234/foo/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
@@ -74,13 +79,13 @@ class HTTPVaultConnectorBuilderTest {
// Initialization from URL. // Initialization from URL.
assertThrows( assertThrows(
URISyntaxException.class, URISyntaxException.class,
() -> HTTPVaultConnector.builder().withBaseURL("foo:/\\1nv4l1d_UrL"), () -> HTTPVaultConnector.builder().withBaseURL("foo:/\\1nv4l1d_UrL"),
"Initialization from invalid URL should fail" "Initialization from invalid URL should fail"
); );
connector = assertDoesNotThrow( connector = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().withBaseURL("https://vault3.example.com:5678/bar/").build(), () -> HTTPVaultConnector.builder().withBaseURL("https://vault3.example.com:5678/bar/").build(),
"Initialization from valid URL should not fail" "Initialization from valid URL should not fail"
); );
assertEquals("https://vault3.example.com:5678/bar/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly"); assertEquals("https://vault3.example.com:5678/bar/", getRequestHelperPrivate(connector, "baseURL"), "URL not set correctly");
@@ -101,8 +106,8 @@ class HTTPVaultConnectorBuilderTest {
// Provide address only should be enough. // Provide address only should be enough.
withVaultEnv(VAULT_ADDR, null, null, null).execute(() -> { withVaultEnv(VAULT_ADDR, null, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow( HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(), () -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed" "Factory creation from minimal environment failed"
); );
HTTPVaultConnector connector = builder.build(); HTTPVaultConnector connector = builder.build();
@@ -112,12 +117,28 @@ class HTTPVaultConnectorBuilderTest {
return null; return null;
}); });
withVaultEnv(VAULT_ADDR_2, null, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed"
);
assertEquals(VAULT_ADDR_2 + "/v1/", getRequestHelperPrivate(builder.build(), "baseURL"), "URL without port not set correctly");
return null;
});
withVaultEnv(VAULT_ADDR_3, null, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed"
);
assertEquals(VAULT_ADDR_3, getRequestHelperPrivate(builder.build(), "baseURL"), "URL with custom path not set correctly");
return null;
});
// Provide address and number of retries. // Provide address and number of retries.
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> { withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow( HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(), () -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from environment failed" "Factory creation from environment failed"
); );
HTTPVaultConnector connector = builder.build(); HTTPVaultConnector connector = builder.build();
@@ -128,24 +149,11 @@ class HTTPVaultConnectorBuilderTest {
return null; return null;
}); });
// Provide CA certificate.
String vaultCacert = tempDir.toString() + "/doesnotexist";
withVaultEnv(VAULT_ADDR, vaultCacert, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
TlsException e = assertThrows(
TlsException.class,
() -> HTTPVaultConnector.builder().fromEnv(),
"Creation with unknown cert path failed"
);
assertEquals(vaultCacert, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
return null;
});
// Automatic authentication. // Automatic authentication.
withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> { withVaultEnv(VAULT_ADDR, null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow( HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(), () -> HTTPVaultConnector.builder().fromEnv(),
"Factory creation from minimal environment failed" "Factory creation from minimal environment failed"
); );
assertEquals(VAULT_TOKEN, getPrivate(builder, "token"), "Token not set correctly"); assertEquals(VAULT_TOKEN, getPrivate(builder, "token"), "Token not set correctly");
@@ -155,20 +163,73 @@ class HTTPVaultConnectorBuilderTest {
// Invalid URL. // Invalid URL.
withVaultEnv("This is not a valid URL!", null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> { withVaultEnv("This is not a valid URL!", null, VAULT_MAX_RETRIES.toString(), VAULT_TOKEN).execute(() -> {
assertThrows( assertThrows(
ConnectionException.class, ConnectionException.class,
() -> HTTPVaultConnector.builder().fromEnv(), () -> HTTPVaultConnector.builder().fromEnv(),
"Invalid URL from environment should raise an exception" "Invalid URL from environment should raise an exception"
); );
return null; return null;
}); });
} }
/**
* Test CA certificate handling from environment variables
*/
@Test
void testCertificateFromEnv() throws Exception {
// From direct PEM content
String pem = Files.readString(Paths.get(getClass().getResource("/tls/ca.pem").toURI()));
AtomicReference<Object> certFromPem = new AtomicReference<>();
withVaultEnv(VAULT_ADDR, pem, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Builder with PEM certificate from environment failed"
);
HTTPVaultConnector connector = builder.build();
certFromPem.set(getRequestHelperPrivate(connector, "trustedCaCert"));
assertNotNull(certFromPem.get(), "Trusted CA cert from PEM not set");
return null;
});
// From file path
String file = Paths.get(getClass().getResource("/tls/ca.pem").toURI()).toString();
AtomicReference<Object> certFromFile = new AtomicReference<>();
withVaultEnv(VAULT_ADDR, file, null, null).execute(() -> {
HTTPVaultConnectorBuilder builder = assertDoesNotThrow(
() -> HTTPVaultConnector.builder().fromEnv(),
"Builder with certificate path from environment failed"
);
HTTPVaultConnector connector = builder.build();
certFromFile.set(getRequestHelperPrivate(connector, "trustedCaCert"));
assertNotNull(certFromFile.get(), "Trusted CA cert from file not set");
return null;
});
assertEquals(certFromPem.get(), certFromFile.get(), "Certificates from PEM and file should be equal");
// Non-existing path CA certificate path
String doesNotExist = tempDir.toString() + "/doesnotexist";
withVaultEnv(VAULT_ADDR, doesNotExist, VAULT_MAX_RETRIES.toString(), null).execute(() -> {
TlsException e = assertThrows(
TlsException.class,
() -> HTTPVaultConnector.builder().fromEnv(),
"Creation with unknown cert path failed"
);
assertEquals(doesNotExist, assertInstanceOf(NoSuchFileException.class, e.getCause()).getFile());
return null;
});
}
private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) { private SystemLambda.WithEnvironmentVariables withVaultEnv(String vaultAddr, String vaultCacert, String vaultMaxRetries, String vaultToken) {
return withEnvironmentVariable("VAULT_ADDR", vaultAddr) return withEnvironmentVariable("VAULT_ADDR", vaultAddr)
.and("VAULT_CACERT", vaultCacert) .and("VAULT_CACERT", vaultCacert)
.and("VAULT_MAX_RETRIES", vaultMaxRetries) .and("VAULT_MAX_RETRIES", vaultMaxRetries)
.and("VAULT_TOKEN", vaultToken); .and("VAULT_TOKEN", vaultToken);
} }
private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException { private Object getRequestHelperPrivate(HTTPVaultConnector connector, String fieldName) throws NoSuchFieldException, IllegalAccessException {

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
* @since 0.1 * @since 0.1
*/ */
class HTTPVaultConnectorIT { class HTTPVaultConnectorIT {
private static String VAULT_VERSION = "1.18.2"; // The vault version this test is supposed to run against. private static String VAULT_VERSION = "1.20.0"; // The vault version this test is supposed to run against.
private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho"; private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1"; private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB"; private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -86,9 +86,9 @@ class HTTPVaultConnectorIT {
// Initialize connector. // Initialize connector.
HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder() HTTPVaultConnectorBuilder builder = HTTPVaultConnector.builder()
.withHost(config.getHost()) .withHost(config.getHost())
.withPort(config.getPort()) .withPort(config.getPort())
.withTLS(isTls); .withTLS(isTls);
if (isTls) { if (isTls) {
builder.withTrustedCA(Paths.get(getClass().getResource("/tls/ca.pem").getPath())); builder.withTrustedCA(Paths.get(getClass().getResource("/tls/ca.pem").getPath()));
} }
@@ -134,9 +134,9 @@ class HTTPVaultConnectorIT {
final String invalidPath = "secret/invalid/path"; final String invalidPath = "secret/invalid/path";
VaultConnectorException e = assertThrows( VaultConnectorException e = assertThrows(
PermissionDeniedException.class, PermissionDeniedException.class,
() -> connector.read(invalidPath), () -> connector.read(invalidPath),
"Invalid secret path should raise an exception" "Invalid secret path should raise an exception"
); );
// Assert that the exception does not reveal secret or credentials. // Assert that the exception does not reveal secret or credentials.
@@ -147,15 +147,15 @@ class HTTPVaultConnectorIT {
// Try to read accessible path with known value. // Try to read accessible path with known value.
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY), () -> connector.read(SECRET_PATH + "/" + SECRET_KEY),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertEquals(SECRET_VALUE, res.get("value"), "Known secret returned invalid value"); assertEquals(SECRET_VALUE, res.get("value"), "Known secret returned invalid value");
// Try to read accessible path with JSON value. // Try to read accessible path with JSON value.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON), () -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.get("value"), "Known secret returned null value"); assertNotNull(res.get("value"), "Known secret returned null value");
@@ -167,8 +167,8 @@ class HTTPVaultConnectorIT {
// Try to read accessible path with JSON value. // Try to read accessible path with JSON value.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON), () -> connector.read(SECRET_PATH + "/" + SECRET_KEY_JSON),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.get("value"), "Known secret returned null value"); assertNotNull(res.get("value"), "Known secret returned null value");
@@ -180,8 +180,8 @@ class HTTPVaultConnectorIT {
// Try to read accessible complex secret. // Try to read accessible complex secret.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/" + SECRET_KEY_COMPLEX), () -> connector.read(SECRET_PATH + "/" + SECRET_KEY_COMPLEX),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.getData(), "Known secret returned null value"); assertNotNull(res.getData(), "Known secret returned null value");
assertEquals(Map.of("key1", "value1", "key2", "value2"), res.getData(), "Unexpected data"); assertEquals(Map.of("key1", "value1", "key2", "value2"), res.getData(), "Unexpected data");
@@ -198,8 +198,8 @@ class HTTPVaultConnectorIT {
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
// Try to list secrets from valid path. // Try to list secrets from valid path.
List<String> secrets = assertDoesNotThrow( List<String> secrets = assertDoesNotThrow(
() -> connector.list(SECRET_PATH), () -> connector.list(SECRET_PATH),
"Secrets could not be listed" "Secrets could not be listed"
); );
assertNotEquals(0, secrets.size(), "Invalid number of secrets"); assertNotEquals(0, secrets.size(), "Invalid number of secrets");
assertTrue(secrets.contains(SECRET_KEY), "Known secret key not found"); assertTrue(secrets.contains(SECRET_KEY), "Known secret key not found");
@@ -217,33 +217,33 @@ class HTTPVaultConnectorIT {
// Try to write to null path. // Try to write to null path.
assertThrows( assertThrows(
InvalidRequestException.class, InvalidRequestException.class,
() -> connector.write(null, "someValue"), () -> connector.write(null, "someValue"),
"Secret written to null path" "Secret written to null path"
); );
// Try to write to invalid path. // Try to write to invalid path.
assertThrows( assertThrows(
InvalidRequestException.class, InvalidRequestException.class,
() -> connector.write("", "someValue"), () -> connector.write("", "someValue"),
"Secret written to invalid path" "Secret written to invalid path"
); );
// Try to write to a path the user has no access for. // Try to write to a path the user has no access for.
assertThrows( assertThrows(
PermissionDeniedException.class, PermissionDeniedException.class,
() -> connector.write("invalid/path", "someValue"), () -> connector.write("invalid/path", "someValue"),
"Secret written to inaccessible path" "Secret written to inaccessible path"
); );
// Perform a valid write/read roundtrip to valid path. Also check UTF8-encoding. // Perform a valid write/read roundtrip to valid path. Also check UTF8-encoding.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.write(SECRET_PATH + "/temp", "Abc123äöü,!"), () -> connector.write(SECRET_PATH + "/temp", "Abc123äöü,!"),
"Failed to write secret to accessible path" "Failed to write secret to accessible path"
); );
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/temp"), () -> connector.read(SECRET_PATH + "/temp"),
"Written secret could not be read" "Written secret could not be read"
); );
assertEquals("Abc123äöü,!", res.get("value")); assertEquals("Abc123äöü,!", res.get("value"));
} }
@@ -260,26 +260,26 @@ class HTTPVaultConnectorIT {
// Write a test secret to vault. // Write a test secret to vault.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.write(SECRET_PATH + "/toDelete", "secret content"), () -> connector.write(SECRET_PATH + "/toDelete", "secret content"),
"Secret written to inaccessible path" "Secret written to inaccessible path"
); );
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/toDelete"), () -> connector.read(SECRET_PATH + "/toDelete"),
"Written secret could not be read" "Written secret could not be read"
); );
assumeTrue(res != null); assumeTrue(res != null);
// Delete secret. // Delete secret.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.delete(SECRET_PATH + "/toDelete"), () -> connector.delete(SECRET_PATH + "/toDelete"),
"Revocation threw unexpected exception" "Revocation threw unexpected exception"
); );
// Try to read again. // Try to read again.
InvalidResponseException e = assertThrows( InvalidResponseException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.read(SECRET_PATH + "/toDelete"), () -> connector.read(SECRET_PATH + "/toDelete"),
"Successfully read deleted secret" "Successfully read deleted secret"
); );
assertEquals(404, e.getStatusCode()); assertEquals(404, e.getStatusCode());
} }
@@ -296,19 +296,19 @@ class HTTPVaultConnectorIT {
// Write a test secret to vault. // Write a test secret to vault.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.write(SECRET_PATH + "/toRevoke", "secret content"), () -> connector.write(SECRET_PATH + "/toRevoke", "secret content"),
"Secret written to inaccessible path" "Secret written to inaccessible path"
); );
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> connector.read(SECRET_PATH + "/toRevoke"), () -> connector.read(SECRET_PATH + "/toRevoke"),
"Written secret could not be read" "Written secret could not be read"
); );
assumeTrue(res != null); assumeTrue(res != null);
// Revoke secret. // Revoke secret.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.revoke(SECRET_PATH + "/toRevoke"), () -> connector.revoke(SECRET_PATH + "/toRevoke"),
"Revocation threw unexpected exception" "Revocation threw unexpected exception"
); );
} }
} }
@@ -337,8 +337,8 @@ class HTTPVaultConnectorIT {
// Try to read accessible path with known value. // Try to read accessible path with known value.
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret"); assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
assertEquals(2, res.getMetadata().getVersion(), "Unexpected secret version"); assertEquals(2, res.getMetadata().getVersion(), "Unexpected secret version");
@@ -346,8 +346,8 @@ class HTTPVaultConnectorIT {
// Try to read different version of same secret. // Try to read different version of same secret.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1),
"Valid secret version could not be read" "Valid secret version could not be read"
); );
assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version"); assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
assertEquals(SECRET2_VALUE1, res.get("value"), "Known secret returned invalid value"); assertEquals(SECRET2_VALUE1, res.get("value"), "Known secret returned invalid value");
@@ -365,8 +365,8 @@ class HTTPVaultConnectorIT {
// First get the current version of the secret. // First get the current version of the secret.
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading secret metadata failed" "Reading secret metadata failed"
); );
int currentVersion = res.getMetadata().getCurrentVersion(); int currentVersion = res.getMetadata().getCurrentVersion();
@@ -374,25 +374,25 @@ class HTTPVaultConnectorIT {
Map<String, Object> data = new HashMap<>(); Map<String, Object> data = new HashMap<>();
data.put("value", SECRET2_VALUE3); data.put("value", SECRET2_VALUE3);
SecretVersionResponse res2 = assertDoesNotThrow( SecretVersionResponse res2 = assertDoesNotThrow(
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data), () -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data),
"Writing secret to KV v2 store failed" "Writing secret to KV v2 store failed"
); );
assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret"); assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
int currentVersion2 = res2.getMetadata().getVersion(); int currentVersion2 = res2.getMetadata().getVersion();
// Verify the content. // Verify the content.
SecretResponse res3 = assertDoesNotThrow( SecretResponse res3 = assertDoesNotThrow(
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
"Reading secret from KV v2 store failed" "Reading secret from KV v2 store failed"
); );
assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly"); assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
// Now try with explicit CAS value (invalid). // Now try with explicit CAS value (invalid).
Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4); Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4);
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1), () -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1),
"Writing secret to KV v2 with invalid CAS value succeeded" "Writing secret to KV v2 with invalid CAS value succeeded"
); );
// And finally with a correct CAS value. // And finally with a correct CAS value.
@@ -412,22 +412,22 @@ class HTTPVaultConnectorIT {
// Read current metadata first. // Read current metadata first.
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading secret metadata failed" "Reading secret metadata failed"
); );
Integer maxVersions = res.getMetadata().getMaxVersions(); Integer maxVersions = res.getMetadata().getMaxVersions();
assumeTrue(10 == res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions"); assumeTrue(10 == res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
// Now update the metadata. // Now update the metadata.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true), () -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
"Updating secret metadata failed" "Updating secret metadata failed"
); );
// And verify the result. // And verify the result.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading secret metadata failed" "Reading secret metadata failed"
); );
assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions"); assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
} }
@@ -444,8 +444,8 @@ class HTTPVaultConnectorIT {
// Try to read accessible path with known value. // Try to read accessible path with known value.
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret"); assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
assertEquals(2, res.getMetadata().getCurrentVersion(), "Unexpected secret version"); assertEquals(2, res.getMetadata().getCurrentVersion(), "Unexpected secret version");
@@ -467,79 +467,79 @@ class HTTPVaultConnectorIT {
// Try to delete non-existing versions. // Try to delete non-existing versions.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42), () -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42),
"Revealed non-existence of secret versions" "Revealed non-existence of secret versions"
); );
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Revealed non-existence of secret versions" "Revealed non-existence of secret versions"
); );
// Now delete existing version and verify. // Now delete existing version and verify.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
"Deleting existing version failed" "Deleting existing version failed"
); );
MetadataResponse meta = assertDoesNotThrow( MetadataResponse meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading deleted secret metadata failed" "Reading deleted secret metadata failed"
); );
assertNotNull( assertNotNull(
meta.getMetadata().getVersions().get(1).getDeletionTime(), meta.getMetadata().getVersions().get(1).getDeletionTime(),
"Expected deletion time for secret 1" "Expected deletion time for secret 1"
); );
// Undelete the just deleted version. // Undelete the just deleted version.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
"Undeleting existing version failed" "Undeleting existing version failed"
); );
meta = assertDoesNotThrow( meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading deleted secret metadata failed" "Reading deleted secret metadata failed"
); );
assertNull( assertNull(
meta.getMetadata().getVersions().get(1).getDeletionTime(), meta.getMetadata().getVersions().get(1).getDeletionTime(),
"Expected deletion time for secret 1 to be reset" "Expected deletion time for secret 1 to be reset"
); );
// Now destroy it. // Now destroy it.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1),
"Destroying existing version failed" "Destroying existing version failed"
); );
meta = assertDoesNotThrow( meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading destroyed secret metadata failed" "Reading destroyed secret metadata failed"
); );
assertTrue( assertTrue(
meta.getMetadata().getVersions().get(1).isDestroyed(), meta.getMetadata().getVersions().get(1).isDestroyed(),
"Expected secret 1 to be marked destroyed" "Expected secret 1 to be marked destroyed"
); );
// Delete latest version. // Delete latest version.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY), () -> connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY),
"Deleting latest version failed" "Deleting latest version failed"
); );
meta = assertDoesNotThrow( meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading deleted secret metadata failed" "Reading deleted secret metadata failed"
); );
assertNotNull( assertNotNull(
meta.getMetadata().getVersions().get(2).getDeletionTime(), meta.getMetadata().getVersions().get(2).getDeletionTime(),
"Expected secret 2 to be deleted" "Expected secret 2 to be deleted"
); );
// Delete all versions. // Delete all versions.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY), () -> connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY),
"Deleting latest version failed" "Deleting latest version failed"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading metadata of deleted secret should not succeed" "Reading metadata of deleted secret should not succeed"
); );
} }
} }
@@ -566,17 +566,17 @@ class HTTPVaultConnectorIT {
// Authenticate with correct credentials. // Authenticate with correct credentials.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.authAppRole(APPROLE_ROLE, APPROLE_SECRET), () -> connector.authAppRole(APPROLE_ROLE, APPROLE_SECRET),
"Failed to authenticate using AppRole" "Failed to authenticate using AppRole"
); );
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login"); assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
// Authenticate with valid secret ID against unknown role. // Authenticate with valid secret ID against unknown role.
final String invalidRole = "foo"; final String invalidRole = "foo";
InvalidResponseException e = assertThrows( InvalidResponseException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.authAppRole(invalidRole, APPROLE_SECRET), () -> connector.authAppRole(invalidRole, APPROLE_SECRET),
"Successfully logged in with unknown role" "Successfully logged in with unknown role"
); );
// Assert that the exception does not reveal role ID or secret. // Assert that the exception does not reveal role ID or secret.
assertFalse(stackTrace(e).contains(invalidRole)); assertFalse(stackTrace(e).contains(invalidRole));
@@ -585,9 +585,9 @@ class HTTPVaultConnectorIT {
// Authenticate without wrong secret ID. // Authenticate without wrong secret ID.
final String invalidSecret = "foo"; final String invalidSecret = "foo";
e = assertThrows( e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.authAppRole(APPROLE_ROLE, "foo"), () -> connector.authAppRole(APPROLE_ROLE, "foo"),
"Successfully logged in without secret ID" "Successfully logged in without secret ID"
); );
// Assert that the exception does not reveal role ID or secret. // Assert that the exception does not reveal role ID or secret.
assertFalse(stackTrace(e).contains(APPROLE_ROLE)); assertFalse(stackTrace(e).contains(APPROLE_ROLE));
@@ -595,17 +595,17 @@ class HTTPVaultConnectorIT {
// Authenticate without secret ID. // Authenticate without secret ID.
e = assertThrows( e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.authAppRole(APPROLE_ROLE), () -> connector.authAppRole(APPROLE_ROLE),
"Successfully logged in without secret ID" "Successfully logged in without secret ID"
); );
// Assert that the exception does not reveal role ID. // Assert that the exception does not reveal role ID.
assertFalse(stackTrace(e).contains(APPROLE_ROLE)); assertFalse(stackTrace(e).contains(APPROLE_ROLE));
// Authenticate with secret ID on role with CIDR whitelist. // Authenticate with secret ID on role with CIDR whitelist.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.authAppRole(APPROLE_ROLE2, APPROLE_SECRET), () -> connector.authAppRole(APPROLE_ROLE2, APPROLE_SECRET),
"Failed to log in without secret ID" "Failed to log in without secret ID"
); );
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login"); assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
} }
@@ -687,8 +687,8 @@ class HTTPVaultConnectorIT {
// Update role model with custom flags. // Update role model with custom flags.
AppRole role2 = AppRole.builder(roleName) AppRole role2 = AppRole.builder(roleName)
.withTokenPeriod(321) .withTokenPeriod(321)
.build(); .build();
// Create role. // Create role.
boolean res3 = assertDoesNotThrow(() -> connector.createAppRole(role2), "Role creation failed"); boolean res3 = assertDoesNotThrow(() -> connector.createAppRole(role2), "Role creation failed");
@@ -717,8 +717,8 @@ class HTTPVaultConnectorIT {
// Create role by name with policies. // Create role by name with policies.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")), () -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")),
"Creation of role by name failed" "Creation of role by name failed"
); );
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed"); res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
// Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2. // Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
@@ -727,9 +727,9 @@ class HTTPVaultConnectorIT {
// Delete role. // Delete role.
assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed"); assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed");
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.lookupAppRole(roleName3), () -> connector.lookupAppRole(roleName3),
"Deleted role could be looked up" "Deleted role could be looked up"
); );
} }
@@ -745,35 +745,35 @@ class HTTPVaultConnectorIT {
// Create default (random) secret for existing role. // Create default (random) secret for existing role.
AppRoleSecretResponse res = assertDoesNotThrow( AppRoleSecretResponse res = assertDoesNotThrow(
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME), () -> connector.createAppRoleSecret(APPROLE_ROLE_NAME),
"AppRole secret creation failed" "AppRole secret creation failed"
); );
assertNotNull(res.getSecret(), "No secret returned"); assertNotNull(res.getSecret(), "No secret returned");
// Create secret with custom ID. // Create secret with custom ID.
String secretID = "customSecretId"; String secretID = "customSecretId";
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID),
"AppRole secret creation failed" "AppRole secret creation failed"
); );
assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned"); assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
// Lookup secret. // Lookup secret.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
"AppRole secret lookup failed" "AppRole secret lookup failed"
); );
assertNotNull(res.getSecret(), "No secret information returned"); assertNotNull(res.getSecret(), "No secret information returned");
// Destroy secret. // Destroy secret.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID),
"AppRole secret destruction failed" "AppRole secret destruction failed"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
"Destroyed AppRole secret successfully read" "Destroyed AppRole secret successfully read"
); );
} }
} }
@@ -791,17 +791,17 @@ class HTTPVaultConnectorIT {
void authTokenTest() { void authTokenTest() {
final String invalidToken = "52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6"; final String invalidToken = "52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6";
VaultConnectorException e = assertThrows( VaultConnectorException e = assertThrows(
VaultConnectorException.class, VaultConnectorException.class,
() -> connector.authToken(invalidToken), () -> connector.authToken(invalidToken),
"Logged in with invalid token" "Logged in with invalid token"
); );
// Assert that the exception does not reveal the token. // Assert that the exception does not reveal the token.
assertFalse(stackTrace(e).contains(invalidToken)); assertFalse(stackTrace(e).contains(invalidToken));
TokenResponse res = assertDoesNotThrow( TokenResponse res = assertDoesNotThrow(
() -> connector.authToken(TOKEN_ROOT), () -> connector.authToken(TOKEN_ROOT),
"Login failed with valid token" "Login failed with valid token"
); );
assertNotNull(res, "Login failed with valid token"); assertNotNull(res, "Login failed with valid token");
assertTrue(connector.isAuthorized(), "Login failed with valid token"); assertTrue(connector.isAuthorized(), "Login failed with valid token");
@@ -819,10 +819,10 @@ class HTTPVaultConnectorIT {
// Create token. // Create token.
Token token = Token.builder() Token token = Token.builder()
.withId("test-id") .withId("test-id")
.withType(Token.Type.SERVICE) .withType(Token.Type.SERVICE)
.withDisplayName("test name") .withDisplayName("test name")
.build(); .build();
// Create token. // Create token.
AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed"); AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
@@ -841,12 +841,12 @@ class HTTPVaultConnectorIT {
// Create token with attributes. // Create token with attributes.
Token token2 = Token.builder() Token token2 = Token.builder()
.withId("test-id2") .withId("test-id2")
.withDisplayName("test name 2") .withDisplayName("test name 2")
.withPolicies(Collections.singletonList("testpolicy")) .withPolicies(Collections.singletonList("testpolicy"))
.withoutDefaultPolicy() .withoutDefaultPolicy()
.withMeta("foo", "bar") .withMeta("foo", "bar")
.build(); .build();
res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed"); res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed");
assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned"); assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned"); assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned");
@@ -856,18 +856,18 @@ class HTTPVaultConnectorIT {
// Overwrite token should fail as of Vault 0.8.0. // Overwrite token should fail as of Vault 0.8.0.
Token token3 = Token.builder() Token token3 = Token.builder()
.withId("test-id2") .withId("test-id2")
.withDisplayName("test name 3") .withDisplayName("test name 3")
.withPolicies(Arrays.asList("pol1", "pol2")) .withPolicies(Arrays.asList("pol1", "pol2"))
.withDefaultPolicy() .withDefaultPolicy()
.withMeta("test", "success") .withMeta("test", "success")
.withMeta("key", "value") .withMeta("key", "value")
.withTtl(1234) .withTtl(1234L)
.build(); .build();
InvalidResponseException e = assertThrows( InvalidResponseException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.createToken(token3), () -> connector.createToken(token3),
"Overwriting token should fail as of Vault 0.8.0" "Overwriting token should fail as of Vault 0.8.0"
); );
assertEquals(400, e.getStatusCode()); assertEquals(400, e.getStatusCode());
// Assert that the exception does not reveal token ID. // Assert that the exception does not reveal token ID.
@@ -875,16 +875,16 @@ class HTTPVaultConnectorIT {
// Create token with batch type. // Create token with batch type.
Token token4 = Token.builder() Token token4 = Token.builder()
.withDisplayName("test name 3") .withDisplayName("test name 3")
.withPolicy("batchpolicy") .withPolicy("batchpolicy")
.withoutDefaultPolicy() .withoutDefaultPolicy()
.withType(Token.Type.BATCH) .withType(Token.Type.BATCH)
.build(); .build();
res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed"); res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed");
assertTrue( assertTrue(
// Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before. // Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before.
res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."), res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."),
"Unexpected token prefix" "Unexpected token prefix"
); );
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned"); assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
assertTrue(res.getAuth().getPolicies().contains("batchpolicy"), "Custom policy policy not set"); assertTrue(res.getAuth().getPolicies().contains("batchpolicy"), "Custom policy policy not set");
@@ -905,9 +905,9 @@ class HTTPVaultConnectorIT {
// Create token with attributes. // Create token with attributes.
Token token = Token.builder() Token token = Token.builder()
.withId("my-token") .withId("my-token")
.withType(Token.Type.SERVICE) .withType(Token.Type.SERVICE)
.build(); .build();
assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed"); assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
authRoot(); authRoot();
@@ -936,15 +936,15 @@ class HTTPVaultConnectorIT {
final TokenRole role = TokenRole.builder().build(); final TokenRole role = TokenRole.builder().build();
boolean creationRes = assertDoesNotThrow( boolean creationRes = assertDoesNotThrow(
() -> connector.createOrUpdateTokenRole(roleName, role), () -> connector.createOrUpdateTokenRole(roleName, role),
"Token role creation failed" "Token role creation failed"
); );
assertTrue(creationRes, "Token role creation failed"); assertTrue(creationRes, "Token role creation failed");
// Read the role. // Read the role.
TokenRoleResponse res = assertDoesNotThrow( TokenRoleResponse res = assertDoesNotThrow(
() -> connector.readTokenRole(roleName), () -> connector.readTokenRole(roleName),
"Reading token role failed" "Reading token role failed"
); );
assertNotNull(res, "Token role response must not be null"); assertNotNull(res, "Token role response must not be null");
assertNotNull(res.getData(), "Token role must not be null"); assertNotNull(res.getData(), "Token role must not be null");
@@ -955,16 +955,16 @@ class HTTPVaultConnectorIT {
// Update the role, i.e. change some attributes. // Update the role, i.e. change some attributes.
final TokenRole role2 = TokenRole.builder() final TokenRole role2 = TokenRole.builder()
.forName(roleName) .forName(roleName)
.withPathSuffix("suffix") .withPathSuffix("suffix")
.orphan(true) .orphan(true)
.renewable(false) .renewable(false)
.withTokenNumUses(42) .withTokenNumUses(42)
.build(); .build();
creationRes = assertDoesNotThrow( creationRes = assertDoesNotThrow(
() -> connector.createOrUpdateTokenRole(role2), () -> connector.createOrUpdateTokenRole(role2),
"Token role update failed" "Token role update failed"
); );
assertTrue(creationRes, "Token role update failed"); assertTrue(creationRes, "Token role update failed");
@@ -989,6 +989,75 @@ class HTTPVaultConnectorIT {
} }
} }
@Nested
@DisplayName("Transit Tests")
class TransitTests {
@Test
@DisplayName("Transit encryption")
void transitEncryptTest() {
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="),
"Failed to encrypt via transit"
);
assertNotNull(transitResponse.getCiphertext());
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
transitResponse = assertDoesNotThrow(
() -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)),
"Failed to encrypt binary data via transit"
);
assertNotNull(transitResponse.getCiphertext());
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
}
@Test
@DisplayName("Transit decryption")
void transitDecryptTest() {
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
"Failed to decrypt via transit"
);
assertEquals("dGVzdCBtZQ==", transitResponse.getPlaintext());
}
@Test
@DisplayName("Transit hash")
void transitHashText() {
assertDoesNotThrow(() -> connector.authToken(TOKEN_ROOT));
assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="),
"Failed to hash via transit"
);
assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
TransitResponse transitResponseBase64 = assertDoesNotThrow(
() -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"),
"Failed to hash via transit with base64 output"
);
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
transitResponseBase64 = assertDoesNotThrow(
() -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"),
"Failed to hash binary data via transit"
);
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
}
}
@Nested @Nested
@DisplayName("Misc Tests") @DisplayName("Misc Tests")
class MiscTests { class MiscTests {
@@ -1003,8 +1072,8 @@ class HTTPVaultConnectorIT {
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
List<AuthBackend> supportedBackends = assertDoesNotThrow( List<AuthBackend> supportedBackends = assertDoesNotThrow(
() -> connector.getAuthBackends(), () -> connector.getAuthBackends(),
"Could not list supported auth backends" "Could not list supported auth backends"
); );
assertEquals(3, supportedBackends.size()); assertEquals(3, supportedBackends.size());
@@ -1020,17 +1089,17 @@ class HTTPVaultConnectorIT {
final String invalidUser = "foo"; final String invalidUser = "foo";
final String invalidPass = "bar"; final String invalidPass = "bar";
VaultConnectorException e = assertThrows( VaultConnectorException e = assertThrows(
VaultConnectorException.class, VaultConnectorException.class,
() -> connector.authUserPass(invalidUser, invalidPass), () -> connector.authUserPass(invalidUser, invalidPass),
"Logged in with invalid credentials" "Logged in with invalid credentials"
); );
// Assert that the exception does not reveal credentials. // Assert that the exception does not reveal credentials.
assertFalse(stackTrace(e).contains(invalidUser)); assertFalse(stackTrace(e).contains(invalidUser));
assertFalse(stackTrace(e).contains(invalidPass)); assertFalse(stackTrace(e).contains(invalidPass));
AuthResponse res = assertDoesNotThrow( AuthResponse res = assertDoesNotThrow(
() -> connector.authUserPass(USER_VALID, PASS_VALID), () -> connector.authUserPass(USER_VALID, PASS_VALID),
"Login failed with valid credentials: Exception thrown" "Login failed with valid credentials: Exception thrown"
); );
assertNotNull(res.getAuth(), "Login failed with valid credentials: Response not available"); assertNotNull(res.getAuth(), "Login failed with valid credentials: Response not available");
assertTrue(connector.isAuthorized(), "Login failed with valid credentials: Connector not authorized"); assertTrue(connector.isAuthorized(), "Login failed with valid credentials: Connector not authorized");
@@ -1044,14 +1113,14 @@ class HTTPVaultConnectorIT {
@DisplayName("TLS connection test") @DisplayName("TLS connection test")
void tlsConnectionTest() { void tlsConnectionTest() {
assertThrows( assertThrows(
VaultConnectorException.class, VaultConnectorException.class,
() -> connector.authToken("52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6"), () -> connector.authToken("52135869df23a5e64c5d33a9785af5edb456b8a4a235d1fe135e6fba1c35edf6"),
"Logged in with invalid token" "Logged in with invalid token"
); );
TokenResponse res = assertDoesNotThrow( TokenResponse res = assertDoesNotThrow(
() -> connector.authToken(TOKEN_ROOT), () -> connector.authToken(TOKEN_ROOT),
"Login failed with valid token" "Login failed with valid token"
); );
assertNotNull(res, "Login failed with valid token"); assertNotNull(res, "Login failed with valid token");
assertTrue(connector.isAuthorized(), "Login failed with valid token"); assertTrue(connector.isAuthorized(), "Login failed with valid token");
@@ -1138,22 +1207,22 @@ class HTTPVaultConnectorIT {
// Generate vault local unencrypted configuration. // Generate vault local unencrypted configuration.
VaultConfiguration config = new VaultConfiguration() VaultConfiguration config = new VaultConfiguration()
.withHost("localhost") .withHost("localhost")
.withPort(getFreePort()) .withPort(getFreePort())
.withDataLocation(dataDir.toPath()) .withDataLocation(dataDir.toPath())
.disableMlock(); .disableMlock();
// Enable TLS with custom certificate and key, if required. // Enable TLS with custom certificate and key, if required.
if (tls) { if (tls) {
config.enableTLS() config.enableTLS()
.withCert(getClass().getResource("/tls/server.pem").getPath()) .withCert(getClass().getResource("/tls/server.pem").getPath())
.withKey(getClass().getResource("/tls/server.key").getPath()); .withKey(getClass().getResource("/tls/server.key").getPath());
} }
// Write configuration file. // Write configuration file.
File configFile = new File(dir, "vault.conf"); File configFile = new File(dir, "vault.conf");
try { try {
Files.write(configFile.toPath(), config.toString().getBytes(UTF_8)); Files.writeString(configFile.toPath(), config.toString(), UTF_8);
} catch (IOException e) { } catch (IOException e) {
throw new IllegalStateException("Unable to generate config file", e); throw new IllegalStateException("Unable to generate config file", e);
} }
@@ -1213,10 +1282,8 @@ class HTTPVaultConnectorIT {
return socket.getLocalPort(); return socket.getLocalPort();
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); throw new IllegalStateException("Unable to find a free TCP port", e);
} }
throw new IllegalStateException("Unable to find a free TCP port");
} }
/** /**

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -17,13 +17,13 @@
package de.stklcode.jvault.connector; package de.stklcode.jvault.connector;
import com.github.tomakehurst.wiremock.client.WireMock; import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.junit5.WireMockExtension; import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
import com.github.tomakehurst.wiremock.junit5.WireMockTest;
import de.stklcode.jvault.connector.exception.ConnectionException; import de.stklcode.jvault.connector.exception.ConnectionException;
import de.stklcode.jvault.connector.exception.InvalidResponseException; import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.exception.PermissionDeniedException; import de.stklcode.jvault.connector.exception.PermissionDeniedException;
import de.stklcode.jvault.connector.exception.VaultConnectorException; import de.stklcode.jvault.connector.exception.VaultConnectorException;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.api.function.Executable; import org.junit.jupiter.api.function.Executable;
import java.io.IOException; import java.io.IOException;
@@ -36,9 +36,7 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse; import static com.github.tomakehurst.wiremock.client.WireMock.*;
import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
/** /**
@@ -48,26 +46,23 @@ import static org.junit.jupiter.api.Assertions.*;
* @author Stefan Kalscheuer * @author Stefan Kalscheuer
* @since 0.7.0 * @since 0.7.0
*/ */
@WireMockTest
class HTTPVaultConnectorTest { class HTTPVaultConnectorTest {
@RegisterExtension
static WireMockExtension wireMock = WireMockExtension.newInstance()
.options(wireMockConfig().dynamicPort())
.build();
/** /**
* Test exceptions thrown during request. * Test exceptions thrown during request.
*/ */
@Test @Test
void requestExceptionTest() throws IOException, URISyntaxException { void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build(); HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
// Test invalid response code. // Test invalid response code.
final int responseCode = 400; final int responseCode = 400;
mockHttpResponse(responseCode, "", "application/json"); mockHttpResponse(responseCode, "", "application/json");
VaultConnectorException e = assertThrows( VaultConnectorException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message"); assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception"); assertEquals(responseCode, ((InvalidResponseException) e).getStatusCode(), "Unexpected status code in exception");
@@ -76,9 +71,9 @@ class HTTPVaultConnectorTest {
// Simulate permission denied response. // Simulate permission denied response.
mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json"); mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
assertThrows( assertThrows(
PermissionDeniedException.class, PermissionDeniedException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
// Test exception thrown during request. // Test exception thrown during request.
@@ -86,22 +81,22 @@ class HTTPVaultConnectorTest {
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build(); connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build();
} }
e = assertThrows( e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause"); assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
// Now simulate a failing request that succeeds on second try. // Now simulate a failing request that succeeds on second try.
connector = HTTPVaultConnector.builder(wireMock.url("/")).withNumberOfRetries(1).withTimeout(250).build(); connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build();
wireMock.stubFor( stubFor(
WireMock.any(anyUrl()) WireMock.any(anyUrl())
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json")) .willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
); );
assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly"); assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly");
} }
@@ -164,9 +159,9 @@ class HTTPVaultConnectorTest {
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build(); connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort()).withTimeout(250).build();
} }
ConnectionException e = assertThrows( ConnectionException e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::sealStatus, connector::sealStatus,
"Querying seal status succeeded on invalid instance" "Querying seal status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
} }
@@ -182,9 +177,9 @@ class HTTPVaultConnectorTest {
connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build(); connector = HTTPVaultConnector.builder("http://localhost:" + s.getLocalPort() + "/").withTimeout(250).build();
} }
ConnectionException e = assertThrows( ConnectionException e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::getHealth, connector::getHealth,
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
} }
@@ -193,8 +188,8 @@ class HTTPVaultConnectorTest {
* Test behavior on unparsable responses. * Test behavior on unparsable responses.
*/ */
@Test @Test
void parseExceptionTest() throws URISyntaxException { void parseExceptionTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build(); HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
// Mock authorization. // Mock authorization.
setPrivate(connector, "authorized", true); setPrivate(connector, "authorized", true);
// Mock response. // Mock response.
@@ -227,8 +222,8 @@ class HTTPVaultConnectorTest {
* Test requests that expect an empty response with code 204, but receive a 200 body. * Test requests that expect an empty response with code 204, but receive a 200 body.
*/ */
@Test @Test
void nonEmpty204ResponseTest() throws URISyntaxException { void nonEmpty204ResponseTest(WireMockRuntimeInfo wireMock) throws URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.url("/")).withTimeout(250).build(); HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build();
// Mock authorization. // Mock authorization.
setPrivate(connector, "authorized", true); setPrivate(connector, "authorized", true);
// Mock response. // Mock response.
@@ -236,45 +231,45 @@ class HTTPVaultConnectorTest {
// Now test the methods expecting a 204. // Now test the methods expecting a 204.
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.createAppRole("appID", Collections.singletonList("policy")), () -> connector.createAppRole("appID", Collections.singletonList("policy")),
"createAppRole() with 200 response succeeded" "createAppRole() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.deleteAppRole("roleName"), () -> connector.deleteAppRole("roleName"),
"deleteAppRole() with 200 response succeeded" "deleteAppRole() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.setAppRoleID("roleName", "roleID"), () -> connector.setAppRoleID("roleName", "roleID"),
"setAppRoleID() with 200 response succeeded" "setAppRoleID() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.destroyAppRoleSecret("roleName", "secretID"), () -> connector.destroyAppRoleSecret("roleName", "secretID"),
"destroyAppRoleSecret() with 200 response succeeded" "destroyAppRoleSecret() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.destroyAppRoleSecret("roleName", "secretUD"), () -> connector.destroyAppRoleSecret("roleName", "secretUD"),
"destroyAppRoleSecret() with 200 response succeeded" "destroyAppRoleSecret() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.delete("key"), () -> connector.delete("key"),
"delete() with 200 response succeeded" "delete() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.revoke("leaseID"), () -> connector.revoke("leaseID"),
"destroyAppRoleSecret() with 200 response succeeded" "destroyAppRoleSecret() with 200 response succeeded"
); );
} }
@@ -310,10 +305,10 @@ class HTTPVaultConnectorTest {
} }
private void mockHttpResponse(int status, String body, String contentType) { private void mockHttpResponse(int status, String body, String contentType) {
wireMock.stubFor( stubFor(
WireMock.any(anyUrl()).willReturn( WireMock.any(anyUrl()).willReturn(
aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType) aResponse().withStatus(status).withBody(body).withHeader("Content-Type", contentType)
) )
); );
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -3,6 +3,7 @@ package de.stklcode.jvault.connector.model;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import nl.jqno.equalsverifier.EqualsVerifier; import nl.jqno.equalsverifier.EqualsVerifier;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -29,10 +30,11 @@ public abstract class AbstractModelTest<T> {
*/ */
protected AbstractModelTest(Class<T> modelClass) { protected AbstractModelTest(Class<T> modelClass) {
this.modelClass = modelClass; this.modelClass = modelClass;
this.objectMapper = new ObjectMapper() this.objectMapper = JsonMapper.builder()
.registerModule(new JavaTimeModule()) .addModule(new JavaTimeModule())
.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) .enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
.disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE); .disable(DeserializationFeature.ADJUST_DATES_TO_CONTEXT_TIME_ZONE)
.build();
} }
/** /**

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -35,8 +35,8 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> { class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
private static final String TEST_ID = "abc123"; private static final String TEST_ID = "abc123";
private static final Map<String, Object> TEST_META = Map.of( private static final Map<String, Object> TEST_META = Map.of(
"foo", "bar", "foo", "bar",
"number", 1337 "number", 1337
); );
private static final List<String> TEST_CIDR = List.of("203.0.113.0/24", "198.51.100.0/24"); private static final List<String> TEST_CIDR = List.of("203.0.113.0/24", "198.51.100.0/24");
@@ -122,8 +122,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
String secretJson2 = commaSeparatedToList(secretJson); String secretJson2 = commaSeparatedToList(secretJson);
AppRoleSecret secret2 = assertDoesNotThrow( AppRoleSecret secret2 = assertDoesNotThrow(
() -> objectMapper.readValue(secretJson2, AppRoleSecret.class), () -> objectMapper.readValue(secretJson2, AppRoleSecret.class),
"Deserialization failed" "Deserialization failed"
); );
assertEquals(secret2.getId(), secret.getId()); assertEquals(secret2.getId(), secret.getId());
assertEquals(secret2.getMetadata(), secret.getMetadata()); assertEquals(secret2.getMetadata(), secret.getMetadata());
@@ -144,8 +144,8 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
assumeTrue(secret.getTtl() == 12345); assumeTrue(secret.getTtl() == 12345);
String secretJson3 = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed"); String secretJson3 = assertDoesNotThrow(() -> objectMapper.writeValueAsString(secret), "Serialization failed");
secret2 = assertDoesNotThrow( secret2 = assertDoesNotThrow(
() -> objectMapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class), () -> objectMapper.readValue(commaSeparatedToList(secretJson3), AppRoleSecret.class),
"Deserialization failed" "Deserialization failed"
); );
assertEquals(secret2.getId(), secret.getId()); assertEquals(secret2.getId(), secret.getId());
assertEquals(secret2.getMetadata(), secret.getMetadata()); assertEquals(secret2.getMetadata(), secret.getMetadata());
@@ -159,9 +159,9 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
// Those fields should be deserialized from JSON though. // Those fields should be deserialized from JSON though.
String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," + String secretJson4 = "{\"secret_id\":\"abc123\",\"metadata\":{\"number\":1337,\"foo\":\"bar\"}," +
"\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," + "\"cidr_list\":[\"203.0.113.0/24\",\"198.51.100.0/24\"],\"secret_id_accessor\":\"TEST_ACCESSOR\"," +
"\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," + "\"creation_time\":\"TEST_CREATION\",\"expiration_time\":\"TEST_EXPIRATION\"," +
"\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}"; "\"last_updated_time\":\"TEST_LASTUPDATE\",\"secret_id_num_uses\":678,\"secret_id_ttl\":12345}";
secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed"); secret2 = assertDoesNotThrow(() -> objectMapper.readValue(secretJson4, AppRoleSecret.class), "Deserialization failed");
assertEquals("TEST_ACCESSOR", secret2.getAccessor()); assertEquals("TEST_ACCESSOR", secret2.getAccessor());
assertEquals("TEST_CREATION", secret2.getCreationTime()); assertEquals("TEST_CREATION", secret2.getCreationTime());
@@ -181,6 +181,6 @@ class AppRoleSecretTest extends AbstractModelTest<AppRoleSecret> {
private static String commaSeparatedToList(String json) { private static String commaSeparatedToList(String json) {
return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]") return json.replaceAll("\"cidr_list\":\"([^\"]*)\"", "\"cidr_list\":[$1]")
.replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\""); .replaceAll("(\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+)", "\"$1\"");
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -42,18 +42,18 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
private static final String POLICY = "policy"; private static final String POLICY = "policy";
private static final String POLICY_2 = "policy2"; private static final String POLICY_2 = "policy2";
private static final Integer SECRET_ID_NUM_USES = 10; private static final Integer SECRET_ID_NUM_USES = 10;
private static final Integer SECRET_ID_TTL = 7200; private static final Long SECRET_ID_TTL = 7200L;
private static final Boolean LOCAL_SECRET_IDS = false; private static final Boolean LOCAL_SECRET_IDS = false;
private static final Integer TOKEN_TTL = 4800; private static final Long TOKEN_TTL = 4800L;
private static final Integer TOKEN_MAX_TTL = 9600; private static final Long TOKEN_MAX_TTL = 9600L;
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400; private static final Long TOKEN_EXPLICIT_MAX_TTL = 14400L;
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false; private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
private static final Integer TOKEN_NUM_USES = 42; private static final Integer TOKEN_NUM_USES = 42;
private static final Integer TOKEN_PERIOD = 1234; private static final Integer TOKEN_PERIOD = 1234;
private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE; private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}"; private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}", private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value()); NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
AppRoleTest() { AppRoleTest() {
super(AppRole.class); super(AppRole.class);
@@ -62,22 +62,22 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
@Override @Override
protected AppRole createFull() { protected AppRole createFull() {
return AppRole.builder(NAME) return AppRole.builder(NAME)
.withId(ID) .withId(ID)
.withBindSecretID(BIND_SECRET_ID) .withBindSecretID(BIND_SECRET_ID)
.withSecretIdBoundCidrs(BOUND_CIDR_LIST) .withSecretIdBoundCidrs(BOUND_CIDR_LIST)
.withTokenPolicies(POLICIES) .withTokenPolicies(POLICIES)
.withSecretIdNumUses(SECRET_ID_NUM_USES) .withSecretIdNumUses(SECRET_ID_NUM_USES)
.withSecretIdTtl(SECRET_ID_TTL) .withSecretIdTtl(SECRET_ID_TTL)
.withLocalSecretIds(LOCAL_SECRET_IDS) .withLocalSecretIds(LOCAL_SECRET_IDS)
.withTokenTtl(TOKEN_TTL) .withTokenTtl(TOKEN_TTL)
.withTokenMaxTtl(TOKEN_MAX_TTL) .withTokenMaxTtl(TOKEN_MAX_TTL)
.withTokenBoundCidrs(BOUND_CIDR_LIST) .withTokenBoundCidrs(BOUND_CIDR_LIST)
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL) .withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY) .withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
.withTokenNumUses(TOKEN_NUM_USES) .withTokenNumUses(TOKEN_NUM_USES)
.withTokenPeriod(TOKEN_PERIOD) .withTokenPeriod(TOKEN_PERIOD)
.withTokenType(TOKEN_TYPE) .withTokenType(TOKEN_TYPE)
.build(); .build();
} }
@BeforeAll @BeforeAll
@@ -159,11 +159,11 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
assertEquals(1, role.getTokenBoundCidrs().size()); assertEquals(1, role.getTokenBoundCidrs().size());
assertEquals(CIDR_2, role.getTokenBoundCidrs().get(0)); assertEquals(CIDR_2, role.getTokenBoundCidrs().get(0));
role = AppRole.builder(NAME) role = AppRole.builder(NAME)
.withSecretIdBoundCidrs(BOUND_CIDR_LIST) .withSecretIdBoundCidrs(BOUND_CIDR_LIST)
.withSecretBoundCidr(CIDR_2) .withSecretBoundCidr(CIDR_2)
.withTokenBoundCidrs(BOUND_CIDR_LIST) .withTokenBoundCidrs(BOUND_CIDR_LIST)
.withTokenBoundCidr(CIDR_2) .withTokenBoundCidr(CIDR_2)
.build(); .build();
assertEquals(2, role.getSecretIdBoundCidrs().size()); assertEquals(2, role.getSecretIdBoundCidrs().size());
assertTrue(role.getSecretIdBoundCidrs().containsAll(List.of(CIDR_1, CIDR_2))); assertTrue(role.getSecretIdBoundCidrs().containsAll(List.of(CIDR_1, CIDR_2)));
assertEquals(2, role.getTokenBoundCidrs().size()); assertEquals(2, role.getTokenBoundCidrs().size());
@@ -174,9 +174,9 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
assertEquals(1, role.getTokenPolicies().size()); assertEquals(1, role.getTokenPolicies().size());
assertEquals(POLICY_2, role.getTokenPolicies().get(0)); assertEquals(POLICY_2, role.getTokenPolicies().get(0));
role = AppRole.builder(NAME) role = AppRole.builder(NAME)
.withTokenPolicies(POLICIES) .withTokenPolicies(POLICIES)
.withTokenPolicy(POLICY_2) .withTokenPolicy(POLICY_2)
.build(); .build();
assertEquals(2, role.getTokenPolicies().size()); assertEquals(2, role.getTokenPolicies().size());
assertTrue(role.getTokenPolicies().containsAll(List.of(POLICY, POLICY_2))); assertTrue(role.getTokenPolicies().containsAll(List.of(POLICY, POLICY_2)));
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -59,28 +59,28 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24"; private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24"; private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1); private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 1234; private static final Long TOKEN_EXPLICIT_MAX_TTL = 1234L;
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false; private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
private static final Integer TOKEN_NUM_USES = 5; private static final Integer TOKEN_NUM_USES = 5;
private static final Integer TOKEN_PERIOD = 2345; private static final Integer TOKEN_PERIOD = 2345;
private static final Token.Type TOKEN_TYPE = Token.Type.SERVICE; private static final Token.Type TOKEN_TYPE = Token.Type.SERVICE;
private static final String JSON_FULL = "{" + private static final String JSON_FULL = "{" +
"\"name\":\"" + NAME + "\"," + "\"name\":\"" + NAME + "\"," +
"\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," + "\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," +
"\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," + "\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," +
"\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," + "\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," +
"\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," + "\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," +
"\"orphan\":" + ORPHAN + "," + "\"orphan\":" + ORPHAN + "," +
"\"renewable\":" + RENEWABLE + "," + "\"renewable\":" + RENEWABLE + "," +
"\"path_suffix\":\"" + PATH_SUFFIX + "\"," + "\"path_suffix\":\"" + PATH_SUFFIX + "\"," +
"\"allowed_entity_aliases\":[\"" + ALLOWED_ENTITY_ALIAS_1 + "\",\"" + ALLOWED_ENTITY_ALIAS_3 + "\",\"" + ALLOWED_ENTITY_ALIAS_2 + "\"]," + "\"allowed_entity_aliases\":[\"" + ALLOWED_ENTITY_ALIAS_1 + "\",\"" + ALLOWED_ENTITY_ALIAS_3 + "\",\"" + ALLOWED_ENTITY_ALIAS_2 + "\"]," +
"\"token_bound_cidrs\":[\"" + TOKEN_BOUND_CIDR_3 + "\",\"" + TOKEN_BOUND_CIDR_2 + "\",\"" + TOKEN_BOUND_CIDR_1 + "\"]," + "\"token_bound_cidrs\":[\"" + TOKEN_BOUND_CIDR_3 + "\",\"" + TOKEN_BOUND_CIDR_2 + "\",\"" + TOKEN_BOUND_CIDR_1 + "\"]," +
"\"token_explicit_max_ttl\":" + TOKEN_EXPLICIT_MAX_TTL + "," + "\"token_explicit_max_ttl\":" + TOKEN_EXPLICIT_MAX_TTL + "," +
"\"token_no_default_policy\":" + TOKEN_NO_DEFAULT_POLICY + "," + "\"token_no_default_policy\":" + TOKEN_NO_DEFAULT_POLICY + "," +
"\"token_num_uses\":" + TOKEN_NUM_USES + "," + "\"token_num_uses\":" + TOKEN_NUM_USES + "," +
"\"token_period\":" + TOKEN_PERIOD + "," + "\"token_period\":" + TOKEN_PERIOD + "," +
"\"token_type\":\"" + TOKEN_TYPE.value() + "\"}"; "\"token_type\":\"" + TOKEN_TYPE.value() + "\"}";
TokenRoleTest() { TokenRoleTest() {
super(TokenRole.class); super(TokenRole.class);
@@ -89,28 +89,28 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
@Override @Override
protected TokenRole createFull() { protected TokenRole createFull() {
return TokenRole.builder() return TokenRole.builder()
.forName(NAME) .forName(NAME)
.withAllowedPolicies(ALLOWED_POLICIES) .withAllowedPolicies(ALLOWED_POLICIES)
.withAllowedPolicy(ALLOWED_POLICY_3) .withAllowedPolicy(ALLOWED_POLICY_3)
.withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1) .withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1)
.withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB) .withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB)
.withDisallowedPolicy(DISALLOWED_POLICY_1) .withDisallowedPolicy(DISALLOWED_POLICY_1)
.withDisallowedPolicies(DISALLOWED_POLICIES) .withDisallowedPolicies(DISALLOWED_POLICIES)
.withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB) .withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB)
.withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3) .withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3)
.orphan(ORPHAN) .orphan(ORPHAN)
.renewable(RENEWABLE) .renewable(RENEWABLE)
.withPathSuffix(PATH_SUFFIX) .withPathSuffix(PATH_SUFFIX)
.withAllowedEntityAliases(ALLOWED_ENTITY_ALIASES) .withAllowedEntityAliases(ALLOWED_ENTITY_ALIASES)
.withAllowedEntityAlias(ALLOWED_ENTITY_ALIAS_2) .withAllowedEntityAlias(ALLOWED_ENTITY_ALIAS_2)
.withTokenBoundCidr(TOKEN_BOUND_CIDR_3) .withTokenBoundCidr(TOKEN_BOUND_CIDR_3)
.withTokenBoundCidrs(TOKEN_BOUND_CIDRS) .withTokenBoundCidrs(TOKEN_BOUND_CIDRS)
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL) .withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY) .withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
.withTokenNumUses(TOKEN_NUM_USES) .withTokenNumUses(TOKEN_NUM_USES)
.withTokenPeriod(TOKEN_PERIOD) .withTokenPeriod(TOKEN_PERIOD)
.withTokenType(TOKEN_TYPE) .withTokenType(TOKEN_TYPE)
.build(); .build();
} }
/** /**
@@ -141,24 +141,24 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
@Test @Test
void buildNullTest() throws JsonProcessingException { void buildNullTest() throws JsonProcessingException {
TokenRole role = TokenRole.builder() TokenRole role = TokenRole.builder()
.forName(null) .forName(null)
.withAllowedPolicies(null) .withAllowedPolicies(null)
.withAllowedPolicy(null) .withAllowedPolicy(null)
.withDisallowedPolicy(null) .withDisallowedPolicy(null)
.withDisallowedPolicies(null) .withDisallowedPolicies(null)
.orphan(null) .orphan(null)
.renewable(null) .renewable(null)
.withPathSuffix(null) .withPathSuffix(null)
.withAllowedEntityAliases(null) .withAllowedEntityAliases(null)
.withAllowedEntityAlias(null) .withAllowedEntityAlias(null)
.withTokenBoundCidr(null) .withTokenBoundCidr(null)
.withTokenBoundCidrs(null) .withTokenBoundCidrs(null)
.withTokenExplicitMaxTtl(null) .withTokenExplicitMaxTtl(null)
.withTokenNoDefaultPolicy(null) .withTokenNoDefaultPolicy(null)
.withTokenNumUses(null) .withTokenNumUses(null)
.withTokenPeriod(null) .withTokenPeriod(null)
.withTokenType(null) .withTokenType(null)
.build(); .build();
assertNull(role.getAllowedPolicies()); assertNull(role.getAllowedPolicies());
assertNull(role.getDisallowedPolicies()); assertNull(role.getDisallowedPolicies());
@@ -173,7 +173,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
assertNull(role.getTokenType()); assertNull(role.getTokenType());
// Empty builder should be equal to no-arg construction. // Empty builder should be equal to no-arg construction.
assertEquals(role, new TokenRole()); assertEquals(new TokenRole(), role);
// Optional fields should be ignored, so JSON string should be empty. // Optional fields should be ignored, so JSON string should be empty.
assertEquals("{}", objectMapper.writeValueAsString(role)); assertEquals("{}", objectMapper.writeValueAsString(role));

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -35,8 +35,8 @@ class TokenTest extends AbstractModelTest<Token> {
private static final String DISPLAY_NAME = "display-name"; private static final String DISPLAY_NAME = "display-name";
private static final Boolean NO_PARENT = false; private static final Boolean NO_PARENT = false;
private static final Boolean NO_DEFAULT_POLICY = false; private static final Boolean NO_DEFAULT_POLICY = false;
private static final Integer TTL = 123; private static final Long TTL = 123L;
private static final Integer EXPLICIT_MAX_TTL = 456; private static final Long EXPLICIT_MAX_TTL = 456L;
private static final Integer NUM_USES = 4; private static final Integer NUM_USES = 4;
private static final List<String> POLICIES = new ArrayList<>(); private static final List<String> POLICIES = new ArrayList<>();
private static final String POLICY = "policy"; private static final String POLICY = "policy";
@@ -59,20 +59,20 @@ class TokenTest extends AbstractModelTest<Token> {
@Override @Override
protected Token createFull() { protected Token createFull() {
return Token.builder() return Token.builder()
.withId(ID) .withId(ID)
.withType(Token.Type.SERVICE) .withType(Token.Type.SERVICE)
.withDisplayName(DISPLAY_NAME) .withDisplayName(DISPLAY_NAME)
.withNoParent(NO_PARENT) .withNoParent(NO_PARENT)
.withNoDefaultPolicy(NO_DEFAULT_POLICY) .withNoDefaultPolicy(NO_DEFAULT_POLICY)
.withTtl(TTL) .withTtl(TTL)
.withExplicitMaxTtl(EXPLICIT_MAX_TTL) .withExplicitMaxTtl(EXPLICIT_MAX_TTL)
.withNumUses(NUM_USES) .withNumUses(NUM_USES)
.withPolicies(POLICIES) .withPolicies(POLICIES)
.withMeta(META) .withMeta(META)
.withRenewable(RENEWABLE) .withRenewable(RENEWABLE)
.withPeriod(PERIOD) .withPeriod(PERIOD)
.withEntityAlias(ENTITY_ALIAS) .withEntityAlias(ENTITY_ALIAS)
.build(); .build();
} }
@BeforeAll @BeforeAll
@@ -105,7 +105,7 @@ class TokenTest extends AbstractModelTest<Token> {
assertEquals("{}", objectMapper.writeValueAsString(token)); assertEquals("{}", objectMapper.writeValueAsString(token));
// Empty builder should be equal to no-arg construction. // Empty builder should be equal to no-arg construction.
assertEquals(token, new Token()); assertEquals(new Token(), token);
} }
/** /**
@@ -159,9 +159,9 @@ class TokenTest extends AbstractModelTest<Token> {
assertEquals(1, token.getPolicies().size()); assertEquals(1, token.getPolicies().size());
assertEquals(List.of(POLICY_2), token.getPolicies()); assertEquals(List.of(POLICY_2), token.getPolicies());
token = Token.builder() token = Token.builder()
.withPolicies(POLICY, POLICY_2) .withPolicies(POLICY, POLICY_2)
.withPolicy(POLICY_3) .withPolicy(POLICY_3)
.build(); .build();
assertEquals(3, token.getPolicies().size()); assertEquals(3, token.getPolicies().size());
assertTrue(token.getPolicies().containsAll(List.of(POLICY, POLICY_2, POLICY_3))); assertTrue(token.getPolicies().containsAll(List.of(POLICY, POLICY_2, POLICY_3)));
@@ -171,9 +171,9 @@ class TokenTest extends AbstractModelTest<Token> {
assertEquals(Set.of(META_KEY_2), token.getMeta().keySet()); assertEquals(Set.of(META_KEY_2), token.getMeta().keySet());
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2)); assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));
token = Token.builder() token = Token.builder()
.withMeta(META) .withMeta(META)
.withMeta(META_KEY_2, META_VALUE_2) .withMeta(META_KEY_2, META_VALUE_2)
.build(); .build();
assertEquals(2, token.getMeta().size()); assertEquals(2, token.getMeta().size());
assertEquals(META_VALUE, token.getMeta().get(META_KEY)); assertEquals(META_VALUE, token.getMeta().get(META_KEY));
assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2)); assertEquals(META_VALUE_2, token.getMeta().get(META_KEY_2));

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.AppRole; import de.stklcode.jvault.connector.model.AppRole;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -32,34 +31,34 @@ import static org.junit.jupiter.api.Assertions.*;
* @since 0.6.2 * @since 0.6.2
*/ */
class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> { class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
private static final Integer ROLE_TOKEN_TTL = 1200; private static final Long ROLE_TOKEN_TTL = 1200L;
private static final Integer ROLE_TOKEN_MAX_TTL = 1800; private static final Long ROLE_TOKEN_MAX_TTL = 1800L;
private static final Integer ROLE_SECRET_TTL = 600; private static final Long ROLE_SECRET_TTL = 600L;
private static final Integer ROLE_SECRET_NUM_USES = 40; private static final Integer ROLE_SECRET_NUM_USES = 40;
private static final String ROLE_POLICY = "default"; private static final String ROLE_POLICY = "default";
private static final Integer ROLE_PERIOD = 0; private static final Integer ROLE_PERIOD = 0;
private static final Boolean ROLE_BIND_SECRET = true; private static final Boolean ROLE_BIND_SECRET = true;
private static final String RES_JSON = "{\n" + private static final String RES_JSON = "{\n" +
" \"auth\": null,\n" + " \"auth\": null,\n" +
" \"warnings\": null,\n" + " \"warnings\": null,\n" +
" \"wrap_info\": null,\n" + " \"wrap_info\": null,\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"token_ttl\": " + ROLE_TOKEN_TTL + ",\n" + " \"token_ttl\": " + ROLE_TOKEN_TTL + ",\n" +
" \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" + " \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
" \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" + " \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
" \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" + " \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
" \"token_policies\": [\n" + " \"token_policies\": [\n" +
" \"" + ROLE_POLICY + "\"\n" + " \"" + ROLE_POLICY + "\"\n" +
" ],\n" + " ],\n" +
" \"token_period\": " + ROLE_PERIOD + ",\n" + " \"token_period\": " + ROLE_PERIOD + ",\n" +
" \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" + " \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
" \"bound_cidr_list\": \"\"\n" + " \"bound_cidr_list\": \"\"\n" +
" },\n" + " },\n" +
" \"lease_duration\": 0,\n" + " \"lease_duration\": 0,\n" +
" \"renewable\": false,\n" + " \"renewable\": false,\n" +
" \"lease_id\": \"\"\n" + " \"lease_id\": \"\"\n" +
"}"; "}";
AppRoleResponseTest() { AppRoleResponseTest() {
super(AppRoleResponse.class); super(AppRoleResponse.class);
@@ -67,12 +66,10 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
@Override @Override
protected AppRoleResponse createFull() { protected AppRoleResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, AppRoleResponse.class); () -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -91,8 +88,8 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
AppRoleResponse res = assertDoesNotThrow( AppRoleResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_JSON, AppRoleResponse.class), () -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
"AuthResponse deserialization failed" "AuthResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
// Extract role data. // Extract role data.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.AuthBackend; import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod; import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
@@ -45,44 +44,44 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741"; private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741";
private static final String TK_ACCESSOR = "auth_token_ac0dd95a"; private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
private static final String TK_DESCR = "token based credentials"; private static final String TK_DESCR = "token based credentials";
private static final Integer TK_LEASE_TTL = 0; private static final Long TK_LEASE_TTL = 0L;
private static final Boolean TK_FORCE_NO_CACHE = false; private static final Boolean TK_FORCE_NO_CACHE = false;
private static final Integer TK_MAX_LEASE_TTL = 0; private static final Long TK_MAX_LEASE_TTL = 0L;
private static final String TK_TOKEN_TYPE = "default-service"; private static final String TK_TOKEN_TYPE = "default-service";
private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault"; private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
private static final String RES_JSON = "{\n" + private static final String RES_JSON = "{\n" +
" \"data\": {" + " \"data\": {" +
" \"" + GH_PATH + "\": {\n" + " \"" + GH_PATH + "\": {\n" +
" \"uuid\": \"" + GH_UUID + "\",\n" + " \"uuid\": \"" + GH_UUID + "\",\n" +
" \"type\": \"" + GH_TYPE + "\",\n" + " \"type\": \"" + GH_TYPE + "\",\n" +
" \"accessor\": \"" + GH_ACCESSOR + "\",\n" + " \"accessor\": \"" + GH_ACCESSOR + "\",\n" +
" \"description\": \"" + GH_DESCR + "\",\n" + " \"description\": \"" + GH_DESCR + "\",\n" +
" \"external_entropy_access\": false,\n" + " \"external_entropy_access\": false,\n" +
" \"local\": false,\n" + " \"local\": false,\n" +
" \"seal_wrap\": false\n" + " \"seal_wrap\": false\n" +
" },\n" + " },\n" +
" \"" + TK_PATH + "\": {\n" + " \"" + TK_PATH + "\": {\n" +
" \"config\": {\n" + " \"config\": {\n" +
" \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" + " \"default_lease_ttl\": " + TK_LEASE_TTL + ",\n" +
" \"force_no_cache\": " + TK_FORCE_NO_CACHE + ",\n" + " \"force_no_cache\": " + TK_FORCE_NO_CACHE + ",\n" +
" \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + ",\n" + " \"max_lease_ttl\": " + TK_MAX_LEASE_TTL + ",\n" +
" \"token_type\": \"" + TK_TOKEN_TYPE + "\"\n" + " \"token_type\": \"" + TK_TOKEN_TYPE + "\"\n" +
" },\n" + " },\n" +
" \"description\": \"" + TK_DESCR + "\",\n" + " \"description\": \"" + TK_DESCR + "\",\n" +
" \"options\": null,\n" + " \"options\": null,\n" +
" \"plugin_version\": \"\",\n" + " \"plugin_version\": \"\",\n" +
" \"running_plugin_version\": \"" + TK_RUNNING_PLUGIN_VERSION + "\",\n" + " \"running_plugin_version\": \"" + TK_RUNNING_PLUGIN_VERSION + "\",\n" +
" \"running_sha256\": \"\",\n" + " \"running_sha256\": \"\",\n" +
" \"type\": \"" + TK_TYPE + "\",\n" + " \"type\": \"" + TK_TYPE + "\",\n" +
" \"uuid\": \"" + TK_UUID + "\",\n" + " \"uuid\": \"" + TK_UUID + "\",\n" +
" \"accessor\": \"" + TK_ACCESSOR + "\",\n" + " \"accessor\": \"" + TK_ACCESSOR + "\",\n" +
" \"external_entropy_access\": false,\n" + " \"external_entropy_access\": false,\n" +
" \"local\": true,\n" + " \"local\": true,\n" +
" \"seal_wrap\": false\n" + " \"seal_wrap\": false\n" +
" }\n" + " }\n" +
" }\n" + " }\n" +
"}"; "}";
AuthMethodsResponseTest() { AuthMethodsResponseTest() {
super(AuthMethodsResponse.class); super(AuthMethodsResponse.class);
@@ -90,12 +89,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
@Override @Override
protected AuthMethodsResponse createFull() { protected AuthMethodsResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, AuthMethodsResponse.class); () -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -114,8 +111,8 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
AuthMethodsResponse res = assertDoesNotThrow( AuthMethodsResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class), () -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
"AuthResponse deserialization failed" "AuthResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
// Extract auth data. // Extract auth data.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.response.embedded.AuthData; import de.stklcode.jvault.connector.model.response.embedded.AuthData;
import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny; import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
@@ -101,12 +100,10 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
@Override @Override
protected AuthResponse createFull() { protected AuthResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, AuthResponse.class); () -> objectMapper.readValue(RES_JSON, AuthResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
@Test @Test
@@ -122,8 +119,8 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
AuthResponse res = assertDoesNotThrow( AuthResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_JSON, AuthResponse.class), () -> objectMapper.readValue(RES_JSON, AuthResponse.class),
"AuthResponse deserialization failed" "AuthResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
// Extract auth data. // Extract auth data.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -32,16 +31,16 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
private static final String VAL_USER = "testUserName"; private static final String VAL_USER = "testUserName";
private static final String VAL_PASS = "5up3r5ecr3tP455"; private static final String VAL_PASS = "5up3r5ecr3tP455";
private static final String JSON = "{\n" + private static final String JSON = "{\n" +
" \"request_id\": \"68315073-6658-e3ff-2da7-67939fb91bbd\",\n" + " \"request_id\": \"68315073-6658-e3ff-2da7-67939fb91bbd\",\n" +
" \"lease_id\": \"\",\n" + " \"lease_id\": \"\",\n" +
" \"lease_duration\": 2764800,\n" + " \"lease_duration\": 2764800,\n" +
" \"renewable\": false,\n" + " \"renewable\": false,\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"username\": \"" + VAL_USER + "\",\n" + " \"username\": \"" + VAL_USER + "\",\n" +
" \"password\": \"" + VAL_PASS + "\"\n" + " \"password\": \"" + VAL_PASS + "\"\n" +
" },\n" + " },\n" +
" \"warnings\": null\n" + " \"warnings\": null\n" +
"}"; "}";
CredentialsResponseTest() { CredentialsResponseTest() {
super(CredentialsResponse.class); super(CredentialsResponse.class);
@@ -49,12 +48,10 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
@Override @Override
protected CredentialsResponse createFull() { protected CredentialsResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, CredentialsResponse.class); () -> objectMapper.readValue(JSON, CredentialsResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -68,8 +65,8 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
assertNull(res.getPassword(), "Password not present in data map should not return anything"); assertNull(res.getPassword(), "Password not present in data map should not return anything");
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> objectMapper.readValue(JSON, CredentialsResponse.class), () -> objectMapper.readValue(JSON, CredentialsResponse.class),
"Deserialization of CredentialsResponse failed" "Deserialization of CredentialsResponse failed"
); );
assertEquals(VAL_USER, res.getUsername(), "Incorrect username"); assertEquals(VAL_USER, res.getUsername(), "Incorrect username");
assertEquals(VAL_PASS, res.getPassword(), "Incorrect password"); assertEquals(VAL_PASS, res.getPassword(), "Incorrect password");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -42,12 +41,10 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
@Override @Override
protected ErrorResponse createFull() { protected ErrorResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, ErrorResponse.class); () -> objectMapper.readValue(JSON, ErrorResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -56,15 +53,15 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
ErrorResponse res = assertDoesNotThrow( ErrorResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(JSON, ErrorResponse.class), () -> objectMapper.readValue(JSON, ErrorResponse.class),
"ErrorResponse deserialization failed" "ErrorResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertEquals(List.of(ERROR_1, ERROR_2), res.getErrors(), "Unexpected error messages"); assertEquals(List.of(ERROR_1, ERROR_2), res.getErrors(), "Unexpected error messages");
assertEquals( assertEquals(
JSON, JSON,
assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "ErrorResponse serialization failed"), assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "ErrorResponse serialization failed"),
"Unexpected JSON string after serialization" "Unexpected JSON string after serialization"
); );
} }
@@ -72,14 +69,14 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
@Test @Test
void testToString() { void testToString() {
ErrorResponse res = assertDoesNotThrow( ErrorResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(JSON, ErrorResponse.class), () -> objectMapper.readValue(JSON, ErrorResponse.class),
"ErrorResponse deserialization failed" "ErrorResponse deserialization failed"
); );
assertEquals(ERROR_1, res.toString()); assertEquals(ERROR_1, res.toString());
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> objectMapper.readValue(JSON_EMPTY, ErrorResponse.class), () -> objectMapper.readValue(JSON_EMPTY, ErrorResponse.class),
"ErrorResponse deserialization failed with empty list" "ErrorResponse deserialization failed with empty list"
); );
assertEquals("error response", res.toString()); assertEquals("error response", res.toString());

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -45,21 +44,21 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
private static final Boolean ENTERPRISE = false; private static final Boolean ENTERPRISE = false;
private static final String RES_JSON = "{\n" + private static final String RES_JSON = "{\n" +
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" + " \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" + " \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
" \"version\": \"" + VERSION + "\",\n" + " \"version\": \"" + VERSION + "\",\n" +
" \"server_time_utc\": " + SERVER_TIME_UTC + ",\n" + " \"server_time_utc\": " + SERVER_TIME_UTC + ",\n" +
" \"standby\": " + STANDBY + ",\n" + " \"standby\": " + STANDBY + ",\n" +
" \"sealed\": " + SEALED + ",\n" + " \"sealed\": " + SEALED + ",\n" +
" \"initialized\": " + INITIALIZED + ",\n" + " \"initialized\": " + INITIALIZED + ",\n" +
" \"replication_performance_mode\": \"" + REPL_PERF_MODE + "\",\n" + " \"replication_performance_mode\": \"" + REPL_PERF_MODE + "\",\n" +
" \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" + " \"replication_dr_mode\": \"" + REPL_DR_MODE + "\",\n" +
" \"performance_standby\": " + PERF_STANDBY + ",\n" + " \"performance_standby\": " + PERF_STANDBY + ",\n" +
" \"echo_duration_ms\": " + ECHO_DURATION + ",\n" + " \"echo_duration_ms\": " + ECHO_DURATION + ",\n" +
" \"clock_skew_ms\": " + CLOCK_SKEW + ",\n" + " \"clock_skew_ms\": " + CLOCK_SKEW + ",\n" +
" \"replication_primary_canary_age_ms\": " + REPL_PRIM_CANARY_AGE + ",\n" + " \"replication_primary_canary_age_ms\": " + REPL_PRIM_CANARY_AGE + ",\n" +
" \"enterprise\": " + ENTERPRISE + "\n" + " \"enterprise\": " + ENTERPRISE + "\n" +
"}"; "}";
HealthResponseTest() { HealthResponseTest() {
super(HealthResponse.class); super(HealthResponse.class);
@@ -67,12 +66,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
@Override @Override
protected HealthResponse createFull() { protected HealthResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, HealthResponse.class); () -> objectMapper.readValue(RES_JSON, HealthResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -81,8 +78,8 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
HealthResponse res = assertDoesNotThrow( HealthResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_JSON, HealthResponse.class), () -> objectMapper.readValue(RES_JSON, HealthResponse.class),
"Health deserialization failed" "Health deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID"); assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -38,12 +37,10 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
@Override @Override
protected HelpResponse createFull() { protected HelpResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, HelpResponse.class); () -> objectMapper.readValue(JSON, HelpResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -52,15 +49,15 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
HelpResponse res = assertDoesNotThrow( HelpResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(JSON, HelpResponse.class), () -> objectMapper.readValue(JSON, HelpResponse.class),
"HelpResponse deserialization failed" "HelpResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertEquals(HELP, res.getHelp(), "Unexpected help text"); assertEquals(HELP, res.getHelp(), "Unexpected help text");
assertEquals( assertEquals(
JSON, JSON,
assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "HelpResponse serialization failed"), assertDoesNotThrow(() -> objectMapper.writeValueAsString(res), "HelpResponse serialization failed"),
"Unexpected JSON string after serialization" "Unexpected JSON string after serialization"
); );
} }
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -47,47 +46,47 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
private static final String CUSTOM_META_VAL = "bar"; private static final String CUSTOM_META_VAL = "bar";
private static final String SECRET_JSON_V2 = "{\n" + private static final String SECRET_JSON_V2 = "{\n" +
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" + " \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" + " \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" + " \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
" \"renewable\": " + SECRET_RENEWABLE + ",\n" + " \"renewable\": " + SECRET_RENEWABLE + ",\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" + " \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" + " \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
" },\n" + " },\n" +
" \"metadata\": {\n" + " \"metadata\": {\n" +
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" + " \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
" \"custom_metadata\": null,\n" + " \"custom_metadata\": null,\n" +
" \"deletion_time\": \"\",\n" + " \"deletion_time\": \"\",\n" +
" \"destroyed\": false,\n" + " \"destroyed\": false,\n" +
" \"version\": 1\n" + " \"version\": 1\n" +
" }\n" + " }\n" +
" },\n" + " },\n" +
" \"warnings\": " + SECRET_WARNINGS + "\n" + " \"warnings\": " + SECRET_WARNINGS + "\n" +
"}"; "}";
private static final String SECRET_JSON_V2_2 = "{\n" + private static final String SECRET_JSON_V2_2 = "{\n" +
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" + " \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" + " \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" + " \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
" \"renewable\": " + SECRET_RENEWABLE + ",\n" + " \"renewable\": " + SECRET_RENEWABLE + ",\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" + " \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" + " \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
" },\n" + " },\n" +
" \"metadata\": {\n" + " \"metadata\": {\n" +
" \"created_time\": \"" + SECRET_META_CREATED + "\",\n" + " \"created_time\": \"" + SECRET_META_CREATED + "\",\n" +
" \"custom_metadata\": {" + " \"custom_metadata\": {" +
" \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" + " \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
" },\n" + " },\n" +
" \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" + " \"deletion_time\": \"" + SECRET_META_DELETED + "\",\n" +
" \"destroyed\": true,\n" + " \"destroyed\": true,\n" +
" \"version\": 2\n" + " \"version\": 2\n" +
" }\n" + " }\n" +
" },\n" + " },\n" +
" \"warnings\": " + SECRET_WARNINGS + "\n" + " \"warnings\": " + SECRET_WARNINGS + "\n" +
"}"; "}";
MetaSecretResponseTest() { MetaSecretResponseTest() {
super(MetaSecretResponse.class); super(MetaSecretResponse.class);
@@ -95,12 +94,10 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
@Override @Override
protected MetaSecretResponse createFull() { protected MetaSecretResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class); () -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -110,8 +107,8 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
void jsonRoundtrip() { void jsonRoundtrip() {
// KV v2 secret. // KV v2 secret.
MetaSecretResponse res = assertDoesNotThrow( MetaSecretResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class), () -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
"SecretResponse deserialization failed" "SecretResponse deserialization failed"
); );
assertSecretData(res); assertSecretData(res);
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata"); assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
@@ -123,8 +120,8 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
// Deleted KV v2 secret. // Deleted KV v2 secret.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> objectMapper.readValue(SECRET_JSON_V2_2, MetaSecretResponse.class), () -> objectMapper.readValue(SECRET_JSON_V2_2, MetaSecretResponse.class),
"SecretResponse deserialization failed" "SecretResponse deserialization failed"
); );
assertSecretData(res); assertSecretData(res);
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata"); assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -43,36 +42,36 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
private static final String DELETE_VERSION_AFTER = "0s"; private static final String DELETE_VERSION_AFTER = "0s";
private static final String META_JSON = "{\n" + private static final String META_JSON = "{\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"cas_required\": " + CAS_REQUIRED + ",\n" + " \"cas_required\": " + CAS_REQUIRED + ",\n" +
" \"created_time\": \"" + V1_TIME + "\",\n" + " \"created_time\": \"" + V1_TIME + "\",\n" +
" \"current_version\": " + CURRENT_VERSION + ",\n" + " \"current_version\": " + CURRENT_VERSION + ",\n" +
" \"custom_metadata\": {" + " \"custom_metadata\": {" +
" \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" + " \"" + CUSTOM_META_KEY + "\": \"" + CUSTOM_META_VAL + "\"" +
" },\n" + " },\n" +
" \"delete_version_after\": \"" + DELETE_VERSION_AFTER + "\"," + " \"delete_version_after\": \"" + DELETE_VERSION_AFTER + "\"," +
" \"max_versions\": " + MAX_VERSIONS + ",\n" + " \"max_versions\": " + MAX_VERSIONS + ",\n" +
" \"oldest_version\": " + OLDEST_VERSION + ",\n" + " \"oldest_version\": " + OLDEST_VERSION + ",\n" +
" \"updated_time\": \"" + V3_TIME + "\",\n" + " \"updated_time\": \"" + V3_TIME + "\",\n" +
" \"versions\": {\n" + " \"versions\": {\n" +
" \"1\": {\n" + " \"1\": {\n" +
" \"created_time\": \"" + V1_TIME + "\",\n" + " \"created_time\": \"" + V1_TIME + "\",\n" +
" \"deletion_time\": \"" + V2_TIME + "\",\n" + " \"deletion_time\": \"" + V2_TIME + "\",\n" +
" \"destroyed\": true\n" + " \"destroyed\": true\n" +
" },\n" + " },\n" +
" \"2\": {\n" + " \"2\": {\n" +
" \"created_time\": \"" + V2_TIME + "\",\n" + " \"created_time\": \"" + V2_TIME + "\",\n" +
" \"deletion_time\": \"\",\n" + " \"deletion_time\": \"\",\n" +
" \"destroyed\": false\n" + " \"destroyed\": false\n" +
" },\n" + " },\n" +
" \"3\": {\n" + " \"3\": {\n" +
" \"created_time\": \"" + V3_TIME + "\",\n" + " \"created_time\": \"" + V3_TIME + "\",\n" +
" \"deletion_time\": \"\",\n" + " \"deletion_time\": \"\",\n" +
" \"destroyed\": false\n" + " \"destroyed\": false\n" +
" }\n" + " }\n" +
" }\n" + " }\n" +
" }\n" + " }\n" +
"}"; "}";
MetadataResponseTest() { MetadataResponseTest() {
super(MetadataResponse.class); super(MetadataResponse.class);
@@ -80,12 +79,10 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
@Override @Override
protected MetadataResponse createFull() { protected MetadataResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(META_JSON, MetadataResponse.class); () -> objectMapper.readValue(META_JSON, MetadataResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -94,8 +91,8 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(META_JSON, MetadataResponse.class), () -> objectMapper.readValue(META_JSON, MetadataResponse.class),
"MetadataResponse deserialization failed" "MetadataResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertNotNull(res.getMetadata(), "Parsed metadata is NULL"); assertNotNull(res.getMetadata(), "Parsed metadata is NULL");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2021 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -17,7 +17,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.exception.InvalidResponseException; import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -43,16 +42,16 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
private static final String SECRET_DATA_V2 = "world"; private static final String SECRET_DATA_V2 = "world";
private static final List<String> SECRET_WARNINGS = null; private static final List<String> SECRET_WARNINGS = null;
private static final String SECRET_JSON = "{\n" + private static final String SECRET_JSON = "{\n" +
" \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" + " \"request_id\": \"" + SECRET_REQUEST_ID + "\",\n" +
" \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" + " \"lease_id\": \"" + SECRET_LEASE_ID + "\",\n" +
" \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" + " \"lease_duration\": " + SECRET_LEASE_DURATION + ",\n" +
" \"renewable\": " + SECRET_RENEWABLE + ",\n" + " \"renewable\": " + SECRET_RENEWABLE + ",\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" + " \"" + SECRET_DATA_K1 + "\": \"" + SECRET_DATA_V1 + "\",\n" +
" \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" + " \"" + SECRET_DATA_K2 + "\": \"" + SECRET_DATA_V2 + "\"\n" +
" },\n" + " },\n" +
" \"warnings\": " + SECRET_WARNINGS + "\n" + " \"warnings\": " + SECRET_WARNINGS + "\n" +
"}"; "}";
PlainSecretResponseTest() { PlainSecretResponseTest() {
super(PlainSecretResponse.class); super(PlainSecretResponse.class);
@@ -60,12 +59,10 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
@Override @Override
protected PlainSecretResponse createFull() { protected PlainSecretResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class); () -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -74,8 +71,8 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class), () -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
"SecretResponse deserialization failed" "SecretResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
@@ -106,74 +103,74 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
final var complexVal = new ComplexType("val1", 678); final var complexVal = new ComplexType("val1", 678);
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> objectMapper.readValue( () -> objectMapper.readValue(
"{\n" + "{\n" +
" \"request_id\": \"req-id\",\n" + " \"request_id\": \"req-id\",\n" +
" \"lease_id\": \"lea-id\",\n" + " \"lease_id\": \"lea-id\",\n" +
" \"lease_duration\": " + 123456 + ",\n" + " \"lease_duration\": " + 123456 + ",\n" +
" \"renewable\": true,\n" + " \"renewable\": true,\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"" + stringKey + "\": \"" + stringVal + "\",\n" + " \"" + stringKey + "\": \"" + stringVal + "\",\n" +
" \"" + numberKey + "\": \"" + numberVal + "\",\n" + " \"" + numberKey + "\": \"" + numberVal + "\",\n" +
" \"" + listKey + "\": [\"" + String.join("\", \"", listVal) + "\"],\n" + " \"" + listKey + "\": [\"" + String.join("\", \"", listVal) + "\"],\n" +
" \"" + complexKey + "\": {" + " \"" + complexKey + "\": {" +
" \"field1\": \"" + complexVal.field1 + "\",\n" + " \"field1\": \"" + complexVal.field1 + "\",\n" +
" \"field2\": " + complexVal.field2 + "\n" + " \"field2\": " + complexVal.field2 + "\n" +
" },\n" + " },\n" +
" \"" + complexKey + "Json\": \"" + objectMapper.writeValueAsString(complexVal).replace("\"", "\\\"") + "\"\n" + " \"" + complexKey + "Json\": \"" + objectMapper.writeValueAsString(complexVal).replace("\"", "\\\"") + "\"\n" +
" }\n" + " }\n" +
"}", "}",
PlainSecretResponse.class PlainSecretResponse.class
), ),
"SecretResponse deserialization failed" "SecretResponse deserialization failed"
); );
assertEquals(stringVal, res.get(stringKey), "unexpected value for string (implicit)"); assertEquals(stringVal, res.get(stringKey), "unexpected value for string (implicit)");
assertEquals( assertEquals(
stringVal, stringVal,
assertDoesNotThrow(() -> res.get(stringKey, String.class), "getting string failed"), assertDoesNotThrow(() -> res.get(stringKey, String.class), "getting string failed"),
"unexpected value for string (explicit)" "unexpected value for string (explicit)"
); );
assertEquals(String.valueOf(numberVal), res.get(numberKey), "unexpected value for number (implicit)"); assertEquals(String.valueOf(numberVal), res.get(numberKey), "unexpected value for number (implicit)");
assertEquals( assertEquals(
numberVal, numberVal,
assertDoesNotThrow(() -> res.get(numberKey, Double.class), "getting number failed"), assertDoesNotThrow(() -> res.get(numberKey, Double.class), "getting number failed"),
"unexpected value for number (explicit)" "unexpected value for number (explicit)"
); );
assertEquals( assertEquals(
String.valueOf(numberVal), String.valueOf(numberVal),
assertDoesNotThrow(() -> res.get(numberKey, String.class), "getting number as string failed"), assertDoesNotThrow(() -> res.get(numberKey, String.class), "getting number as string failed"),
"unexpected value for number as string (explicit)" "unexpected value for number as string (explicit)"
); );
assertEquals(listVal, res.get(listKey), "unexpected value for list (implicit)"); assertEquals(listVal, res.get(listKey), "unexpected value for list (implicit)");
assertEquals( assertEquals(
listVal, listVal,
assertDoesNotThrow(() -> res.get(listKey, ArrayList.class), "getting list failed"), assertDoesNotThrow(() -> res.get(listKey, ArrayList.class), "getting list failed"),
"unexpected value for list (explicit)" "unexpected value for list (explicit)"
); );
assertEquals(complexVal.toMap(), res.get(complexKey), "unexpected value for complex type (implicit)"); assertEquals(complexVal.toMap(), res.get(complexKey), "unexpected value for complex type (implicit)");
assertEquals( assertEquals(
complexVal.toMap(), complexVal.toMap(),
assertDoesNotThrow(() -> res.get(complexKey, HashMap.class), "getting complex type as map failed"), assertDoesNotThrow(() -> res.get(complexKey, HashMap.class), "getting complex type as map failed"),
"unexpected value for complex type as map (explicit)" "unexpected value for complex type as map (explicit)"
); );
assertEquals( assertEquals(
complexVal, complexVal,
assertDoesNotThrow(() -> res.get(complexKey, ComplexType.class), "getting complex type failed"), assertDoesNotThrow(() -> res.get(complexKey, ComplexType.class), "getting complex type failed"),
"unexpected value for complex type (explicit)" "unexpected value for complex type (explicit)"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> res.get(complexKey, Integer.class), () -> res.get(complexKey, Integer.class),
"getting complex type as integer should fail" "getting complex type as integer should fail"
); );
assertEquals( assertEquals(
complexVal, complexVal,
assertDoesNotThrow(() -> res.get(complexKey + "Json", ComplexType.class), "getting complex type from JSON string failed"), assertDoesNotThrow(() -> res.get(complexKey + "Json", ComplexType.class), "getting complex type from JSON string failed"),
"unexpected value for complex type from JSON string" "unexpected value for complex type from JSON string"
); );
} }
@@ -199,8 +196,8 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
private Map<String, Object> toMap() { private Map<String, Object> toMap() {
return Map.of( return Map.of(
"field1", field1, "field1", field1,
"field2", field2 "field2", field2
); );
} }

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -46,36 +45,36 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
private static final String STORAGE_TYPE = "file"; private static final String STORAGE_TYPE = "file";
private static final String RES_SEALED = "{\n" + private static final String RES_SEALED = "{\n" +
" \"type\": \"" + TYPE + "\",\n" + " \"type\": \"" + TYPE + "\",\n" +
" \"sealed\": true,\n" + " \"sealed\": true,\n" +
" \"initialized\": true,\n" + " \"initialized\": true,\n" +
" \"t\": " + THRESHOLD + ",\n" + " \"t\": " + THRESHOLD + ",\n" +
" \"n\": " + SHARES + ",\n" + " \"n\": " + SHARES + ",\n" +
" \"progress\": " + PROGRESS_SEALED + ",\n" + " \"progress\": " + PROGRESS_SEALED + ",\n" +
" \"nonce\": \"\",\n" + " \"nonce\": \"\",\n" +
" \"version\": \"" + VERSION + "\",\n" + " \"version\": \"" + VERSION + "\",\n" +
" \"build_date\": \"" + BUILD_DATE + "\",\n" + " \"build_date\": \"" + BUILD_DATE + "\",\n" +
" \"migration\": \"" + MIGRATION + "\",\n" + " \"migration\": \"" + MIGRATION + "\",\n" +
" \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" + " \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
" \"storage_type\": \"" + STORAGE_TYPE + "\"\n" + " \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
"}"; "}";
private static final String RES_UNSEALED = "{\n" + private static final String RES_UNSEALED = "{\n" +
" \"type\": \"" + TYPE + "\",\n" + " \"type\": \"" + TYPE + "\",\n" +
" \"sealed\": false,\n" + " \"sealed\": false,\n" +
" \"initialized\": true,\n" + " \"initialized\": true,\n" +
" \"t\": " + THRESHOLD + ",\n" + " \"t\": " + THRESHOLD + ",\n" +
" \"n\": " + SHARES + ",\n" + " \"n\": " + SHARES + ",\n" +
" \"progress\": " + PROGRESS_UNSEALED + ",\n" + " \"progress\": " + PROGRESS_UNSEALED + ",\n" +
" \"version\": \"" + VERSION + "\",\n" + " \"version\": \"" + VERSION + "\",\n" +
" \"build_date\": \"" + BUILD_DATE + "\",\n" + " \"build_date\": \"" + BUILD_DATE + "\",\n" +
" \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" + " \"cluster_name\": \"" + CLUSTER_NAME + "\",\n" +
" \"cluster_id\": \"" + CLUSTER_ID + "\",\n" + " \"cluster_id\": \"" + CLUSTER_ID + "\",\n" +
" \"nonce\": \"" + NONCE + "\",\n" + " \"nonce\": \"" + NONCE + "\",\n" +
" \"migration\": \"" + MIGRATION + "\",\n" + " \"migration\": \"" + MIGRATION + "\",\n" +
" \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" + " \"recovery_seal\": \"" + RECOVERY_SEAL + "\",\n" +
" \"storage_type\": \"" + STORAGE_TYPE + "\"\n" + " \"storage_type\": \"" + STORAGE_TYPE + "\"\n" +
"}"; "}";
SealResponseTest() { SealResponseTest() {
super(SealResponse.class); super(SealResponse.class);
@@ -83,12 +82,10 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
@Override @Override
protected SealResponse createFull() { protected SealResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_UNSEALED, SealResponse.class); () -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -98,8 +95,8 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
void jsonRoundtripSealed() { void jsonRoundtripSealed() {
// First test sealed Vault's response. // First test sealed Vault's response.
SealResponse res = assertDoesNotThrow( SealResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_SEALED, SealResponse.class), () -> objectMapper.readValue(RES_SEALED, SealResponse.class),
"SealResponse deserialization failed" "SealResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertEquals(TYPE, res.getType(), "Incorrect seal type"); assertEquals(TYPE, res.getType(), "Incorrect seal type");
@@ -121,8 +118,8 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
// Not test unsealed Vault's response. // Not test unsealed Vault's response.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_UNSEALED, SealResponse.class), () -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
"SealResponse deserialization failed" "SealResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertEquals(TYPE, res.getType(), "Incorrect seal type"); assertEquals(TYPE, res.getType(), "Incorrect seal type");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,13 +16,13 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.junit.jupiter.api.Assertions.assertEquals;
/** /**
* JUnit Test for {@link SecretListResponse} model. * JUnit Test for {@link SecretListResponse} model.
@@ -34,17 +34,17 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
private static final String KEY1 = "key1"; private static final String KEY1 = "key1";
private static final String KEY2 = "key-2"; private static final String KEY2 = "key-2";
private static final String JSON = "{\n" + private static final String JSON = "{\n" +
" \"auth\": null,\n" + " \"auth\": null,\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"keys\": [" + " \"keys\": [" +
" \"" + KEY1 + "\",\n" + " \"" + KEY1 + "\",\n" +
" \"" + KEY2 + "\"\n" + " \"" + KEY2 + "\"\n" +
" ]\n" + " ]\n" +
" },\n" + " },\n" +
" \"lease_duration\": 2764800,\n" + " \"lease_duration\": 2764800,\n" +
" \"lease_id\": \"\",\n" + " \"lease_id\": \"\",\n" +
" \"renewable\": false\n" + " \"renewable\": false\n" +
"}"; "}";
SecretListResponseTest() { SecretListResponseTest() {
super(SecretListResponse.class); super(SecretListResponse.class);
@@ -52,12 +52,10 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
@Override @Override
protected SecretListResponse createFull() { protected SecretListResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, SecretListResponse.class); () -> objectMapper.readValue(JSON, SecretListResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -66,8 +64,8 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
@Test @Test
void getKeysTest() { void getKeysTest() {
SecretListResponse res = assertDoesNotThrow( SecretListResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(JSON, SecretListResponse.class), () -> objectMapper.readValue(JSON, SecretListResponse.class),
"SecretListResponse deserialization failed" "SecretListResponse deserialization failed"
); );
assertEquals(List.of(KEY1, KEY2), res.getKeys(), "Unexpected secret keys"); assertEquals(List.of(KEY1, KEY2), res.getKeys(), "Unexpected secret keys");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -34,13 +33,13 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
private static final Integer VERSION = 42; private static final Integer VERSION = 42;
private static final String META_JSON = "{\n" + private static final String META_JSON = "{\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"created_time\": \"" + CREATION_TIME + "\",\n" + " \"created_time\": \"" + CREATION_TIME + "\",\n" +
" \"deletion_time\": \"" + DELETION_TIME + "\",\n" + " \"deletion_time\": \"" + DELETION_TIME + "\",\n" +
" \"destroyed\": false,\n" + " \"destroyed\": false,\n" +
" \"version\": " + VERSION + "\n" + " \"version\": " + VERSION + "\n" +
" }\n" + " }\n" +
"}"; "}";
SecretVersionResponseTest() { SecretVersionResponseTest() {
super(SecretVersionResponse.class); super(SecretVersionResponse.class);
@@ -48,12 +47,10 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
@Override @Override
protected SecretVersionResponse createFull() { protected SecretVersionResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(META_JSON, SecretVersionResponse.class); () -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -62,8 +59,8 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
SecretVersionResponse res = assertDoesNotThrow( SecretVersionResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(META_JSON, SecretVersionResponse.class), () -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
"SecretVersionResponse deserialization failed" "SecretVersionResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertNotNull(res.getMetadata(), "Parsed metadata is NULL"); assertNotNull(res.getMetadata(), "Parsed metadata is NULL");

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.response.embedded.TokenData; import de.stklcode.jvault.connector.model.response.embedded.TokenData;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -35,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.*;
*/ */
class TokenResponseTest extends AbstractModelTest<TokenResponse> { class TokenResponseTest extends AbstractModelTest<TokenResponse> {
private static final Integer TOKEN_CREATION_TIME = 1457533232; private static final Integer TOKEN_CREATION_TIME = 1457533232;
private static final Integer TOKEN_TTL = 2764800; private static final Long TOKEN_TTL = 2764800L;
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 0; private static final Long TOKEN_EXPLICIT_MAX_TTL = 0L;
private static final String TOKEN_DISPLAY_NAME = "token"; private static final String TOKEN_DISPLAY_NAME = "token";
private static final String TOKEN_META_KEY = "foo"; private static final String TOKEN_META_KEY = "foo";
private static final String TOKEN_META_VALUE = "bar"; private static final String TOKEN_META_VALUE = "bar";
@@ -47,7 +46,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
private static final String TOKEN_POLICY_1 = "default"; private static final String TOKEN_POLICY_1 = "default";
private static final String TOKEN_POLICY_2 = "web"; private static final String TOKEN_POLICY_2 = "web";
private static final Boolean RES_RENEWABLE = false; private static final Boolean RES_RENEWABLE = false;
private static final Integer RES_TTL = 2591976; private static final Long RES_TTL = 2591976L;
private static final Integer RES_LEASE_DURATION = 0; private static final Integer RES_LEASE_DURATION = 0;
private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu"; private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9"; private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
@@ -58,37 +57,37 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
private static final String MOUNT_TYPE = "token"; private static final String MOUNT_TYPE = "token";
private static final String RES_JSON = "{\n" + private static final String RES_JSON = "{\n" +
" \"lease_id\": \"\",\n" + " \"lease_id\": \"\",\n" +
" \"renewable\": " + RES_RENEWABLE + ",\n" + " \"renewable\": " + RES_RENEWABLE + ",\n" +
" \"lease_duration\": " + RES_LEASE_DURATION + ",\n" + " \"lease_duration\": " + RES_LEASE_DURATION + ",\n" +
" \"data\": {\n" + " \"data\": {\n" +
" \"accessor\": \"" + TOKEN_ACCESSOR + "\",\n" + " \"accessor\": \"" + TOKEN_ACCESSOR + "\",\n" +
" \"creation_time\": " + TOKEN_CREATION_TIME + ",\n" + " \"creation_time\": " + TOKEN_CREATION_TIME + ",\n" +
" \"creation_ttl\": " + TOKEN_TTL + ",\n" + " \"creation_ttl\": " + TOKEN_TTL + ",\n" +
" \"display_name\": \"" + TOKEN_DISPLAY_NAME + "\",\n" + " \"display_name\": \"" + TOKEN_DISPLAY_NAME + "\",\n" +
" \"entity_id\": \"" + TOKEN_ENTITY_ID + "\",\n" + " \"entity_id\": \"" + TOKEN_ENTITY_ID + "\",\n" +
" \"expire_time\": \"" + TOKEN_EXPIRE_TIME + "\",\n" + " \"expire_time\": \"" + TOKEN_EXPIRE_TIME + "\",\n" +
" \"explicit_max_ttl\": \"" + TOKEN_EXPLICIT_MAX_TTL + "\",\n" + " \"explicit_max_ttl\": \"" + TOKEN_EXPLICIT_MAX_TTL + "\",\n" +
" \"id\": \"" + TOKEN_ID + "\",\n" + " \"id\": \"" + TOKEN_ID + "\",\n" +
" \"issue_time\": \"" + TOKEN_ISSUE_TIME + "\",\n" + " \"issue_time\": \"" + TOKEN_ISSUE_TIME + "\",\n" +
" \"meta\": {\n" + " \"meta\": {\n" +
" \"" + TOKEN_META_KEY + "\": \"" + TOKEN_META_VALUE + "\"\n" + " \"" + TOKEN_META_KEY + "\": \"" + TOKEN_META_VALUE + "\"\n" +
" },\n" + " },\n" +
" \"num_uses\": " + TOKEN_NUM_USES + ",\n" + " \"num_uses\": " + TOKEN_NUM_USES + ",\n" +
" \"orphan\": " + TOKEN_ORPHAN + ",\n" + " \"orphan\": " + TOKEN_ORPHAN + ",\n" +
" \"path\": \"" + TOKEN_PATH + "\",\n" + " \"path\": \"" + TOKEN_PATH + "\",\n" +
" \"policies\": [\n" + " \"policies\": [\n" +
" \"" + TOKEN_POLICY_1 + "\", \n" + " \"" + TOKEN_POLICY_1 + "\", \n" +
" \"" + TOKEN_POLICY_2 + "\"\n" + " \"" + TOKEN_POLICY_2 + "\"\n" +
" ],\n" + " ],\n" +
" \"renewable\": " + TOKEN_RENEWABLE + ",\n" + " \"renewable\": " + TOKEN_RENEWABLE + ",\n" +
" \"ttl\": " + RES_TTL + ",\n" + " \"ttl\": " + RES_TTL + ",\n" +
" \"type\": \"" + TOKEN_TYPE + "\"\n" + " \"type\": \"" + TOKEN_TYPE + "\"\n" +
" },\n" + " },\n" +
" \"warnings\": null,\n" + " \"warnings\": null,\n" +
" \"auth\": null,\n" + " \"auth\": null,\n" +
" \"mount_type\": \"" + MOUNT_TYPE + "\"\n" + " \"mount_type\": \"" + MOUNT_TYPE + "\"\n" +
"}"; "}";
TokenResponseTest() { TokenResponseTest() {
super(TokenResponse.class); super(TokenResponse.class);
@@ -96,12 +95,10 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
@Override @Override
protected TokenResponse createFull() { protected TokenResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, TokenResponse.class); () -> objectMapper.readValue(RES_JSON, TokenResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**
@@ -120,8 +117,8 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
@Test @Test
void jsonRoundtrip() { void jsonRoundtrip() {
TokenResponse res = assertDoesNotThrow( TokenResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(RES_JSON, TokenResponse.class), () -> objectMapper.readValue(RES_JSON, TokenResponse.class),
"TokenResponse deserialization failed" "TokenResponse deserialization failed"
); );
assertNotNull(res, "Parsed response is NULL"); assertNotNull(res, "Parsed response is NULL");
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration"); assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");

View File

@@ -0,0 +1,134 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.model.response;
import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* JUnit Test for {@link TransitResponse} model.
*
* @author Stefan Kalscheuer
* @since 1.5.0
*/
class TransitResponseTest extends AbstractModelTest<TransitResponse> {
private static final String CIPHERTEXT = "vault:v1:XjsPWPjqPrBi1N2Ms2s1QM798YyFWnO4TR4lsFA=";
private static final String PLAINTEXT = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
private static final String SUM = "dGhlIHF1aWNrIGJyb3duIGZveAo=";
TransitResponseTest() {
super(TransitResponse.class);
}
@Override
protected TransitResponse createFull() {
return assertDoesNotThrow(
() -> objectMapper.readValue(
json(
"\"ciphertext\": \"" + CIPHERTEXT + "\", " +
"\"plaintext\": \"" + PLAINTEXT + "\", " +
"\"sum\": \"" + SUM + "\""
),
TransitResponse.class
),
"Creation of full model failed"
);
}
@Test
void encryptionTest() {
TransitResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(
json("\"ciphertext\": \"" + CIPHERTEXT + "\""),
TransitResponse.class
),
"TransitResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
assertEquals("", res.getLeaseId(), "Unexpected lease id");
assertFalse(res.isRenewable(), "Unexpected renewable flag");
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
assertEquals(CIPHERTEXT, res.getCiphertext(), "Incorrect ciphertext");
assertNull(res.getPlaintext(), "Unexpected plaintext");
assertNull(res.getSum(), "Unexpected sum");
assertNull(res.getWrapInfo(), "Unexpected wrap info");
assertNull(res.getWarnings(), "Unexpected warnings");
assertNull(res.getAuth(), "Unexpected auth");
}
@Test
void decryptionTest() {
TransitResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(
json("\"plaintext\": \"" + PLAINTEXT + "\""),
TransitResponse.class
),
"TransitResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
assertEquals("", res.getLeaseId(), "Unexpected lease id");
assertFalse(res.isRenewable(), "Unexpected renewable flag");
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
assertNull(res.getCiphertext(), "Unexpected ciphertext");
assertEquals(PLAINTEXT, res.getPlaintext(), "Incorrect plaintext");
assertNull(res.getSum(), "Unexpected sum");
assertNull(res.getWrapInfo(), "Unexpected wrap info");
assertNull(res.getWarnings(), "Unexpected warnings");
assertNull(res.getAuth(), "Unexpected auth");
}
@Test
void hashTest() {
TransitResponse res = assertDoesNotThrow(
() -> objectMapper.readValue(
json("\"sum\": \"" + SUM + "\""),
TransitResponse.class
),
"TransitResponse deserialization failed"
);
assertNotNull(res, "Parsed response is NULL");
assertEquals("987c6daf-b0e2-4142-a970-1e61fdb249d7", res.getRequestId(), "Incorrect request id");
assertEquals("", res.getLeaseId(), "Unexpected lease id");
assertFalse(res.isRenewable(), "Unexpected renewable flag");
assertEquals(0, res.getLeaseDuration(), "Unexpected lease duration");
assertNull(res.getCiphertext(), "Unexpected ciphertext");
assertNull(res.getPlaintext(), "Unexpected plaintext");
assertEquals(SUM, res.getSum(), "Incorrect sum");
assertNull(res.getWrapInfo(), "Unexpected wrap info");
assertNull(res.getWarnings(), "Unexpected warnings");
assertNull(res.getAuth(), "Unexpected auth");
}
private static String json(String data) {
return "{\n" +
" \"request_id\" : \"987c6daf-b0e2-4142-a970-1e61fdb249d7\",\n" +
" \"lease_id\" : \"\",\n" +
" \"renewable\" : false,\n" +
" \"lease_duration\" : 0,\n" +
" \"data\" : {\n" +
" " + data + "\n" +
" },\n" +
" \"wrap_info\" : null,\n" +
" \"warnings\" : null,\n" +
" \"auth\" : null\n" +
"}";
}
}

View File

@@ -1,6 +1,5 @@
package de.stklcode.jvault.connector.model.response.embedded; package de.stklcode.jvault.connector.model.response.embedded;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -14,8 +13,8 @@ import static org.junit.jupiter.api.Assertions.*;
* @author Stefan Kalscheuer * @author Stefan Kalscheuer
*/ */
class MountConfigTest extends AbstractModelTest<MountConfig> { class MountConfigTest extends AbstractModelTest<MountConfig> {
private static final Integer DEFAULT_LEASE_TTL = 1800; private static final Long DEFAULT_LEASE_TTL = 1800L;
private static final Integer MAX_LEASE_TTL = 3600; private static final Long MAX_LEASE_TTL = 3600L;
private static final Boolean FORCE_NO_CACHE = false; private static final Boolean FORCE_NO_CACHE = false;
private static final String TOKEN_TYPE = "default-service"; private static final String TOKEN_TYPE = "default-service";
private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1"; private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
@@ -62,12 +61,10 @@ class MountConfigTest extends AbstractModelTest<MountConfig> {
@Override @Override
protected MountConfig createFull() { protected MountConfig createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, MountConfig.class); () -> objectMapper.readValue(RES_JSON, MountConfig.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 Stefan Kalscheuer * Copyright 2016-2025 Stefan Kalscheuer
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@@ -93,14 +93,14 @@ public class VaultConfiguration {
@Override @Override
public String toString() { public String toString() {
return "storage \"file\" {\n" + return "storage \"file\" {\n" +
" path = \"" + dataLocation + "\"\n" + " path = \"" + dataLocation + "\"\n" +
"}\n" + "}\n" +
"listener \"tcp\" {\n" + "listener \"tcp\" {\n" +
" address = \"" + host + ":" + port + "\"\n" + " address = \"" + host + ":" + port + "\"\n" +
((disableTLS) ? " tls_disable = 1\n" : "") + ((disableTLS) ? " tls_disable = 1\n" : "") +
((certFile != null) ? " tls_cert_file = \"" + certFile + "\"\n" : "") + ((certFile != null) ? " tls_cert_file = \"" + certFile + "\"\n" : "") +
((keyFile != null) ? " tls_key_file = \"" + keyFile + "\"\n" : "") + ((keyFile != null) ? " tls_key_file = \"" + keyFile + "\"\n" : "") +
"}\n" + "}\n" +
((disableMlock) ? "disable_mlock = true" : ""); ((disableMlock) ? "disable_mlock = true" : "");
} }
} }

View File

@@ -1 +1 @@
{"Value":"AAAAAQIOTEuNxtf2ZfGu6k9+65GFonDBiaetJnyLYFk1qfWPrE/VqUunbxuTv/QyK4pgC/q14sqypdxPe4Ygp/5mxzzuY6JXB0VKiDMXe9R5BltTG7++rLmKH/j+G7nEh71LER1/qVktU6x8dmDmTbpTgl5xzAB5DIXLMMKjjWda/7qJ3ivNI0pEOQ3JyT27SkqjqM49Dp1JIgKnjIEVQORqKcsSP+aqIncMjIo2iGXOGlDYAesp5tZ4hln3VCwXaIlrU8z6Mmntgcg7NeK/O2WTl86K644dbJUh6frGFDujrjOh/Pgp9n9u0BI3E9K9GD1Z1S1wEb1MCqzT/e9oHG7I7D8ku8PH11wGWGH6BmYlESYUG/KRVqu0XOQEfroLHZQiLE00yHBdStW/UJ9y5pmGpu1aiQ88Q8fpjF5xmRey99b4c6KUIpHjw5Af0XA9ZKsEJUyjS/dbMKPM6PBOW21LYefXH5b0poXMWgLW6LJV0zLuVMyVZJqANbzCVtheDPSsEjkHHwR/CLa2zs2Z6wJF3j1GDZxUFf4nbnuXQzz3M3kVPPtS6htlb0d8RN0/dkOrqUue+c4UjnXhiacXyVUnQQzUVu0sGak4vrQi0020aBzMXM2ZG7rNgvw+wcYFS4txO90kwJL6aOMXT2BeJiQ3wjjHb7M74/sSd0ffRTUlJSODSDotO7Q7Dfcnc1FLrIhXPRFPavTjFoL5HRy77xuGG7U7jTMoGra+rK54v0sxqKbS5WZi1hADQmAVIO8bPb+jA1qoejRFygW6sLgAdmEFQQJOhCV/BoKP3A=="} {"Value":"AAAAAQJ7mykBIbHX5k81qdXEpvlLgRF1ZSlODETcB1JBZ7nj0Muskpvvl3jofN5XH1Td8ibJlrR0o5o/OUjZAz9t0Da+ZzCy4ga9G2SmgWkUAravTqfPO/ZxWh2hqTso2WPBXRM3/IeR0SAv/zh7m7JILxjKybJmnl9U6fkjPID/us0AscckZ9kgJ4g8jwaTzPfRp5U8jMebHYbABXZ65PeUOvNiDVcOvQDWPJrMxICz12xbeJ8mKs5MHpcNkLtPoRCQSpsh0YYTwkuF7NvpIciqIJ4/Yb7wYO+vp9AATbiIs3sSFBWxXEl0OAg/SAmOvaR27Y7/NHN//mg81jkMOHv62/Fxf11I8t1d63oyWFQhP0xR9eoq5hGNQ/30I2m1prhZtLRC2ieKASBDMxTzyNS5G5bsVXvhCsxn8tiC0Ma+ySOfxMQzBRfbx8rtoGmLFP+l/d6VMOPGFxmYqzLS5HvvpCryscCqLn7A8i6TMSrZiF7ZevyfEBpThqhJiYHzUxf07O5IAe6JBSGuNV9gLE+uJXaiYLedJwSfjRKwdQyzer730dU1IegW3KYTb/5hSW4eaETKkjc/alC536WlvAv+5FyckDBc3aVC+hHB7lKZG5YANkOUS3m5I8epemOmuKQ5pnXLOdDkQ14DyNCC79NwLltkp0d6sTNstQ44XAbs0HlLjs4EFwg5Hps9qHeXgTOXeAvwUerJgM20nKszlB+Oy+JzZm0xOK5xoJwy+z0/U3PtJ+7pwAipesIa2QEzqMt3EneuPuwEcv3bPUcowukq542sCEK0CuZjLqTUU9nNqiZan5f5pWuL0hYw4NFIkNfQyRlqgKpMaplDk/2fBqaV98yn0DWceEMWRY4NXpEMS+ysPDIeamX99auWqakb95AZ7tySpkRAkZYtq1nY5Nu0w7NyJrJZ1lhBHs2ZjW0tpXn2CL0MhMVArg=="}

View File

@@ -0,0 +1 @@
{"Value":"AAAAAQIwsBgPcs7Hxl7UnB8OkTq9+5HERx4Fzn8jAzR8uIhoQZfpNG/15m2LEEsDJw1o+lxc6u+h7XcOB1QRqrKz8k7CFR15A+qsxD0UclHZdnk+MmMwXL9SSvYugp7XPiXmpG/uTZVf1QtigXQuehEEJeFfJVI7aFACu2AHEGVt+5b6yDQEgTUruo0seazRXuVU+J6NFCDU3ZvkR8e0al6OcMail59KamzjSCYiqDF4TeUuOQ6Zyr7zIG7gSaas1sog2JIlvrh+wkHW6I+OyD9SJSTinGEGRXl0tq15qoBJ4srfXdWODmKtExEupArbiDR5PyvSI3KlIHKIFduslJZKkJwiV3dBscdva4Rqb98FffMVYuM4G4s+VpvDDX+WVsqWF1ssoHRAFWCNAJGsenVDTxblzAF/4rGkJ7LC9yjLGsBtMOCkCZAKDQ3C9VFu+LGhbMRA5p2RKxNKWGem4Cyp5AqMmx62UzDAgMLGgm89A0g9s1/3FnCoLPdVmlWc6cg4QahN30qJCInJeAmH7T9NwIjv6/QxyJxyDVtdMtcfnMNxx15Q29lbyWTcbaI1iabHpc16iS/gwAPQeBTSbcvc4OxqwC5PDFThFq6bwZXaekYz4ghC13j9Ht79GVKH9cPZb5M="}

View File

@@ -0,0 +1 @@
{"Value":"AAAAAQKfotDJ0SihB+f5i4PxZ6lq1kxtH4QMprGI7Hj8HimEwXsW0Gbj/1B7YM4DQt4t5JFD4gKwFVOwlJDyusaJj92ar0QLSreCWyJTKUadqZplMFyB/bAdK42QdH+ZS8Z9KHUNchbRpNhnvOFIahoDG8dZ+nbCIXblJONCaey4/ri3H+GQbk/jfre1VByh7zVIN0ISew5PzZRCTkbO1CvcQZhrRGoUGiPmLywKVbHEMsvimVuZY5py6OfL+70QmElBmN9O45bTgX9XPbfSmyQIcGrElO1foi0WwZLPsb/fZcAIgrhC768jOnzeimChoX4zc0DPxuyV1YPvsD1yAlsnsFuJW6CP7TGkszbJU+rwDpg0TgqKtvFr1Lgkxyfcxg0h++1BSiEgoJU7b2IgIWP7reJVjc1tbAsoR1tOBCSAAhvqWZVpn2oht5rfe9aN370bV3Jcu17hFWyhB+VhzbCCPRcofPXX3f2U2dcQ0X7bU4nMiq1v6NQP6u/D5GAPj4Jc0519tPW4KQrd9SNqR20ct6OvqxjMFWV4GZXVcsL4+3xup87Yib6EDb0+hhe6XEpC6isYgD3D5OTTOWphHlsglGkGFi9lUc+h8zNPM4FHwha6uVTLmaqaLGbLziwT9WXF1ATacwtNW0t3kZlFUBvMwSwWzoPqO1+jxs+id4ie/VI6ZTOeowi4ceK2eWJ1/t9MB/gjvadpgE+FYt5QG6dFav4ujQN5Ne/yY78PGF5tp0CT4koox0rMUuxyD1xOIXkm0NBpJm1y9/J06yqLpMKqS40/jGcSQaycRngXDb+6H9rj7mheiO4qxcFGqViqECCUjDG3PnLP/fy9py5kFq7mf0pq7L0Jq/lLWC+iKJF9UaZmCaz8DwlQ9zC03XOFqABPNe8gMFlb8zU09VKBbY+g5gukOonjcBeoFOTRqQxuaWwwwB2lj8XnZScOyIcVJGkH"}