stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 36 Wiki Activity

Compare commits

base: stklcode:v1.5.1
Branches Tags
stklcode:main stklcode:experimental/jackson3 stklcode:java17 stklcode:develop stklcode:feat/split-clients
stklcode:v1.5.3 stklcode:v1.5.2 stklcode:v1.5.1 stklcode:v1.5.0 stklcode:v1.4.0 stklcode:v1.3.1 stklcode:v1.3.0 stklcode:v1.2.0 stklcode:v1.1.5 stklcode:v1.1.4 stklcode:v1.1.3 stklcode:v1.1.2 stklcode:v1.1.1 stklcode:v1.1.0 stklcode:v1.0.1 stklcode:v1.0.0 stklcode:v0.9.5 stklcode:v0.9.4 stklcode:v0.9.3 stklcode:v0.9.2 stklcode:v0.9.1 stklcode:v0.9.0 stklcode:v0.8.2 stklcode:v0.8.1 stklcode:v0.8.0 stklcode:v0.7.1 stklcode:v0.7.0 stklcode:v0.6.2 stklcode:v0.6.1 stklcode:v0.6.0 stklcode:v0.5.0 stklcode:v0.4.1 stklcode:v0.4.0 stklcode:v0.3.0 stklcode:v0.2.0 stklcode:v0.1.1 stklcode:v0.1
..
compare: stklcode:feat/split-clients
Branches Tags
stklcode:experimental/jackson3 stklcode:java17 stklcode:develop stklcode:main stklcode:feat/split-clients
stklcode:v1.5.3 stklcode:v1.5.2 stklcode:v1.5.1 stklcode:v1.5.0 stklcode:v1.4.0 stklcode:v1.3.1 stklcode:v1.3.0 stklcode:v1.2.0 stklcode:v1.1.5 stklcode:v1.1.4 stklcode:v1.1.3 stklcode:v1.1.2 stklcode:v1.1.1 stklcode:v1.1.0 stklcode:v1.0.1 stklcode:v1.0.0 stklcode:v0.9.5 stklcode:v0.9.4 stklcode:v0.9.3 stklcode:v0.9.2 stklcode:v0.9.1 stklcode:v0.9.0 stklcode:v0.8.2 stklcode:v0.8.1 stklcode:v0.8.0 stklcode:v0.7.1 stklcode:v0.7.0 stklcode:v0.6.2 stklcode:v0.6.1 stklcode:v0.6.0 stklcode:v0.5.0 stklcode:v0.4.1 stklcode:v0.4.0 stklcode:v0.3.0 stklcode:v0.2.0 stklcode:v0.1.1 stklcode:v0.1

27 Commits
v1.5.1 ... feat/split

Author SHA1 Message Date
Stefan Kalscheuer
1072e9b4a9 split VaultConnector interface into clients per module
All checks were successful
CI / build (11) (push) Successful in 33s
Details
CI / build (17) (push) Successful in 31s
Details
CI / build (true, 21) (push) Successful in 25s
Details 
The connector interface has grown quite big and does not even cover all
potential APIs. We now extract functionality into submodules and group
them to handle each area in separate interfaces. Provide fluent access,
strip prefixes from methods and preserve a 1:1 migration path.

Examples:

* connector.unseal() => connector.sys().unseal()
* connector.readSecretVersion() => connector.kv2().readVersion()
* connector.createToken() => connector.token().create()
* connector.lookupAppRole() => connector.appRole().lookup()
* connector.transitHash() => connector.transit().hash()
 2025-09-02 15:35:18 +02:00
Stefan Kalscheuer
e96ece3385 build: update maven-wrapper to 3.3.3
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m6s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 48s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m5s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 59s
Details
2025-09-02 13:27:29 +02:00
Stefan Kalscheuer
41eeae6687 refactor: extract API paths into a utility class (#108)
Some checks failed
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m8s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 46s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Has been cancelled
Details
CI / build-with-it (17, 1.20.0) (push) Has been cancelled
Details
CI / build-with-it (21, 1.2.0) (push) Has been cancelled
Details 
Extract some static String constants from HTTPVaultConnector, which is
quite long already, into an internal utility class VaultApiPath.
We just reorganize some constants that should not change any behavior.
 2025-08-30 09:53:46 +02:00
Stefan Kalscheuer
bac06c5d19 fix: prevent potential off-by-1 error in internal mapOf() helper (#107)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 43s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 53s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 40s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 52s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 41s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 45s
Details
2025-08-30 09:41:09 +02:00
Stefan Kalscheuer
e30a3bd93a build: update sonar-maven-plugin to 5.2.0.4988
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 44s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 51s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 40s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 49s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 39s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 46s
Details
2025-08-30 09:11:21 +02:00
Stefan Kalscheuer
8447b572b4 build: update maven-javadoc-plugin to 3.11.3 2025-08-30 09:10:26 +02:00
Stefan Kalscheuer
a95b05ba0e build: update GitHub actions 2025-08-30 09:08:30 +02:00
Stefan Kalscheuer
29517b9d78 deps: update jackson to 2.20.0 (#106)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 47s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 54s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 43s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 53s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 44s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 51s
Details
2025-08-29 17:36:24 +02:00
Stefan Kalscheuer
1536c23cf0 test(deps): update mockito-core to 5.19.0
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 47s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m0s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 46s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 57s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 46s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 54s
Details
2025-08-16 10:23:36 +02:00
Stefan Kalscheuer
a7a435b420 test(deps): update junit-jupiter to 5.13.3
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m13s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 52s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m11s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m4s
Details
2025-07-20 15:47:32 +02:00
Stefan Kalscheuer
d1b8b12ffe test(deps): update commons-io to 2.20.0 2025-07-20 15:47:31 +02:00
Stefan Kalscheuer
27c94870d3 deps: update jackson to 2.19.2 (#105) 2025-07-20 15:47:30 +02:00
Stefan Kalscheuer
12aee10741 prepare for next development iteration
All checks were successful
CI / build (11) (push) Successful in 38s
Details
CI / build (17) (push) Successful in 39s
Details
CI / build (true, 21) (push) Successful in 36s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m8s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m10s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 1m10s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m13s
Details
2025-07-16 18:36:24 +02:00
Stefan Kalscheuer
1803728256 prepare release v1.5.2
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m11s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 58s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m10s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m2s
Details
2025-07-16 18:22:35 +02:00
Stefan Kalscheuer
9e7d8f50d3 build: update maven to 3.9.11
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 1m1s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m12s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m8s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m9s
Details
2025-07-16 18:09:25 +02:00
Stefan Kalscheuer
08886a0c7c build: update maven-gpg-plugin to 3.2.8 2025-07-16 18:08:19 +02:00
Stefan Kalscheuer
eebe3f0ef6 build: update maven-enforcer-plugin to 3.6.1 2025-07-16 18:08:05 +02:00
Stefan Kalscheuer
5b9f1392d3 build: restore argLine to fix code coverage
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 49s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m6s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 44s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m26s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m8s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 51s
Details 
Partially reverts da4fffc823
 2025-07-15 08:41:46 +02:00
Stefan Kalscheuer
da4fffc823 build remove unused test module access flags
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 40s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 51s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 39s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 50s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 41s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 48s
Details 
Remove redundant module opens directives and argLine property
inheritance, keeping only essential module access config for tests.
 2025-07-13 18:38:47 +02:00
Stefan Kalscheuer
91276e1615 test: autoformat test code
All checks were successful
CI / build (11) (push) Successful in 34s
Details
CI / build (17) (push) Successful in 32s
Details
CI / build (true, 21) (push) Successful in 28s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 50s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m7s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 45s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m7s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 48s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 59s
Details
2025-07-13 18:19:56 +02:00
Stefan Kalscheuer
6d2313289c test: use Files.writeString() for config creation 2025-07-13 18:19:45 +02:00
Stefan Kalscheuer
bcbb3a0926 test: use assertDoesNotThrow instead of try-catch-fail for createFull() 2025-07-13 18:17:48 +02:00
Stefan Kalscheuer
f03c05bd5b fix: use Long for numeric TTL fields (#103) (#104)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 55s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m8s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 43s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m3s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 47s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 53s
Details 
Mapping these fields as Integer limits the possible maximum TTL value to
roughly 68 years. This may or may not be a reasonable value, but is
technically a valid number in the JSON response. Convert all TTL-related
fields to Long, so we can map such values.
 2025-07-01 20:05:05 +02:00
Stefan Kalscheuer
afdad92ae6 test: run IT against Vault 1.20.0 (#102)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 59s
Details
CI / build-with-it (11, 1.20.0) (push) Successful in 1m7s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 56s
Details
CI / build-with-it (17, 1.20.0) (push) Successful in 1m5s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 54s
Details
CI / build-with-it (true, 21, 1.20.0) (push) Successful in 1m0s
Details
2025-06-26 18:17:23 +02:00
Stefan Kalscheuer
9fa360393d deps: update build and test dependencies 2025-06-26 18:12:42 +02:00
Stefan Kalscheuer
d28c189ec2 deps: update jackson to 2.19.1 (#101)
All checks were successful
CI / build-with-it (11, 1.2.0) (push) Successful in 1m1s
Details
CI / build-with-it (11, 1.19.5) (push) Successful in 1m7s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 1m3s
Details
CI / build-with-it (17, 1.19.5) (push) Successful in 1m11s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 1m1s
Details
CI / build-with-it (true, 21, 1.19.5) (push) Successful in 1m9s
Details
2025-06-20 20:28:52 +02:00
Stefan Kalscheuer
46fffcc711 prepare for next development iteration
All checks were successful
CI / build (11) (push) Successful in 39s
Details
CI / build (17) (push) Successful in 39s
Details
CI / build (true, 21) (push) Successful in 29s
Details
CI / build-with-it (11, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (11, 1.19.5) (push) Successful in 1m6s
Details
CI / build-with-it (17, 1.19.5) (push) Successful in 1m3s
Details
CI / build-with-it (17, 1.2.0) (push) Successful in 57s
Details
CI / build-with-it (21, 1.2.0) (push) Successful in 51s
Details
CI / build-with-it (true, 21, 1.19.5) (push) Successful in 1m1s
Details
2025-06-02 16:59:30 +02:00
45 changed files with 2661 additions and 2443 deletions
Expand all files Collapse all files

8
.github/workflows/ci-it.yml vendored
View File

@@ -15,18 +15,18 @@ jobs:
strategy: strategy:
matrix: matrix:
jdk: [ 11, 17, 21 ] jdk: [ 11, 17, 21 ]
vault: [ '1.2.0', '1.19.5' ] vault: [ '1.2.0', '1.20.0' ]
include: include:
- jdk: 21 - jdk: 21
vault: '1.19.5' vault: '1.20.0'
analysis: true analysis: true
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Java - name: Set up Java
uses: actions/setup-java@v4 uses: actions/setup-java@v5
with: with:
java-version: ${{ matrix.jdk }} java-version: ${{ matrix.jdk }}
distribution: 'temurin' distribution: 'temurin'

4
.github/workflows/ci.yml vendored
View File

@@ -21,11 +21,11 @@ jobs:
analysis: true analysis: true
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v5
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Java - name: Set up Java
uses: actions/setup-java@v4 uses: actions/setup-java@v5
with: with:
java-version: ${{ matrix.jdk }} java-version: ${{ matrix.jdk }}
distribution: 'temurin' distribution: 'temurin'

4
.mvn/wrapper/maven-wrapper.properties vendored
View File

@@ -1,2 +1,2 @@
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip distributionType=only-script
wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip

23
CHANGELOG.md
View File

@@ -1,3 +1,26 @@
## unreleased
### Dependencies
* Updated Jackson to 2.20.0 (#106)
### Improvements
* Extract API paths into a utility class (#108)
### Fix
* Prevent potential off-by-1 error in internal `mapOf()` helper (#107)
## 1.5.2 (2025-07-16)
### Dependencies
* Updated Jackson to 2.19.1 (#101)
### Fix
* Use `Long` for numeric TTL fields (#103) (#104)
### Test
* Tested against Vault 1.2 to 1.20 (#102)
## 1.5.1 (2025-06-02) ## 1.5.1 (2025-06-02)
### Improvements ### Improvements

10
README.md
View File

@@ -32,7 +32,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
* Database secret handling * Database secret handling
* Transit API support * Transit API support
* Connector Factory with builder pattern * Connector Factory with builder pattern
* Tested against Vault 1.2 to 1.19 * Tested against Vault 1.2 to 1.20
## Maven Artifact ## Maven Artifact
@@ -40,7 +40,7 @@ Java Vault Connector is a connector library for [Vault](https://www.vaultproject
<dependency> <dependency>
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>1.5.1</version> <version>1.5.2</version>
</dependency> </dependency>
``` ```
@@ -109,11 +109,11 @@ Token token = Token.builder()
.withDisplayName("new test token") .withDisplayName("new test token")
.withPolicies("pol1", "pol2") .withPolicies("pol1", "pol2")
.build(); .build();
vault.createToken(token); vault.token().create(token);
// Create AppRole credentials // Create AppRole credentials
vault.createAppRole("testrole", policyList); vault.appRole().create("testrole", policyList);
AppRoleSecretResponse secret = vault.createAppRoleSecret("testrole"); AppRoleSecretResponse secret = vault.appRole().createSecret("testrole");
``` ```
## Links ## Links

489
mvnw vendored
View File

@@ -19,314 +19,277 @@
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# Apache Maven Wrapper startup batch script, version 3.3.2 # Apache Maven Wrapper startup batch script, version 3.3.3
#
# Required ENV vars:
# ------------------
# JAVA_HOME - location of a JDK home dir
# #
# Optional ENV vars # Optional ENV vars
# ----------------- # -----------------
# MAVEN_OPTS - parameters passed to the Java VM when running Maven # JAVA_HOME - location of a JDK home dir, required when download maven via java source
# e.g. to debug Maven itself, use # MVNW_REPOURL - repo url base for downloading maven distribution
# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 # MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven
# MAVEN_SKIP_RC - flag to disable loading of mavenrc files # MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
if [ -z "$MAVEN_SKIP_RC" ]; then set -euf
[ "${MVNW_VERBOSE-}" != debug ] || set -x
if [ -f /usr/local/etc/mavenrc ]; then # OS specific support.
. /usr/local/etc/mavenrc native_path() { printf %s\\n "$1"; }
fi
if [ -f /etc/mavenrc ]; then
. /etc/mavenrc
fi
if [ -f "$HOME/.mavenrc" ]; then
. "$HOME/.mavenrc"
fi
fi
# OS specific support. $var _must_ be set to either true or false.
cygwin=false
darwin=false
mingw=false
case "$(uname)" in case "$(uname)" in
CYGWIN*) cygwin=true ;; CYGWIN* | MINGW*)
MINGW*) mingw=true ;; [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")"
Darwin*) native_path() { cygpath --path --windows "$1"; }
darwin=true
# Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
# See https://developer.apple.com/library/mac/qa/qa1170/_index.html
if [ -z "$JAVA_HOME" ]; then
if [ -x "/usr/libexec/java_home" ]; then
JAVA_HOME="$(/usr/libexec/java_home)"
export JAVA_HOME
else
JAVA_HOME="/Library/Java/Home"
export JAVA_HOME
fi
fi
;; ;;
esac esac
if [ -z "$JAVA_HOME" ]; then # set JAVACMD and JAVACCMD
if [ -r /etc/gentoo-release ]; then set_java_home() {
JAVA_HOME=$(java-config --jre-home) # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched
fi if [ -n "${JAVA_HOME-}" ]; then
fi
# For Cygwin, ensure paths are in UNIX format before anything is touched
if $cygwin; then
[ -n "$JAVA_HOME" ] \
&& JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
[ -n "$CLASSPATH" ] \
&& CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
fi
# For Mingw, ensure paths are in UNIX format before anything is touched
if $mingw; then
[ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] \
&& JAVA_HOME="$(
cd "$JAVA_HOME" || (
echo "cannot cd into $JAVA_HOME." >&2
exit 1
)
pwd
)"
fi
if [ -z "$JAVA_HOME" ]; then
javaExecutable="$(which javac)"
if [ -n "$javaExecutable" ] && ! [ "$(expr "$javaExecutable" : '\([^ ]*\)')" = "no" ]; then
# readlink(1) is not available as standard on Solaris 10.
readLink=$(which readlink)
if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
if $darwin; then
javaHome="$(dirname "$javaExecutable")"
javaExecutable="$(cd "$javaHome" && pwd -P)/javac"
else
javaExecutable="$(readlink -f "$javaExecutable")"
fi
javaHome="$(dirname "$javaExecutable")"
javaHome=$(expr "$javaHome" : '\(.*\)/bin')
JAVA_HOME="$javaHome"
export JAVA_HOME
fi
fi
fi
if [ -z "$JAVACMD" ]; then
if [ -n "$JAVA_HOME" ]; then
if [ -x "$JAVA_HOME/jre/sh/java" ]; then if [ -x "$JAVA_HOME/jre/sh/java" ]; then
# IBM's JDK on AIX uses strange locations for the executables # IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java" JAVACMD="$JAVA_HOME/jre/sh/java"
JAVACCMD="$JAVA_HOME/jre/sh/javac"
else else
JAVACMD="$JAVA_HOME/bin/java" JAVACMD="$JAVA_HOME/bin/java"
JAVACCMD="$JAVA_HOME/bin/javac"
if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then
echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2
echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2
return 1
fi
fi fi
else else
JAVACMD="$( JAVACMD="$(
\unset -f command 2>/dev/null 'set' +e
\command -v java 'unset' -f command 2>/dev/null
)" 'command' -v java
fi )" || :
fi JAVACCMD="$(
'set' +e
'unset' -f command 2>/dev/null
'command' -v javac
)" || :
if [ ! -x "$JAVACMD" ]; then if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then
echo "Error: JAVA_HOME is not defined correctly." >&2 echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2
echo " We cannot execute $JAVACMD" >&2
exit 1
fi
if [ -z "$JAVA_HOME" ]; then
echo "Warning: JAVA_HOME environment variable is not set." >&2
fi
# traverses directory structure from process work directory to filesystem root
# first directory with .mvn subdirectory is considered project base directory
find_maven_basedir() {
if [ -z "$1" ]; then
echo "Path not specified to find_maven_basedir" >&2
return 1 return 1
fi fi
fi
}
basedir="$1" # hash string like Java String::hashCode
wdir="$1" hash_string() {
while [ "$wdir" != '/' ]; do str="${1:-}" h=0
if [ -d "$wdir"/.mvn ]; then while [ -n "$str" ]; do
basedir=$wdir char="${str%"${str#?}"}"
break h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296))
fi str="${str#?}"
# workaround for JBEAP-8937 (on Solaris 10/Sparc)
if [ -d "${wdir}" ]; then
wdir=$(
cd "$wdir/.." || exit 1
pwd
)
fi
# end of workaround
done done
printf '%s' "$( printf %x\\n $h
cd "$basedir" || exit 1
pwd
)"
} }
# concatenates all lines of a file verbose() { :; }
concat_lines() { [ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; }
if [ -f "$1" ]; then
# Remove \r in case we run on Windows within Git Bash
# and check out the repository with auto CRLF management
# enabled. Otherwise, we may read lines that are delimited with
# \r\n and produce $'-Xarg\r' rather than -Xarg due to word
# splitting rules.
tr -s '\r\n' ' ' <"$1"
fi
}
log() { die() {
if [ "$MVNW_VERBOSE" = true ]; then printf %s\\n "$1" >&2
printf '%s\n' "$1"
fi
}
BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
if [ -z "$BASE_DIR" ]; then
exit 1 exit 1
fi }
MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} trim() {
export MAVEN_PROJECTBASEDIR # MWRAPPER-139:
log "$MAVEN_PROJECTBASEDIR" # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds.
# Needed for removing poorly interpreted newline sequences when running in more
# exotic environments such as mingw bash on Windows.
printf "%s" "${1}" | tr -d '[:space:]'
}
########################################################################################## scriptDir="$(dirname "$0")"
# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central scriptName="$(basename "$0")"
# This allows using the maven wrapper in projects that prohibit checking in binary data.
##########################################################################################
wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
if [ -r "$wrapperJarPath" ]; then
log "Found $wrapperJarPath"
else
log "Couldn't find $wrapperJarPath, downloading it ..."
if [ -n "$MVNW_REPOURL" ]; then # parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties
wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
else
wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
fi
while IFS="=" read -r key value; do
# Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
safeValue=$(echo "$value" | tr -d '\r')
case "$key" in wrapperUrl)
wrapperUrl="$safeValue"
break
;;
esac
done <"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
log "Downloading from: $wrapperUrl"
if $cygwin; then
wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
fi
if command -v wget >/dev/null; then
log "Found wget ... using wget"
[ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
else
wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
fi
elif command -v curl >/dev/null; then
log "Found curl ... using curl"
[ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
else
curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
fi
else
log "Falling back to using Java to download"
javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
# For Cygwin, switch paths to Windows format before running javac
if $cygwin; then
javaSource=$(cygpath --path --windows "$javaSource")
javaClass=$(cygpath --path --windows "$javaClass")
fi
if [ -e "$javaSource" ]; then
if [ ! -e "$javaClass" ]; then
log " - Compiling MavenWrapperDownloader.java ..."
("$JAVA_HOME/bin/javac" "$javaSource")
fi
if [ -e "$javaClass" ]; then
log " - Running MavenWrapperDownloader.java ..."
("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
fi
fi
fi
fi
##########################################################################################
# End of extension
##########################################################################################
# If specified, validate the SHA-256 sum of the Maven wrapper jar file
wrapperSha256Sum=""
while IFS="=" read -r key value; do while IFS="=" read -r key value; do
case "$key" in wrapperSha256Sum) case "${key-}" in
wrapperSha256Sum=$value distributionUrl) distributionUrl=$(trim "${value-}") ;;
break distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;;
esac
done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties"
[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties"
case "${distributionUrl##*/}" in
maven-mvnd-*bin.*)
MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/
case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in
*AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;;
:Darwin*x86_64) distributionPlatform=darwin-amd64 ;;
:Darwin*arm64) distributionPlatform=darwin-aarch64 ;;
:Linux*x86_64*) distributionPlatform=linux-amd64 ;;
*)
echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2
distributionPlatform=linux-amd64
;; ;;
esac esac
done <"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties" distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip"
if [ -n "$wrapperSha256Sum" ]; then ;;
wrapperSha256Result=false maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;;
if command -v sha256sum >/dev/null; then *) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;;
if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c >/dev/null 2>&1; then esac
wrapperSha256Result=true
# apply MVNW_REPOURL and calculate MAVEN_HOME
# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash>
[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}"
distributionUrlName="${distributionUrl##*/}"
distributionUrlNameMain="${distributionUrlName%.*}"
distributionUrlNameMain="${distributionUrlNameMain%-bin}"
MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}"
MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")"
exec_maven() {
unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || :
exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD"
}
if [ -d "$MAVEN_HOME" ]; then
verbose "found existing MAVEN_HOME at $MAVEN_HOME"
exec_maven "$@"
fi
case "${distributionUrl-}" in
*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;;
*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;;
esac
# prepare tmp dir
if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then
clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; }
trap clean HUP INT TERM EXIT
else
die "cannot create temp dir"
fi
mkdir -p -- "${MAVEN_HOME%/*}"
# Download and Install Apache Maven
verbose "Couldn't find MAVEN_HOME, downloading and installing it ..."
verbose "Downloading from: $distributionUrl"
verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"
# select .zip or .tar.gz
if ! command -v unzip >/dev/null; then
distributionUrl="${distributionUrl%.zip}.tar.gz"
distributionUrlName="${distributionUrl##*/}"
fi
# verbose opt
__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR=''
[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v
# normalize http auth
case "${MVNW_PASSWORD:+has-password}" in
'') MVNW_USERNAME='' MVNW_PASSWORD='' ;;
has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;;
esac
if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then
verbose "Found wget ... using wget"
wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl"
elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then
verbose "Found curl ... using curl"
curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl"
elif set_java_home; then
verbose "Falling back to use Java to download"
javaSource="$TMP_DOWNLOAD_DIR/Downloader.java"
targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName"
cat >"$javaSource" <<-END
public class Downloader extends java.net.Authenticator
{
protected java.net.PasswordAuthentication getPasswordAuthentication()
{
return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() );
}
public static void main( String[] args ) throws Exception
{
setDefault( new Downloader() );
java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() );
}
}
END
# For Cygwin/MinGW, switch paths to Windows format before running javac and java
verbose " - Compiling Downloader.java ..."
"$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java"
verbose " - Running Downloader.java ..."
"$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")"
fi
# If specified, validate the SHA-256 sum of the Maven distribution zip file
if [ -n "${distributionSha256Sum-}" ]; then
distributionSha256Result=false
if [ "$MVN_CMD" = mvnd.sh ]; then
echo "Checksum validation is not supported for maven-mvnd." >&2
echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
exit 1
elif command -v sha256sum >/dev/null; then
if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then
distributionSha256Result=true
fi fi
elif command -v shasum >/dev/null; then elif command -v shasum >/dev/null; then
if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c >/dev/null 2>&1; then if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then
wrapperSha256Result=true distributionSha256Result=true
fi fi
else else
echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2
echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties." >&2 echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
exit 1 exit 1
fi fi
if [ $wrapperSha256Result = false ]; then if [ $distributionSha256Result = false ]; then
echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2 echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2
echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2 echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2
echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
exit 1 exit 1
fi fi
fi fi
MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" # unzip and move
if command -v unzip >/dev/null; then
# For Cygwin, switch paths to Windows format before running java unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip"
if $cygwin; then else
[ -n "$JAVA_HOME" ] \ tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar"
&& JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
[ -n "$CLASSPATH" ] \
&& CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
[ -n "$MAVEN_PROJECTBASEDIR" ] \
&& MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
fi fi
# Provide a "standardized" way to retrieve the CLI args that will # Find the actual extracted directory name (handles snapshots where filename != directory name)
# work with both Windows and non-Windows executions. actualDistributionDir=""
MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
export MAVEN_CMD_LINE_ARGS
WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain # First try the expected directory name (for regular distributions)
if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then
if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then
actualDistributionDir="$distributionUrlNameMain"
fi
fi
# shellcheck disable=SC2086 # safe args # If not found, search for any directory with the Maven executable (for snapshots)
exec "$JAVACMD" \ if [ -z "$actualDistributionDir" ]; then
$MAVEN_OPTS \ # enable globbing to iterate over items
$MAVEN_DEBUG_OPTS \ set +f
-classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ for dir in "$TMP_DOWNLOAD_DIR"/*; do
"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ if [ -d "$dir" ]; then
${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" if [ -f "$dir/bin/$MVN_CMD" ]; then
actualDistributionDir="$(basename "$dir")"
break
fi
fi
done
set -f
fi
if [ -z "$actualDistributionDir" ]; then
verbose "Contents of $TMP_DOWNLOAD_DIR:"
verbose "$(ls -la "$TMP_DOWNLOAD_DIR")"
die "Could not find Maven distribution directory in extracted archive"
fi
verbose "Found extracted Maven distribution directory: $actualDistributionDir"
printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url"
mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME"
clean || :
exec_maven "$@"

323
mvnw.cmd vendored
View File

@@ -1,3 +1,4 @@
<# : batch portion
@REM ---------------------------------------------------------------------------- @REM ----------------------------------------------------------------------------
@REM Licensed to the Apache Software Foundation (ASF) under one @REM Licensed to the Apache Software Foundation (ASF) under one
@REM or more contributor license agreements. See the NOTICE file @REM or more contributor license agreements. See the NOTICE file
@@ -18,189 +19,171 @@
@REM ---------------------------------------------------------------------------- @REM ----------------------------------------------------------------------------
@REM ---------------------------------------------------------------------------- @REM ----------------------------------------------------------------------------
@REM Apache Maven Wrapper startup batch script, version 3.3.2 @REM Apache Maven Wrapper startup batch script, version 3.3.3
@REM
@REM Required ENV vars:
@REM JAVA_HOME - location of a JDK home dir
@REM @REM
@REM Optional ENV vars @REM Optional ENV vars
@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands @REM MVNW_REPOURL - repo url base for downloading maven distribution
@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending @REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven
@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven @REM MVNW_VERBOSE - true: enable verbose log; others: silence the output
@REM e.g. to debug Maven itself, use
@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
@REM ---------------------------------------------------------------------------- @REM ----------------------------------------------------------------------------
@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' @IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0)
@echo off @SET __MVNW_CMD__=
@REM set title of command window @SET __MVNW_ERROR__=
title %0 @SET __MVNW_PSMODULEP_SAVE=%PSModulePath%
@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' @SET PSModulePath=
@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% @FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @(
IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B)
@REM set %HOME% to equivalent of $HOME
if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
@REM Execute a user defined script before this one
if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
@REM check for pre script, once with legacy .bat ending and once with .cmd ending
if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
:skipRcPre
@setlocal
set ERROR_CODE=0
@REM To isolate internal variables from possible post scripts, we use another setlocal
@setlocal
@REM ==== START VALIDATION ====
if not "%JAVA_HOME%" == "" goto OkJHome
echo. >&2
echo Error: JAVA_HOME not found in your environment. >&2
echo Please set the JAVA_HOME variable in your environment to match the >&2
echo location of your Java installation. >&2
echo. >&2
goto error
:OkJHome
if exist "%JAVA_HOME%\bin\java.exe" goto init
echo. >&2
echo Error: JAVA_HOME is set to an invalid directory. >&2
echo JAVA_HOME = "%JAVA_HOME%" >&2
echo Please set the JAVA_HOME variable in your environment to match the >&2
echo location of your Java installation. >&2
echo. >&2
goto error
@REM ==== END VALIDATION ====
:init
@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
@REM Fallback to current working directory if not found.
set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
set EXEC_DIR=%CD%
set WDIR=%EXEC_DIR%
:findBaseDir
IF EXIST "%WDIR%"\.mvn goto baseDirFound
cd ..
IF "%WDIR%"=="%CD%" goto baseDirNotFound
set WDIR=%CD%
goto findBaseDir
:baseDirFound
set MAVEN_PROJECTBASEDIR=%WDIR%
cd "%EXEC_DIR%"
goto endDetectBaseDir
:baseDirNotFound
set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
cd "%EXEC_DIR%"
:endDetectBaseDir
IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
@setlocal EnableExtensions EnableDelayedExpansion
for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
:endReadAdditionalConfig
SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
) )
@SET PSModulePath=%__MVNW_PSMODULEP_SAVE%
@SET __MVNW_PSMODULEP_SAVE=
@SET __MVNW_ARG0_NAME__=
@SET MVNW_USERNAME=
@SET MVNW_PASSWORD=
@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*)
@echo Cannot start maven from wrapper >&2 && exit /b 1
@GOTO :EOF
: end batch / begin powershell #>
@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central $ErrorActionPreference = "Stop"
@REM This allows using the maven wrapper in projects that prohibit checking in binary data. if ($env:MVNW_VERBOSE -eq "true") {
if exist %WRAPPER_JAR% ( $VerbosePreference = "Continue"
if "%MVNW_VERBOSE%" == "true" ( }
echo Found %WRAPPER_JAR%
)
) else (
if not "%MVNW_REPOURL%" == "" (
SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.3.2/maven-wrapper-3.3.2.jar"
)
if "%MVNW_VERBOSE%" == "true" (
echo Couldn't find %WRAPPER_JAR%, downloading it ...
echo Downloading from: %WRAPPER_URL%
)
powershell -Command "&{"^ # calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties
"$webclient = new-object System.Net.WebClient;"^ $distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl
"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ if (!$distributionUrl) {
"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties"
"}"^ }
"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
"}"
if "%MVNW_VERBOSE%" == "true" (
echo Finished downloading %WRAPPER_JAR%
)
)
@REM End of extension
@REM If specified, validate the SHA-256 sum of the Maven wrapper jar file switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) {
SET WRAPPER_SHA_256_SUM="" "maven-mvnd-*" {
FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( $USE_MVND = $true
IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip"
) $MVN_CMD = "mvnd.cmd"
IF NOT %WRAPPER_SHA_256_SUM%=="" ( break
powershell -Command "&{"^ }
"Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash;"^ default {
"$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^ $USE_MVND = $false
"If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^ $MVN_CMD = $script -replace '^mvnw','mvn'
" Write-Error 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^ break
" Write-Error 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^ }
" Write-Error 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^ }
" exit 1;"^
"}"^
"}"
if ERRORLEVEL 1 goto error
)
@REM Provide a "standardized" way to retrieve the CLI args that will # apply MVNW_REPOURL and calculate MAVEN_HOME
@REM work with both Windows and non-Windows executions. # maven home pattern: ~/.m2/wrapper/dists/{apache-maven-<version>,maven-mvnd-<version>-<platform>}/<hash>
set MAVEN_CMD_LINE_ARGS=%* if ($env:MVNW_REPOURL) {
$MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" }
$distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')"
}
$distributionUrlName = $distributionUrl -replace '^.*/',''
$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$',''
%MAVEN_JAVA_EXE% ^ $MAVEN_M2_PATH = "$HOME/.m2"
%JVM_CONFIG_MAVEN_PROPS% ^ if ($env:MAVEN_USER_HOME) {
%MAVEN_OPTS% ^ $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME"
%MAVEN_DEBUG_OPTS% ^ }
-classpath %WRAPPER_JAR% ^
"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
%WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
if ERRORLEVEL 1 goto error
goto end
:error if (-not (Test-Path -Path $MAVEN_M2_PATH)) {
set ERROR_CODE=1 New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null
}
:end $MAVEN_WRAPPER_DISTS = $null
@endlocal & set ERROR_CODE=%ERROR_CODE% if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) {
$MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists"
} else {
$MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists"
}
if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost $MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain"
@REM check for post script, once with legacy .bat ending and once with .cmd ending $MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join ''
if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" $MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME"
if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
:skipRcPost
@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' if (Test-Path -Path "$MAVEN_HOME" -PathType Container) {
if "%MAVEN_BATCH_PAUSE%"=="on" pause Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME"
Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD"
exit $?
}
if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) {
Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl"
}
cmd /C exit /B %ERROR_CODE% # prepare tmp dir
$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile
$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir"
$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null
trap {
if ($TMP_DOWNLOAD_DIR.Exists) {
try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null }
catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" }
}
}
New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null
# Download and Install Apache Maven
Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..."
Write-Verbose "Downloading from: $distributionUrl"
Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"
$webclient = New-Object System.Net.WebClient
if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) {
$webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD)
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null
# If specified, validate the SHA-256 sum of the Maven distribution zip file
$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum
if ($distributionSha256Sum) {
if ($USE_MVND) {
Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties."
}
Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash
if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) {
Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property."
}
}
# unzip and move
Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null
# Find the actual extracted directory name (handles snapshots where filename != directory name)
$actualDistributionDir = ""
# First try the expected directory name (for regular distributions)
$expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain"
$expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD"
if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) {
$actualDistributionDir = $distributionUrlNameMain
}
# If not found, search for any directory with the Maven executable (for snapshots)
if (!$actualDistributionDir) {
Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object {
$testPath = Join-Path $_.FullName "bin/$MVN_CMD"
if (Test-Path -Path $testPath -PathType Leaf) {
$actualDistributionDir = $_.Name
}
}
}
if (!$actualDistributionDir) {
Write-Error "Could not find Maven distribution directory in extracted archive"
}
Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir"
Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null
try {
Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null
} catch {
if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) {
Write-Error "fail to move MAVEN_HOME"
}
} finally {
try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null }
catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" }
}
Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD"

44
pom.xml
View File

@@ -1,10 +1,9 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>1.5.1</version> <version>2.0.0-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>
@@ -33,7 +32,7 @@
<connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection> <connection>scm:git:git://github.com/stklcode/jvaultconnector.git</connection>
<developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection> <developerConnection>scm:git:git@github.com:stklcode/jvaultconnector.git</developerConnection>
<url>https://github.com/stklcode/jvaultconnector</url> <url>https://github.com/stklcode/jvaultconnector</url>
<tag>v1.5.1</tag> <tag>HEAD</tag>
</scm> </scm>
<issueManagement> <issueManagement>
@@ -43,7 +42,6 @@
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.build.outputTimestamp>2025-06-02T14:59:15Z</project.build.outputTimestamp>
<argLine /> <argLine />
</properties> </properties>
@@ -51,24 +49,24 @@
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId> <artifactId>jackson-databind</artifactId>
<version>2.19.0</version> <version>2.20.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.datatype</groupId> <groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId> <artifactId>jackson-datatype-jsr310</artifactId>
<version>2.19.0</version> <version>2.20.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.junit.jupiter</groupId> <groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId> <artifactId>junit-jupiter</artifactId>
<version>5.13.0</version> <version>5.13.3</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.mockito</groupId> <groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId> <artifactId>mockito-core</artifactId>
<version>5.18.0</version> <version>5.19.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
@@ -80,13 +78,13 @@
<dependency> <dependency>
<groupId>org.wiremock</groupId> <groupId>org.wiremock</groupId>
<artifactId>wiremock</artifactId> <artifactId>wiremock</artifactId>
<version>3.13.0</version> <version>3.13.1</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>commons-io</groupId>
<artifactId>commons-io</artifactId> <artifactId>commons-io</artifactId>
<version>2.19.0</version> <version>2.20.0</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
@@ -117,7 +115,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId> <artifactId>maven-clean-plugin</artifactId>
<version>3.4.1</version> <version>3.5.0</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
@@ -131,7 +129,8 @@
<configuration> <configuration>
<argLine> <argLine>
@{argLine} @{argLine}
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind --add-opens
de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
</argLine> </argLine>
</configuration> </configuration>
</plugin> </plugin>
@@ -163,13 +162,6 @@
<argLine> <argLine>
@{argLine} @{argLine}
--add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.exception=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.model.response.embedded=ALL-UNNAMED
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.databind
--add-opens de.stklcode.jvault.connector/de.stklcode.jvault.connector.test=com.fasterxml.jackson.datatype.jsr310
</argLine> </argLine>
</configuration> </configuration>
</plugin> </plugin>
@@ -186,7 +178,7 @@
<plugin> <plugin>
<groupId>org.sonarsource.scanner.maven</groupId> <groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId> <artifactId>sonar-maven-plugin</artifactId>
<version>5.1.0.4751</version> <version> 5.2.0.4988</version>
</plugin> </plugin>
</plugins> </plugins>
</pluginManagement> </pluginManagement>
@@ -195,7 +187,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId> <artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version> <version>3.6.1</version>
<executions> <executions>
<execution> <execution>
<id>enforce-versions</id> <id>enforce-versions</id>
@@ -252,7 +244,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId> <artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.2</version> <version>3.11.3</version>
<configuration> <configuration>
<source>11</source> <source>11</source>
</configuration> </configuration>
@@ -299,7 +291,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId> <artifactId>maven-gpg-plugin</artifactId>
<version>3.2.7</version> <version>3.2.8</version>
<executions> <executions>
<execution> <execution>
<id>sign-artifacts</id> <id>sign-artifacts</id>
@@ -370,7 +362,7 @@
<plugin> <plugin>
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>12.1.1</version> <version>12.1.3</version>
<configuration> <configuration>
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey> <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
<nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl> <nvdDatafeedUrl>${env.NVD_DATAFEED_URL}</nvdDatafeedUrl>
@@ -394,7 +386,7 @@
<plugin> <plugin>
<groupId>org.sonatype.central</groupId> <groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId> <artifactId>central-publishing-maven-plugin</artifactId>
<version>0.7.0</version> <version>0.8.0</version>
<extensions>true</extensions> <extensions>true</extensions>
<configuration> <configuration>
<publishingServerId>central</publishingServerId> <publishingServerId>central</publishingServerId>

217
src/main/java/de/stklcode/jvault/connector/AppRoleClient.java Normal file
View File

@@ -0,0 +1,217 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.AppRole;
import de.stklcode.jvault.connector.model.AppRoleSecret;
import de.stklcode.jvault.connector.model.Token;
import de.stklcode.jvault.connector.model.TokenRole;
import de.stklcode.jvault.connector.model.response.*;
import java.util.ArrayList;
import java.util.List;
/**
* AppRole client interface.
* Provides methods to interact with Vault's AppRole API.
*
* @since 2.0.0 extracted from {@link VaultConnector}
*/
public interface AppRoleClient {
/**
* Register a new AppRole role from given metamodel.
*
* @param role The role
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
boolean create(final AppRole role) throws VaultConnectorException;
/**
* Register new AppRole role with default policy.
*
* @param roleName The role name
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean create(final String roleName) throws VaultConnectorException {
return create(roleName, new ArrayList<>());
}
/**
* Register new AppRole role with policies.
*
* @param roleName The role name
* @param policies The policies to associate with
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean create(final String roleName, final List<String> policies) throws VaultConnectorException {
return create(roleName, policies, null);
}
/**
* Register new AppRole role with default policy and custom ID.
*
* @param roleName The role name
* @param roleID A custom role ID
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean create(final String roleName, final String roleID) throws VaultConnectorException {
return create(roleName, new ArrayList<>(), roleID);
}
/**
* Register new AppRole role with policies and custom ID.
*
* @param roleName The role name
* @param policies The policies to associate with
* @param roleID A custom role ID
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean create(final String roleName, final List<String> policies, final String roleID)
throws VaultConnectorException {
return create(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
}
/**
* Delete AppRole role from Vault.
*
* @param roleName The role name
* @return {@code true} on success
* @throws VaultConnectorException on error
*/
boolean delete(final String roleName) throws VaultConnectorException;
/**
* Lookup an AppRole role.
*
* @param roleName The role name
* @return Result of the lookup
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleResponse lookup(final String roleName) throws VaultConnectorException;
/**
* Retrieve ID for an AppRole role.
*
* @param roleName The role name
* @return The role ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
String getRoleID(final String roleName) throws VaultConnectorException;
/**
* Set custom ID for an AppRole role.
*
* @param roleName The role name
* @param roleID The role ID
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
boolean setRoleID(final String roleName, final String roleID) throws VaultConnectorException;
/**
* Register new random generated AppRole secret.
*
* @param roleName The role name
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default AppRoleSecretResponse createSecret(final String roleName) throws VaultConnectorException {
return createSecret(roleName, new AppRoleSecret());
}
/**
* Register new AppRole secret with custom ID.
*
* @param roleName The role name
* @param secretID A custom secret ID
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default AppRoleSecretResponse createSecret(final String roleName, final String secretID)
throws VaultConnectorException {
return createSecret(roleName, new AppRoleSecret(secretID));
}
/**
* Register new AppRole secret with custom ID.
*
* @param roleName The role name
* @param secret The secret meta object
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleSecretResponse createSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException;
/**
* Lookup an AppRole secret.
*
* @param roleName The role name
* @param secretID The secret ID
* @return Result of the lookup
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleSecretResponse lookupSecret(final String roleName, final String secretID)
throws VaultConnectorException;
/**
* Destroy an AppRole secret.
*
* @param roleName The role name
* @param secretID The secret meta object
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
boolean destroySecret(final String roleName, final String secretID) throws VaultConnectorException;
/**
* List existing (accessible) AppRole roles.
*
* @return List of roles
* @throws VaultConnectorException on error
*/
List<String> listRoles() throws VaultConnectorException;
/**
* List existing (accessible) secret IDs for AppRole role.
*
* @param roleName The role name
* @return List of roles
* @throws VaultConnectorException on error
*/
List<String> listSecrets(final String roleName) throws VaultConnectorException;
}

933
src/main/java/de/stklcode/jvault/connector/HTTPVaultConnector.java
View File

File diff suppressed because it is too large Load Diff

200
src/main/java/de/stklcode/jvault/connector/KV2Client.java Normal file
View File

@@ -0,0 +1,200 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.response.MetadataResponse;
import de.stklcode.jvault.connector.model.response.SecretResponse;
import de.stklcode.jvault.connector.model.response.SecretVersionResponse;
import java.util.Map;
/**
* KV v2 client interface.
* Provides methods to interact with Vault's KV v2 API.
*
* @since 2.0.0 extracted from {@link VaultConnector}
*/
public interface KV2Client {
/**
* Retrieve the latest secret data for specific version from Vault.
* <br>
* Path {@code <mount>/data/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @return Secret response
* @throws VaultConnectorException on error
* @since 0.8
*/
default SecretResponse readData(final String mount, final String key) throws VaultConnectorException {
return readVersion(mount, key, null);
}
/**
* Write secret to Vault.
* <br>
* Path {@code <mount>/data/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param data Secret content. Value must be be JSON serializable.
* @return Metadata for the created/updated secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
default SecretVersionResponse writeData(final String mount,
final String key,
final Map<String, Object> data) throws VaultConnectorException {
return writeData(mount, key, data, null);
}
/**
* Write secret to Vault.
* <br>
* Path {@code <mount>/data/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param data Secret content. Value must be be JSON serializable.
* @param cas Use Check-And-Set operation, i.e. only allow writing if current version matches this value.
* @return Metadata for the created/updated secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
SecretVersionResponse writeData(final String mount,
final String key,
final Map<String, Object> data,
final Integer cas) throws VaultConnectorException;
/**
* Retrieve secret data from Vault.
* <br>
* Path {@code <mount>/data/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param version Version to read. If {@code null} or zero, the latest version will be returned.
* @return Secret response.
* @throws VaultConnectorException on error
* @since 0.8
*/
SecretResponse readVersion(final String mount, final String key, final Integer version)
throws VaultConnectorException;
/**
* Retrieve secret metadata from Vault.
* <br>
* Path {@code <mount>/metadata/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @return Metadata response
* @throws VaultConnectorException on error
* @since 0.8
*/
MetadataResponse readMetadata(final String mount, final String key) throws VaultConnectorException;
/**
* Update secret metadata.
* <br>
* Path {@code <mount>/metadata/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
* @param casRequired Specify if Check-And-Set is required for this secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
void updateMetadata(final String mount,
final String key,
final Integer maxVersions,
final boolean casRequired) throws VaultConnectorException;
/**
* Delete latest version of a secret from Vault.
* <br>
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteLatestVersion(final String mount, final String key) throws VaultConnectorException;
/**
* Delete latest version of a secret from Vault.
* <br>
* Prefix {@code secret/} is automatically added to path.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteAllVersions(final String mount, final String key) throws VaultConnectorException;
/**
* Delete secret versions from Vault.
* <br>
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to delete.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException;
/**
* Undelete (restore) secret versions from Vault.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to undelete.
* @throws VaultConnectorException on error
* @since 0.8
*/
void undeleteVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException;
/**
* Destroy secret versions from Vault.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to destroy.
* @throws VaultConnectorException on error
* @since 0.8
*/
void destroyVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException;
}

88
src/main/java/de/stklcode/jvault/connector/SysClient.java Normal file
View File

@@ -0,0 +1,88 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.Token;
import de.stklcode.jvault.connector.model.TokenRole;
import de.stklcode.jvault.connector.model.response.*;
import java.util.List;
/**
* Sys client interface.
* Provides methods to interact with Vault's system API.
*
* @since 2.0.0 extracted from {@link VaultConnector}
*/
public interface SysClient {
/**
* Retrieve status of vault seal.
*
* @return Seal status
* @throws VaultConnectorException on error
*/
SealResponse sealStatus() throws VaultConnectorException;
/**
* Seal vault.
*
* @throws VaultConnectorException on error
*/
void seal() throws VaultConnectorException;
/**
* Unseal vault.
*
* @param key A single master share key
* @param reset Discard previously provided keys (optional)
* @return Response with seal status
* @throws VaultConnectorException on error
*/
SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
/**
* Unseal vault.
*
* @param key A single master share key
* @return Response with seal status
* @throws VaultConnectorException on error
*/
default SealResponse unseal(final String key) throws VaultConnectorException {
return unseal(key, null);
}
/**
* Query server health information.
*
* @return Health information.
* @throws VaultConnectorException on error
* @since 0.7.0
*/
HealthResponse getHealth() throws VaultConnectorException;
/**
* Get all available authentication backends.
*
* @return List of backends
* @throws VaultConnectorException on error
*/
List<AuthBackend> getAuthBackends() throws VaultConnectorException;
}

125
src/main/java/de/stklcode/jvault/connector/TokenClient.java Normal file
View File

@@ -0,0 +1,125 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.Token;
import de.stklcode.jvault.connector.model.TokenRole;
import de.stklcode.jvault.connector.model.response.AuthResponse;
import de.stklcode.jvault.connector.model.response.TokenResponse;
import de.stklcode.jvault.connector.model.response.TokenRoleResponse;
import java.util.List;
/**
* Token client interface.
* Provides methods to interact with Vault's token API.
*
* @since 2.0.0 extracted from {@link VaultConnector}
*/
public interface TokenClient {
/**
* Create a new token.
*
* @param token the token
* @return the result response
* @throws VaultConnectorException on error
*/
AuthResponse create(final Token token) throws VaultConnectorException;
/**
* Create a new token.
*
* @param token the token
* @param orphan create orphan token
* @return the result response
* @throws VaultConnectorException on error
*/
AuthResponse create(final Token token, boolean orphan) throws VaultConnectorException;
/**
* Create a new token for specific role.
*
* @param token the token
* @param role the role name
* @return the result response
* @throws VaultConnectorException on error
*/
AuthResponse create(final Token token, final String role) throws VaultConnectorException;
/**
* Lookup token information.
*
* @param token the token
* @return the result response
* @throws VaultConnectorException on error
*/
TokenResponse lookup(final String token) throws VaultConnectorException;
/**
* Create a new or update an existing token role.
*
* @param role the role entity (name must be set)
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
default boolean createOrUpdateRole(final TokenRole role) throws VaultConnectorException {
return createOrUpdateRole(role.getName(), role);
}
/**
* Create a new or update an existing token role.
*
* @param name the role name (overrides name possibly set in role entity)
* @param role the role entity
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
boolean createOrUpdateRole(final String name, final TokenRole role) throws VaultConnectorException;
/**
* Lookup token information.
*
* @param name the role name
* @return the result response
* @throws VaultConnectorException on error
* @since 0.9
*/
TokenRoleResponse readRole(final String name) throws VaultConnectorException;
/**
* List available token roles from Vault.
*
* @return List of token roles
* @throws VaultConnectorException on error
* @since 0.9
*/
List<String> listRoles() throws VaultConnectorException;
/**
* Delete a token role.
*
* @param name the role name to delete
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
boolean deleteRole(final String name) throws VaultConnectorException;
}

107
src/main/java/de/stklcode/jvault/connector/TransitClient.java Normal file
View File

@@ -0,0 +1,107 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector;
import de.stklcode.jvault.connector.exception.VaultConnectorException;
import de.stklcode.jvault.connector.model.response.TransitResponse;
import java.util.Base64;
/**
* Transit client interface.
* Provides methods to interact with Vault's transit API.
*
* @since 2.0.0 extracted from {@link VaultConnector}
*/
public interface TransitClient {
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Text to encrypt (Base64 encoded)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse encrypt(final String keyName, final String plaintext) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Binary data to encrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse encrypt(final String keyName, final byte[] plaintext)
throws VaultConnectorException {
return encrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
}
/**
* Decrypt ciphertext via transit engine from Vault.
*
* @param keyName Transit key name
* @param ciphertext Text to decrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse decrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
/**
* Hash data in hex format via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse hash(final String algorithm, final String input) throws VaultConnectorException {
return hash(algorithm, input, "hex");
}
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash (Base64 encoded)
* @param format Specifies the output encoding (hex/base64)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse hash(final String algorithm, final String input, final String format)
throws VaultConnectorException;
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse hash(final String algorithm, final byte[] input, final String format)
throws VaultConnectorException {
return hash(algorithm, Base64.getEncoder().encodeToString(input), format);
}
}

568
src/main/java/de/stklcode/jvault/connector/VaultConnector.java
View File

@@ -37,59 +37,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/ */
void resetAuth(); void resetAuth();
/**
* Retrieve status of vault seal.
*
* @return Seal status
* @throws VaultConnectorException on error
*/
SealResponse sealStatus() throws VaultConnectorException;
/**
* Seal vault.
*
* @throws VaultConnectorException on error
*/
void seal() throws VaultConnectorException;
/**
* Unseal vault.
*
* @param key A single master share key
* @param reset Discard previously provided keys (optional)
* @return Response with seal status
* @throws VaultConnectorException on error
*/
SealResponse unseal(final String key, final Boolean reset) throws VaultConnectorException;
/**
* Unseal vault.
*
* @param key A single master share key
* @return Response with seal status
* @throws VaultConnectorException on error
*/
default SealResponse unseal(final String key) throws VaultConnectorException {
return unseal(key, null);
}
/**
* Query server health information.
*
* @return Health information.
* @throws VaultConnectorException on error
* @since 0.7.0
*/
HealthResponse getHealth() throws VaultConnectorException;
/**
* Get all available authentication backends.
*
* @return List of backends
* @throws VaultConnectorException on error
*/
List<AuthBackend> getAuthBackends() throws VaultConnectorException;
/** /**
* Authorize to Vault using token. * Authorize to Vault using token.
* *
@@ -132,187 +79,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/ */
AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException; AuthResponse authAppRole(final String roleID, final String secretID) throws VaultConnectorException;
/**
* Register a new AppRole role from given metamodel.
*
* @param role The role
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
boolean createAppRole(final AppRole role) throws VaultConnectorException;
/**
* Register new AppRole role with default policy.
*
* @param roleName The role name
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean createAppRole(final String roleName) throws VaultConnectorException {
return createAppRole(roleName, new ArrayList<>());
}
/**
* Register new AppRole role with policies.
*
* @param roleName The role name
* @param policies The policies to associate with
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean createAppRole(final String roleName, final List<String> policies) throws VaultConnectorException {
return createAppRole(roleName, policies, null);
}
/**
* Register new AppRole role with default policy and custom ID.
*
* @param roleName The role name
* @param roleID A custom role ID
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean createAppRole(final String roleName, final String roleID) throws VaultConnectorException {
return createAppRole(roleName, new ArrayList<>(), roleID);
}
/**
* Register new AppRole role with policies and custom ID.
*
* @param roleName The role name
* @param policies The policies to associate with
* @param roleID A custom role ID
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
throws VaultConnectorException {
return createAppRole(AppRole.builder(roleName).withTokenPolicies(policies).withId(roleID).build());
}
/**
* Delete AppRole role from Vault.
*
* @param roleName The role name
* @return {@code true} on success
* @throws VaultConnectorException on error
*/
boolean deleteAppRole(final String roleName) throws VaultConnectorException;
/**
* Lookup an AppRole role.
*
* @param roleName The role name
* @return Result of the lookup
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleResponse lookupAppRole(final String roleName) throws VaultConnectorException;
/**
* Retrieve ID for an AppRole role.
*
* @param roleName The role name
* @return The role ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
String getAppRoleID(final String roleName) throws VaultConnectorException;
/**
* Set custom ID for an AppRole role.
*
* @param roleName The role name
* @param roleID The role ID
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.4.0
*/
boolean setAppRoleID(final String roleName, final String roleID) throws VaultConnectorException;
/**
* Register new random generated AppRole secret.
*
* @param roleName The role name
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default AppRoleSecretResponse createAppRoleSecret(final String roleName) throws VaultConnectorException {
return createAppRoleSecret(roleName, new AppRoleSecret());
}
/**
* Register new AppRole secret with custom ID.
*
* @param roleName The role name
* @param secretID A custom secret ID
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
default AppRoleSecretResponse createAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException {
return createAppRoleSecret(roleName, new AppRoleSecret(secretID));
}
/**
* Register new AppRole secret with custom ID.
*
* @param roleName The role name
* @param secret The secret meta object
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleSecretResponse createAppRoleSecret(final String roleName, final AppRoleSecret secret)
throws VaultConnectorException;
/**
* Lookup an AppRole secret.
*
* @param roleName The role name
* @param secretID The secret ID
* @return Result of the lookup
* @throws VaultConnectorException on error
* @since 0.4.0
*/
AppRoleSecretResponse lookupAppRoleSecret(final String roleName, final String secretID)
throws VaultConnectorException;
/**
* Destroy an AppRole secret.
*
* @param roleName The role name
* @param secretID The secret meta object
* @return The secret ID
* @throws VaultConnectorException on error
* @since 0.4.0
*/
boolean destroyAppRoleSecret(final String roleName, final String secretID) throws VaultConnectorException;
/**
* List existing (accessible) AppRole roles.
*
* @return List of roles
* @throws VaultConnectorException on error
*/
List<String> listAppRoles() throws VaultConnectorException;
/**
* List existing (accessible) secret IDs for AppRole role.
*
* @param roleName The role name
* @return List of roles
* @throws VaultConnectorException on error
*/
List<String> listAppRoleSecrets(final String roleName) throws VaultConnectorException;
/** /**
* Get authorization status. * Get authorization status.
* *
@@ -330,108 +96,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/ */
SecretResponse read(final String key) throws VaultConnectorException; SecretResponse read(final String key) throws VaultConnectorException;
/**
* Retrieve the latest secret data for specific version from Vault.
* <br>
* Path {@code <mount>/data/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @return Secret response
* @throws VaultConnectorException on error
* @since 0.8
*/
default SecretResponse readSecretData(final String mount, final String key) throws VaultConnectorException {
return readSecretVersion(mount, key, null);
}
/**
* Write secret to Vault.
* <br>
* Path {@code <mount>/data/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param data Secret content. Value must be be JSON serializable.
* @return Metadata for the created/updated secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
default SecretVersionResponse writeSecretData(final String mount,
final String key,
final Map<String, Object> data) throws VaultConnectorException {
return writeSecretData(mount, key, data, null);
}
/**
* Write secret to Vault.
* <br>
* Path {@code <mount>/data/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param data Secret content. Value must be be JSON serializable.
* @param cas Use Check-And-Set operation, i.e. only allow writing if current version matches this value.
* @return Metadata for the created/updated secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
SecretVersionResponse writeSecretData(final String mount,
final String key,
final Map<String, Object> data,
final Integer cas) throws VaultConnectorException;
/**
* Retrieve secret data from Vault.
* <br>
* Path {@code <mount>/data/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param version Version to read. If {@code null} or zero, the latest version will be returned.
* @return Secret response.
* @throws VaultConnectorException on error
* @since 0.8
*/
SecretResponse readSecretVersion(final String mount, final String key, final Integer version)
throws VaultConnectorException;
/**
* Retrieve secret metadata from Vault.
* <br>
* Path {@code <mount>/metadata/<key>} is read here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @return Metadata response
* @throws VaultConnectorException on error
* @since 0.8
*/
MetadataResponse readSecretMetadata(final String mount, final String key) throws VaultConnectorException;
/**
* Update secret metadata.
* <br>
* Path {@code <mount>/metadata/<key>} is written here.
* Only available for KV v2 secrets.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret identifier
* @param maxVersions Maximum number of versions (fallback to backend default if {@code null})
* @param casRequired Specify if Check-And-Set is required for this secret.
* @throws VaultConnectorException on error
* @since 0.8
*/
void updateSecretMetadata(final String mount,
final String key,
final Integer maxVersions,
final boolean casRequired) throws VaultConnectorException;
/** /**
* List available nodes from Vault. * List available nodes from Vault.
* *
@@ -487,71 +151,6 @@ public interface VaultConnector extends AutoCloseable, Serializable {
*/ */
void delete(final String key) throws VaultConnectorException; void delete(final String key) throws VaultConnectorException;
/**
* Delete latest version of a secret from Vault.
* <br>
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteLatestSecretVersion(final String mount, final String key) throws VaultConnectorException;
/**
* Delete latest version of a secret from Vault.
* <br>
* Prefix {@code secret/} is automatically added to path.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteAllSecretVersions(final String mount, final String key) throws VaultConnectorException;
/**
* Delete secret versions from Vault.
* <br>
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to delete.
* @throws VaultConnectorException on error
* @since 0.8
*/
void deleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException;
/**
* Undelete (restore) secret versions from Vault.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to undelete.
* @throws VaultConnectorException on error
* @since 0.8
*/
void undeleteSecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException;
/**
* Destroy secret versions from Vault.
* Only available for KV v2 stores.
*
* @param mount Secret store mount point (without leading or trailing slash).
* @param key Secret path.
* @param versions Versions of the secret to destroy.
* @throws VaultConnectorException on error
* @since 0.8
*/
void destroySecretVersions(final String mount, final String key, final int... versions)
throws VaultConnectorException;
/** /**
* Revoke given lease immediately. * Revoke given lease immediately.
* *
@@ -582,170 +181,44 @@ public interface VaultConnector extends AutoCloseable, Serializable {
SecretResponse renew(final String leaseID, final Integer increment) throws VaultConnectorException; SecretResponse renew(final String leaseID, final Integer increment) throws VaultConnectorException;
/** /**
* Create a new token. * Get client for KV v2 API.
* *
* @param token the token * @return KV v2 client
* @return the result response * @since 2.0.0
* @throws VaultConnectorException on error
*/ */
AuthResponse createToken(final Token token) throws VaultConnectorException; KV2Client kv2();
/** /**
* Create a new token. * Get client for token API.
* *
* @param token the token * @return Token client
* @param orphan create orphan token * @since 2.0.0
* @return the result response
* @throws VaultConnectorException on error
*/ */
AuthResponse createToken(final Token token, boolean orphan) throws VaultConnectorException; TokenClient token();
/** /**
* Create a new token for specific role. * Get client for AppRole API.
* *
* @param token the token * @return AppRole client
* @param role the role name * @since 2.0.0
* @return the result response
* @throws VaultConnectorException on error
*/ */
AuthResponse createToken(final Token token, final String role) throws VaultConnectorException; AppRoleClient appRole();
/** /**
* Lookup token information. * Get client for transit API.
* *
* @param token the token * @return Transit client
* @return the result response * @since 2.0.0
* @throws VaultConnectorException on error
*/ */
TokenResponse lookupToken(final String token) throws VaultConnectorException; TransitClient transit();
/** /**
* Create a new or update an existing token role. * Get client for system API.
* *
* @param role the role entity (name must be set) * @return System client
* @return {@code true} on success * @since 2.0.0
* @throws VaultConnectorException on error
* @since 0.9
*/ */
default boolean createOrUpdateTokenRole(final TokenRole role) throws VaultConnectorException { SysClient sys();
return createOrUpdateTokenRole(role.getName(), role);
}
/**
* Create a new or update an existing token role.
*
* @param name the role name (overrides name possibly set in role entity)
* @param role the role entity
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
boolean createOrUpdateTokenRole(final String name, final TokenRole role) throws VaultConnectorException;
/**
* Lookup token information.
*
* @param name the role name
* @return the result response
* @throws VaultConnectorException on error
* @since 0.9
*/
TokenRoleResponse readTokenRole(final String name) throws VaultConnectorException;
/**
* List available token roles from Vault.
*
* @return List of token roles
* @throws VaultConnectorException on error
* @since 0.9
*/
List<String> listTokenRoles() throws VaultConnectorException;
/**
* Delete a token role.
*
* @param name the role name to delete
* @return {@code true} on success
* @throws VaultConnectorException on error
* @since 0.9
*/
boolean deleteTokenRole(final String name) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Text to encrypt (Base64 encoded)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitEncrypt(final String keyName, final String plaintext) throws VaultConnectorException;
/**
* Encrypt plaintext via transit engine from Vault.
*
* @param keyName Transit key name
* @param plaintext Binary data to encrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitEncrypt(final String keyName, final byte[] plaintext)
throws VaultConnectorException {
return transitEncrypt(keyName, Base64.getEncoder().encodeToString(plaintext));
}
/**
* Decrypt ciphertext via transit engine from Vault.
*
* @param keyName Transit key name
* @param ciphertext Text to decrypt
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitDecrypt(final String keyName, final String ciphertext) throws VaultConnectorException;
/**
* Hash data in hex format via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitHash(final String algorithm, final String input) throws VaultConnectorException {
return transitHash(algorithm, input, "hex");
}
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash (Base64 encoded)
* @param format Specifies the output encoding (hex/base64)
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
TransitResponse transitHash(final String algorithm, final String input, final String format)
throws VaultConnectorException;
/**
* Hash data via transit engine from Vault.
*
* @param algorithm Specifies the hash algorithm to use
* @param input Data to hash
* @return Transit response
* @throws VaultConnectorException on error
* @since 1.5.0
*/
default TransitResponse transitHash(final String algorithm, final byte[] input, final String format)
throws VaultConnectorException {
return transitHash(algorithm, Base64.getEncoder().encodeToString(input), format);
}
/** /**
* Read credentials for MySQL backend at default mount point. * Read credentials for MySQL backend at default mount point.
@@ -816,4 +289,5 @@ public interface VaultConnector extends AutoCloseable, Serializable {
throws VaultConnectorException { throws VaultConnectorException {
return (CredentialsResponse) read(mount + "/creds/" + role); return (CredentialsResponse) read(mount + "/creds/" + role);
} }
} }

74
src/main/java/de/stklcode/jvault/connector/internal/VaultApiPath.java Normal file
View File

@@ -0,0 +1,74 @@
/*
* Copyright 2016-2025 Stefan Kalscheuer
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.stklcode.jvault.connector.internal;
/**
* Vault API path constants.
*
* @author Stefan Kalscheuer
* @since 1.5.3
*/
public final class VaultApiPath {
// Base paths
private static final String SYS = "sys";
private static final String AUTH = "auth";
private static final String TRANSIT = "transit";
// System paths
public static final String SYS_AUTH = SYS + "/auth";
public static final String SYS_LEASES_RENEW = SYS + "/leases/renew";
public static final String SYS_LEASES_REVOKE = SYS + "/leases/revoke/";
public static final String SYS_HEALTH = SYS + "/health";
public static final String SYS_SEAL = SYS + "/seal";
public static final String SYS_SEAL_STATUS = SYS + "/seal-status";
public static final String SYS_UNSEAL = SYS + "/unseal";
// Auth paths
public static final String AUTH_TOKEN = AUTH + "/token";
public static final String AUTH_USERPASS_LOGIN = AUTH + "/userpass/login/";
public static final String AUTH_APPROLE = AUTH + "/approle";
public static final String AUTH_APPROLE_ROLE = AUTH_APPROLE + "/role/%s%s";
// Token operations
public static final String TOKEN_LOOKUP = "/lookup";
public static final String TOKEN_LOOKUP_SELF = "/lookup-self";
public static final String TOKEN_CREATE = "/create";
public static final String TOKEN_CREATE_ORPHAN = "/create-orphan";
public static final String TOKEN_ROLES = "/roles";
// Secret engine paths
public static final String SECRET_DATA = "/data/";
public static final String SECRET_METADATA = "/metadata/";
public static final String SECRET_DELETE = "/delete/";
public static final String SECRET_UNDELETE = "/undelete/";
public static final String SECRET_DESTROY = "/destroy/";
// Generic paths
public static final String LOGIN = "/login";
// Transit engine paths
public static final String TRANSIT_ENCRYPT = TRANSIT + "/encrypt/";
public static final String TRANSIT_DECRYPT = TRANSIT + "/decrypt/";
public static final String TRANSIT_HASH = TRANSIT + "/hash/";
/**
* Private constructor to prevent instantiation.
*/
private VaultApiPath() {
// Utility class
}
}

34
src/main/java/de/stklcode/jvault/connector/model/AppRole.java
View File

@@ -32,7 +32,7 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class AppRole implements Serializable { public final class AppRole implements Serializable {
private static final long serialVersionUID = 693228837510483448L; private static final long serialVersionUID = 1546673231280751679L;
@JsonProperty("role_name") @JsonProperty("role_name")
private String name; private String name;
@@ -53,7 +53,7 @@ public final class AppRole implements Serializable {
@JsonProperty("secret_id_ttl") @JsonProperty("secret_id_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer secretIdTtl; private Long secretIdTtl;
@JsonProperty("local_secret_ids") @JsonProperty("local_secret_ids")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -61,11 +61,11 @@ public final class AppRole implements Serializable {
@JsonProperty("token_ttl") @JsonProperty("token_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenTtl; private Long tokenTtl;
@JsonProperty("token_max_ttl") @JsonProperty("token_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenMaxTtl; private Long tokenMaxTtl;
private List<String> tokenPolicies; private List<String> tokenPolicies;
@@ -75,7 +75,7 @@ public final class AppRole implements Serializable {
@JsonProperty("token_explicit_max_ttl") @JsonProperty("token_explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
@JsonProperty("token_no_default_policy") @JsonProperty("token_no_default_policy")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -255,7 +255,7 @@ public final class AppRole implements Serializable {
/** /**
* @return maximum TTL in seconds for secrets * @return maximum TTL in seconds for secrets
*/ */
public Integer getSecretIdTtl() { public Long getSecretIdTtl() {
return secretIdTtl; return secretIdTtl;
} }
@@ -271,14 +271,14 @@ public final class AppRole implements Serializable {
/** /**
* @return token TTL in seconds * @return token TTL in seconds
*/ */
public Integer getTokenTtl() { public Long getTokenTtl() {
return tokenTtl; return tokenTtl;
} }
/** /**
* @return maximum token TTL in seconds, including renewals * @return maximum token TTL in seconds, including renewals
*/ */
public Integer getTokenMaxTtl() { public Long getTokenMaxTtl() {
return tokenMaxTtl; return tokenMaxTtl;
} }
@@ -286,7 +286,7 @@ public final class AppRole implements Serializable {
* @return explicit maximum token TTL in seconds, including renewals * @return explicit maximum token TTL in seconds, including renewals
* @since 0.9 * @since 0.9
*/ */
public Integer getTokenExplicitMaxTtl() { public Long getTokenExplicitMaxTtl() {
return tokenExplicitMaxTtl; return tokenExplicitMaxTtl;
} }
@@ -370,12 +370,12 @@ public final class AppRole implements Serializable {
private List<String> secretIdBoundCidrs; private List<String> secretIdBoundCidrs;
private List<String> tokenPolicies; private List<String> tokenPolicies;
private Integer secretIdNumUses; private Integer secretIdNumUses;
private Integer secretIdTtl; private Long secretIdTtl;
private Boolean localSecretIds; private Boolean localSecretIds;
private Integer tokenTtl; private Long tokenTtl;
private Integer tokenMaxTtl; private Long tokenMaxTtl;
private List<String> tokenBoundCidrs; private List<String> tokenBoundCidrs;
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
private Boolean tokenNoDefaultPolicy; private Boolean tokenNoDefaultPolicy;
private Integer tokenNumUses; private Integer tokenNumUses;
private Integer tokenPeriod; private Integer tokenPeriod;
@@ -520,7 +520,7 @@ public final class AppRole implements Serializable {
* @param secretIdTtl the TTL * @param secretIdTtl the TTL
* @return self * @return self
*/ */
public Builder withSecretIdTtl(final Integer secretIdTtl) { public Builder withSecretIdTtl(final Long secretIdTtl) {
this.secretIdTtl = secretIdTtl; this.secretIdTtl = secretIdTtl;
return this; return this;
} }
@@ -544,7 +544,7 @@ public final class AppRole implements Serializable {
* @param tokenTtl the TTL * @param tokenTtl the TTL
* @return self * @return self
*/ */
public Builder withTokenTtl(final Integer tokenTtl) { public Builder withTokenTtl(final Long tokenTtl) {
this.tokenTtl = tokenTtl; this.tokenTtl = tokenTtl;
return this; return this;
} }
@@ -555,7 +555,7 @@ public final class AppRole implements Serializable {
* @param tokenMaxTtl the TTL * @param tokenMaxTtl the TTL
* @return self * @return self
*/ */
public Builder withTokenMaxTtl(final Integer tokenMaxTtl) { public Builder withTokenMaxTtl(final Long tokenMaxTtl) {
this.tokenMaxTtl = tokenMaxTtl; this.tokenMaxTtl = tokenMaxTtl;
return this; return this;
} }
@@ -596,7 +596,7 @@ public final class AppRole implements Serializable {
* @param tokenExplicitMaxTtl the TTL * @param tokenExplicitMaxTtl the TTL
* @return self * @return self
*/ */
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) { public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl; this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this; return this;
} }

18
src/main/java/de/stklcode/jvault/connector/model/Token.java
View File

@@ -32,7 +32,7 @@ import java.util.*;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class Token implements Serializable { public final class Token implements Serializable {
private static final long serialVersionUID = 5208508683665365287L; private static final long serialVersionUID = 7003016071684507115L;
@JsonProperty("id") @JsonProperty("id")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -56,11 +56,11 @@ public final class Token implements Serializable {
@JsonProperty("ttl") @JsonProperty("ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer ttl; private Long ttl;
@JsonProperty("explicit_max_ttl") @JsonProperty("explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer explicitMaxTtl; private Long explicitMaxTtl;
@JsonProperty("num_uses") @JsonProperty("num_uses")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -162,7 +162,7 @@ public final class Token implements Serializable {
/** /**
* @return Time-to-live in seconds * @return Time-to-live in seconds
*/ */
public Integer getTtl() { public Long getTtl() {
return ttl; return ttl;
} }
@@ -170,7 +170,7 @@ public final class Token implements Serializable {
* @return Explicit maximum time-to-live in seconds * @return Explicit maximum time-to-live in seconds
* @since 0.9 * @since 0.9
*/ */
public Integer getExplicitMaxTtl() { public Long getExplicitMaxTtl() {
return explicitMaxTtl; return explicitMaxTtl;
} }
@@ -282,8 +282,8 @@ public final class Token implements Serializable {
private String displayName; private String displayName;
private Boolean noParent; private Boolean noParent;
private Boolean noDefaultPolicy; private Boolean noDefaultPolicy;
private Integer ttl; private Long ttl;
private Integer explicitMaxTtl; private Long explicitMaxTtl;
private Integer numUses; private Integer numUses;
private List<String> policies; private List<String> policies;
private Map<String, String> meta; private Map<String, String> meta;
@@ -331,7 +331,7 @@ public final class Token implements Serializable {
* @param ttl the ttl * @param ttl the ttl
* @return self * @return self
*/ */
public Builder withTtl(final Integer ttl) { public Builder withTtl(final Long ttl) {
this.ttl = ttl; this.ttl = ttl;
return this; return this;
} }
@@ -342,7 +342,7 @@ public final class Token implements Serializable {
* @param explicitMaxTtl the explicit max. TTL * @param explicitMaxTtl the explicit max. TTL
* @return self * @return self
*/ */
public Builder withExplicitMaxTtl(final Integer explicitMaxTtl) { public Builder withExplicitMaxTtl(final Long explicitMaxTtl) {
this.explicitMaxTtl = explicitMaxTtl; this.explicitMaxTtl = explicitMaxTtl;
return this; return this;
} }

10
src/main/java/de/stklcode/jvault/connector/model/TokenRole.java
View File

@@ -34,7 +34,7 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class TokenRole implements Serializable { public final class TokenRole implements Serializable {
private static final long serialVersionUID = -3505215215838576321L; private static final long serialVersionUID = -4856948364869438439L;
@JsonProperty("name") @JsonProperty("name")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -78,7 +78,7 @@ public final class TokenRole implements Serializable {
@JsonProperty("token_explicit_max_ttl") @JsonProperty("token_explicit_max_ttl")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
@JsonProperty("token_no_default_policy") @JsonProperty("token_no_default_policy")
@JsonInclude(JsonInclude.Include.NON_NULL) @JsonInclude(JsonInclude.Include.NON_NULL)
@@ -204,7 +204,7 @@ public final class TokenRole implements Serializable {
/** /**
* @return Token explicit maximum TTL * @return Token explicit maximum TTL
*/ */
public Integer getTokenExplicitMaxTtl() { public Long getTokenExplicitMaxTtl() {
return tokenExplicitMaxTtl; return tokenExplicitMaxTtl;
} }
@@ -285,7 +285,7 @@ public final class TokenRole implements Serializable {
private String pathSuffix; private String pathSuffix;
private List<String> allowedEntityAliases; private List<String> allowedEntityAliases;
private List<String> tokenBoundCidrs; private List<String> tokenBoundCidrs;
private Integer tokenExplicitMaxTtl; private Long tokenExplicitMaxTtl;
private Boolean tokenNoDefaultPolicy; private Boolean tokenNoDefaultPolicy;
private Integer tokenNumUses; private Integer tokenNumUses;
private Integer tokenPeriod; private Integer tokenPeriod;
@@ -537,7 +537,7 @@ public final class TokenRole implements Serializable {
* @param tokenExplicitMaxTtl explicit maximum TTL * @param tokenExplicitMaxTtl explicit maximum TTL
* @return self * @return self
*/ */
public Builder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) { public Builder withTokenExplicitMaxTtl(final Long tokenExplicitMaxTtl) {
this.tokenExplicitMaxTtl = tokenExplicitMaxTtl; this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
return this; return this;
} }

10
src/main/java/de/stklcode/jvault/connector/model/response/embedded/MountConfig.java
View File

@@ -15,13 +15,13 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public class MountConfig implements Serializable { public class MountConfig implements Serializable {
private static final long serialVersionUID = -8653909672663717792L; private static final long serialVersionUID = 7241631159224756605L;
@JsonProperty("default_lease_ttl") @JsonProperty("default_lease_ttl")
private Integer defaultLeaseTtl; private Long defaultLeaseTtl;
@JsonProperty("max_lease_ttl") @JsonProperty("max_lease_ttl")
private Integer maxLeaseTtl; private Long maxLeaseTtl;
@JsonProperty("force_no_cache") @JsonProperty("force_no_cache")
private Boolean forceNoCache; private Boolean forceNoCache;
@@ -56,14 +56,14 @@ public class MountConfig implements Serializable {
/** /**
* @return Default lease TTL * @return Default lease TTL
*/ */
public Integer getDefaultLeaseTtl() { public Long getDefaultLeaseTtl() {
return defaultLeaseTtl; return defaultLeaseTtl;
} }
/** /**
* @return Maximum lease TTL * @return Maximum lease TTL
*/ */
public Integer getMaxLeaseTtl() { public Long getMaxLeaseTtl() {
return maxLeaseTtl; return maxLeaseTtl;
} }

14
src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
View File

@@ -34,7 +34,7 @@ import java.util.Objects;
*/ */
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
public final class TokenData implements Serializable { public final class TokenData implements Serializable {
private static final long serialVersionUID = -5749716740973138916L; private static final long serialVersionUID = -4168046151053509784L;
@JsonProperty("accessor") @JsonProperty("accessor")
private String accessor; private String accessor;
@@ -43,7 +43,7 @@ public final class TokenData implements Serializable {
private Integer creationTime; private Integer creationTime;
@JsonProperty("creation_ttl") @JsonProperty("creation_ttl")
private Integer creationTtl; private Long creationTtl;
@JsonProperty("display_name") @JsonProperty("display_name")
private String name; private String name;
@@ -55,7 +55,7 @@ public final class TokenData implements Serializable {
private ZonedDateTime expireTime; private ZonedDateTime expireTime;
@JsonProperty("explicit_max_ttl") @JsonProperty("explicit_max_ttl")
private Integer explicitMaxTtl; private Long explicitMaxTtl;
@JsonProperty("id") @JsonProperty("id")
private String id; private String id;
@@ -82,7 +82,7 @@ public final class TokenData implements Serializable {
private boolean renewable; private boolean renewable;
@JsonProperty("ttl") @JsonProperty("ttl")
private Integer ttl; private Long ttl;
@JsonProperty("type") @JsonProperty("type")
private String type; private String type;
@@ -104,7 +104,7 @@ public final class TokenData implements Serializable {
/** /**
* @return Creation TTL (in seconds) * @return Creation TTL (in seconds)
*/ */
public Integer getCreationTtl() { public Long getCreationTtl() {
return creationTtl; return creationTtl;
} }
@@ -135,7 +135,7 @@ public final class TokenData implements Serializable {
* @return Explicit maximum TTL * @return Explicit maximum TTL
* @since 0.9 * @since 0.9
*/ */
public Integer getExplicitMaxTtl() { public Long getExplicitMaxTtl() {
return explicitMaxTtl; return explicitMaxTtl;
} }
@@ -202,7 +202,7 @@ public final class TokenData implements Serializable {
/** /**
* @return Token TTL (in seconds) * @return Token TTL (in seconds)
*/ */
public Integer getTtl() { public Long getTtl() {
return ttl; return ttl;
} }

188
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorIT.java
View File

@@ -52,7 +52,7 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
* @since 0.1 * @since 0.1
*/ */
class HTTPVaultConnectorIT { class HTTPVaultConnectorIT {
private static String VAULT_VERSION = "1.19.5"; // The vault version this test is supposed to run against. private static String VAULT_VERSION = "1.20.0"; // The vault version this test is supposed to run against.
private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho"; private static final String KEY1 = "E38bkCm0VhUvpdCKGQpcohhD9XmcHJ/2hreOSY019Lho";
private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1"; private static final String KEY2 = "O5OHwDleY3IiPdgw61cgHlhsrEm6tVJkrxhF6QAnILd1";
private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB"; private static final String KEY3 = "mw7Bm3nbt/UWa/juDjjL2EPQ04kiJ0saC5JEXwJvXYsB";
@@ -95,10 +95,10 @@ class HTTPVaultConnectorIT {
connector = builder.build(); connector = builder.build();
// Unseal Vault and check result. // Unseal Vault and check result.
SealResponse sealStatus = connector.unseal(KEY1); SealResponse sealStatus = connector.sys().unseal(KEY1);
assumeTrue(sealStatus != null, "Seal status could not be determined after startup"); assumeTrue(sealStatus != null, "Seal status could not be determined after startup");
assumeTrue(sealStatus.isSealed(), "Vault is not sealed after startup"); assumeTrue(sealStatus.isSealed(), "Vault is not sealed after startup");
sealStatus = connector.unseal(KEY2); sealStatus = connector.sys().unseal(KEY2);
assumeTrue(sealStatus != null, "Seal status could not be determined"); assumeTrue(sealStatus != null, "Seal status could not be determined");
assumeFalse(sealStatus.isSealed(), "Vault is not unsealed"); assumeFalse(sealStatus.isSealed(), "Vault is not unsealed");
assumeTrue(sealStatus.isInitialized(), "Vault is not initialized"); // Initialized flag of Vault 0.11.2 (#20). assumeTrue(sealStatus.isInitialized(), "Vault is not initialized"); // Initialized flag of Vault 0.11.2 (#20).
@@ -337,7 +337,7 @@ class HTTPVaultConnectorIT {
// Try to read accessible path with known value. // Try to read accessible path with known value.
SecretResponse res = assertDoesNotThrow( SecretResponse res = assertDoesNotThrow(
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readData(MOUNT_KV2, SECRET2_KEY),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret"); assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
@@ -346,7 +346,7 @@ class HTTPVaultConnectorIT {
// Try to read different version of same secret. // Try to read different version of same secret.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.kv2().readVersion(MOUNT_KV2, SECRET2_KEY, 1),
"Valid secret version could not be read" "Valid secret version could not be read"
); );
assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version"); assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
@@ -365,7 +365,7 @@ class HTTPVaultConnectorIT {
// First get the current version of the secret. // First get the current version of the secret.
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading secret metadata failed" "Reading secret metadata failed"
); );
int currentVersion = res.getMetadata().getCurrentVersion(); int currentVersion = res.getMetadata().getCurrentVersion();
@@ -374,7 +374,7 @@ class HTTPVaultConnectorIT {
Map<String, Object> data = new HashMap<>(); Map<String, Object> data = new HashMap<>();
data.put("value", SECRET2_VALUE3); data.put("value", SECRET2_VALUE3);
SecretVersionResponse res2 = assertDoesNotThrow( SecretVersionResponse res2 = assertDoesNotThrow(
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data), () -> connector.kv2().writeData(MOUNT_KV2, SECRET2_KEY, data),
"Writing secret to KV v2 store failed" "Writing secret to KV v2 store failed"
); );
assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret"); assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
@@ -382,7 +382,7 @@ class HTTPVaultConnectorIT {
// Verify the content. // Verify the content.
SecretResponse res3 = assertDoesNotThrow( SecretResponse res3 = assertDoesNotThrow(
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readData(MOUNT_KV2, SECRET2_KEY),
"Reading secret from KV v2 store failed" "Reading secret from KV v2 store failed"
); );
assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly"); assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
@@ -391,13 +391,13 @@ class HTTPVaultConnectorIT {
Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4); Map<String, Object> data4 = singletonMap("value", SECRET2_VALUE4);
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1), () -> connector.kv2().writeData(MOUNT_KV2, SECRET2_KEY, data4, currentVersion2 - 1),
"Writing secret to KV v2 with invalid CAS value succeeded" "Writing secret to KV v2 with invalid CAS value succeeded"
); );
// And finally with a correct CAS value. // And finally with a correct CAS value.
Map<String, Object> data5 = singletonMap("value", SECRET2_VALUE4); Map<String, Object> data5 = singletonMap("value", SECRET2_VALUE4);
assertDoesNotThrow(() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data5, currentVersion2)); assertDoesNotThrow(() -> connector.kv2().writeData(MOUNT_KV2, SECRET2_KEY, data5, currentVersion2));
} }
/** /**
@@ -412,7 +412,7 @@ class HTTPVaultConnectorIT {
// Read current metadata first. // Read current metadata first.
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading secret metadata failed" "Reading secret metadata failed"
); );
Integer maxVersions = res.getMetadata().getMaxVersions(); Integer maxVersions = res.getMetadata().getMaxVersions();
@@ -420,13 +420,13 @@ class HTTPVaultConnectorIT {
// Now update the metadata. // Now update the metadata.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true), () -> connector.kv2().updateMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
"Updating secret metadata failed" "Updating secret metadata failed"
); );
// And verify the result. // And verify the result.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading secret metadata failed" "Reading secret metadata failed"
); );
assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions"); assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
@@ -444,7 +444,7 @@ class HTTPVaultConnectorIT {
// Try to read accessible path with known value. // Try to read accessible path with known value.
MetadataResponse res = assertDoesNotThrow( MetadataResponse res = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Valid secret path could not be read" "Valid secret path could not be read"
); );
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret"); assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
@@ -467,21 +467,21 @@ class HTTPVaultConnectorIT {
// Try to delete non-existing versions. // Try to delete non-existing versions.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42), () -> connector.kv2().deleteVersions(MOUNT_KV2, SECRET2_KEY, 5, 42),
"Revealed non-existence of secret versions" "Revealed non-existence of secret versions"
); );
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Revealed non-existence of secret versions" "Revealed non-existence of secret versions"
); );
// Now delete existing version and verify. // Now delete existing version and verify.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.kv2().deleteVersions(MOUNT_KV2, SECRET2_KEY, 1),
"Deleting existing version failed" "Deleting existing version failed"
); );
MetadataResponse meta = assertDoesNotThrow( MetadataResponse meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading deleted secret metadata failed" "Reading deleted secret metadata failed"
); );
assertNotNull( assertNotNull(
@@ -491,11 +491,11 @@ class HTTPVaultConnectorIT {
// Undelete the just deleted version. // Undelete the just deleted version.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.kv2().undeleteVersions(MOUNT_KV2, SECRET2_KEY, 1),
"Undeleting existing version failed" "Undeleting existing version failed"
); );
meta = assertDoesNotThrow( meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading deleted secret metadata failed" "Reading deleted secret metadata failed"
); );
assertNull( assertNull(
@@ -505,11 +505,11 @@ class HTTPVaultConnectorIT {
// Now destroy it. // Now destroy it.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1), () -> connector.kv2().destroyVersions(MOUNT_KV2, SECRET2_KEY, 1),
"Destroying existing version failed" "Destroying existing version failed"
); );
meta = assertDoesNotThrow( meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading destroyed secret metadata failed" "Reading destroyed secret metadata failed"
); );
assertTrue( assertTrue(
@@ -519,11 +519,11 @@ class HTTPVaultConnectorIT {
// Delete latest version. // Delete latest version.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().deleteLatestVersion(MOUNT_KV2, SECRET2_KEY),
"Deleting latest version failed" "Deleting latest version failed"
); );
meta = assertDoesNotThrow( meta = assertDoesNotThrow(
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading deleted secret metadata failed" "Reading deleted secret metadata failed"
); );
assertNotNull( assertNotNull(
@@ -533,12 +533,12 @@ class HTTPVaultConnectorIT {
// Delete all versions. // Delete all versions.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().deleteAllVersions(MOUNT_KV2, SECRET2_KEY),
"Deleting latest version failed" "Deleting latest version failed"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY), () -> connector.kv2().readMetadata(MOUNT_KV2, SECRET2_KEY),
"Reading metadata of deleted secret should not succeed" "Reading metadata of deleted secret should not succeed"
); );
} }
@@ -620,21 +620,21 @@ class HTTPVaultConnectorIT {
// Try unauthorized access first. // Try unauthorized access first.
assumeFalse(connector.isAuthorized()); assumeFalse(connector.isAuthorized());
assertThrows(AuthorizationRequiredException.class, () -> connector.listAppRoles()); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().listRoles());
assertThrows(AuthorizationRequiredException.class, () -> connector.listAppRoleSecrets("")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().listSecrets(""));
// Authorize. // Authorize.
authRoot(); authRoot();
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
// Verify pre-existing rules. // Verify pre-existing rules.
List<String> res = assertDoesNotThrow(() -> connector.listAppRoles(), "Role listing failed"); List<String> res = assertDoesNotThrow(() -> connector.appRole().listRoles(), "Role listing failed");
assertEquals(2, res.size(), "Unexpected number of AppRoles"); assertEquals(2, res.size(), "Unexpected number of AppRoles");
assertTrue(res.containsAll(List.of(APPROLE_ROLE_NAME, APPROLE_ROLE2_NAME)), "Pre-configured roles not listed"); assertTrue(res.containsAll(List.of(APPROLE_ROLE_NAME, APPROLE_ROLE2_NAME)), "Pre-configured roles not listed");
// Check secret IDs. // Check secret IDs.
res = assertDoesNotThrow(() -> connector.listAppRoleSecrets(APPROLE_ROLE_NAME), "AppRole secret listing failed"); res = assertDoesNotThrow(() -> connector.appRole().listSecrets(APPROLE_ROLE_NAME), "AppRole secret listing failed");
assertEquals(List.of(APPROLE_SECRET_ACCESSOR), res, "Pre-configured AppRole secret not listed"); assertEquals(List.of(APPROLE_SECRET_ACCESSOR), res, "Pre-configured AppRole secret not listed");
} }
@@ -647,14 +647,14 @@ class HTTPVaultConnectorIT {
void createAppRoleTest() { void createAppRoleTest() {
// Try unauthorized access first. // Try unauthorized access first.
assumeFalse(connector.isAuthorized()); assumeFalse(connector.isAuthorized());
assertThrows(AuthorizationRequiredException.class, () -> connector.createAppRole(new AppRole())); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().create(new AppRole()));
assertThrows(AuthorizationRequiredException.class, () -> connector.lookupAppRole("")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().lookup(""));
assertThrows(AuthorizationRequiredException.class, () -> connector.deleteAppRole("")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().delete(""));
assertThrows(AuthorizationRequiredException.class, () -> connector.getAppRoleID("")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().getRoleID(""));
assertThrows(AuthorizationRequiredException.class, () -> connector.setAppRoleID("", "")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().setRoleID("", ""));
assertThrows(AuthorizationRequiredException.class, () -> connector.createAppRoleSecret("", "")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().createSecret("", ""));
assertThrows(AuthorizationRequiredException.class, () -> connector.lookupAppRoleSecret("", "")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().lookupSecret("", ""));
assertThrows(AuthorizationRequiredException.class, () -> connector.destroyAppRoleSecret("", "")); assertThrows(AuthorizationRequiredException.class, () -> connector.appRole().destroySecret("", ""));
// Authorize. // Authorize.
authRoot(); authRoot();
@@ -666,23 +666,23 @@ class HTTPVaultConnectorIT {
AppRole role = AppRole.builder(roleName).build(); AppRole role = AppRole.builder(roleName).build();
// Create role. // Create role.
boolean createRes = assertDoesNotThrow(() -> connector.createAppRole(role), "Role creation failed"); boolean createRes = assertDoesNotThrow(() -> connector.appRole().create(role), "Role creation failed");
assertTrue(createRes, "Role creation failed"); assertTrue(createRes, "Role creation failed");
// Lookup role. // Lookup role.
AppRoleResponse res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName), "Role lookup failed"); AppRoleResponse res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName), "Role lookup failed");
assertNotNull(res.getRole(), "Role lookup returned no role"); assertNotNull(res.getRole(), "Role lookup returned no role");
// Lookup role ID. // Lookup role ID.
String roleID = assertDoesNotThrow(() -> connector.getAppRoleID(roleName), "Role ID lookup failed"); String roleID = assertDoesNotThrow(() -> connector.appRole().getRoleID(roleName), "Role ID lookup failed");
assertNotEquals("", roleID, "Role ID lookup returned empty ID"); assertNotEquals("", roleID, "Role ID lookup returned empty ID");
// Set custom role ID. // Set custom role ID.
String roleID2 = "custom-role-id"; String roleID2 = "custom-role-id";
assertDoesNotThrow(() -> connector.setAppRoleID(roleName, roleID2), "Setting custom role ID failed"); assertDoesNotThrow(() -> connector.appRole().setRoleID(roleName, roleID2), "Setting custom role ID failed");
// Verify role ID. // Verify role ID.
String res2 = assertDoesNotThrow(() -> connector.getAppRoleID(roleName), "Role ID lookup failed"); String res2 = assertDoesNotThrow(() -> connector.appRole().getRoleID(roleName), "Role ID lookup failed");
assertEquals(roleID2, res2, "Role ID lookup returned wrong ID"); assertEquals(roleID2, res2, "Role ID lookup returned wrong ID");
// Update role model with custom flags. // Update role model with custom flags.
@@ -691,44 +691,44 @@ class HTTPVaultConnectorIT {
.build(); .build();
// Create role. // Create role.
boolean res3 = assertDoesNotThrow(() -> connector.createAppRole(role2), "Role creation failed"); boolean res3 = assertDoesNotThrow(() -> connector.appRole().create(role2), "Role creation failed");
assertTrue(res3, "No result given"); assertTrue(res3, "No result given");
// Lookup updated role. // Lookup updated role.
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName), "Role lookup failed"); res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName), "Role lookup failed");
assertNotNull(res.getRole(), "Role lookup returned no role"); assertNotNull(res.getRole(), "Role lookup returned no role");
assertEquals(321, res.getRole().getTokenPeriod(), "Token period not set for role"); assertEquals(321, res.getRole().getTokenPeriod(), "Token period not set for role");
// Create role by name. // Create role by name.
String roleName2 = "RoleByName"; String roleName2 = "RoleByName";
assertDoesNotThrow(() -> connector.createAppRole(roleName2), "Creation of role by name failed"); assertDoesNotThrow(() -> connector.appRole().create(roleName2), "Creation of role by name failed");
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName2), "Creation of role by name failed"); res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName2), "Creation of role by name failed");
assertNotNull(res.getRole(), "Role lookuo returned not value"); assertNotNull(res.getRole(), "Role lookuo returned not value");
// Create role by name with custom ID. // Create role by name with custom ID.
String roleName3 = "RoleByName"; String roleName3 = "RoleByName";
String roleID3 = "RolyByNameID"; String roleID3 = "RolyByNameID";
assertDoesNotThrow(() -> connector.createAppRole(roleName3, roleID3), "Creation of role by name failed"); assertDoesNotThrow(() -> connector.appRole().create(roleName3, roleID3), "Creation of role by name failed");
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed"); res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName3), "Creation of role by name failed");
assertNotNull(res.getRole(), "Role lookuo returned not value"); assertNotNull(res.getRole(), "Role lookuo returned not value");
res2 = assertDoesNotThrow(() -> connector.getAppRoleID(roleName3), "Creation of role by name failed"); res2 = assertDoesNotThrow(() -> connector.appRole().getRoleID(roleName3), "Creation of role by name failed");
assertEquals(roleID3, res2, "Role lookuo returned wrong ID"); assertEquals(roleID3, res2, "Role lookuo returned wrong ID");
// Create role by name with policies. // Create role by name with policies.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")), () -> connector.appRole().create(roleName3, Collections.singletonList("testpolicy")),
"Creation of role by name failed" "Creation of role by name failed"
); );
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed"); res = assertDoesNotThrow(() -> connector.appRole().lookup(roleName3), "Creation of role by name failed");
// Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2. // Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
assertEquals(List.of("testpolicy"), res.getRole().getTokenPolicies(), "Role lookup returned unexpected policies"); assertEquals(List.of("testpolicy"), res.getRole().getTokenPolicies(), "Role lookup returned unexpected policies");
// Delete role. // Delete role.
assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed"); assertDoesNotThrow(() -> connector.appRole().delete(roleName3), "Deletion of role failed");
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.lookupAppRole(roleName3), () -> connector.appRole().lookup(roleName3),
"Deleted role could be looked up" "Deleted role could be looked up"
); );
} }
@@ -745,7 +745,7 @@ class HTTPVaultConnectorIT {
// Create default (random) secret for existing role. // Create default (random) secret for existing role.
AppRoleSecretResponse res = assertDoesNotThrow( AppRoleSecretResponse res = assertDoesNotThrow(
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME), () -> connector.appRole().createSecret(APPROLE_ROLE_NAME),
"AppRole secret creation failed" "AppRole secret creation failed"
); );
assertNotNull(res.getSecret(), "No secret returned"); assertNotNull(res.getSecret(), "No secret returned");
@@ -753,26 +753,26 @@ class HTTPVaultConnectorIT {
// Create secret with custom ID. // Create secret with custom ID.
String secretID = "customSecretId"; String secretID = "customSecretId";
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.appRole().createSecret(APPROLE_ROLE_NAME, secretID),
"AppRole secret creation failed" "AppRole secret creation failed"
); );
assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned"); assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
// Lookup secret. // Lookup secret.
res = assertDoesNotThrow( res = assertDoesNotThrow(
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.appRole().lookupSecret(APPROLE_ROLE_NAME, secretID),
"AppRole secret lookup failed" "AppRole secret lookup failed"
); );
assertNotNull(res.getSecret(), "No secret information returned"); assertNotNull(res.getSecret(), "No secret information returned");
// Destroy secret. // Destroy secret.
assertDoesNotThrow( assertDoesNotThrow(
() -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.appRole().destroySecret(APPROLE_ROLE_NAME, secretID),
"AppRole secret destruction failed" "AppRole secret destruction failed"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID), () -> connector.appRole().lookupSecret(APPROLE_ROLE_NAME, secretID),
"Destroyed AppRole secret successfully read" "Destroyed AppRole secret successfully read"
); );
} }
@@ -825,7 +825,7 @@ class HTTPVaultConnectorIT {
.build(); .build();
// Create token. // Create token.
AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed"); AuthResponse res = assertDoesNotThrow(() -> connector.token().create(token), "Token creation failed");
assertNotNull(res, "No result given"); assertNotNull(res, "No result given");
assertEquals("test-id", res.getAuth().getClientToken(), "Invalid token ID returned"); assertEquals("test-id", res.getAuth().getClientToken(), "Invalid token ID returned");
assertEquals(List.of("root"), res.getAuth().getPolicies(), "Expected inherited root policy"); assertEquals(List.of("root"), res.getAuth().getPolicies(), "Expected inherited root policy");
@@ -847,7 +847,7 @@ class HTTPVaultConnectorIT {
.withoutDefaultPolicy() .withoutDefaultPolicy()
.withMeta("foo", "bar") .withMeta("foo", "bar")
.build(); .build();
res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed"); res = assertDoesNotThrow(() -> connector.token().create(token2), "Token creation failed");
assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned"); assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned"); assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned");
assertNotNull(res.getAuth().getMetadata(), "Metadata not given"); assertNotNull(res.getAuth().getMetadata(), "Metadata not given");
@@ -862,11 +862,11 @@ class HTTPVaultConnectorIT {
.withDefaultPolicy() .withDefaultPolicy()
.withMeta("test", "success") .withMeta("test", "success")
.withMeta("key", "value") .withMeta("key", "value")
.withTtl(1234) .withTtl(1234L)
.build(); .build();
InvalidResponseException e = assertThrows( InvalidResponseException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.createToken(token3), () -> connector.token().create(token3),
"Overwriting token should fail as of Vault 0.8.0" "Overwriting token should fail as of Vault 0.8.0"
); );
assertEquals(400, e.getStatusCode()); assertEquals(400, e.getStatusCode());
@@ -880,7 +880,7 @@ class HTTPVaultConnectorIT {
.withoutDefaultPolicy() .withoutDefaultPolicy()
.withType(Token.Type.BATCH) .withType(Token.Type.BATCH)
.build(); .build();
res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed"); res = assertDoesNotThrow(() -> connector.token().create(token4), "Token creation failed");
assertTrue( assertTrue(
// Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before. // Expecting batch token. "hvb." Prefix as of Vault 1.10, "b." before.
res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."), res.getAuth().getClientToken().startsWith("b.") || res.getAuth().getClientToken().startsWith("hvb."),
@@ -908,12 +908,12 @@ class HTTPVaultConnectorIT {
.withId("my-token") .withId("my-token")
.withType(Token.Type.SERVICE) .withType(Token.Type.SERVICE)
.build(); .build();
assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed"); assertDoesNotThrow(() -> connector.token().create(token), "Token creation failed");
authRoot(); authRoot();
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
TokenResponse res = assertDoesNotThrow(() -> connector.lookupToken("my-token"), "Token creation failed"); TokenResponse res = assertDoesNotThrow(() -> connector.token().lookup("my-token"), "Token creation failed");
assertEquals(token.getId(), res.getData().getId(), "Unexpected token ID"); assertEquals(token.getId(), res.getData().getId(), "Unexpected token ID");
assertEquals(1, res.getData().getPolicies().size(), "Unexpected number of policies"); assertEquals(1, res.getData().getPolicies().size(), "Unexpected number of policies");
assertTrue(res.getData().getPolicies().contains("root"), "Unexpected policy"); assertTrue(res.getData().getPolicies().contains("root"), "Unexpected policy");
@@ -936,14 +936,14 @@ class HTTPVaultConnectorIT {
final TokenRole role = TokenRole.builder().build(); final TokenRole role = TokenRole.builder().build();
boolean creationRes = assertDoesNotThrow( boolean creationRes = assertDoesNotThrow(
() -> connector.createOrUpdateTokenRole(roleName, role), () -> connector.token().createOrUpdateRole(roleName, role),
"Token role creation failed" "Token role creation failed"
); );
assertTrue(creationRes, "Token role creation failed"); assertTrue(creationRes, "Token role creation failed");
// Read the role. // Read the role.
TokenRoleResponse res = assertDoesNotThrow( TokenRoleResponse res = assertDoesNotThrow(
() -> connector.readTokenRole(roleName), () -> connector.token().readRole(roleName),
"Reading token role failed" "Reading token role failed"
); );
assertNotNull(res, "Token role response must not be null"); assertNotNull(res, "Token role response must not be null");
@@ -963,12 +963,12 @@ class HTTPVaultConnectorIT {
.build(); .build();
creationRes = assertDoesNotThrow( creationRes = assertDoesNotThrow(
() -> connector.createOrUpdateTokenRole(role2), () -> connector.token().createOrUpdateRole(role2),
"Token role update failed" "Token role update failed"
); );
assertTrue(creationRes, "Token role update failed"); assertTrue(creationRes, "Token role update failed");
res = assertDoesNotThrow(() -> connector.readTokenRole(roleName), "Reading token role failed"); res = assertDoesNotThrow(() -> connector.token().readRole(roleName), "Reading token role failed");
assertNotNull(res, "Token role response must not be null"); assertNotNull(res, "Token role response must not be null");
assertNotNull(res.getData(), "Token role must not be null"); assertNotNull(res.getData(), "Token role must not be null");
assertEquals(roleName, res.getData().getName(), "Token role name not as expected"); assertEquals(roleName, res.getData().getName(), "Token role name not as expected");
@@ -977,15 +977,15 @@ class HTTPVaultConnectorIT {
assertEquals(42, res.getData().getTokenNumUses(), "Unexpected number of token uses after update"); assertEquals(42, res.getData().getTokenNumUses(), "Unexpected number of token uses after update");
// List roles. // List roles.
List<String> listRes = assertDoesNotThrow(() -> connector.listTokenRoles(), "Listing token roles failed"); List<String> listRes = assertDoesNotThrow(() -> connector.token().listRoles(), "Listing token roles failed");
assertNotNull(listRes, "Token role list must not be null"); assertNotNull(listRes, "Token role list must not be null");
assertEquals(List.of(roleName), listRes, "Unexpected token role list"); assertEquals(List.of(roleName), listRes, "Unexpected token role list");
// Delete the role. // Delete the role.
creationRes = assertDoesNotThrow(() -> connector.deleteTokenRole(roleName), "Token role deletion failed"); creationRes = assertDoesNotThrow(() -> connector.token().deleteRole(roleName), "Token role deletion failed");
assertTrue(creationRes, "Token role deletion failed"); assertTrue(creationRes, "Token role deletion failed");
assertThrows(InvalidResponseException.class, () -> connector.readTokenRole(roleName), "Reading nonexistent token role should fail"); assertThrows(InvalidResponseException.class, () -> connector.token().readRole(roleName), "Reading nonexistent token role should fail");
assertThrows(InvalidResponseException.class, () -> connector.listTokenRoles(), "Listing nonexistent token roles should fail"); assertThrows(InvalidResponseException.class, () -> connector.token().listRoles(), "Listing nonexistent token roles should fail");
} }
} }
@@ -1000,14 +1000,14 @@ class HTTPVaultConnectorIT {
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow( TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitEncrypt("my-key", "dGVzdCBtZQ=="), () -> connector.transit().encrypt("my-key", "dGVzdCBtZQ=="),
"Failed to encrypt via transit" "Failed to encrypt via transit"
); );
assertNotNull(transitResponse.getCiphertext()); assertNotNull(transitResponse.getCiphertext());
assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:")); assertTrue(transitResponse.getCiphertext().startsWith("vault:v1:"));
transitResponse = assertDoesNotThrow( transitResponse = assertDoesNotThrow(
() -> connector.transitEncrypt("my-key", "test me".getBytes(UTF_8)), () -> connector.transit().encrypt("my-key", "test me".getBytes(UTF_8)),
"Failed to encrypt binary data via transit" "Failed to encrypt binary data via transit"
); );
assertNotNull(transitResponse.getCiphertext()); assertNotNull(transitResponse.getCiphertext());
@@ -1022,7 +1022,7 @@ class HTTPVaultConnectorIT {
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow( TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitDecrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="), () -> connector.transit().decrypt("my-key", "vault:v1:1mhLVkBAR2nrFtIkJF/qg57DWfRj0FWgR6tvkGO8XOnL6sw="),
"Failed to decrypt via transit" "Failed to decrypt via transit"
); );
@@ -1036,21 +1036,21 @@ class HTTPVaultConnectorIT {
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
TransitResponse transitResponse = assertDoesNotThrow( TransitResponse transitResponse = assertDoesNotThrow(
() -> connector.transitHash("sha2-512", "dGVzdCBtZQ=="), () -> connector.transit().hash("sha2-512", "dGVzdCBtZQ=="),
"Failed to hash via transit" "Failed to hash via transit"
); );
assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum()); assertEquals("7677af0ee4effaa9f35e9b1e82d182f79516ab8321786baa23002de7c06851059492dd37d5fc3791f17d81d4b58198d24a6fd8bbd62c42c1c30b371da500f193", transitResponse.getSum());
TransitResponse transitResponseBase64 = assertDoesNotThrow( TransitResponse transitResponseBase64 = assertDoesNotThrow(
() -> connector.transitHash("sha2-256", "dGVzdCBtZQ==", "base64"), () -> connector.transit().hash("sha2-256", "dGVzdCBtZQ==", "base64"),
"Failed to hash via transit with base64 output" "Failed to hash via transit with base64 output"
); );
assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum()); assertEquals("5DfYkW7cvGLkfy36cXhqmZcygEy9HpnFNB4WWXKOl1M=", transitResponseBase64.getSum());
transitResponseBase64 = assertDoesNotThrow( transitResponseBase64 = assertDoesNotThrow(
() -> connector.transitHash("sha2-256", "test me".getBytes(UTF_8), "base64"), () -> connector.transit().hash("sha2-256", "test me".getBytes(UTF_8), "base64"),
"Failed to hash binary data via transit" "Failed to hash binary data via transit"
); );
@@ -1072,7 +1072,7 @@ class HTTPVaultConnectorIT {
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
List<AuthBackend> supportedBackends = assertDoesNotThrow( List<AuthBackend> supportedBackends = assertDoesNotThrow(
() -> connector.getAuthBackends(), () -> connector.sys().getAuthBackends(),
"Could not list supported auth backends" "Could not list supported auth backends"
); );
@@ -1132,22 +1132,22 @@ class HTTPVaultConnectorIT {
@Test @Test
@DisplayName("Seal test") @DisplayName("Seal test")
void sealTest() throws VaultConnectorException { void sealTest() throws VaultConnectorException {
SealResponse sealStatus = connector.sealStatus(); SealResponse sealStatus = connector.sys().sealStatus();
assumeFalse(sealStatus.isSealed()); assumeFalse(sealStatus.isSealed());
// Unauthorized sealing should fail. // Unauthorized sealing should fail.
assertThrows(VaultConnectorException.class, connector::seal, "Unauthorized sealing succeeded"); assertThrows(VaultConnectorException.class, () -> connector.sys().seal(), "Unauthorized sealing succeeded");
assertFalse(sealStatus.isSealed(), "Vault sealed, although sealing failed"); assertFalse(sealStatus.isSealed(), "Vault sealed, although sealing failed");
// Root user should be able to seal. // Root user should be able to seal.
authRoot(); authRoot();
assumeTrue(connector.isAuthorized()); assumeTrue(connector.isAuthorized());
assertDoesNotThrow(connector::seal, "Sealing failed"); assertDoesNotThrow(() -> connector.sys().seal(), "Sealing failed");
sealStatus = connector.sealStatus(); sealStatus = connector.sys().sealStatus();
assertTrue(sealStatus.isSealed(), "Vault not sealed"); assertTrue(sealStatus.isSealed(), "Vault not sealed");
sealStatus = connector.unseal(KEY2); sealStatus = connector.sys().unseal(KEY2);
assertTrue(sealStatus.isSealed(), "Vault unsealed with only 1 key"); assertTrue(sealStatus.isSealed(), "Vault unsealed with only 1 key");
sealStatus = connector.unseal(KEY3); sealStatus = connector.sys().unseal(KEY3);
assertFalse(sealStatus.isSealed(), "Vault not unsealed"); assertFalse(sealStatus.isSealed(), "Vault not unsealed");
} }
@@ -1157,7 +1157,7 @@ class HTTPVaultConnectorIT {
@Test @Test
@DisplayName("Health test") @DisplayName("Health test")
void healthTest() { void healthTest() {
HealthResponse res = assertDoesNotThrow(connector::getHealth, "Retrieving health status failed"); HealthResponse res = assertDoesNotThrow(() -> connector.sys().getHealth(), "Retrieving health status failed");
assertNotNull(res, "Health response should be set"); assertNotNull(res, "Health response should be set");
assertEquals(VAULT_VERSION, res.getVersion(), "Unexpected version"); assertEquals(VAULT_VERSION, res.getVersion(), "Unexpected version");
assertTrue(res.isInitialized(), "Unexpected init status"); assertTrue(res.isInitialized(), "Unexpected init status");
@@ -1166,11 +1166,11 @@ class HTTPVaultConnectorIT {
// No seal vault and verify correct status. // No seal vault and verify correct status.
authRoot(); authRoot();
assertDoesNotThrow(connector::seal, "Unexpected exception on sealing"); assertDoesNotThrow(() -> connector.sys().seal(), "Unexpected exception on sealing");
SealResponse sealStatus = assertDoesNotThrow(connector::sealStatus); SealResponse sealStatus = assertDoesNotThrow(() -> connector.sys().sealStatus());
assumeTrue(sealStatus.isSealed()); assumeTrue(sealStatus.isSealed());
connector.resetAuth(); // Should work unauthenticated connector.resetAuth(); // Should work unauthenticated
res = assertDoesNotThrow(connector::getHealth, "Retrieving health status failed when sealed"); res = assertDoesNotThrow(() -> connector.sys().getHealth(), "Retrieving health status failed when sealed");
assertTrue(res.isSealed(), "Unexpected seal status"); assertTrue(res.isSealed(), "Unexpected seal status");
} }
@@ -1222,7 +1222,7 @@ class HTTPVaultConnectorIT {
// Write configuration file. // Write configuration file.
File configFile = new File(dir, "vault.conf"); File configFile = new File(dir, "vault.conf");
try { try {
Files.write(configFile.toPath(), config.toString().getBytes(UTF_8)); Files.writeString(configFile.toPath(), config.toString(), UTF_8);
} catch (IOException e) { } catch (IOException e) {
throw new IllegalStateException("Unable to generate config file", e); throw new IllegalStateException("Unable to generate config file", e);
} }
@@ -1282,10 +1282,8 @@ class HTTPVaultConnectorIT {
return socket.getLocalPort(); return socket.getLocalPort();
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); throw new IllegalStateException("Unable to find a free TCP port", e);
} }
throw new IllegalStateException("Unable to find a free TCP port");
} }
/** /**

70
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

@@ -54,14 +54,13 @@ class HTTPVaultConnectorTest {
*/ */
@Test @Test
void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException { void requestExceptionTest(WireMockRuntimeInfo wireMock) throws IOException, URISyntaxException {
HTTPVaultConnector connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build(); try (var connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withTimeout(250).build()) {
// Test invalid response code. // Test invalid response code.
final int responseCode = 400; final int responseCode = 400;
mockHttpResponse(responseCode, "", "application/json"); mockHttpResponse(responseCode, "", "application/json");
VaultConnectorException e = assertThrows( VaultConnectorException e = assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
connector::getHealth, () -> connector.sys().getHealth(),
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message"); assertEquals("Invalid response code", e.getMessage(), "Unexpected exception message");
@@ -72,25 +71,25 @@ class HTTPVaultConnectorTest {
mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json"); mockHttpResponse(responseCode, "{\"errors\":[\"permission denied\"]}", "application/json");
assertThrows( assertThrows(
PermissionDeniedException.class, PermissionDeniedException.class,
connector::getHealth, () -> connector.sys().getHealth(),
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
}
// Test exception thrown during request. // Test exception thrown during request.
try (ServerSocket s = new ServerSocket(0)) { try (ServerSocket s = new ServerSocket(0);
connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build(); var connector = HTTPVaultConnector.builder("http://localst:" + s.getLocalPort() + "/").withTimeout(250).build()) {
} var e = assertThrows(
e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::getHealth, () -> connector.sys().getHealth(),
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause"); assertInstanceOf(IOException.class, e.getCause(), "Unexpected cause");
}
// Now simulate a failing request that succeeds on second try. // Now simulate a failing request that succeeds on second try.
connector = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build(); try (var connector3 = HTTPVaultConnector.builder(wireMock.getHttpBaseUrl()).withNumberOfRetries(1).withTimeout(250).build()) {
stubFor( stubFor(
WireMock.any(anyUrl()) WireMock.any(anyUrl())
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
@@ -98,7 +97,8 @@ class HTTPVaultConnectorTest {
.willReturn(aResponse().withStatus(500)) .willReturn(aResponse().withStatus(500))
.willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json")) .willReturn(aResponse().withStatus(200).withBody("{}").withHeader("Content-Type", "application/json"))
); );
assertDoesNotThrow(connector::getHealth, "Request failed unexpectedly"); assertDoesNotThrow(() -> connector3.sys().getHealth(), "Request failed unexpectedly");
}
} }
/** /**
@@ -160,7 +160,7 @@ class HTTPVaultConnectorTest {
} }
ConnectionException e = assertThrows( ConnectionException e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::sealStatus, () -> connector.sys().sealStatus(),
"Querying seal status succeeded on invalid instance" "Querying seal status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
@@ -178,7 +178,7 @@ class HTTPVaultConnectorTest {
} }
ConnectionException e = assertThrows( ConnectionException e = assertThrows(
ConnectionException.class, ConnectionException.class,
connector::getHealth, () -> connector.sys().getHealth(),
"Querying health status succeeded on invalid instance" "Querying health status succeeded on invalid instance"
); );
assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message"); assertEquals("Unable to connect to Vault server", e.getMessage(), "Unexpected exception message");
@@ -196,21 +196,21 @@ class HTTPVaultConnectorTest {
mockHttpResponse(200, "invalid", "application/json"); mockHttpResponse(200, "invalid", "application/json");
// Now test the methods. // Now test the methods.
assertParseError(connector::sealStatus, "sealStatus() succeeded on invalid instance"); assertParseError(() -> connector.sys().sealStatus(), "sys().sealStatus() succeeded on invalid instance");
assertParseError(() -> connector.unseal("key"), "unseal() succeeded on invalid instance"); assertParseError(() -> connector.sys().unseal("key"), "sys().unseal() succeeded on invalid instance");
assertParseError(connector::getHealth, "getHealth() succeeded on invalid instance"); assertParseError(() -> connector.sys().getHealth(), "sys().getHealth() succeeded on invalid instance");
assertParseError(connector::getAuthBackends, "getAuthBackends() succeeded on invalid instance"); assertParseError(() -> connector.sys().getAuthBackends(), "sys().getAuthBackends() succeeded on invalid instance");
assertParseError(() -> connector.authToken("token"), "authToken() succeeded on invalid instance"); assertParseError(() -> connector.authToken("token"), "authToken() succeeded on invalid instance");
assertParseError(() -> connector.lookupAppRole("roleName"), "lookupAppRole() succeeded on invalid instance"); assertParseError(() -> connector.appRole().lookup("roleName"), "appRole().lookup() succeeded on invalid instance");
assertParseError(() -> connector.getAppRoleID("roleName"), "getAppRoleID() succeeded on invalid instance"); assertParseError(() -> connector.appRole().getRoleID("roleName"), "appRole().getRoleID() succeeded on invalid instance");
assertParseError(() -> connector.createAppRoleSecret("roleName"), "createAppRoleSecret() succeeded on invalid instance"); assertParseError(() -> connector.appRole().createSecret("roleName"), "appRole().createSecret() succeeded on invalid instance");
assertParseError(() -> connector.lookupAppRoleSecret("roleName", "secretID"), "lookupAppRoleSecret() succeeded on invalid instance"); assertParseError(() -> connector.appRole().lookupSecret("roleName", "secretID"), "appRole().lookupSecret() succeeded on invalid instance");
assertParseError(connector::listAppRoles, "listAppRoles() succeeded on invalid instance"); assertParseError(() -> connector.appRole().listRoles(), "appRole().listRoles() succeeded on invalid instance");
assertParseError(() -> connector.listAppRoleSecrets("roleName"), "listAppRoleSecrets() succeeded on invalid instance"); assertParseError(() -> connector.appRole().listSecrets("roleName"), "appRole().listSecrets() succeeded on invalid instance");
assertParseError(() -> connector.read("key"), "read() succeeded on invalid instance"); assertParseError(() -> connector.read("key"), "read() succeeded on invalid instance");
assertParseError(() -> connector.list("path"), "list() succeeded on invalid instance"); assertParseError(() -> connector.list("path"), "list() succeeded on invalid instance");
assertParseError(() -> connector.renew("leaseID"), "renew() succeeded on invalid instance"); assertParseError(() -> connector.renew("leaseID"), "renew() succeeded on invalid instance");
assertParseError(() -> connector.lookupToken("token"), "lookupToken() succeeded on invalid instance"); assertParseError(() -> connector.token().lookup("token"), "token().lookup() succeeded on invalid instance");
} }
private void assertParseError(Executable executable, String message) { private void assertParseError(Executable executable, String message) {
@@ -232,32 +232,32 @@ class HTTPVaultConnectorTest {
// Now test the methods expecting a 204. // Now test the methods expecting a 204.
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.createAppRole("appID", Collections.singletonList("policy")), () -> connector.appRole().create("appID", Collections.singletonList("policy")),
"createAppRole() with 200 response succeeded" "appRole().create() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.deleteAppRole("roleName"), () -> connector.delete("roleName"),
"deleteAppRole() with 200 response succeeded" "appRole().delete() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.setAppRoleID("roleName", "roleID"), () -> connector.appRole().setRoleID("roleName", "roleID"),
"setAppRoleID() with 200 response succeeded" "appRole().setRoleID() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.destroyAppRoleSecret("roleName", "secretID"), () -> connector.appRole().destroySecret("roleName", "secretID"),
"destroyAppRoleSecret() with 200 response succeeded" "appRole().destroySecret() with 200 response succeeded"
); );
assertThrows( assertThrows(
InvalidResponseException.class, InvalidResponseException.class,
() -> connector.destroyAppRoleSecret("roleName", "secretUD"), () -> connector.appRole().destroySecret("roleName", "secretUD"),
"destroyAppRoleSecret() with 200 response succeeded" "appRole().destroySecret() with 200 response succeeded"
); );
assertThrows( assertThrows(

8
src/test/java/de/stklcode/jvault/connector/model/AppRoleTest.java
View File

@@ -42,11 +42,11 @@ class AppRoleTest extends AbstractModelTest<AppRole> {
private static final String POLICY = "policy"; private static final String POLICY = "policy";
private static final String POLICY_2 = "policy2"; private static final String POLICY_2 = "policy2";
private static final Integer SECRET_ID_NUM_USES = 10; private static final Integer SECRET_ID_NUM_USES = 10;
private static final Integer SECRET_ID_TTL = 7200; private static final Long SECRET_ID_TTL = 7200L;
private static final Boolean LOCAL_SECRET_IDS = false; private static final Boolean LOCAL_SECRET_IDS = false;
private static final Integer TOKEN_TTL = 4800; private static final Long TOKEN_TTL = 4800L;
private static final Integer TOKEN_MAX_TTL = 9600; private static final Long TOKEN_MAX_TTL = 9600L;
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400; private static final Long TOKEN_EXPLICIT_MAX_TTL = 14400L;
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false; private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
private static final Integer TOKEN_NUM_USES = 42; private static final Integer TOKEN_NUM_USES = 42;
private static final Integer TOKEN_PERIOD = 1234; private static final Integer TOKEN_PERIOD = 1234;

2
src/test/java/de/stklcode/jvault/connector/model/TokenRoleTest.java
View File

@@ -59,7 +59,7 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24"; private static final String TOKEN_BOUND_CIDR_2 = "198.51.100.0/24";
private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24"; private static final String TOKEN_BOUND_CIDR_3 = "203.0.113.0/24";
private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1); private static final List<String> TOKEN_BOUND_CIDRS = Arrays.asList(TOKEN_BOUND_CIDR_2, TOKEN_BOUND_CIDR_1);
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 1234; private static final Long TOKEN_EXPLICIT_MAX_TTL = 1234L;
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false; private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
private static final Integer TOKEN_NUM_USES = 5; private static final Integer TOKEN_NUM_USES = 5;
private static final Integer TOKEN_PERIOD = 2345; private static final Integer TOKEN_PERIOD = 2345;

4
src/test/java/de/stklcode/jvault/connector/model/TokenTest.java
View File

@@ -35,8 +35,8 @@ class TokenTest extends AbstractModelTest<Token> {
private static final String DISPLAY_NAME = "display-name"; private static final String DISPLAY_NAME = "display-name";
private static final Boolean NO_PARENT = false; private static final Boolean NO_PARENT = false;
private static final Boolean NO_DEFAULT_POLICY = false; private static final Boolean NO_DEFAULT_POLICY = false;
private static final Integer TTL = 123; private static final Long TTL = 123L;
private static final Integer EXPLICIT_MAX_TTL = 456; private static final Long EXPLICIT_MAX_TTL = 456L;
private static final Integer NUM_USES = 4; private static final Integer NUM_USES = 4;
private static final List<String> POLICIES = new ArrayList<>(); private static final List<String> POLICIES = new ArrayList<>();
private static final String POLICY = "policy"; private static final String POLICY = "policy";

17
src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.AppRole; import de.stklcode.jvault.connector.model.AppRole;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -32,9 +31,9 @@ import static org.junit.jupiter.api.Assertions.*;
* @since 0.6.2 * @since 0.6.2
*/ */
class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> { class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
private static final Integer ROLE_TOKEN_TTL = 1200; private static final Long ROLE_TOKEN_TTL = 1200L;
private static final Integer ROLE_TOKEN_MAX_TTL = 1800; private static final Long ROLE_TOKEN_MAX_TTL = 1800L;
private static final Integer ROLE_SECRET_TTL = 600; private static final Long ROLE_SECRET_TTL = 600L;
private static final Integer ROLE_SECRET_NUM_USES = 40; private static final Integer ROLE_SECRET_NUM_USES = 40;
private static final String ROLE_POLICY = "default"; private static final String ROLE_POLICY = "default";
private static final Integer ROLE_PERIOD = 0; private static final Integer ROLE_PERIOD = 0;
@@ -67,12 +66,10 @@ class AppRoleResponseTest extends AbstractModelTest<AppRoleResponse> {
@Override @Override
protected AppRoleResponse createFull() { protected AppRoleResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, AppRoleResponse.class); () -> objectMapper.readValue(RES_JSON, AppRoleResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

15
src/test/java/de/stklcode/jvault/connector/model/response/AuthMethodsResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.AuthBackend; import de.stklcode.jvault.connector.model.AuthBackend;
import de.stklcode.jvault.connector.model.response.embedded.AuthMethod; import de.stklcode.jvault.connector.model.response.embedded.AuthMethod;
@@ -45,9 +44,9 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741"; private static final String TK_UUID = "32ea9681-6bd6-6cec-eec3-d11260ba9741";
private static final String TK_ACCESSOR = "auth_token_ac0dd95a"; private static final String TK_ACCESSOR = "auth_token_ac0dd95a";
private static final String TK_DESCR = "token based credentials"; private static final String TK_DESCR = "token based credentials";
private static final Integer TK_LEASE_TTL = 0; private static final Long TK_LEASE_TTL = 0L;
private static final Boolean TK_FORCE_NO_CACHE = false; private static final Boolean TK_FORCE_NO_CACHE = false;
private static final Integer TK_MAX_LEASE_TTL = 0; private static final Long TK_MAX_LEASE_TTL = 0L;
private static final String TK_TOKEN_TYPE = "default-service"; private static final String TK_TOKEN_TYPE = "default-service";
private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault"; private static final String TK_RUNNING_PLUGIN_VERSION = "v1.15.3+builtin.vault";
@@ -90,12 +89,10 @@ class AuthMethodsResponseTest extends AbstractModelTest<AuthMethodsResponse> {
@Override @Override
protected AuthMethodsResponse createFull() { protected AuthMethodsResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, AuthMethodsResponse.class); () -> objectMapper.readValue(RES_JSON, AuthMethodsResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.response.embedded.AuthData; import de.stklcode.jvault.connector.model.response.embedded.AuthData;
import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny; import de.stklcode.jvault.connector.model.response.embedded.MfaConstraintAny;
@@ -101,12 +100,10 @@ class AuthResponseTest extends AbstractModelTest<AuthResponse> {
@Override @Override
protected AuthResponse createFull() { protected AuthResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, AuthResponse.class); () -> objectMapper.readValue(RES_JSON, AuthResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
@Test @Test

11
src/test/java/de/stklcode/jvault/connector/model/response/CredentialsResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -49,12 +48,10 @@ class CredentialsResponseTest extends AbstractModelTest<CredentialsResponse> {
@Override @Override
protected CredentialsResponse createFull() { protected CredentialsResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, CredentialsResponse.class); () -> objectMapper.readValue(JSON, CredentialsResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/ErrorResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -42,12 +41,10 @@ class ErrorResponseTest extends AbstractModelTest<ErrorResponse> {
@Override @Override
protected ErrorResponse createFull() { protected ErrorResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, ErrorResponse.class); () -> objectMapper.readValue(JSON, ErrorResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/HealthResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -67,12 +66,10 @@ class HealthResponseTest extends AbstractModelTest<HealthResponse> {
@Override @Override
protected HealthResponse createFull() { protected HealthResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, HealthResponse.class); () -> objectMapper.readValue(RES_JSON, HealthResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/HelpResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -38,12 +37,10 @@ class HelpResponseTest extends AbstractModelTest<HelpResponse> {
@Override @Override
protected HelpResponse createFull() { protected HelpResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, HelpResponse.class); () -> objectMapper.readValue(JSON, HelpResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/MetaSecretResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -95,12 +94,10 @@ class MetaSecretResponseTest extends AbstractModelTest<MetaSecretResponse> {
@Override @Override
protected MetaSecretResponse createFull() { protected MetaSecretResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class); () -> objectMapper.readValue(SECRET_JSON_V2, MetaSecretResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/MetadataResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -80,12 +79,10 @@ class MetadataResponseTest extends AbstractModelTest<MetadataResponse> {
@Override @Override
protected MetadataResponse createFull() { protected MetadataResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(META_JSON, MetadataResponse.class); () -> objectMapper.readValue(META_JSON, MetadataResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/PlainSecretResponseTest.java
View File

@@ -17,7 +17,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.exception.InvalidResponseException; import de.stklcode.jvault.connector.exception.InvalidResponseException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -60,12 +59,10 @@ class PlainSecretResponseTest extends AbstractModelTest<PlainSecretResponse> {
@Override @Override
protected PlainSecretResponse createFull() { protected PlainSecretResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class); () -> objectMapper.readValue(SECRET_JSON, PlainSecretResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/SealResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -83,12 +82,10 @@ class SealResponseTest extends AbstractModelTest<SealResponse> {
@Override @Override
protected SealResponse createFull() { protected SealResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_UNSEALED, SealResponse.class); () -> objectMapper.readValue(RES_UNSEALED, SealResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

14
src/test/java/de/stklcode/jvault/connector/model/response/SecretListResponseTest.java
View File

@@ -16,13 +16,13 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.junit.jupiter.api.Assertions.assertEquals;
/** /**
* JUnit Test for {@link SecretListResponse} model. * JUnit Test for {@link SecretListResponse} model.
@@ -52,12 +52,10 @@ class SecretListResponseTest extends AbstractModelTest<SecretListResponse> {
@Override @Override
protected SecretListResponse createFull() { protected SecretListResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(JSON, SecretListResponse.class); () -> objectMapper.readValue(JSON, SecretListResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/SecretVersionResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -48,12 +47,10 @@ class SecretVersionResponseTest extends AbstractModelTest<SecretVersionResponse>
@Override @Override
protected SecretVersionResponse createFull() { protected SecretVersionResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(META_JSON, SecretVersionResponse.class); () -> objectMapper.readValue(META_JSON, SecretVersionResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

17
src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import de.stklcode.jvault.connector.model.response.embedded.TokenData; import de.stklcode.jvault.connector.model.response.embedded.TokenData;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -35,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.*;
*/ */
class TokenResponseTest extends AbstractModelTest<TokenResponse> { class TokenResponseTest extends AbstractModelTest<TokenResponse> {
private static final Integer TOKEN_CREATION_TIME = 1457533232; private static final Integer TOKEN_CREATION_TIME = 1457533232;
private static final Integer TOKEN_TTL = 2764800; private static final Long TOKEN_TTL = 2764800L;
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 0; private static final Long TOKEN_EXPLICIT_MAX_TTL = 0L;
private static final String TOKEN_DISPLAY_NAME = "token"; private static final String TOKEN_DISPLAY_NAME = "token";
private static final String TOKEN_META_KEY = "foo"; private static final String TOKEN_META_KEY = "foo";
private static final String TOKEN_META_VALUE = "bar"; private static final String TOKEN_META_VALUE = "bar";
@@ -47,7 +46,7 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
private static final String TOKEN_POLICY_1 = "default"; private static final String TOKEN_POLICY_1 = "default";
private static final String TOKEN_POLICY_2 = "web"; private static final String TOKEN_POLICY_2 = "web";
private static final Boolean RES_RENEWABLE = false; private static final Boolean RES_RENEWABLE = false;
private static final Integer RES_TTL = 2591976; private static final Long RES_TTL = 2591976L;
private static final Integer RES_LEASE_DURATION = 0; private static final Integer RES_LEASE_DURATION = 0;
private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu"; private static final String TOKEN_ACCESSOR = "VKvzT2fKHFsZFUus9LyoXCvu";
private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9"; private static final String TOKEN_ENTITY_ID = "7d2e3179-f69b-450c-7179-ac8ee8bd8ca9";
@@ -96,12 +95,10 @@ class TokenResponseTest extends AbstractModelTest<TokenResponse> {
@Override @Override
protected TokenResponse createFull() { protected TokenResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, TokenResponse.class); () -> objectMapper.readValue(RES_JSON, TokenResponse.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**

11
src/test/java/de/stklcode/jvault/connector/model/response/TransitResponseTest.java
View File

@@ -16,7 +16,6 @@
package de.stklcode.jvault.connector.model.response; package de.stklcode.jvault.connector.model.response;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -39,19 +38,17 @@ class TransitResponseTest extends AbstractModelTest<TransitResponse> {
@Override @Override
protected TransitResponse createFull() { protected TransitResponse createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue( () -> objectMapper.readValue(
json( json(
"\"ciphertext\": \"" + CIPHERTEXT + "\", " + "\"ciphertext\": \"" + CIPHERTEXT + "\", " +
"\"plaintext\": \"" + PLAINTEXT + "\", " + "\"plaintext\": \"" + PLAINTEXT + "\", " +
"\"sum\": \"" + SUM + "\"" "\"sum\": \"" + SUM + "\""
), ),
TransitResponse.class TransitResponse.class
),
"Creation of full model failed"
); );
} catch (JsonProcessingException e) {
fail("Creation of full model failed", e);
return null;
}
} }
@Test @Test

15
src/test/java/de/stklcode/jvault/connector/model/response/embedded/MountConfigTest.java
View File

@@ -1,6 +1,5 @@
package de.stklcode.jvault.connector.model.response.embedded; package de.stklcode.jvault.connector.model.response.embedded;
import com.fasterxml.jackson.core.JsonProcessingException;
import de.stklcode.jvault.connector.model.AbstractModelTest; import de.stklcode.jvault.connector.model.AbstractModelTest;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@@ -14,8 +13,8 @@ import static org.junit.jupiter.api.Assertions.*;
* @author Stefan Kalscheuer * @author Stefan Kalscheuer
*/ */
class MountConfigTest extends AbstractModelTest<MountConfig> { class MountConfigTest extends AbstractModelTest<MountConfig> {
private static final Integer DEFAULT_LEASE_TTL = 1800; private static final Long DEFAULT_LEASE_TTL = 1800L;
private static final Integer MAX_LEASE_TTL = 3600; private static final Long MAX_LEASE_TTL = 3600L;
private static final Boolean FORCE_NO_CACHE = false; private static final Boolean FORCE_NO_CACHE = false;
private static final String TOKEN_TYPE = "default-service"; private static final String TOKEN_TYPE = "default-service";
private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1"; private static final String AUDIT_NON_HMAC_REQ_KEYS_1 = "req1";
@@ -62,12 +61,10 @@ class MountConfigTest extends AbstractModelTest<MountConfig> {
@Override @Override
protected MountConfig createFull() { protected MountConfig createFull() {
try { return assertDoesNotThrow(
return objectMapper.readValue(RES_JSON, MountConfig.class); () -> objectMapper.readValue(RES_JSON, MountConfig.class),
} catch (JsonProcessingException e) { "Creation of full model instance failed"
fail("Creation of full model instance failed", e); );
return null;
}
} }
/** /**