diff --git a/docs/modules/ROOT/pages/includes/quarkus-vault.adoc b/docs/modules/ROOT/pages/includes/quarkus-vault.adoc
index c5c9c5ae..93eab09c 100644
--- a/docs/modules/ROOT/pages/includes/quarkus-vault.adoc
+++ b/docs/modules/ROOT/pages/includes/quarkus-vault.adoc
@@ -260,13 +260,13 @@ Renew grace period duration.
This value if used to extend a lease before it expires its ttl, or recreate a new lease before the current
lease reaches its max_ttl.
-By default Vault leaseDuration is equal to 7 days (ie: 168h or 604800s).
+By default, Vault leaseDuration is equal to 7 days (ie: 168h or 604800s).
If a connection pool maxLifetime is set, it is reasonable to set the renewGracePeriod to be greater
than the maxLifetime, so that we are sure we get a chance to renew leases before we reach the ttl.
In any case you need to make sure there will be attempts to fetch secrets within the renewGracePeriod,
because that is when the renewals will happen. This is particularly important for db dynamic secrets
because if the lease reaches its ttl or max_ttl, the password of the db user will become invalid and
-it will be not longer possible to log in.
+it will be no longer possible to log in.
This value should also be smaller than the ttl, otherwise that would mean that we would try to recreate
leases all the time.
@@ -384,7 +384,7 @@ a| [[quarkus-vault_quarkus.vault.kv-secret-engine-version]]`link:#quarkus-vault_
--
Kv secret engine version.
-see https://www.vaultproject.io/docs/secrets/kv/index.html
+see KV secrets engine
ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_KV_SECRET_ENGINE_VERSION+++[]
@@ -420,7 +420,7 @@ The secret properties would be fetched from Vault using a `GET` on
`https://localhost:8200/v1/secret/data/config/myapp` for a KV secret engine v2 (or
`https://localhost:8200/v1/secret/config/myapp` for a KV secret engine v1).
-see https://www.vaultproject.io/docs/secrets/kv/index.html
+see KV secrets engine
ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_KV_SECRET_ENGINE_MOUNT_PATH+++[]
@@ -670,7 +670,7 @@ Vault Enterprise namespace
If set, this will add a `X-Vault-Namespace` header to all requests sent to the Vault server.
-See https://www.vaultproject.io/docs/enterprise/namespaces
+See Vault Enterprise namespaces
ifdef::add-copy-button-to-env-var[]
Environment variable: env_var_with_copy_button:+++QUARKUS_VAULT_ENTERPRISE_NAMESPACE+++[]
diff --git a/integration-tests/vault/src/test/java/io/quarkus/vault/VaultPKIITCase.java b/integration-tests/vault/src/test/java/io/quarkus/vault/VaultPKIITCase.java
index 487c6665..79c8db27 100644
--- a/integration-tests/vault/src/test/java/io/quarkus/vault/VaultPKIITCase.java
+++ b/integration-tests/vault/src/test/java/io/quarkus/vault/VaultPKIITCase.java
@@ -307,24 +307,24 @@ public void testSignIntermediateCAOptions() throws Exception {
// Sign the intermediate CA using "pki"
SignIntermediateCAOptions options = new SignIntermediateCAOptions();
- options.subjectCommonName = "test.example.com";
- options.subjectOrganization = "Test Org";
- options.subjectOrganizationalUnit = "Test Unit";
- options.subjectStreetAddress = "123 Main Street";
- options.subjectLocality = "New York";
- options.subjectProvince = "NY";
- options.subjectCountry = "USA";
- options.subjectPostalCode = "10030";
- options.subjectSerialNumber = "9876543210";
- options.subjectAlternativeNames = singletonList("alt.example.com");
- options.ipSubjectAlternativeNames = singletonList("1.2.3.4");
- options.uriSubjectAlternativeNames = singletonList("ex:12345");
- //options.otherSubjectAlternativeNames = singletonList("1.3.6.1.4.1.311.20.2.3;UTF8:test");
- options.excludeCommonNameFromSubjectAlternativeNames = true;
- options.timeToLive = "8760h";
- options.maxPathLength = 3;
- options.permittedDnsDomains = asList("subs1.example.com", "subs2.example.com");
- options.useCSRValues = false;
+ options.subjectCommonName("test.example.com");
+ options.subjectOrganization("Test Org");
+ options.subjectOrganizationalUnit("Test Unit");
+ options.subjectStreetAddress("123 Main Street");
+ options.subjectLocality("New York");
+ options.subjectProvince("NY");
+ options.subjectCountry("USA");
+ options.subjectPostalCode("10030");
+ options.subjectSerialNumber("9876543210");
+ options.subjectAlternativeNames(singletonList("alt.example.com"));
+ options.ipSubjectAlternativeNames(singletonList("1.2.3.4"));
+ options.uriSubjectAlternativeNames(singletonList("ex:12345"));
+ //options.otherSubjectAlternativeNames(singletonList("1.3.6.1.4.1.311.20.2.3;UTF8:test"));
+ options.excludeCommonNameFromSubjectAlternativeNames(true);
+ options.timeToLive("8760h");
+ options.maxPathLength(3);
+ options.permittedDnsDomains(asList("subs1.example.com", "subs2.example.com"));
+ options.useCSRValues(false);
SignedCertificate result = pkiSecretEngine.signIntermediateCA((String) csrResult.csr.getData(), options);
diff --git a/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendEngine.java b/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendEngine.java
index e9d99f14..c6ee157f 100644
--- a/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendEngine.java
+++ b/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendEngine.java
@@ -126,7 +126,9 @@ public VaultTuneInfo getTuneInfo(String mount) {
* Get the info for a secret engine, including its type.
*
* @since Vault 1.10.0
- * @see https://www.vaultproject.io/api-docs/system/mounts#get-the-configuration-of-a-secret-engine
+ * @see
+ * Get the configuration of a secret engine
+ *
*
* @param mount Name of the secret engine
* @return current secret engine info
diff --git a/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendReactiveEngine.java b/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendReactiveEngine.java
index d5cb70b1..9b2a0925 100644
--- a/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendReactiveEngine.java
+++ b/runtime/src/main/java/io/quarkus/vault/VaultSystemBackendReactiveEngine.java
@@ -89,7 +89,9 @@ public interface VaultSystemBackendReactiveEngine {
* Get the info for a secret engine, including its type.
*
* @since Vault 1.10.0
- * @see https://www.vaultproject.io/api-docs/system/mounts#get-the-configuration-of-a-secret-engine
+ * @see
+ * Get the configuration of a secret engine
+ *
*
* @param mount Name of the secret engine
* @return current secret engine info
diff --git a/runtime/src/main/java/io/quarkus/vault/pki/SignIntermediateCAOptions.java b/runtime/src/main/java/io/quarkus/vault/pki/SignIntermediateCAOptions.java
index 2e5296a7..2ffe8c62 100644
--- a/runtime/src/main/java/io/quarkus/vault/pki/SignIntermediateCAOptions.java
+++ b/runtime/src/main/java/io/quarkus/vault/pki/SignIntermediateCAOptions.java
@@ -10,89 +10,89 @@ public class SignIntermediateCAOptions {
/**
* Specifies Common Name (CN) of the subject.
*/
- public String subjectCommonName;
+ private String subjectCommonName;
/**
* Specifies Organization (O) of the subject.
*/
- public String subjectOrganization;
+ private String subjectOrganization;
/**
* Specifies Organizational Unit (OU) of the subject.
*/
- public String subjectOrganizationalUnit;
+ private String subjectOrganizationalUnit;
/**
* Specifies Street Address of the subject.
*/
- public String subjectStreetAddress;
+ private String subjectStreetAddress;
/**
* Specifies Postal Code of the subject.
*/
- public String subjectPostalCode;
+ private String subjectPostalCode;
/**
* Specifies Locality (L) of the subject.
*/
- public String subjectLocality;
+ private String subjectLocality;
/**
* Specifies Province (ST) of the subject.
*/
- public String subjectProvince;
+ private String subjectProvince;
/**
* Specifies Country (C) of the subject.
*/
- public String subjectCountry;
+ private String subjectCountry;
/**
* Specifies the Serial Number (SERIALNUMBER) of the subject.
*/
- public String subjectSerialNumber;
+ private String subjectSerialNumber;
/**
* Specifies Subject Alternative Names.
*
* These can be host names or email addresses; they will be parsed into their respective fields.
*/
- public List subjectAlternativeNames;
+ private List subjectAlternativeNames;
/**
* Flag determining if the Common Name (CN) of the subject will be included
* by default in the Subject Alternative Names of issued certificates.
*/
- public Boolean excludeCommonNameFromSubjectAlternativeNames;
+ private Boolean excludeCommonNameFromSubjectAlternativeNames;
/**
* Specifies IP Subject Alternative Names.
*/
- public List ipSubjectAlternativeNames;
+ private List ipSubjectAlternativeNames;
/**
* Specifies URI Subject Alternative Names.
*/
- public List uriSubjectAlternativeNames;
+ private List uriSubjectAlternativeNames;
/**
* Specifies custom OID/UTF8-string Subject Alternative Names.
*
* The format is the same as OpenSSL: ;: where the only current valid type is UTF8.
*/
- public List otherSubjectAlternativeNames;
+ private List otherSubjectAlternativeNames;
/**
* Specifies time-to-live.
*
* Value is specified as a string duration with time suffix. Hour is the largest supported suffix.
*/
- public String timeToLive;
+ private String timeToLive;
/**
* Specifies the maximum path length for generated certificate.
*/
- public Integer maxPathLength;
+ private Integer maxPathLength;
/**
* Flag determining if CSR values are used instead of configured default values.
@@ -105,116 +105,192 @@ public class SignIntermediateCAOptions {
*
Extensions requested in the CSR will be copied into the issued certificate.
*
*/
- public Boolean useCSRValues;
+ private Boolean useCSRValues;
/**
* DNS domains for which certificates are allowed to be issued or signed by this CA certificate. Subdomains
* are allowed, as per RFC.
*/
- public List permittedDnsDomains;
+ private List permittedDnsDomains;
/**
* Specifies returned format of certificate data. If unspecified it defaults
* to {@link DataFormat#PEM}
*/
- public DataFormat format;
+ private DataFormat format;
- public SignIntermediateCAOptions setSubjectCommonName(String subjectCommonName) {
+ public SignIntermediateCAOptions subjectCommonName(String subjectCommonName) {
this.subjectCommonName = subjectCommonName;
return this;
}
- public SignIntermediateCAOptions setSubjectOrganization(String subjectOrganization) {
+ public SignIntermediateCAOptions subjectOrganization(String subjectOrganization) {
this.subjectOrganization = subjectOrganization;
return this;
}
- public SignIntermediateCAOptions setSubjectOrganizationalUnit(String subjectOrganizationalUnit) {
+ public SignIntermediateCAOptions subjectOrganizationalUnit(String subjectOrganizationalUnit) {
this.subjectOrganizationalUnit = subjectOrganizationalUnit;
return this;
}
- public SignIntermediateCAOptions setSubjectStreetAddress(String subjectStreetAddress) {
+ public SignIntermediateCAOptions subjectStreetAddress(String subjectStreetAddress) {
this.subjectStreetAddress = subjectStreetAddress;
return this;
}
- public SignIntermediateCAOptions setSubjectPostalCode(String subjectPostalCode) {
+ public SignIntermediateCAOptions subjectPostalCode(String subjectPostalCode) {
this.subjectPostalCode = subjectPostalCode;
return this;
}
- public SignIntermediateCAOptions setSubjectLocality(String subjectLocality) {
+ public SignIntermediateCAOptions subjectLocality(String subjectLocality) {
this.subjectLocality = subjectLocality;
return this;
}
- public SignIntermediateCAOptions setSubjectProvince(String subjectProvince) {
+ public SignIntermediateCAOptions subjectProvince(String subjectProvince) {
this.subjectProvince = subjectProvince;
return this;
}
- public SignIntermediateCAOptions setSubjectCountry(String subjectCountry) {
+ public SignIntermediateCAOptions subjectCountry(String subjectCountry) {
this.subjectCountry = subjectCountry;
return this;
}
- public SignIntermediateCAOptions setSubjectSerialNumber(String subjectSerialNumber) {
+ public SignIntermediateCAOptions subjectSerialNumber(String subjectSerialNumber) {
this.subjectSerialNumber = subjectSerialNumber;
return this;
}
- public SignIntermediateCAOptions setSubjectAlternativeNames(List subjectAlternativeNames) {
+ public SignIntermediateCAOptions subjectAlternativeNames(List subjectAlternativeNames) {
this.subjectAlternativeNames = subjectAlternativeNames;
return this;
}
- public SignIntermediateCAOptions setExcludeCommonNameFromSubjectAlternativeNames(
+ public SignIntermediateCAOptions excludeCommonNameFromSubjectAlternativeNames(
Boolean excludeCommonNameFromSubjectAlternativeNames) {
this.excludeCommonNameFromSubjectAlternativeNames = excludeCommonNameFromSubjectAlternativeNames;
return this;
}
- public SignIntermediateCAOptions setIpSubjectAlternativeNames(
+ public SignIntermediateCAOptions ipSubjectAlternativeNames(
List ipSubjectAlternativeNames) {
this.ipSubjectAlternativeNames = ipSubjectAlternativeNames;
return this;
}
- public SignIntermediateCAOptions setUriSubjectAlternativeNames(
+ public SignIntermediateCAOptions uriSubjectAlternativeNames(
List uriSubjectAlternativeNames) {
this.uriSubjectAlternativeNames = uriSubjectAlternativeNames;
return this;
}
- public SignIntermediateCAOptions setOtherSubjectAlternativeNames(
+ public SignIntermediateCAOptions otherSubjectAlternativeNames(
List otherSubjectAlternativeNames) {
this.otherSubjectAlternativeNames = otherSubjectAlternativeNames;
return this;
}
- public SignIntermediateCAOptions setTimeToLive(String timeToLive) {
+ public SignIntermediateCAOptions timeToLive(String timeToLive) {
this.timeToLive = timeToLive;
return this;
}
- public SignIntermediateCAOptions setMaxPathLength(Integer maxPathLength) {
+ public SignIntermediateCAOptions maxPathLength(Integer maxPathLength) {
this.maxPathLength = maxPathLength;
return this;
}
- public SignIntermediateCAOptions setUseCSRValues(Boolean useCSRValues) {
+ public SignIntermediateCAOptions useCSRValues(Boolean useCSRValues) {
this.useCSRValues = useCSRValues;
return this;
}
- public SignIntermediateCAOptions setPermittedDnsDomains(List permittedDnsDomains) {
+ public SignIntermediateCAOptions permittedDnsDomains(List permittedDnsDomains) {
this.permittedDnsDomains = permittedDnsDomains;
return this;
}
- public SignIntermediateCAOptions setFormat(DataFormat format) {
+ public SignIntermediateCAOptions format(DataFormat format) {
this.format = format;
return this;
}
+
+ public String subjectCommonName() {
+ return subjectCommonName;
+ }
+
+ public String subjectOrganization() {
+ return subjectOrganization;
+ }
+
+ public String subjectOrganizationalUnit() {
+ return subjectOrganizationalUnit;
+ }
+
+ public String subjectStreetAddress() {
+ return subjectStreetAddress;
+ }
+
+ public String subjectPostalCode() {
+ return subjectPostalCode;
+ }
+
+ public String subjectLocality() {
+ return subjectLocality;
+ }
+
+ public String subjectProvince() {
+ return subjectProvince;
+ }
+
+ public String subjectCountry() {
+ return subjectCountry;
+ }
+
+ public String subjectSerialNumber() {
+ return subjectSerialNumber;
+ }
+
+ public List subjectAlternativeNames() {
+ return subjectAlternativeNames;
+ }
+
+ public Boolean excludeCommonNameFromSubjectAlternativeNames() {
+ return excludeCommonNameFromSubjectAlternativeNames;
+ }
+
+ public List ipSubjectAlternativeNames() {
+ return ipSubjectAlternativeNames;
+ }
+
+ public List uriSubjectAlternativeNames() {
+ return uriSubjectAlternativeNames;
+ }
+
+ public List otherSubjectAlternativeNames() {
+ return otherSubjectAlternativeNames;
+ }
+
+ public String timeToLive() {
+ return timeToLive;
+ }
+
+ public Integer maxPathLength() {
+ return maxPathLength;
+ }
+
+ public Boolean useCSRValues() {
+ return useCSRValues;
+ }
+
+ public List permittedDnsDomains() {
+ return permittedDnsDomains;
+ }
+
+ public DataFormat format() {
+ return format;
+ }
}
diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java b/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java
index c9ce2acd..1ac7e40e 100644
--- a/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java
+++ b/runtime/src/main/java/io/quarkus/vault/runtime/VaultPKIManager.java
@@ -119,9 +119,10 @@ public Uni getCertificateAuthority(DataFormat format) {
public Uni configCertificateAuthority(String pemBundle) {
VaultPKIConfigCABody body = new VaultPKIConfigCABody();
body.pemBundle = pemBundle;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.configCertificateAuthority(vaultClient, token, mount, body);
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .configCertificateAuthority(vaultClient, token, mount, body));
}
@Override
@@ -131,27 +132,29 @@ public Uni configURLs(ConfigURLsOptions options) {
body.crlDistributionPoints = options.crlDistributionPoints;
body.ocspServers = options.ocspServers;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.configURLs(vaultClient, token, mount, body);
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .configURLs(vaultClient, token, mount, body));
}
@Override
public Uni readURLsConfig() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.readURLs(vaultClient, token, mount)
- .map(internalResult -> {
- checkDataValid(internalResult);
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .readURLs(vaultClient, token, mount)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
- VaultPKIConfigURLsData internalResultData = internalResult.data;
+ VaultPKIConfigURLsData internalResultData = internalResult.data;
- ConfigURLsOptions result = new ConfigURLsOptions();
- result.issuingCertificates = internalResultData.issuingCertificates;
- result.crlDistributionPoints = internalResultData.crlDistributionPoints;
- result.ocspServers = internalResultData.ocspServers;
- return result;
- });
- });
+ ConfigURLsOptions result = new ConfigURLsOptions();
+ result.issuingCertificates = internalResultData.issuingCertificates;
+ result.crlDistributionPoints = internalResultData.crlDistributionPoints;
+ result.ocspServers = internalResultData.ocspServers;
+ return result;
+ }));
}
@Override
@@ -160,34 +163,33 @@ public Uni configCRL(ConfigCRLOptions options) {
body.expiry = options.expiry;
body.disable = options.disable;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.configCRL(vaultClient, token, mount, body);
- });
+ return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> vaultInternalPKISecretEngine
+ .configCRL(vaultClient, token, mount, body));
}
@Override
public Uni readCRLConfig() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.readCRL(vaultClient, token, mount)
- .map(internalResult -> {
- checkDataValid(internalResult);
+ return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> vaultInternalPKISecretEngine
+ .readCRL(vaultClient, token, mount)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
- VaultPKIConfigCRLData internalResultData = internalResult.data;
+ VaultPKIConfigCRLData internalResultData = internalResult.data;
- ConfigCRLOptions result = new ConfigCRLOptions();
- result.expiry = internalResultData.expiry;
- result.disable = internalResultData.disable;
- return result;
- });
- });
+ ConfigCRLOptions result = new ConfigCRLOptions();
+ result.expiry = internalResultData.expiry;
+ result.disable = internalResultData.disable;
+ return result;
+ }));
}
@Override
public Uni getCertificateAuthorityChain() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.getCertificateAuthorityChain(vaultClient, token, mount)
- .map(data -> new CAChainData.PEM(data.toString(StandardCharsets.UTF_8)));
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .getCertificateAuthorityChain(vaultClient, token, mount)
+ .map(data -> new CAChainData.PEM(data.toString(StandardCharsets.UTF_8))));
}
@Override
@@ -198,58 +200,61 @@ public Uni getCertificateRevocationList() {
@Override
public Uni getCertificateRevocationList(DataFormat format) {
String vaultFormat = format == DataFormat.PEM ? format.name().toLowerCase(Locale.ROOT) : null;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.getCertificateRevocationList(vaultClient, token, mount, vaultFormat)
- .map(data -> {
- switch (format) {
- case PEM:
- return new CRLData.PEM(data.toString(StandardCharsets.UTF_8));
- case DER:
- return new CRLData.DER(data.getBytes());
- default:
- throw new VaultException("Unsupported Data Format");
- }
- });
- });
+ return vaultAuthManager.getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .getCertificateRevocationList(vaultClient, token, mount, vaultFormat)
+ .map(data -> {
+ switch (format) {
+ case PEM:
+ return new CRLData.PEM(data.toString(StandardCharsets.UTF_8));
+ case DER:
+ return new CRLData.DER(data.getBytes());
+ default:
+ throw new VaultException("Unsupported Data Format");
+ }
+ }));
}
@Override
public Uni rotateCertificateRevocationList() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.rotateCertificateRevocationList(vaultClient, token, mount)
- .map(internalResult -> {
- checkDataValid(internalResult);
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .rotateCertificateRevocationList(vaultClient, token, mount)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
- return internalResult.data.success;
- });
- });
+ return internalResult.data.success;
+ }));
}
@Override
public Uni> getCertificates() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.listCertificates(vaultClient, token, mount)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- // Return serials corrected to colon format (to match those returned by generateCertificate/signRequest)
- return internalResult.data.keys.stream()
- .map(serial -> serial.replaceAll("-", ":"))
- .collect(toList());
- });
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .listCertificates(vaultClient, token, mount)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ // Return serials corrected to colon format (to match those returned by generateCertificate/signRequest)
+ return internalResult.data.keys.stream()
+ .map(serial -> serial.replaceAll("-", ":"))
+ .collect(toList());
+ }));
}
@Override
public Uni getCertificate(String serial) {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.getCertificate(vaultClient, token, mount, serial)
- .map(internalResult -> {
- checkDataValid(internalResult);
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .getCertificate(vaultClient, token, mount, serial)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
- return new CertificateData.PEM(internalResult.data.certificate);
- });
- });
+ return new PEM(internalResult.data.certificate);
+ }));
}
@Override
@@ -265,24 +270,25 @@ public Uni generateCertificate(String role, GenerateCertif
body.timeToLive = options.timeToLive;
body.excludeCommonNameFromSubjectAlternativeNames = options.excludeCommonNameFromSubjectAlternativeNames;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.generateCertificate(vaultClient, token, mount, role, body)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- VaultPKIGenerateCertificateData internalResultData = internalResult.data;
-
- GeneratedCertificate result = new GeneratedCertificate();
- result.certificate = createCertificateData(internalResultData.certificate, body.format);
- result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
- result.caChain = createCertificateDataList(internalResultData.caChain, body.format);
- result.serialNumber = internalResultData.serialNumber;
- result.privateKeyType = stringToCertificateKeyType(internalResultData.privateKeyType);
- result.privateKey = createPrivateKeyData(internalResultData.privateKey, body.format,
- body.privateKeyFormat);
- return result;
- });
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .generateCertificate(vaultClient, token, mount, role, body)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ VaultPKIGenerateCertificateData internalResultData = internalResult.data;
+
+ GeneratedCertificate result = new GeneratedCertificate();
+ result.certificate = createCertificateData(internalResultData.certificate, body.format);
+ result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
+ result.caChain = createCertificateDataList(internalResultData.caChain, body.format);
+ result.serialNumber = internalResultData.serialNumber;
+ result.privateKeyType = stringToCertificateKeyType(internalResultData.privateKeyType);
+ result.privateKey = createPrivateKeyData(internalResultData.privateKey, body.format,
+ body.privateKeyFormat);
+ return result;
+ }));
}
@Override
@@ -298,21 +304,22 @@ public Uni signRequest(String role, String pemSigningRequest,
body.timeToLive = options.timeToLive;
body.excludeCommonNameFromSubjectAlternativeNames = options.excludeCommonNameFromSubjectAlternativeNames;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.signCertificate(vaultClient, token, mount, role, body)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- VaultPKISignCertificateRequestData internalResultData = internalResult.data;
-
- SignedCertificate result = new SignedCertificate();
- result.certificate = createCertificateData(internalResultData.certificate, body.format);
- result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
- result.caChain = createCertificateDataList(internalResultData.caChain, body.format);
- result.serialNumber = internalResultData.serialNumber;
- return result;
- });
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .signCertificate(vaultClient, token, mount, role, body)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ VaultPKISignCertificateRequestData internalResultData = internalResult.data;
+
+ SignedCertificate result = new SignedCertificate();
+ result.certificate = createCertificateData(internalResultData.certificate, body.format);
+ result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
+ result.caChain = createCertificateDataList(internalResultData.caChain, body.format);
+ result.serialNumber = internalResultData.serialNumber;
+ return result;
+ }));
}
@Override
@@ -320,14 +327,15 @@ public Uni revokeCertificate(String serialNumber) {
VaultPKIRevokeCertificateBody body = new VaultPKIRevokeCertificateBody();
body.serialNumber = serialNumber;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.revokeCertificate(vaultClient, token, mount, body)
- .map(internalResult -> {
- checkDataValid(internalResult);
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .revokeCertificate(vaultClient, token, mount, body)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
- return internalResult.data.revocationTime;
- });
- });
+ return internalResult.data.revocationTime;
+ }));
}
@Override
@@ -372,92 +380,92 @@ public Uni updateRole(String role, RoleOptions options) {
body.basicConstraintsValidForNonCA = options.basicConstraintsValidForNonCA;
body.notBeforeDuration = options.notBeforeDuration;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.updateRole(vaultClient, token, mount, role, body);
- });
+ return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> vaultInternalPKISecretEngine
+ .updateRole(vaultClient, token, mount, role, body));
}
@Override
public Uni getRole(String role) {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.readRole(vaultClient, token, mount, role)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- VaultPKIRoleOptionsData internalResultData = internalResult.data;
-
- RoleOptions result = new RoleOptions();
- result.timeToLive = internalResultData.timeToLive;
- result.maxTimeToLive = internalResultData.maxTimeToLive;
- result.allowLocalhost = internalResultData.allowLocalhost;
- result.allowedDomains = internalResultData.allowedDomains;
- result.allowTemplatesInAllowedDomains = internalResultData.allowTemplatesInAllowedDomains;
- result.allowBareDomains = internalResultData.allowBareDomains;
- result.allowSubdomains = internalResultData.allowSubdomains;
- result.allowGlobsInAllowedDomains = internalResultData.allowGlobsInAllowedDomains;
- result.allowAnyName = internalResultData.allowAnyName;
- result.enforceHostnames = internalResultData.enforceHostnames;
- result.allowIpSubjectAlternativeNames = internalResultData.allowIpSubjectAlternativeNames;
- result.allowedUriSubjectAlternativeNames = internalResultData.allowedUriSubjectAlternativeNames;
- result.allowedOtherSubjectAlternativeNames = internalResultData.allowedOtherSubjectAlternativeNames;
- result.serverFlag = internalResultData.serverFlag;
- result.clientFlag = internalResultData.clientFlag;
- result.codeSigningFlag = internalResultData.codeSigningFlag;
- result.emailProtectionFlag = internalResultData.emailProtectionFlag;
- result.keyType = stringToCertificateKeyType(internalResultData.keyType);
- result.keyBits = internalResultData.keyBits;
- result.keyUsages = stringListToEnumList(internalResultData.keyUsages, CertificateKeyUsage::valueOf);
- result.extendedKeyUsages = stringListToEnumList(internalResultData.extendedKeyUsages,
- CertificateExtendedKeyUsage::valueOf);
- result.extendedKeyUsageOIDs = internalResultData.extendedKeyUsageOIDs;
- result.useCSRCommonName = internalResultData.useCSRCommonName;
- result.useCSRSubjectAlternativeNames = internalResultData.useCSRSubjectAlternativeNames;
- result.subjectOrganization = stringListToCommaString(internalResultData.subjectOrganization);
- result.subjectOrganizationalUnit = stringListToCommaString(
- internalResultData.subjectOrganizationalUnit);
- result.subjectStreetAddress = stringListToCommaString(internalResultData.subjectStreetAddress);
- result.subjectPostalCode = stringListToCommaString(internalResultData.subjectPostalCode);
- result.subjectLocality = stringListToCommaString(internalResultData.subjectLocality);
- result.subjectProvince = stringListToCommaString(internalResultData.subjectProvince);
- result.subjectCountry = stringListToCommaString(internalResultData.subjectCountry);
- result.allowedSubjectSerialNumbers = internalResultData.allowedSubjectSerialNumbers;
- result.generateLease = internalResultData.generateLease;
- result.noStore = internalResultData.noStore;
- result.requireCommonName = internalResultData.requireCommonName;
- result.policyOIDs = internalResultData.policyOIDs;
- result.basicConstraintsValidForNonCA = internalResultData.basicConstraintsValidForNonCA;
- result.notBeforeDuration = internalResultData.notBeforeDuration;
- return result;
- });
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine.readRole(vaultClient, token, mount, role)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ VaultPKIRoleOptionsData internalResultData = internalResult.data;
+
+ RoleOptions result = new RoleOptions();
+ result.timeToLive = internalResultData.timeToLive;
+ result.maxTimeToLive = internalResultData.maxTimeToLive;
+ result.allowLocalhost = internalResultData.allowLocalhost;
+ result.allowedDomains = internalResultData.allowedDomains;
+ result.allowTemplatesInAllowedDomains = internalResultData.allowTemplatesInAllowedDomains;
+ result.allowBareDomains = internalResultData.allowBareDomains;
+ result.allowSubdomains = internalResultData.allowSubdomains;
+ result.allowGlobsInAllowedDomains = internalResultData.allowGlobsInAllowedDomains;
+ result.allowAnyName = internalResultData.allowAnyName;
+ result.enforceHostnames = internalResultData.enforceHostnames;
+ result.allowIpSubjectAlternativeNames = internalResultData.allowIpSubjectAlternativeNames;
+ result.allowedUriSubjectAlternativeNames = internalResultData.allowedUriSubjectAlternativeNames;
+ result.allowedOtherSubjectAlternativeNames = internalResultData.allowedOtherSubjectAlternativeNames;
+ result.serverFlag = internalResultData.serverFlag;
+ result.clientFlag = internalResultData.clientFlag;
+ result.codeSigningFlag = internalResultData.codeSigningFlag;
+ result.emailProtectionFlag = internalResultData.emailProtectionFlag;
+ result.keyType = stringToCertificateKeyType(internalResultData.keyType);
+ result.keyBits = internalResultData.keyBits;
+ result.keyUsages = stringListToEnumList(internalResultData.keyUsages, CertificateKeyUsage::valueOf);
+ result.extendedKeyUsages = stringListToEnumList(internalResultData.extendedKeyUsages,
+ CertificateExtendedKeyUsage::valueOf);
+ result.extendedKeyUsageOIDs = internalResultData.extendedKeyUsageOIDs;
+ result.useCSRCommonName = internalResultData.useCSRCommonName;
+ result.useCSRSubjectAlternativeNames = internalResultData.useCSRSubjectAlternativeNames;
+ result.subjectOrganization = stringListToCommaString(internalResultData.subjectOrganization);
+ result.subjectOrganizationalUnit = stringListToCommaString(
+ internalResultData.subjectOrganizationalUnit);
+ result.subjectStreetAddress = stringListToCommaString(internalResultData.subjectStreetAddress);
+ result.subjectPostalCode = stringListToCommaString(internalResultData.subjectPostalCode);
+ result.subjectLocality = stringListToCommaString(internalResultData.subjectLocality);
+ result.subjectProvince = stringListToCommaString(internalResultData.subjectProvince);
+ result.subjectCountry = stringListToCommaString(internalResultData.subjectCountry);
+ result.allowedSubjectSerialNumbers = internalResultData.allowedSubjectSerialNumbers;
+ result.generateLease = internalResultData.generateLease;
+ result.noStore = internalResultData.noStore;
+ result.requireCommonName = internalResultData.requireCommonName;
+ result.policyOIDs = internalResultData.policyOIDs;
+ result.basicConstraintsValidForNonCA = internalResultData.basicConstraintsValidForNonCA;
+ result.notBeforeDuration = internalResultData.notBeforeDuration;
+ return result;
+ }));
}
@Override
public Uni> getRoles() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.listRoles(vaultClient, token, mount)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- return internalResult.data.keys;
- })
- .onFailure(VaultClientException.class).recoverWithUni(x -> {
- VaultClientException vx = (VaultClientException) x;
- // Translate 404 to empty list
- if (vx.getStatus() == 404) {
- return Uni.createFrom().item(emptyList());
- } else {
- return Uni.createFrom().failure(x);
- }
- });
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient).flatMap(token -> vaultInternalPKISecretEngine
+ .listRoles(vaultClient, token, mount)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ return internalResult.data.keys;
+ })
+ .onFailure(VaultClientException.class).recoverWithUni(x -> {
+ VaultClientException vx = (VaultClientException) x;
+ // Translate 404 to empty list
+ if (vx.getStatus() == 404) {
+ return Uni.createFrom().item(emptyList());
+ } else {
+ return Uni.createFrom().failure(x);
+ }
+ }));
}
@Override
public Uni deleteRole(String role) {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.deleteRole(vaultClient, token, mount, role);
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .deleteRole(vaultClient, token, mount, role));
}
@Override
@@ -486,71 +494,72 @@ public Uni generateRoot(GenerateRootOptions options) {
body.subjectCountry = options.subjectCountry;
body.subjectSerialNumber = options.subjectSerialNumber;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.generateRoot(vaultClient, token, mount, type, body)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- VaultPKIGenerateRootData internalResultData = internalResult.data;
-
- GeneratedRootCertificate result = new GeneratedRootCertificate();
- result.certificate = createCertificateData(internalResultData.certificate, body.format);
- result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
- result.serialNumber = internalResultData.serialNumber;
- result.privateKeyType = stringToCertificateKeyType(internalResultData.privateKeyType);
- result.privateKey = createPrivateKeyData(internalResultData.privateKey, body.format,
- body.privateKeyFormat);
- return result;
- });
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .generateRoot(vaultClient, token, mount, type, body)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ VaultPKIGenerateRootData internalResultData = internalResult.data;
+
+ GeneratedRootCertificate result = new GeneratedRootCertificate();
+ result.certificate = createCertificateData(internalResultData.certificate, body.format);
+ result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
+ result.serialNumber = internalResultData.serialNumber;
+ result.privateKeyType = stringToCertificateKeyType(internalResultData.privateKeyType);
+ result.privateKey = createPrivateKeyData(internalResultData.privateKey, body.format,
+ body.privateKeyFormat);
+ return result;
+ }));
}
@Override
public Uni deleteRoot() {
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.deleteRoot(vaultClient, token, mount);
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .deleteRoot(vaultClient, token, mount));
}
@Override
public Uni signIntermediateCA(String pemSigningRequest, SignIntermediateCAOptions options) {
VaultPKISignIntermediateCABody body = new VaultPKISignIntermediateCABody();
- body.format = dataFormatToFormat(options.format);
+ body.format = dataFormatToFormat(options.format());
body.csr = pemSigningRequest;
- body.subjectCommonName = options.subjectCommonName;
- body.subjectAlternativeNames = stringListToCommaString(options.subjectAlternativeNames);
- body.ipSubjectAlternativeNames = stringListToCommaString(options.ipSubjectAlternativeNames);
- body.uriSubjectAlternativeNames = stringListToCommaString(options.uriSubjectAlternativeNames);
- body.otherSubjectAlternativeNames = options.otherSubjectAlternativeNames;
- body.timeToLive = options.timeToLive;
- body.maxPathLength = options.maxPathLength;
- body.excludeCommonNameFromSubjectAlternativeNames = options.excludeCommonNameFromSubjectAlternativeNames;
- body.useCSRValues = options.useCSRValues;
- body.permittedDnsDomains = options.permittedDnsDomains;
- body.subjectOrganization = options.subjectOrganization;
- body.subjectOrganizationalUnit = options.subjectOrganizationalUnit;
- body.subjectStreetAddress = options.subjectStreetAddress;
- body.subjectPostalCode = options.subjectPostalCode;
- body.subjectLocality = options.subjectLocality;
- body.subjectProvince = options.subjectProvince;
- body.subjectCountry = options.subjectCountry;
- body.subjectSerialNumber = options.subjectSerialNumber;
-
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.signIntermediateCA(vaultClient, token, mount, body)
- .map(internalResult -> {
- checkDataValid(internalResult);
-
- VaultPKISignCertificateRequestData internalResultData = internalResult.data;
-
- SignedCertificate result = new SignedCertificate();
- result.certificate = createCertificateData(internalResultData.certificate, body.format);
- result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
- result.caChain = createCertificateDataList(internalResultData.caChain, body.format);
- result.serialNumber = internalResultData.serialNumber;
- return result;
- });
- });
+ body.subjectCommonName = options.subjectCommonName();
+ body.subjectAlternativeNames = stringListToCommaString(options.subjectAlternativeNames());
+ body.ipSubjectAlternativeNames = stringListToCommaString(options.ipSubjectAlternativeNames());
+ body.uriSubjectAlternativeNames = stringListToCommaString(options.uriSubjectAlternativeNames());
+ body.otherSubjectAlternativeNames = options.otherSubjectAlternativeNames();
+ body.timeToLive = options.timeToLive();
+ body.maxPathLength = options.maxPathLength();
+ body.excludeCommonNameFromSubjectAlternativeNames = options.excludeCommonNameFromSubjectAlternativeNames();
+ body.useCSRValues = options.useCSRValues();
+ body.permittedDnsDomains = options.permittedDnsDomains();
+ body.subjectOrganization = options.subjectOrganization();
+ body.subjectOrganizationalUnit = options.subjectOrganizationalUnit();
+ body.subjectStreetAddress = options.subjectStreetAddress();
+ body.subjectPostalCode = options.subjectPostalCode();
+ body.subjectLocality = options.subjectLocality();
+ body.subjectProvince = options.subjectProvince();
+ body.subjectCountry = options.subjectCountry();
+ body.subjectSerialNumber = options.subjectSerialNumber();
+
+ return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> vaultInternalPKISecretEngine
+ .signIntermediateCA(vaultClient, token, mount, body)
+ .map(internalResult -> {
+ checkDataValid(internalResult);
+
+ VaultPKISignCertificateRequestData internalResultData = internalResult.data;
+
+ SignedCertificate result = new SignedCertificate();
+ result.certificate = createCertificateData(internalResultData.certificate, body.format);
+ result.issuingCA = createCertificateData(internalResultData.issuingCA, body.format);
+ result.caChain = createCertificateDataList(internalResultData.caChain, body.format);
+ result.serialNumber = internalResultData.serialNumber;
+ return result;
+ }));
}
@Override
@@ -576,20 +585,19 @@ public Uni generateIntermediateCSR(GenerateInter
body.subjectCountry = options.subjectCountry;
body.subjectSerialNumber = options.subjectSerialNumber;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.generateIntermediateCSR(vaultClient, token, mount, type, body)
- .map(internalResult -> {
+ return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> vaultInternalPKISecretEngine
+ .generateIntermediateCSR(vaultClient, token, mount, type, body)
+ .map(internalResult -> {
- VaultPKIGenerateIntermediateCSRData internalResultData = internalResult.data;
+ VaultPKIGenerateIntermediateCSRData internalResultData = internalResult.data;
- GeneratedIntermediateCSRResult result = new GeneratedIntermediateCSRResult();
- result.csr = createCSRData(internalResultData.csr, body.format);
- result.privateKeyType = stringToCertificateKeyType(internalResultData.privateKeyType);
- result.privateKey = createPrivateKeyData(internalResultData.privateKey, body.format,
- body.privateKeyFormat);
- return result;
- });
- });
+ GeneratedIntermediateCSRResult result = new GeneratedIntermediateCSRResult();
+ result.csr = createCSRData(internalResultData.csr, body.format);
+ result.privateKeyType = stringToCertificateKeyType(internalResultData.privateKeyType);
+ result.privateKey = createPrivateKeyData(internalResultData.privateKey, body.format,
+ body.privateKeyFormat);
+ return result;
+ }));
}
@Override
@@ -597,9 +605,10 @@ public Uni setSignedIntermediateCA(String pemCert) {
VaultPKISetSignedIntermediateCABody body = new VaultPKISetSignedIntermediateCABody();
body.certificate = pemCert;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.setSignedIntermediateCA(vaultClient, token, mount, body);
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .setSignedIntermediateCA(vaultClient, token, mount, body));
}
@Override
@@ -609,9 +618,10 @@ public Uni tidy(TidyOptions options) {
body.tidyRevokedCerts = options.tidyRevokedCerts;
body.safetyBuffer = options.safetyBuffer;
- return vaultAuthManager.getClientToken(vaultClient).flatMap(token -> {
- return vaultInternalPKISecretEngine.tidy(vaultClient, token, mount, body);
- });
+ return vaultAuthManager
+ .getClientToken(vaultClient)
+ .flatMap(token -> vaultInternalPKISecretEngine
+ .tidy(vaultClient, token, mount, body));
}
private String stringListToCommaString(List values) {
@@ -660,8 +670,8 @@ private void checkDataValid(AbstractVaultDTO dto) {
if (dto.data != null) {
return;
}
- if (dto.warnings instanceof List) {
- List warnings = (List) dto.warnings;
+ if (dto.warnings != null) {
+ List warnings = dto.warnings;
if (!warnings.isEmpty()) {
throw new VaultException(warnings.get(0).toString());
}
diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultAuthenticationType.java b/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultAuthenticationType.java
index e0c4b1fb..c5b6dca3 100644
--- a/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultAuthenticationType.java
+++ b/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultAuthenticationType.java
@@ -10,7 +10,7 @@ public enum VaultAuthenticationType {
* associating one or more vault policies, with one or more service accounts and one or more namespaces.
* When selecting the kubernetes authentication type, specify the vault authentication role to use.
*
- * see https://www.vaultproject.io/api/auth/kubernetes/index.html
+ * see Kubernetes auth method (API)
*/
KUBERNETES,
diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultEnterpriseConfig.java b/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultEnterpriseConfig.java
index ce25bd4c..9278e9e3 100644
--- a/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultEnterpriseConfig.java
+++ b/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultEnterpriseConfig.java
@@ -12,7 +12,7 @@ public interface VaultEnterpriseConfig {
*
* If set, this will add a `X-Vault-Namespace` header to all requests sent to the Vault server.
*
- * See https://www.vaultproject.io/docs/enterprise/namespaces
+ * See Vault Enterprise namespaces
*
* @asciidoclet
*/
diff --git a/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultRuntimeConfig.java b/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultRuntimeConfig.java
index 9ec7a493..7f7f4213 100644
--- a/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultRuntimeConfig.java
+++ b/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultRuntimeConfig.java
@@ -82,13 +82,13 @@ public interface VaultRuntimeConfig {
*
* This value if used to extend a lease before it expires its ttl, or recreate a new lease before the current
* lease reaches its max_ttl.
- * By default Vault leaseDuration is equal to 7 days (ie: 168h or 604800s).
+ * By default, Vault leaseDuration is equal to 7 days (ie: 168h or 604800s).
* If a connection pool maxLifetime is set, it is reasonable to set the renewGracePeriod to be greater
* than the maxLifetime, so that we are sure we get a chance to renew leases before we reach the ttl.
* In any case you need to make sure there will be attempts to fetch secrets within the renewGracePeriod,
* because that is when the renewals will happen. This is particularly important for db dynamic secrets
* because if the lease reaches its ttl or max_ttl, the password of the db user will become invalid and
- * it will be not longer possible to log in.
+ * it will be no longer possible to log in.
* This value should also be smaller than the ttl, otherwise that would mean that we would try to recreate
* leases all the time.
*
@@ -166,7 +166,7 @@ public interface VaultRuntimeConfig {
/**
* Kv secret engine version.
*
- * see https://www.vaultproject.io/docs/secrets/kv/index.html
+ * see KV secrets engine
*
* @asciidoclet
*/
@@ -193,7 +193,7 @@ public interface VaultRuntimeConfig {
* `https://localhost:8200/v1/secret/data/config/myapp` for a KV secret engine v2 (or
* `https://localhost:8200/v1/secret/config/myapp` for a KV secret engine v1).
*
- * see https://www.vaultproject.io/docs/secrets/kv/index.html
+ * see KV secrets engine
*
* @asciidoclet
*/
diff --git a/runtime/src/main/java/io/quarkus/vault/secrets/totp/KeyConfiguration.java b/runtime/src/main/java/io/quarkus/vault/secrets/totp/KeyConfiguration.java
index 2d2ba69a..08669b01 100644
--- a/runtime/src/main/java/io/quarkus/vault/secrets/totp/KeyConfiguration.java
+++ b/runtime/src/main/java/io/quarkus/vault/secrets/totp/KeyConfiguration.java
@@ -4,11 +4,11 @@
public class KeyConfiguration {
- private String accountName;
- private String algorithm;
- private int digits;
- private String issuer;
- private int period;
+ private final String accountName;
+ private final String algorithm;
+ private final int digits;
+ private final String issuer;
+ private final int period;
public KeyConfiguration(String accountName, String algorithm, int digits, String issuer, int period) {
this.accountName = accountName;
@@ -59,13 +59,11 @@ public int hashCode() {
@Override
public String toString() {
- final StringBuilder sb = new StringBuilder("KeyConfiguration{");
- sb.append("accountName='").append(accountName).append('\'');
- sb.append(", algorithm='").append(algorithm).append('\'');
- sb.append(", digits=").append(digits);
- sb.append(", issuer='").append(issuer).append('\'');
- sb.append(", period=").append(period);
- sb.append('}');
- return sb.toString();
+ return "KeyConfiguration{" + "accountName='" + accountName + '\'' +
+ ", algorithm='" + algorithm + '\'' +
+ ", digits=" + digits +
+ ", issuer='" + issuer + '\'' +
+ ", period=" + period +
+ '}';
}
}
diff --git a/runtime/src/main/java/io/quarkus/vault/transit/DecryptionRequest.java b/runtime/src/main/java/io/quarkus/vault/transit/DecryptionRequest.java
index d726b8b5..2a013571 100644
--- a/runtime/src/main/java/io/quarkus/vault/transit/DecryptionRequest.java
+++ b/runtime/src/main/java/io/quarkus/vault/transit/DecryptionRequest.java
@@ -11,7 +11,7 @@
*/
public class DecryptionRequest extends VaultTransitBatchItem {
- private String ciphertext;
+ private final String ciphertext;
public DecryptionRequest(String ciphertext) {
this(ciphertext, null);