From 55b297268531f701a4542899caa2125bb6b34778 Mon Sep 17 00:00:00 2001 From: Kevin Wooten Date: Sat, 6 Jan 2024 13:14:31 -0700 Subject: [PATCH] Fixup mounts & plugins apis & fix outstanding integration test failures --- client/src/main/specs/sys/mounts.yaml | 6 +- client/src/main/specs/sys/plugins.yaml | 2 + .../vault/client/VaultSecretsKV2Test.java | 4 +- .../vault/client/VaultSecretsPKITest.java | 120 +++++++++--------- .../vault/client/VaultSysMountsTest.java | 14 +- .../vault/client/VaultSysPluginsTest.java | 27 +++- .../vault/client/VaultSysRemountTest.java | 2 +- .../java/io/quarkus/vault/VaultITCase.java | 8 +- .../quarkus/vault/runtime/DurationHelper.java | 2 +- .../vault/runtime/VaultPKIManager.java | 48 +++++-- .../runtime/VaultSystemBackendManager.java | 10 +- .../vault/runtime/VaultTransitManager.java | 10 +- .../vault/test/VaultTestExtension.java | 6 +- 13 files changed, 160 insertions(+), 99 deletions(-) diff --git a/client/src/main/specs/sys/mounts.yaml b/client/src/main/specs/sys/mounts.yaml index ab57e4a6..eca6d56b 100644 --- a/client/src/main/specs/sys/mounts.yaml +++ b/client/src/main/specs/sys/mounts.yaml @@ -30,7 +30,7 @@ operations: method: POST status: NO_CONTENT path: mounts/:path - bodyFrom: [type, description, config] + bodyFrom: [type, description, config, options] parameters: - name: path type: String @@ -60,8 +60,8 @@ operations: type: String - name: allowedManagedKeys type: java.util.List - - name: options - type: java.util.Map + - name: options + type: java.util.Map - name: disable diff --git a/client/src/main/specs/sys/plugins.yaml b/client/src/main/specs/sys/plugins.yaml index d4af1da5..7e013074 100644 --- a/client/src/main/specs/sys/plugins.yaml +++ b/client/src/main/specs/sys/plugins.yaml @@ -200,3 +200,5 @@ types: type: String - name: builtin type: Boolean + - name: deprecationStatus + type: String diff --git a/client/src/test/java/io/quarkus/vault/client/VaultSecretsKV2Test.java b/client/src/test/java/io/quarkus/vault/client/VaultSecretsKV2Test.java index e52ff140..381ae22a 100644 --- a/client/src/test/java/io/quarkus/vault/client/VaultSecretsKV2Test.java +++ b/client/src/test/java/io/quarkus/vault/client/VaultSecretsKV2Test.java @@ -9,7 +9,6 @@ import org.junit.jupiter.api.Test; import io.quarkus.vault.client.api.secrets.kv2.VaultSecretsKV2SecretMetadataParams; -import io.quarkus.vault.client.api.sys.mounts.VaultSysMountsEnableConfig; import io.quarkus.vault.client.test.Random; import io.quarkus.vault.client.test.VaultClientTest; import io.quarkus.vault.client.test.VaultClientTest.Mount; @@ -34,8 +33,7 @@ void testReadConfig(VaultClient client) { @Test void testUpdateConfig(VaultClient client, @Random String path) { // Mount specific engine for testing CAS configuration - client.sys().mounts().enable(path, "kv", "KV with CAS enabled", new VaultSysMountsEnableConfig() - .setOptions(Map.of("version", "2"))) + client.sys().mounts().enable(path, "kv", "KV with CAS enabled", null, Map.of("version", "2")) .await().indefinitely(); var kvApi = client.secrets().kv2(path); diff --git a/client/src/test/java/io/quarkus/vault/client/VaultSecretsPKITest.java b/client/src/test/java/io/quarkus/vault/client/VaultSecretsPKITest.java index ec2f326a..d16aea7c 100644 --- a/client/src/test/java/io/quarkus/vault/client/VaultSecretsPKITest.java +++ b/client/src/test/java/io/quarkus/vault/client/VaultSecretsPKITest.java @@ -39,7 +39,7 @@ public class VaultSecretsPKITest { @Test public void testIssue(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -75,7 +75,7 @@ public void testIssue(VaultClient client, @Random String mount) { @Test public void testIssueViaIssuer(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -111,7 +111,7 @@ public void testIssueViaIssuer(VaultClient client, @Random String mount) { @Test public void testSign(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -156,7 +156,7 @@ public void testSign(VaultClient client, @Random String mount) throws Exception @Test public void testSignViaIssuer(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -201,7 +201,7 @@ public void testSignViaIssuer(VaultClient client, @Random String mount) throws E @Test public void testSignVerbatim(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -246,7 +246,7 @@ public void testSignVerbatim(VaultClient client, @Random String mount) throws Ex @Test public void testSignVerbatimViaIssuer(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -291,9 +291,9 @@ public void testSignVerbatimViaIssuer(VaultClient client, @Random String mount) @Test public void testSignIntermediate(VaultClient client, @Random String mount1, @Random String mount2) throws IOException { - client.sys().mounts().enable(mount1, "pki", null, null) + client.sys().mounts().enable(mount1, "pki", null, null, null) .await().indefinitely(); - client.sys().mounts().enable(mount2, "pki", null, null) + client.sys().mounts().enable(mount2, "pki", null, null, null) .await().indefinitely(); var pki1 = client.secrets().pki(mount1); @@ -331,9 +331,9 @@ public void testSignIntermediate(VaultClient client, @Random String mount1, @Ran @Test public void testSignIntermediateViaIssuer(VaultClient client, @Random String mount1, @Random String mount2) throws IOException { - client.sys().mounts().enable(mount1, "pki", null, null) + client.sys().mounts().enable(mount1, "pki", null, null, null) .await().indefinitely(); - client.sys().mounts().enable(mount2, "pki", null, null) + client.sys().mounts().enable(mount2, "pki", null, null, null) .await().indefinitely(); var pki1 = client.secrets().pki(mount1); @@ -370,7 +370,7 @@ public void testSignIntermediateViaIssuer(VaultClient client, @Random String mou @Test public void testSignSelfIssued(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -395,7 +395,7 @@ public void testSignSelfIssued(VaultClient client, @Random String mount) { @Test public void testSignSelfIssuedViaIssuer(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -420,7 +420,7 @@ public void testSignSelfIssuedViaIssuer(VaultClient client, @Random String mount @Test public void testListCerts(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -447,7 +447,7 @@ public void testListCerts(VaultClient client, @Random String mount) { @Test public void testReadCert(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -479,7 +479,7 @@ public void testReadCert(VaultClient client, @Random String mount) { @Test public void testRevoke(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -507,7 +507,7 @@ public void testRevoke(VaultClient client, @Random String mount) { @Test public void testRevokeWithKey(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -536,7 +536,7 @@ public void testRevokeWithKey(VaultClient client, @Random String mount) { @Test public void testListRevoked(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -567,7 +567,7 @@ public void testListRevoked(VaultClient client, @Random String mount) { @Test public void testReadIssuerCa(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -585,7 +585,7 @@ public void testReadIssuerCa(VaultClient client, @Random String mount) { @Test public void testReadIssuerCaFromIssuer(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -607,7 +607,7 @@ public void testReadIssuerCaFromIssuer(VaultClient client, @Random String mount) @Test public void testReadIssuerCaChain(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -625,7 +625,7 @@ public void testReadIssuerCaChain(VaultClient client, @Random String mount) { @Test public void testReadIssuerCrl(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -665,7 +665,7 @@ public void testReadIssuerCrl(VaultClient client, @Random String mount) throws E @Test public void testReadIssuerCrlViaIssuer(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -705,7 +705,7 @@ public void testReadIssuerCrlViaIssuer(VaultClient client, @Random String mount) @Test public void testReadIssuerDeltaCrl(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -743,7 +743,7 @@ public void testReadIssuerDeltaCrl(VaultClient client, @Random String mount) thr @Test public void testReadIssuerDeltaCrlViaIssuer(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -782,7 +782,7 @@ public void testReadIssuerDeltaCrlViaIssuer(VaultClient client, @Random String m @Disabled("Requires Enterprise Vault") @Test public void testReadIssuerUnifiedCrl(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -823,7 +823,7 @@ public void testReadIssuerUnifiedCrl(VaultClient client, @Random String mount) t @Disabled("Requires Enterprise Vault") @Test public void testReadIssuerUnifiedCrlViaIssuer(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -864,7 +864,7 @@ public void testReadIssuerUnifiedCrlViaIssuer(VaultClient client, @Random String @Disabled("Requires Enterprise Vault") @Test public void testReadIssuerUnifiedDeltaCrl(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -903,7 +903,7 @@ public void testReadIssuerUnifiedDeltaCrl(VaultClient client, @Random String mou @Disabled("Requires Enterprise Vault") @Test public void testReadIssuerUnifiedDeltaCrlViaIssuer(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -941,7 +941,7 @@ public void testReadIssuerUnifiedDeltaCrlViaIssuer(VaultClient client, @Random S @Test public void testConfigUrls(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -964,7 +964,7 @@ public void testConfigUrls(VaultClient client, @Random String mount) { @Test public void testConfigCluster(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -982,7 +982,7 @@ public void testConfigCluster(VaultClient client, @Random String mount) { @Test public void testConfigCrl(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1023,7 +1023,7 @@ public void testConfigCrl(VaultClient client, @Random String mount) { @Test public void testConfigKeys(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1054,7 +1054,7 @@ public void testConfigKeys(VaultClient client, @Random String mount) { @Test public void testConfigIssuers(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1091,7 +1091,7 @@ public void testConfigIssuers(VaultClient client, @Random String mount) { @Test public void testRotateCrl(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1105,7 +1105,7 @@ public void testRotateCrl(VaultClient client, @Random String mount) { @Test public void testRotateDeltaCrl(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1124,7 +1124,7 @@ public void testRotateDeltaCrl(VaultClient client, @Random String mount) { @Test public void testGenerateRoot(VaultClient client, @Random String mount) throws IOException { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1160,7 +1160,7 @@ public void testGenerateRoot(VaultClient client, @Random String mount) throws IO @Test public void testRotateRoot(VaultClient client, @Random String mount) throws IOException { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1204,7 +1204,7 @@ public void testRotateRoot(VaultClient client, @Random String mount) throws IOEx @Test public void testGenerateIssuerRoot(VaultClient client, @Random String mount) throws IOException { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1243,7 +1243,7 @@ public void testGenerateIssuerRoot(VaultClient client, @Random String mount) thr @Test public void testGenerateIntermediateCsr(VaultClient client, @Random String mount) throws IOException { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1261,7 +1261,7 @@ public void testGenerateIntermediateCsr(VaultClient client, @Random String mount @Test public void testGenerateIssuerIntermediateCsr(VaultClient client, @Random String mount) throws IOException { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1279,7 +1279,7 @@ public void testGenerateIssuerIntermediateCsr(VaultClient client, @Random String @Test public void testGenerateCrossSignCsr(VaultClient client, @Random String mount) throws IOException { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1301,9 +1301,9 @@ public void testGenerateCrossSignCsr(VaultClient client, @Random String mount) t @Test public void testSetSignedIntermediate(VaultClient client, @Random String mount1, @Random String mount2) throws IOException { - client.sys().mounts().enable(mount1, "pki", null, null) + client.sys().mounts().enable(mount1, "pki", null, null, null) .await().indefinitely(); - client.sys().mounts().enable(mount2, "pki", null, null) + client.sys().mounts().enable(mount2, "pki", null, null, null) .await().indefinitely(); var pki1 = client.secrets().pki(mount1); @@ -1336,9 +1336,9 @@ public void testSetSignedIntermediate(VaultClient client, @Random String mount1, @Test public void testConfigCa(VaultClient client, @Random String mount1, @Random String mount2) { - client.sys().mounts().enable(mount1, "pki", null, null) + client.sys().mounts().enable(mount1, "pki", null, null, null) .await().indefinitely(); - client.sys().mounts().enable(mount2, "pki", null, null) + client.sys().mounts().enable(mount2, "pki", null, null, null) .await().indefinitely(); var pki1 = client.secrets().pki(mount1); @@ -1367,9 +1367,9 @@ public void testConfigCa(VaultClient client, @Random String mount1, @Random Stri @Test public void testImportIssuerBundle(VaultClient client, @Random String mount1, @Random String mount2) { - client.sys().mounts().enable(mount1, "pki", null, null) + client.sys().mounts().enable(mount1, "pki", null, null, null) .await().indefinitely(); - client.sys().mounts().enable(mount2, "pki", null, null) + client.sys().mounts().enable(mount2, "pki", null, null, null) .await().indefinitely(); var pki1 = client.secrets().pki(mount1); @@ -1398,9 +1398,9 @@ public void testImportIssuerBundle(VaultClient client, @Random String mount1, @R @Test public void testImportIssuerCert(VaultClient client, @Random String mount1, @Random String mount2) { - client.sys().mounts().enable(mount1, "pki", null, null) + client.sys().mounts().enable(mount1, "pki", null, null, null) .await().indefinitely(); - client.sys().mounts().enable(mount2, "pki", null, null) + client.sys().mounts().enable(mount2, "pki", null, null, null) .await().indefinitely(); var pki1 = client.secrets().pki(mount1); @@ -1426,7 +1426,7 @@ public void testImportIssuerCert(VaultClient client, @Random String mount1, @Ran @Test public void testRevokeIssuer(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1460,7 +1460,7 @@ public void testRevokeIssuer(VaultClient client, @Random String mount) { @Test public void testDeleteIssuer(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1476,7 +1476,7 @@ public void testDeleteIssuer(VaultClient client, @Random String mount) { @Test public void testListKeys(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1498,7 +1498,7 @@ public void testListKeys(VaultClient client, @Random String mount) { @Test public void testImportKey(VaultClient client, @Random String mount) throws Exception { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1523,7 +1523,7 @@ public void testImportKey(VaultClient client, @Random String mount) throws Excep @Test public void testReadKey(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1545,7 +1545,7 @@ public void testReadKey(VaultClient client, @Random String mount) { @Test public void testUpdateKey(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1568,7 +1568,7 @@ public void testUpdateKey(VaultClient client, @Random String mount) { @Test public void testDeleteKey(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1590,7 +1590,7 @@ public void testDeleteKey(VaultClient client, @Random String mount) { @Test public void testUpdateRole(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1747,7 +1747,7 @@ public void testUpdateRole(VaultClient client, @Random String mount) { @Test public void testListRoles(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1768,7 +1768,7 @@ public void testListRoles(VaultClient client, @Random String mount) { @Test public void testDeleteRole(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); @@ -1798,7 +1798,7 @@ public void testDeleteRole(VaultClient client, @Random String mount) { @Test public void testDeleteAll(VaultClient client, @Random String mount) { - client.sys().mounts().enable(mount, "pki", null, null) + client.sys().mounts().enable(mount, "pki", null, null, null) .await().indefinitely(); var pki = client.secrets().pki(mount); diff --git a/client/src/test/java/io/quarkus/vault/client/VaultSysMountsTest.java b/client/src/test/java/io/quarkus/vault/client/VaultSysMountsTest.java index 6dc94da3..56a19ac5 100644 --- a/client/src/test/java/io/quarkus/vault/client/VaultSysMountsTest.java +++ b/client/src/test/java/io/quarkus/vault/client/VaultSysMountsTest.java @@ -49,7 +49,6 @@ public void testList(VaultClient client) { assertThat(kvMountInfo.isLocal()) .isFalse(); assertThat(kvMountInfo.getOptions()) - .isNotNull() .containsEntry("version", "2"); assertThat(kvMountInfo.getPluginVersion()) .isEmpty(); @@ -79,8 +78,8 @@ public void testRead(VaultClient client, @Random String mount) { .setListingVisibility(VaultSysMountsListingVisibility.HIDDEN) .setPassthroughRequestHeaders(List.of("header1", "header2")) .setAllowedResponseHeaders(List.of("header3", "header4")) - .setAllowedManagedKeys(List.of("key5", "key6")) - .setOptions(Map.of("version", "2"))) + .setAllowedManagedKeys(List.of("key5", "key6")), + Map.of("version", "2")) .await().indefinitely(); var kvMountInfo = mountApi.read(mount) @@ -117,7 +116,7 @@ public void testRead(VaultClient client, @Random String mount) { assertThat(kvMountInfo.isLocal()) .isFalse(); assertThat(kvMountInfo.getOptions()) - .isEmpty(); + .containsEntry("version", "2"); assertThat(kvMountInfo.getPluginVersion()) .isEmpty(); assertThat(kvMountInfo.getRunningPluginVersion()) @@ -139,7 +138,7 @@ public void testEnable(VaultClient client, @Random String path) { var mountPath = path + "/"; - mountApi.enable(path, "kv", null, null) + mountApi.enable(path, "kv", null, null, null) .await().indefinitely(); var mounts = mountApi.list() @@ -155,7 +154,7 @@ public void testDisable(VaultClient client, @Random String path) { var mountPath = path + "/"; - mountApi.enable(path, "kv", null, null) + mountApi.enable(path, "kv", null, null, null) .await().indefinitely(); var mounts = mountApi.list() @@ -207,8 +206,7 @@ public void testReadTune(VaultClient client) { public void testTune(VaultClient client, @Random String path) { var mountApi = client.sys().mounts(); - mountApi.enable(path, "kv", null, new VaultSysMountsEnableConfig() - .setOptions(Map.of("version", "1"))) + mountApi.enable(path, "kv", null, null, Map.of("version", "1")) .await().indefinitely(); mountApi.tune(path, new VaultSysMountsTuneParams() diff --git a/client/src/test/java/io/quarkus/vault/client/VaultSysPluginsTest.java b/client/src/test/java/io/quarkus/vault/client/VaultSysPluginsTest.java index 36ff92a7..c0e4dfa1 100644 --- a/client/src/test/java/io/quarkus/vault/client/VaultSysPluginsTest.java +++ b/client/src/test/java/io/quarkus/vault/client/VaultSysPluginsTest.java @@ -137,6 +137,31 @@ public void testRegister(VaultClient client, @Random String pluginName) throws E .isEmpty(); assertThat(pluginInfo.getArgs()) .contains("--arg1", "--arg2"); + assertThat(pluginInfo.getDeprecationStatus()) + .isNull(); + } + + @Test + public void testReadBuiltin(VaultClient client) { + var pluginsApi = client.sys().plugins(); + + var pluginInfo = pluginsApi.read("secret", "kv") + .await().indefinitely(); + + assertThat(pluginInfo) + .isNotNull(); + assertThat(pluginInfo.getName()) + .isEqualTo("kv"); + assertThat(pluginInfo.getCommand()) + .isEmpty(); + assertThat(pluginInfo.getSha256()) + .isEmpty(); + assertThat(pluginInfo.getVersion()) + .endsWith("builtin"); + assertThat(pluginInfo.getArgs()) + .isNull(); + assertThat(pluginInfo.getDeprecationStatus()) + .isEqualTo("supported"); } @Test @@ -252,7 +277,7 @@ public void testReloadMounts(VaultClient client, @Random String pluginName, @Ran .setVersion("v1.0.0")) .await().indefinitely(); - client.sys().mounts().enable(mount, pluginName, null, null) + client.sys().mounts().enable(mount, pluginName, null, null, null) .await().indefinitely(); pluginsApi.reloadPlugin(pluginName, "global") diff --git a/client/src/test/java/io/quarkus/vault/client/VaultSysRemountTest.java b/client/src/test/java/io/quarkus/vault/client/VaultSysRemountTest.java index b965c38b..eef15229 100644 --- a/client/src/test/java/io/quarkus/vault/client/VaultSysRemountTest.java +++ b/client/src/test/java/io/quarkus/vault/client/VaultSysRemountTest.java @@ -14,7 +14,7 @@ public class VaultSysRemountTest { public void testRemountAndStatus(VaultClient client, @Random String path, @Random String newPath) { var remountApi = client.sys().remount(); - client.sys().mounts().enable(path, "kv", null, null) + client.sys().mounts().enable(path, "kv", null, null, null) .await().indefinitely(); var remount = remountApi.remount(path, newPath) diff --git a/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java b/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java index cc5b4a4d..0bc17b45 100644 --- a/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java +++ b/integration-tests/vault/src/test/java/io/quarkus/vault/VaultITCase.java @@ -54,7 +54,7 @@ import io.quarkus.vault.client.api.common.VaultFormat; import io.quarkus.vault.client.api.common.VaultHashAlgorithm; import io.quarkus.vault.client.api.common.VaultLeasedResult; -import io.quarkus.vault.client.api.secrets.kv2.VaultSecretsKV2ReadSecretResult; +import io.quarkus.vault.client.api.secrets.kv2.VaultSecretsKV2ReadSecretData; import io.quarkus.vault.client.api.secrets.transit.*; import io.quarkus.vault.runtime.config.VaultAuthenticationType; import io.quarkus.vault.runtime.config.VaultConfigSource; @@ -156,11 +156,11 @@ public void httpclient() { var anotherWrappingToken = ConfigProviderResolver.instance().getConfig() .getValue("vault-test.another-password-kv-v2-wrapping-token", String.class); var unwrap = vaultClient.sys().wrapping() - .unwrapAs(anotherWrappingToken, VaultSecretsKV2ReadSecretResult.class) + .unwrapAs(anotherWrappingToken, VaultSecretsKV2ReadSecretData.class) .await().indefinitely(); - assertEquals(VAULT_AUTH_USERPASS_PASSWORD, unwrap.getData().getData().get("password")); + assertEquals(VAULT_AUTH_USERPASS_PASSWORD, unwrap.getData().get("password")); try { - vaultClient.sys().wrapping().unwrapAs(anotherWrappingToken, VaultSecretsKV2ReadSecretResult.class) + vaultClient.sys().wrapping().unwrapAs(anotherWrappingToken, VaultSecretsKV2ReadSecretData.class) .await().indefinitely(); fail("expected error 400: wrapping token is not valid or does not exist"); } catch (VaultClientException e) { diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/DurationHelper.java b/runtime/src/main/java/io/quarkus/vault/runtime/DurationHelper.java index 955f7dd1..d0f82336 100644 --- a/runtime/src/main/java/io/quarkus/vault/runtime/DurationHelper.java +++ b/runtime/src/main/java/io/quarkus/vault/runtime/DurationHelper.java @@ -15,7 +15,7 @@ public static String toVaultDuration(Duration duration) { if (value.startsWith("PT")) { value = value.substring(2); } - return value; + return value.toLowerCase(); } public static Integer toDurationSeconds(Duration duration) { diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java b/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java index 6dc770d0..0756fc90 100644 --- a/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java +++ b/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java @@ -1,7 +1,6 @@ package io.quarkus.vault.runtime; -import static io.quarkus.vault.runtime.DurationHelper.fromVaultDuration; -import static io.quarkus.vault.runtime.DurationHelper.toVaultDuration; +import static io.quarkus.vault.runtime.DurationHelper.*; import static io.quarkus.vault.runtime.VaultPKIManagerFactory.PKI_ENGINE_NAME; import static java.util.Arrays.asList; import static java.util.Collections.emptyList; @@ -262,9 +261,8 @@ public Uni updateRole(String role, RoleOptions options) { options.keyType != null ? VaultSecretsPKIKeyType.from(options.keyType.name().toLowerCase(Locale.ROOT)) : null) .setKeyBits(options.keyBits != null ? VaultSecretsPKIKeyBits.fromBits(options.keyBits) : null) - .setKeyUsage(options.keyUsages.stream().map(e -> VaultSecretsPKIKeyUsage.from(e.name())).collect(toList())) - .setExtKeyUsage(options.extendedKeyUsages.stream().map(e -> VaultSecretsPKIExtKeyUsage.from(e.name())) - .collect(toList())) + .setKeyUsage(mapKeyUsagesToClient(options.keyUsages)) + .setExtKeyUsage(mapExtKeyUsagesToClient(options.extendedKeyUsages)) .setExtKeyUsageOids(options.extendedKeyUsageOIDs) .setUseCsrCommonName(options.useCSRCommonName) .setUseCsrSans(options.useCSRSubjectAlternativeNames) @@ -291,8 +289,8 @@ public Uni getRole(String role) { return pki.readRole(role) .map(info -> { RoleOptions result = new RoleOptions(); - result.timeToLive = toVaultDuration(info.getTtl()); - result.maxTimeToLive = toVaultDuration(info.getMaxTtl()); + result.timeToLive = toStringDurationSeconds(info.getTtl()); + result.maxTimeToLive = toStringDurationSeconds(info.getMaxTtl()); result.allowLocalhost = info.isAllowLocalhost(); result.allowedDomains = info.getAllowedDomains(); result.allowTemplatesInAllowedDomains = info.isAllowedDomainsTemplate(); @@ -310,10 +308,8 @@ public Uni getRole(String role) { result.emailProtectionFlag = info.isEmailProtectionFlag(); result.keyType = stringToCertificateKeyType(info.getKeyType()); result.keyBits = info.getKeyBits().getBits(); - result.keyUsages = info.getKeyUsage() != null ? info.getKeyUsage().stream() - .map(e -> CertificateKeyUsage.valueOf(e.name())).collect(toList()) : null; - result.extendedKeyUsages = info.getExtKeyUsage() != null ? info.getExtKeyUsage().stream() - .map(e -> CertificateExtendedKeyUsage.valueOf(e.name())).collect(toList()) : null; + result.keyUsages = mapKeyUsagesFromClient(info.getKeyUsage()); + result.extendedKeyUsages = mapExtKeyUsagesFromClient(info.getExtKeyUsage()); result.extendedKeyUsageOIDs = info.getExtKeyUsageOids(); result.useCSRCommonName = info.isUseCsrCommonName(); result.useCSRSubjectAlternativeNames = info.isUseCsrSans(); @@ -331,7 +327,7 @@ public Uni getRole(String role) { result.requireCommonName = info.isRequireCn(); result.policyOIDs = info.getPolicyIdentifiers(); result.basicConstraintsValidForNonCA = info.isBasicConstraintsValidForNonCa(); - result.notBeforeDuration = toVaultDuration(info.getNotBefore()); + result.notBeforeDuration = toStringDurationSeconds(info.getNotBefore()); return result; }); } @@ -590,4 +586,32 @@ private PrivateKeyData createPrivateKeyData(String data, VaultSecretsPKIFormat f throw new VaultException("Unsupported private key format"); } } + + private static List mapKeyUsagesToClient(List keyUsages) { + if (keyUsages == null) { + return null; + } + return keyUsages.stream().map(e -> VaultSecretsPKIKeyUsage.from(e.name())).collect(toList()); + } + + private static List mapKeyUsagesFromClient(List keyUsages) { + if (keyUsages == null) { + return null; + } + return keyUsages.stream().map(e -> CertificateKeyUsage.valueOf(e.getValue())).collect(toList()); + } + + private static List mapExtKeyUsagesToClient(List keyUsages) { + if (keyUsages == null) { + return null; + } + return keyUsages.stream().map(e -> VaultSecretsPKIExtKeyUsage.from(e.name())).collect(toList()); + } + + private static List mapExtKeyUsagesFromClient(List keyUsages) { + if (keyUsages == null) { + return null; + } + return keyUsages.stream().map(e -> CertificateExtendedKeyUsage.valueOf(e.getValue())).collect(toList()); + } } diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/VaultSystemBackendManager.java b/runtime/src/main/java/io/quarkus/vault/runtime/VaultSystemBackendManager.java index bd3a64ec..226b0cf8 100644 --- a/runtime/src/main/java/io/quarkus/vault/runtime/VaultSystemBackendManager.java +++ b/runtime/src/main/java/io/quarkus/vault/runtime/VaultSystemBackendManager.java @@ -1,8 +1,10 @@ package io.quarkus.vault.runtime; import static io.quarkus.vault.runtime.DurationHelper.*; +import static java.util.stream.Collectors.toMap; import java.util.List; +import java.util.Map; import java.util.stream.Collectors; import jakarta.annotation.Nullable; @@ -233,7 +235,9 @@ public Uni enable(String engineType, String mount, String description, Ena .setAllowedResponseHeaders(options.allowedResponseHeaders) .setAllowedManagedKeys(options.allowedManagedKeys) .setPluginVersion(options.pluginVersion); - return vaultClient.sys().mounts().enable(mount, engineType, description, config); + return vaultClient.sys().mounts().enable(mount, engineType, description, config, options.options != null + ? options.options.entrySet().stream().collect(toMap(Map.Entry::getKey, Map.Entry::getValue)) + : null); } @Override @@ -276,11 +280,11 @@ public Uni getPluginDetails(String type, String name, @Nulla .map(r -> new VaultPluginDetails() .setBuiltin(r.isBuiltin()) .setName(r.getName()) - .setType(type) .setVersion(r.getVersion()) .setSha256(r.getSha256()) .setCommand(r.getCommand()) - .setArgs(r.getArgs())) + .setArgs(r.getArgs()) + .setDeprecationStatus(r.getDeprecationStatus())) .onFailure(VaultClientException.class).recoverWithUni(x -> { VaultClientException vx = (VaultClientException) x; if (vx.getStatus() == 404) { diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/VaultTransitManager.java b/runtime/src/main/java/io/quarkus/vault/runtime/VaultTransitManager.java index b3b2ddbf..3b3a851f 100644 --- a/runtime/src/main/java/io/quarkus/vault/runtime/VaultTransitManager.java +++ b/runtime/src/main/java/io/quarkus/vault/runtime/VaultTransitManager.java @@ -141,7 +141,7 @@ private Uni> encryptBatch(String keyName, List> verifyBatch(String keyName, List result.stream() - .map(r -> new VerificationResult(r.isValid(), r.getError())) + .map(r -> { + if (r.getError() != null) { + return new VerificationResult(r.isValid(), r.getError()); + } else { + return new VerificationResult(r.isValid(), !r.isValid() ? INVALID_SIGNATURE : null); + } + }) .collect(toList())); } diff --git a/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java b/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java index 2b603a36..702c0c37 100644 --- a/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java +++ b/test-framework/src/main/java/io/quarkus/vault/test/VaultTestExtension.java @@ -49,6 +49,7 @@ import io.quarkus.vault.client.api.sys.init.VaultSysInitParams; import io.quarkus.vault.client.http.vertx.VertxVaultHttpClient; import io.quarkus.vault.runtime.VaultVersions; +import io.vertx.ext.web.client.WebClientOptions; import io.vertx.mutiny.core.Vertx; import io.vertx.mutiny.ext.web.client.WebClient; @@ -163,7 +164,10 @@ private static String readSecretAsString(VaultKVSecretEngine kvSecretEngine, Str } private VaultClient createVaultClient() { - VertxVaultHttpClient httpClient = new VertxVaultHttpClient(WebClient.create(Vertx.vertx())); + var webClient = WebClient.create(Vertx.vertx(), new WebClientOptions() + .setTrustAll(true) + .setVerifyHost(false)); + VertxVaultHttpClient httpClient = new VertxVaultHttpClient(webClient); return VaultClient.builder() .executor(httpClient) .baseUrl(getVaultUrl().orElseThrow())