public abstract class AbstractVaultProvider extends Object implements VaultProvider
VaultProvider
that want to have support for
key resolvers.
This class implements the obtainSecret(String)
method by iterating through the configured resolvers in order and,
using the final key name provided by each resolver, calls the obtainSecretInternal(String)
method that must be
implemented by sub-classes. If obtainSecretInternal(String)
returns a non-empty secret, it is immediately returned;
otherwise the implementation tries again using the next configured resolver until a non-empty secret is obtained or all
resolvers have been tried, in which case an empty VaultRawSecret
is returned.
Concrete implementations must, in addition to implementing the obtainSecretInternal(String)
method, ensure that
each constructor calls the AbstractVaultProvider(String, List)
constructor from this class
so that the realm and list of key resolvers are properly initialized.Modifier and Type | Field and Description |
---|---|
protected String |
realm |
protected List<VaultKeyResolver> |
resolvers |
Constructor and Description |
---|
AbstractVaultProvider(String realm,
List<VaultKeyResolver> configuredResolvers)
Creates an instance of
AbstractVaultProvider with the specified realm and list of key resolvers. |
Modifier and Type | Method and Description |
---|---|
VaultRawSecret |
obtainSecret(String vaultSecretId)
Retrieves a secret from vault.
|
protected abstract VaultRawSecret |
obtainSecretInternal(String vaultKey)
Subclasses of
AbstractVaultProvider must implement this method. |
protected final String realm
protected final List<VaultKeyResolver> resolvers
public AbstractVaultProvider(String realm, List<VaultKeyResolver> configuredResolvers)
AbstractVaultProvider
with the specified realm and list of key resolvers.realm
- the name of the keycloak realm.configuredResolvers
- a List
containing the configured key resolvers.public VaultRawSecret obtainSecret(String vaultSecretId)
VaultProvider
VaultRawSecret.get()
.
This method is intended to be used within a try-with-resources block so that
the secret is destroyed immediately after use.
Note that it is responsibility of the implementor to provide a way
to destroy the secret in the returned VaultRawSecret.close()
method.obtainSecret
in interface VaultProvider
vaultSecretId
- Identifier of the secret. It corresponds to the value
entered by user in the respective configuration, which in turn
is obtained from the vault when storing the secret.null
value with the raw secret.
Within the returned value, the secret or null
is stored in the
VaultRawSecret.get()
return value if the secret was successfully
resolved, or an empty Optional
if the secret has not been found in the vault.protected abstract VaultRawSecret obtainSecretInternal(String vaultKey)
AbstractVaultProvider
must implement this method. It is meant to be implemented in the same
way as the obtainSecret(String)
method from the VaultProvider
interface, but the specified vault
key must be used as is - i.e. implementations should refrain from processing the key again as the format was already
defined by one of the configured key resolvers.vaultKey
- a String
representing the name of the entry that is being fetched from the vault.VaultRawSecret
representing the obtained secret. It can be a empty secret if no secret could be
obtained using the specified vault key.Copyright © 2021 JBoss by Red Hat. All rights reserved.