Merge branch 'master' into return-response-body-on-error

Author: Naktibalda

README.md

@@ -135,6 +135,13 @@ Note that changes to the major version (i.e. the first number) represent possibl
 may require modifications in your code to migrate.  Changes to the minor version (i.e. the second number)
 should represent non-breaking changes.  The third number represents any very minor bugfix patches.
 
+* **3.0.0 (IN DEVELOPMENT)**: This is a (mildly) breaking-change release, with several updates.
+  * Adds support for writing arbitrary objects to Vault, instead of just strings (i.e. the 
+    `com.bettercloud.vault.api.Logical.write(...)` method now accepts a `Map<String. Object>` rather than a 
+    `Map<String, String>`).
+  * Supports creating tokens against a role, and refactors the `com.bettercloud.vault.api.Auth.createToken(...)` 
+    method to accept an options object (deprecating the previous version of the method, which took all of those 
+    options as separate parameters).
 * **2.0.0**: This is breaking-change release, with numerous deprecated items cleaned up.
   * Adds support for authentication via the AppRole auth backend.  
   * Adds support for renewing secret leases.

build.gradle

@@ -4,7 +4,7 @@ apply plugin: 'signing'
 
 group 'com.bettercloud'
 archivesBaseName = 'vault-java-driver'
-version '2.0.0'
+version '3.0.0-SNAPSHOT'
 ext.isReleaseVersion = !version.endsWith('SNAPSHOT')
 
 sourceCompatibility = 1.7

src/main/java/com/bettercloud/vault/api/Auth.java

@@ -3,15 +3,11 @@
 import com.bettercloud.vault.VaultConfig;
 import com.bettercloud.vault.VaultException;
 import com.bettercloud.vault.json.Json;
-import com.bettercloud.vault.json.JsonArray;
 import com.bettercloud.vault.json.JsonObject;
-import com.bettercloud.vault.json.JsonValue;
 import com.bettercloud.vault.response.AuthResponse;
 import com.bettercloud.vault.rest.RestResponse;
 import com.bettercloud.vault.rest.Rest;
 
-import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -24,6 +20,194 @@
  */
 public class Auth {
 
+    /**
+     * Builder-style class for use with {@link #createToken(TokenRequest)}
+     *
+     * <p>All properties are optional and can be <code>null</code>.</p>
+     */
+    public static class TokenRequest {
+        /**
+         * (optional) The ID of the client token. Can only be specified by a root token. Otherwise, the token ID is a randomly generated UUID.
+         */
+        private UUID id;
+
+        /**
+         * (optional) A list of policies for the token. This must be a subset of the policies belonging to the token making the request, unless root. If not specified, defaults to all the policies of the calling token.
+         */
+        private List<String> polices;
+
+        /**
+         * (optional) A map of string to string valued metadata. This is passed through to the audit backends.
+         */
+        private Map<String, String> meta;
+
+        /**
+         * (optional) If true and set by a root caller, the token will not have the parent token of the caller. This creates a token with no parent.
+         */
+        private Boolean noParent;
+
+        /**
+         * (optional) If <code>true</code> the default policy will not be a part of this token's policy set.
+         */
+        private Boolean noDefaultPolicy;
+
+        /**
+         * (optional) The TTL period of the token, provided as "1h", where hour is the largest suffix. If not provided, the token is valid for the default lease TTL, or indefinitely if the root policy is used.
+         */
+        private String ttl;
+
+        /**
+         * (optional) The display name of the token. Defaults to "token".
+         */
+        private String displayName;
+
+        /**
+         * (optional) The maximum uses for the given token. This can be used to create a one-time-token or limited use token. Defaults to 0, which has no limit to the number of uses.
+         */
+        private Long numUses;
+
+        /**
+         * (optional) The role the token will be created with. Default is no role.
+         */
+        private String role;
+
+        /**
+         * {@link #id}
+         */
+        public TokenRequest withId(final UUID id) {
+            this.id = id;
+            return this;
+        }
+
+        /**
+         * {@link #polices}
+         */
+        public TokenRequest withPolices(final List<String> polices) {
+            this.polices = polices;
+            return this;
+        }
+
+        /**
+         * {@link #meta}
+         */
+        public TokenRequest withMeta(final Map<String, String> meta) {
+            this.meta = meta;
+            return this;
+        }
+
+        /**
+         * {@link #noParent}
+         */
+        public TokenRequest withNoParent(final Boolean noParent) {
+            this.noParent = noParent;
+            return this;
+        }
+
+        /**
+         * {@link #noDefaultPolicy}
+         */
+        public TokenRequest withNoDefaultPolicy(final Boolean noDefaultPolicy) {
+            this.noDefaultPolicy = noDefaultPolicy;
+            return this;
+        }
+
+        /**
+         * {@link #ttl}
+         */
+        public TokenRequest withTtl(final String ttl) {
+            this.ttl = ttl;
+            return this;
+        }
+
+        /**
+         * {@link #displayName}
+         */
+        public TokenRequest withDisplayName(final String displayName) {
+            this.displayName = displayName;
+            return this;
+        }
+
+        /**
+         * {@link #numUses}
+         */
+        public TokenRequest withNumUses(final Long numUses) {
+            this.numUses = numUses;
+            return this;
+        }
+
+        /**
+         * {@link #role}
+         */
+        public TokenRequest withRole(final String role) {
+            this.role = role;
+            return this;
+        }
+
+
+        /**
+         * {@link #id}
+         */
+        public UUID getId() {
+            return id;
+        }
+
+        /**
+         * {@link #polices}
+         */
+        public List<String> getPolices() {
+            return polices;
+        }
+
+        /**
+         * {@link #meta}
+         */
+        public Map<String, String> getMeta() {
+            return meta;
+        }
+
+        /**
+         * {@link #noParent}
+         */
+        public Boolean getNoParent() {
+            return noParent;
+        }
+
+        /**
+         * {@link #noDefaultPolicy}
+         */
+        public Boolean getNoDefaultPolicy() {
+            return noDefaultPolicy;
+        }
+
+        /**
+         * {@link #ttl}
+         */
+        public String getTtl() {
+            return ttl;
+        }
+
+        /**
+         * {@link #displayName}
+         */
+        public String getDisplayName() {
+            return displayName;
+        }
+
+        /**
+         * {@link #numUses}
+         */
+        public Long getNumUses() {
+            return numUses;
+        }
+
+        /**
+         * {@link #role}
+         */
+        public String getRole() {
+            return role;
+        }
+    }
+
     private final VaultConfig config;
 
     public Auth(final VaultConfig config) {
@@ -56,7 +240,9 @@ public Auth(final VaultConfig config) {
      * @param numUses (optional) The maximum uses for the given token. This can be used to create a one-time-token or limited use token. Defaults to 0, which has no limit to the number of uses.
      * @return The auth token
      * @throws VaultException If any error occurs, or unexpected response received from Vault
+     * @deprecated Use {@link #createToken(TokenRequest)}
      */
+    @Deprecated
     public AuthResponse createToken(
             final UUID id,
             final List<String> policies,
@@ -67,32 +253,63 @@ public AuthResponse createToken(
             final String displayName,
             final Long numUses
     ) throws VaultException {
+        return createToken(
+                new TokenRequest()
+                        .withId(id)
+                        .withPolices(policies)
+                        .withMeta(meta)
+                        .withNoParent(noParent)
+                        .withNoDefaultPolicy(noDefaultPolicy)
+                        .withTtl(ttl)
+                        .withDisplayName(displayName)
+                        .withNumUses(numUses));
+    }
+
+
+    /**
+     * <p>Operation to create an authentication token.  Relies on another token already being present in
+     * the <code>VaultConfig</code> instance.  Example usage:</p>
+     *
+     * <blockquote>
+     * <pre>{@code
+     * final VaultConfig config = new VaultConfig(address, rootToken);
+     * final Vault vault = new Vault(config);
+     * final AuthResponse response = vault.auth().createToken(new TokenRequest().withTtl("1h"));
+     *
+     * final String token = response.getAuthClientToken();
+     * }</pre>
+     * </blockquote>     */
+    public AuthResponse createToken(TokenRequest tokenRequest) throws VaultException {
         int retryCount = 0;
         while (true) {
             try {
                 // Parse parameters to JSON
                 final JsonObject jsonObject = Json.object();
-                if (id != null) jsonObject.add("id", id.toString());
-                if (policies != null && !policies.isEmpty()) {
-                    jsonObject.add("policies", Json.array(policies.toArray(new String[policies.size()])));//NOPMD
+              
+                if (tokenRequest.id != null) jsonObject.add("id", tokenRequest.id.toString());
+                if (tokenRequest.polices != null && !tokenRequest.polices.isEmpty()) {
+                    jsonObject.add("policies", Json.array(tokenRequest.polices.toArray(new String[tokenRequest.polices.size()])));//NOPMD
                 }
-                if (meta != null && !meta.isEmpty()) {
+                if (tokenRequest.meta != null && !tokenRequest.meta.isEmpty()) {
                     final JsonObject metaMap = Json.object();
-                    for (final Map.Entry<String, String> entry : meta.entrySet()) {
+                    for (final Map.Entry<String, String> entry : tokenRequest.meta.entrySet()) {
                         metaMap.add(entry.getKey(), entry.getValue());
                     }
                     jsonObject.add("meta", metaMap);
                 }
-                if (noParent != null) jsonObject.add("no_parent", noParent);
-                if (noDefaultPolicy != null) jsonObject.add("no_default_policy", noDefaultPolicy);
-                if (ttl != null) jsonObject.add("ttl", ttl);
-                if (displayName != null) jsonObject.add("display_name", displayName);
-                if (numUses != null) jsonObject.add("num_uses", numUses);
+                if (tokenRequest.noParent != null) jsonObject.add("no_parent", tokenRequest.noParent);
+                if (tokenRequest.noDefaultPolicy != null) jsonObject.add("no_default_policy", tokenRequest.noDefaultPolicy);
+                if (tokenRequest.ttl != null) jsonObject.add("ttl", tokenRequest.ttl);
+                if (tokenRequest.displayName != null) jsonObject.add("display_name", tokenRequest.displayName);
+                if (tokenRequest.numUses != null) jsonObject.add("num_uses", tokenRequest.numUses);
                 final String requestJson = jsonObject.toString();
 
+                String url = config.getAddress() + "/v1/auth/token/create";
+                if (tokenRequest.role != null) url += "/" + tokenRequest.role;
+
                 // HTTP request to Vault
                 final RestResponse restResponse = new Rest()//NOPMD
-                        .url(config.getAddress() + "/v1/auth/token/create")
+                        .url(url)
                         .header("X-Vault-Token", config.getToken())
                         .body(requestJson.getBytes("UTF-8"))
                         .connectTimeoutSeconds(config.getOpenTimeout())

src/main/java/com/bettercloud/vault/api/Logical.java

@@ -93,27 +93,47 @@ public LogicalResponse read(final String path) throws VaultException {
      *
      * <blockquote>
      * <pre>{@code
-     * final Map<String, String> nameValuePairs = new HashMap<String, String>();
+     * final Map<String, String> nameValuePairs = new HashMap<String, Object>();
      * nameValuePairs.put("value", "foo");
      * nameValuePairs.put("other_value", "bar");
      *
      * final LogicalResponse response = vault.logical().write("secret/hello", nameValuePairs);
      * }</pre>
      * </blockquote>
      *
+     * <p>The values in these name-value pairs may be booleans, numerics, strings, or nested JSON objects.  However,
+     * be aware that this method does not recursively parse any nested structures.  If you wish to write arbitrary
+     * JSON objects to Vault... then you should parse them to JSON outside of this method, and pass them here as JSON
+     * strings.</p>
+     *
      * @param path The Vault key value to which to write (e.g. <code>secret/hello</code>)
      * @param nameValuePairs Secret name and value pairs to store under this Vault key (can be <code>null</code> for writing to keys that do not need or expect any fields to be specified)
      * @return The response information received from Vault
      * @throws VaultException If any errors occurs with the REST request, and the maximum number of retries is exceeded.
      */
-    public LogicalResponse write(final String path, final Map<String, String> nameValuePairs) throws VaultException {
+    public LogicalResponse write(final String path, final Map<String, Object> nameValuePairs) throws VaultException {
         int retryCount = 0;
         while (true) {
             try {
                 JsonObject requestJson = Json.object();
                 if (nameValuePairs != null) {
-                    for (final Map.Entry<String, String> pair : nameValuePairs.entrySet()) {
-                        requestJson = requestJson.add(pair.getKey(), pair.getValue());
+                    for (final Map.Entry<String, Object> pair : nameValuePairs.entrySet()) {
+                        final Object value = pair.getValue();
+                        if (value == null) {
+                            requestJson = requestJson.add(pair.getKey(), (String) null);
+                        } else if (value instanceof Boolean) {
+                            requestJson = requestJson.add(pair.getKey(), (Boolean) pair.getValue());
+                        } else if (value instanceof Integer) {
+                            requestJson = requestJson.add(pair.getKey(), (Integer) pair.getValue());
+                        } else if (value instanceof Long) {
+                            requestJson = requestJson.add(pair.getKey(), (Long) pair.getValue());
+                        } else if (value instanceof Float) {
+                            requestJson = requestJson.add(pair.getKey(), (Float) pair.getValue());
+                        } else if (value instanceof Double) {
+                            requestJson = requestJson.add(pair.getKey(), (Double) pair.getValue());
+                        } else {
+                            requestJson = requestJson.add(pair.getKey(), pair.getValue().toString());
+                        }
                     }
                 }