Polishing.
Align wording in JavaDoc. Provide package-level JavaDoc.
This commit is contained in:
@@ -26,8 +26,8 @@ import org.springframework.core.NestedRuntimeException;
|
||||
public class VaultException extends NestedRuntimeException {
|
||||
|
||||
/**
|
||||
* Creates a {@code VaultException} with the specified detail message.
|
||||
*
|
||||
* Create a {@code VaultException} with the specified detail message.
|
||||
*
|
||||
* @param msg the detail message
|
||||
*/
|
||||
public VaultException(String msg) {
|
||||
@@ -35,9 +35,9 @@ public class VaultException extends NestedRuntimeException {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@code NestedRuntimeException} with the specified detail message and
|
||||
* Create a {@code NestedRuntimeException} with the specified detail message and
|
||||
* nested exception.
|
||||
*
|
||||
*
|
||||
* @param msg the detail message
|
||||
* @param cause the nested exception
|
||||
*/
|
||||
|
||||
@@ -49,7 +49,7 @@ public class AppIdAuthentication implements ClientAuthentication {
|
||||
private final RestOperations restOperations;
|
||||
|
||||
/**
|
||||
* Creates a {@link AppIdAuthentication} using {@link AppIdAuthenticationOptions} and
|
||||
* Create a {@link AppIdAuthentication} using {@link AppIdAuthenticationOptions} and
|
||||
* {@link RestOperations}.
|
||||
*
|
||||
* @param options must not be {@literal null}.
|
||||
|
||||
@@ -26,7 +26,7 @@ package org.springframework.vault.authentication;
|
||||
public interface AppIdUserIdMechanism {
|
||||
|
||||
/**
|
||||
* Creates a UserId for AppId authentication.
|
||||
* Create a UserId for AppId authentication.
|
||||
*
|
||||
* @return the UserId.
|
||||
*/
|
||||
|
||||
@@ -51,7 +51,7 @@ public class AppRoleAuthentication implements ClientAuthentication {
|
||||
private final RestOperations restOperations;
|
||||
|
||||
/**
|
||||
* Creates a {@link AppRoleAuthentication} using {@link AppRoleAuthenticationOptions}
|
||||
* Create a {@link AppRoleAuthentication} using {@link AppRoleAuthenticationOptions}
|
||||
* and {@link RestOperations}.
|
||||
*
|
||||
* @param options must not be {@literal null}.
|
||||
|
||||
@@ -59,7 +59,7 @@ public class AwsEc2Authentication implements ClientAuthentication {
|
||||
private final AtomicReference<char[]> nonce = new AtomicReference<char[]>();
|
||||
|
||||
/**
|
||||
* Creates a new {@link AwsEc2Authentication}.
|
||||
* Create a new {@link AwsEc2Authentication}.
|
||||
*
|
||||
* @param vaultRestOperations must not be {@literal null}.
|
||||
*/
|
||||
@@ -69,7 +69,7 @@ public class AwsEc2Authentication implements ClientAuthentication {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link AwsEc2Authentication} specifying
|
||||
* Create a new {@link AwsEc2Authentication} specifying
|
||||
* {@link AwsEc2AuthenticationOptions}, a Vault and an AWS-Metadata-specific
|
||||
* {@link RestOperations} .
|
||||
*
|
||||
|
||||
@@ -41,7 +41,7 @@ public class ClientCertificateAuthentication implements ClientAuthentication {
|
||||
private final RestOperations restOperations;
|
||||
|
||||
/**
|
||||
* Creates a {@link ClientCertificateAuthentication} using {@link RestOperations}.
|
||||
* Create a {@link ClientCertificateAuthentication} using {@link RestOperations}.
|
||||
*
|
||||
* @param restOperations must not be {@literal null}.
|
||||
*/
|
||||
|
||||
@@ -115,7 +115,7 @@ public class LifecycleAwareSessionManager implements SessionManager, DisposableB
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs a token refresh. Creates a new token if no token was obtained before. If a
|
||||
* Performs a token refresh. Create a new token if no token was obtained before. If a
|
||||
* token was obtained before, it uses self-renewal to renew the current token.
|
||||
* Client-side errors (like permission denied) indicate the token cannot be renewed
|
||||
* because it's expired or simply not found.
|
||||
|
||||
@@ -41,7 +41,7 @@ class LoginToken extends VaultToken {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link LoginToken}.
|
||||
* Create a new {@link LoginToken}.
|
||||
*
|
||||
* @param token must not be {@literal null}.
|
||||
* @return the created {@link VaultToken}
|
||||
@@ -51,7 +51,7 @@ class LoginToken extends VaultToken {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link LoginToken} with a {@code leaseDuration}.
|
||||
* Create a new {@link LoginToken} with a {@code leaseDuration}.
|
||||
*
|
||||
* @param token must not be {@literal null}.
|
||||
* @param leaseDuration the lease duration.
|
||||
@@ -65,7 +65,7 @@ class LoginToken extends VaultToken {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new renewable {@link LoginToken} with a {@code leaseDuration}.
|
||||
* Create a new renewable {@link LoginToken} with a {@code leaseDuration}.
|
||||
*
|
||||
* @param token must not be {@literal null}.
|
||||
* @param leaseDuration the lease duration.
|
||||
|
||||
@@ -44,7 +44,7 @@ public class MacAddressUserId implements AppIdUserIdMechanism {
|
||||
private final String networkInterfaceHint;
|
||||
|
||||
/**
|
||||
* Creates a new {@link MacAddressUserId} using the {@link NetworkInterface} from the
|
||||
* Create a new {@link MacAddressUserId} using the {@link NetworkInterface} from the
|
||||
* {@link InetAddress#getLocalHost()}.
|
||||
*/
|
||||
public MacAddressUserId() {
|
||||
@@ -52,10 +52,10 @@ public class MacAddressUserId implements AppIdUserIdMechanism {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link MacAddressUserId} using a {@code networkInterfaceIndex}. The
|
||||
* Create a new {@link MacAddressUserId} using a {@code networkInterfaceIndex}. The
|
||||
* index is applied to {@link NetworkInterface#getNetworkInterfaces()} to obtain the
|
||||
* desired network interface.
|
||||
*
|
||||
*
|
||||
* @param networkInterfaceIndex must be greater or equal to zero.
|
||||
*/
|
||||
public MacAddressUserId(int networkInterfaceIndex) {
|
||||
@@ -67,7 +67,7 @@ public class MacAddressUserId implements AppIdUserIdMechanism {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link MacAddressUserId} using a {@code networkInterfaceName}. This
|
||||
* Create a new {@link MacAddressUserId} using a {@code networkInterfaceName}. This
|
||||
* name is compared with {@link NetworkInterface#getName()} and
|
||||
* {@link NetworkInterface#getDisplayName()} to obtain the desired network interface.
|
||||
*
|
||||
|
||||
@@ -37,8 +37,8 @@ public class SimpleSessionManager implements SessionManager {
|
||||
private volatile VaultToken token;
|
||||
|
||||
/**
|
||||
* Creates a new {@link SimpleSessionManager} using a {@link ClientAuthentication}.
|
||||
*
|
||||
* Create a new {@link SimpleSessionManager} using a {@link ClientAuthentication}.
|
||||
*
|
||||
* @param clientAuthentication must not be {@literal null}.
|
||||
*/
|
||||
public SimpleSessionManager(ClientAuthentication clientAuthentication) {
|
||||
|
||||
@@ -20,7 +20,7 @@ import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A static UserId.
|
||||
*
|
||||
*
|
||||
* @author Mark Paluch
|
||||
* @see AppIdUserIdMechanism
|
||||
*/
|
||||
@@ -29,7 +29,7 @@ public class StaticUserId implements AppIdUserIdMechanism {
|
||||
private final String userId;
|
||||
|
||||
/**
|
||||
* Creates a new {@link StaticUserId} for a given {@code userId}.
|
||||
* Create a new {@link StaticUserId} for a given {@code userId}.
|
||||
*
|
||||
* @param userId must not be empty or {@literal null}.
|
||||
*/
|
||||
|
||||
@@ -30,8 +30,8 @@ public class TokenAuthentication implements ClientAuthentication {
|
||||
private final VaultToken token;
|
||||
|
||||
/**
|
||||
* Creates a new {@link TokenAuthentication} with a static {@code token}.
|
||||
*
|
||||
* Create a new {@link TokenAuthentication} with a static {@code token}.
|
||||
*
|
||||
* @param token the Vault token, must not be empty or {@literal null}.
|
||||
*/
|
||||
public TokenAuthentication(String token) {
|
||||
@@ -41,7 +41,7 @@ public class TokenAuthentication implements ClientAuthentication {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link TokenAuthentication} with a static {@code token}.
|
||||
* Create a new {@link TokenAuthentication} with a static {@code token}.
|
||||
*
|
||||
* @param token the Vault token, must not be {@literal null}.
|
||||
*/
|
||||
|
||||
@@ -85,7 +85,7 @@ public class ClientHttpRequestFactoryFactory {
|
||||
ClientHttpRequestFactoryFactory.class.getClassLoader());
|
||||
|
||||
/**
|
||||
* Creates a {@link ClientHttpRequestFactory} for the given {@link ClientOptions} and
|
||||
* Create a {@link ClientHttpRequestFactory} for the given {@link ClientOptions} and
|
||||
* {@link SslConfiguration}.
|
||||
*
|
||||
* @param options must not be {@literal null}
|
||||
|
||||
@@ -58,7 +58,7 @@ public interface VaultOperations {
|
||||
VaultTransitOperations opsForTransit();
|
||||
|
||||
/**
|
||||
* Returns {@link VaultTransitOperations} if the transit backend is mounted on a
|
||||
* Return {@link VaultTransitOperations} if the transit backend is mounted on a
|
||||
* different path than {@code transit}.
|
||||
*
|
||||
* @param path the mount path
|
||||
@@ -72,8 +72,8 @@ public interface VaultOperations {
|
||||
VaultPkiOperations opsForPki();
|
||||
|
||||
/**
|
||||
* Returns {@link VaultPkiOperations} if the PKI backend is mounted on a different
|
||||
* path than {@code pki}.
|
||||
* Return {@link VaultPkiOperations} if the PKI backend is mounted on a different path
|
||||
* than {@code pki}.
|
||||
*
|
||||
* @param path the mount path
|
||||
* @return the operations interface to interact with the Vault PKI backend.
|
||||
|
||||
@@ -127,7 +127,7 @@ public interface VaultSysOperations {
|
||||
void authUnmount(String path) throws VaultException;
|
||||
|
||||
/**
|
||||
* Returns the health status of Vault.
|
||||
* Return the health status of Vault.
|
||||
*
|
||||
* @return the {@link VaultHealth}.
|
||||
* @see <a href="https://www.vaultproject.io/docs/http/sys-health.html">GET
|
||||
|
||||
@@ -65,7 +65,7 @@ public class VaultSysTemplate implements VaultSysOperations {
|
||||
private final VaultOperations vaultOperations;
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultSysTemplate} with the given {@link VaultOperations}.
|
||||
* Create a new {@link VaultSysTemplate} with the given {@link VaultOperations}.
|
||||
*
|
||||
* @param vaultOperations must not be {@literal null}.
|
||||
*/
|
||||
|
||||
@@ -64,7 +64,7 @@ public class VaultTemplate implements InitializingBean, VaultOperations, Disposa
|
||||
private final boolean dedicatedSessionManager;
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultTemplate} without setting {@link RestOperations} and
|
||||
* Create a new {@link VaultTemplate} without setting {@link RestOperations} and
|
||||
* {@link SessionManager}.
|
||||
*/
|
||||
public VaultTemplate() {
|
||||
@@ -72,7 +72,7 @@ public class VaultTemplate implements InitializingBean, VaultOperations, Disposa
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultTemplate} with a {@link VaultEndpoint} and
|
||||
* Create a new {@link VaultTemplate} with a {@link VaultEndpoint} and
|
||||
* {@link ClientAuthentication}.
|
||||
*
|
||||
* @param vaultEndpoint must not be {@literal null}.
|
||||
@@ -95,7 +95,7 @@ public class VaultTemplate implements InitializingBean, VaultOperations, Disposa
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultTemplate} with a {@link VaultEndpoint},
|
||||
* Create a new {@link VaultTemplate} with a {@link VaultEndpoint},
|
||||
* {@link ClientHttpRequestFactory} and {@link SessionManager}.
|
||||
*
|
||||
* @param vaultEndpoint must not be {@literal null}.
|
||||
|
||||
@@ -37,7 +37,7 @@ public class VaultTokenTemplate implements VaultTokenOperations {
|
||||
private final VaultOperations vaultOperations;
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultTokenTemplate} with the given {@link VaultOperations}.
|
||||
* Create a new {@link VaultTokenTemplate} with the given {@link VaultOperations}.
|
||||
*
|
||||
* @param vaultOperations must not be {@literal null}.
|
||||
*/
|
||||
|
||||
@@ -32,14 +32,14 @@ import org.springframework.vault.support.VaultTransitKeyCreationRequest;
|
||||
public interface VaultTransitOperations {
|
||||
|
||||
/**
|
||||
* Creates a new named encryption key given a {@code name}.
|
||||
* Create a new named encryption key given a {@code name}.
|
||||
*
|
||||
* @param keyName must not be empty or {@literal null}.
|
||||
*/
|
||||
void createKey(String keyName);
|
||||
|
||||
/**
|
||||
* Creates a new named encryption key given a {@code name} and
|
||||
* Create a new named encryption key given a {@code name} and
|
||||
* {@link VaultTransitKeyCreationRequest}. The key options set here cannot be changed
|
||||
* after key creation.
|
||||
*
|
||||
@@ -56,7 +56,7 @@ public interface VaultTransitOperations {
|
||||
List<String> getKeys();
|
||||
|
||||
/**
|
||||
* Creates a new named encryption key given a {@code name}.
|
||||
* Create a new named encryption key given a {@code name}.
|
||||
*
|
||||
* @param keyName must not be empty or {@literal null}.
|
||||
* @param keyConfiguration must not be {@literal null}.
|
||||
@@ -64,7 +64,7 @@ public interface VaultTransitOperations {
|
||||
void configureKey(String keyName, VaultTransitKeyConfiguration keyConfiguration);
|
||||
|
||||
/**
|
||||
* Returns information about a named encryption key.
|
||||
* Return information about a named encryption key.
|
||||
*
|
||||
* @param keyName must not be empty or {@literal null}.
|
||||
* @return the {@link VaultTransitKey}.
|
||||
|
||||
@@ -186,5 +186,4 @@ public class VaultPropertySource extends EnumerablePropertySource<VaultOperation
|
||||
protected Map<String, String> toStringMap(Map<String, Object> data) {
|
||||
return JsonMapFlattener.flatten(data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -97,17 +97,17 @@ container.start(); // events are triggered after starting the container
|
||||
* by this container applying {@code minRenewalSeconds}/{@code expiryThresholdSeconds} on
|
||||
* a {@link TaskScheduler background thread}.
|
||||
* <p>
|
||||
* Requests for secrets can define either renewal or rotation. Renewable leases are
|
||||
* renewed until expiry. Rotating secrets renew their associated lease until expiry and
|
||||
* request new secrets after expiry. Vault requires active interaction from a caller side
|
||||
* to determine a secret is expired. Vault does not send any events. Expired secrets
|
||||
* events can dispatch later than the actual expiry.
|
||||
* Requests for secrets can define either renewal or rotation. The container renews leases
|
||||
* until expiry. Rotating secrets renew their associated lease until expiry and request
|
||||
* new secrets after expiry. Vault requires active interaction from a caller side to
|
||||
* determine a secret is expired. Vault does not send any events. Expired secrets events
|
||||
* can dispatch later than the actual expiry.
|
||||
* <p>
|
||||
* The container dispatches lease events to {@link LeaseListener} and
|
||||
* {@link LeaseErrorListener}. Event notifications are dispatched either on the
|
||||
* {@link #start() stating} {@link Thread} or worker threads used for background renewal.
|
||||
*
|
||||
* Instances are thread-safe once {@link #afterPropertiesSet() initialized.}
|
||||
* {@link #start() starting} {@link Thread} or worker threads used for background renewal.
|
||||
* <p>
|
||||
* Instances are thread-safe once {@link #afterPropertiesSet() initialized}.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
* @see RequestedSecret
|
||||
@@ -146,7 +146,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
private volatile int status = STATUS_INITIAL;
|
||||
|
||||
/**
|
||||
* Creates a new {@link SecretLeaseContainer} given {@link VaultOperations}.
|
||||
* Create a new {@link SecretLeaseContainer} given {@link VaultOperations}.
|
||||
*
|
||||
* @param operations must not be {@literal null}.
|
||||
*/
|
||||
@@ -158,7 +158,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link SecretLeaseContainer} given {@link VaultOperations} and
|
||||
* Create a new {@link SecretLeaseContainer} given {@link VaultOperations} and
|
||||
* {@link TaskScheduler}.
|
||||
*
|
||||
* @param operations must not be {@literal null}.
|
||||
@@ -170,7 +170,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
Assert.notNull(taskScheduler, "TaskScheduler must not be null");
|
||||
|
||||
this.operations = operations;
|
||||
this.taskScheduler = taskScheduler;
|
||||
setTaskScheduler(taskScheduler);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -221,10 +221,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
* @return the {@link RequestedSecret}.
|
||||
*/
|
||||
public RequestedSecret requestRenewableSecret(String path) {
|
||||
|
||||
RequestedSecret requestedSecret = RequestedSecret.renewable(path);
|
||||
addRequestedSecret(requestedSecret);
|
||||
return requestedSecret;
|
||||
return addRequestedSecret(RequestedSecret.renewable(path));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -234,10 +231,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
* @return the {@link RequestedSecret}.
|
||||
*/
|
||||
public RequestedSecret requestRotatingSecret(String path) {
|
||||
|
||||
RequestedSecret requestedSecret = RequestedSecret.rotating(path);
|
||||
addRequestedSecret(requestedSecret);
|
||||
return requestedSecret;
|
||||
return addRequestedSecret(RequestedSecret.rotating(path));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -245,7 +239,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
*
|
||||
* @param requestedSecret must not be {@literal null}.
|
||||
*/
|
||||
public void addRequestedSecret(RequestedSecret requestedSecret) {
|
||||
public RequestedSecret addRequestedSecret(RequestedSecret requestedSecret) {
|
||||
|
||||
Assert.notNull(requestedSecret, "RequestedSecret must not be null");
|
||||
|
||||
@@ -261,6 +255,8 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
start(requestedSecret, leaseRenewalScheduler);
|
||||
}
|
||||
}
|
||||
|
||||
return requestedSecret;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -269,9 +265,9 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
* events through {@link LeaseListener}. Additional secrets can be requested at any
|
||||
* time.
|
||||
* <p>
|
||||
* Multiple {@link #start()} calls are synchronized to start the container only once.
|
||||
* Container start requires {@link #afterPropertiesSet() initialization} and cannot be
|
||||
* started once the container was {@link #destroy() destroyed}.
|
||||
* Multiple calls are synchronized to start the container only once. Container start
|
||||
* requires {@link #afterPropertiesSet() initialization} and cannot be started once
|
||||
* the container was {@link #destroy() destroyed}.
|
||||
*
|
||||
* @see #afterPropertiesSet()
|
||||
* @see #stop()
|
||||
@@ -314,7 +310,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
* Stop the {@link SecretLeaseContainer}. Stopping the container will stop lease
|
||||
* renewal, secrets rotation and event publishing. Active leases are not expired.
|
||||
* <p>
|
||||
* Multiple {@link #stop()} calls are synchronized to stop the container only once.
|
||||
* Multiple calls are synchronized to stop the container only once.
|
||||
*
|
||||
* @see #start()
|
||||
*/
|
||||
@@ -359,6 +355,10 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
/**
|
||||
* Shutdown this {@link SecretLeaseContainer}, disable lease renewal and revoke
|
||||
* leases.
|
||||
*
|
||||
* @see #afterPropertiesSet()
|
||||
* @see #start()
|
||||
* @see #stop()
|
||||
*/
|
||||
@Override
|
||||
public void destroy() throws Exception {
|
||||
@@ -497,7 +497,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
}
|
||||
|
||||
/**
|
||||
* Hook method called when a {@link Lease} expired. The default implementation is to
|
||||
* Hook method called when a {@link Lease} expires. The default implementation is to
|
||||
* notify {@link LeaseListener}. Implementations can override this method in
|
||||
* subclasses.
|
||||
*
|
||||
@@ -651,7 +651,7 @@ public class SecretLeaseContainer extends SecretLeaseEventPublisher
|
||||
/**
|
||||
* Disables schedule for already scheduled renewals.
|
||||
*/
|
||||
public void disableScheduleRenewal() {
|
||||
void disableScheduleRenewal() {
|
||||
|
||||
currentLeaseRef.set(null);
|
||||
Set<Lease> leases = new HashSet<Lease>(schedules.keySet());
|
||||
|
||||
@@ -18,7 +18,7 @@ package org.springframework.vault.core.lease.domain;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* A lease abstracting the lease Id, duration and renewability.
|
||||
* A lease abstracting the lease Id, duration and its renewability.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
@@ -33,6 +33,7 @@ public class Lease {
|
||||
private final boolean renewable;
|
||||
|
||||
private Lease(String leaseId, long leaseDuration, boolean renewable) {
|
||||
|
||||
this.leaseId = leaseId;
|
||||
this.leaseDuration = leaseDuration;
|
||||
this.renewable = renewable;
|
||||
|
||||
@@ -46,7 +46,7 @@ public class RequestedSecret {
|
||||
* this secret will be renewed if the lease is qualified for renewal. The lease is no
|
||||
* longer valid after expiry.
|
||||
*
|
||||
* @param path must not be {@literal null} or empty.
|
||||
* @param path must not be {@literal null} or empty, must not start with a slash.
|
||||
* @return the renewable {@link RequestedSecret}.
|
||||
*/
|
||||
public static RequestedSecret renewable(String path) {
|
||||
@@ -58,7 +58,7 @@ public class RequestedSecret {
|
||||
* this secret will be renewed if the lease is qualified for renewal. Once the lease
|
||||
* expires, a new secret with a new lease is obtained.
|
||||
*
|
||||
* @param path must not be {@literal null} or empty.
|
||||
* @param path must not be {@literal null} or empty, must not start with a slash.
|
||||
* @return the rotating {@link RequestedSecret}.
|
||||
*/
|
||||
public static RequestedSecret rotating(String path) {
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
/**
|
||||
* Lease domain classes.
|
||||
*/
|
||||
package org.springframework.vault.core.lease.domain;
|
||||
@@ -21,7 +21,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
/**
|
||||
* Event published after renewing a {@link Lease} for a {@link RequestedSecret}. The
|
||||
* secrets associated with {@link Lease} should be considered valid and the lease extended
|
||||
* when this event is received.
|
||||
* at the time this event is received.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
|
||||
@@ -20,8 +20,8 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
/**
|
||||
* Event published after revoking a {@link Lease} for a {@link RequestedSecret}. The
|
||||
* secrets associated with {@link Lease} should be considered invalid when this event is
|
||||
* received.
|
||||
* secrets associated with {@link Lease} should be considered invalid at the time this
|
||||
* event is received.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
|
||||
@@ -20,8 +20,7 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
/**
|
||||
* Event published before revoking a {@link Lease} for a {@link RequestedSecret}. The
|
||||
* secrets associated with {@link Lease} should be considered still valid when this event
|
||||
* is received.
|
||||
* secrets associated with {@link Lease} can be valid at the time this event is received.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
* @see AfterSecretLeaseRevocationEvent
|
||||
|
||||
@@ -17,6 +17,9 @@ package org.springframework.vault.core.lease.event;
|
||||
|
||||
/**
|
||||
* Listener for Vault exceptional {@link SecretLeaseEvent}s.
|
||||
* <p>
|
||||
* Error events can occur during secret retrieval, lease renewal, lease revocation and
|
||||
* secret rotation.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
|
||||
@@ -20,12 +20,18 @@ import org.springframework.vault.core.lease.domain.Lease;
|
||||
import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
/**
|
||||
* Abstract base class for {@link Lease} based events.
|
||||
* Abstract base class for {@link Lease} based events associated with
|
||||
* {@link RequestedSecret}.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
* @see ApplicationEvent
|
||||
* @see Lease
|
||||
* @see RequestedSecret
|
||||
*/
|
||||
public abstract class SecretLeaseEvent extends ApplicationEvent {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private final Lease lease;
|
||||
|
||||
/**
|
||||
@@ -37,6 +43,7 @@ public abstract class SecretLeaseEvent extends ApplicationEvent {
|
||||
*/
|
||||
protected SecretLeaseEvent(RequestedSecret requestedSecret, Lease lease) {
|
||||
super(requestedSecret);
|
||||
|
||||
this.lease = lease;
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,8 @@ import org.springframework.vault.core.lease.domain.RequestedSecret;
|
||||
|
||||
/**
|
||||
* Event published after an expired {@link Lease} for a {@link RequestedSecret} was
|
||||
* observed.
|
||||
* observed. Secrets associated with the lease are about to expire or already expired at
|
||||
* the time this event is received.
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
/**
|
||||
* Support classes for lease application events.
|
||||
*/
|
||||
package org.springframework.vault.core.lease.event;
|
||||
@@ -0,0 +1,4 @@
|
||||
/**
|
||||
* The core package implementing lease renewal and secret rotation.
|
||||
*/
|
||||
package org.springframework.vault.core.lease;
|
||||
@@ -19,7 +19,7 @@ import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
* Client options for Vault.
|
||||
*
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
public class ClientOptions {
|
||||
@@ -35,7 +35,7 @@ public class ClientOptions {
|
||||
private final int readTimeout;
|
||||
|
||||
/**
|
||||
* Creates new {@link ClientOptions} with default timeouts of {@literal 5}
|
||||
* Create new {@link ClientOptions} with default timeouts of {@literal 5}
|
||||
* {@link TimeUnit#SECONDS} connection timeout and {@literal 15}
|
||||
* {@link TimeUnit#SECONDS} read timeout.
|
||||
*/
|
||||
@@ -44,8 +44,8 @@ public class ClientOptions {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates new {@link ClientOptions}.
|
||||
*
|
||||
* Create new {@link ClientOptions}.
|
||||
*
|
||||
* @param connectionTimeout connection timeout in {@link TimeUnit#MILLISECONDS}, must
|
||||
* be greater {@literal 0}.
|
||||
* @param readTimeout read timeout in {@link TimeUnit#MILLISECONDS}, must be greater
|
||||
|
||||
@@ -41,8 +41,8 @@ import java.util.List;
|
||||
class KeystoreUtil {
|
||||
|
||||
/**
|
||||
* Creates a {@link KeyStore} containing the {@link KeySpec} and
|
||||
* {@link X509Certificate certificates} using the given {@code keyAlias}.
|
||||
* Create a {@link KeyStore} containing the {@link KeySpec} and {@link X509Certificate
|
||||
* certificates} using the given {@code keyAlias}.
|
||||
*
|
||||
* @param keyAlias
|
||||
* @param certificates
|
||||
@@ -82,7 +82,7 @@ class KeystoreUtil {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an empty {@link KeyStore}.
|
||||
* Create an empty {@link KeyStore}.
|
||||
*
|
||||
* @return
|
||||
* @throws GeneralSecurityException
|
||||
@@ -337,7 +337,7 @@ class KeystoreUtil {
|
||||
* | Class | CF | + Type |
|
||||
* -------------------------------------------------
|
||||
* </pre>
|
||||
*
|
||||
*
|
||||
* <ul>
|
||||
* <li>Class: Universal, Application, Context or Private
|
||||
* <li>CF: Constructed flag. If 1, the field is constructed.
|
||||
|
||||
@@ -60,7 +60,7 @@ public class SslConfiguration {
|
||||
private final String trustStorePassword;
|
||||
|
||||
/**
|
||||
* Creates a new {@link SslConfiguration}.
|
||||
* Create a new {@link SslConfiguration}.
|
||||
*
|
||||
* @param keyStore the keystore resource.
|
||||
* @param keyStorePassword the keystore password.
|
||||
@@ -77,7 +77,7 @@ public class SslConfiguration {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link SslConfiguration} for the given trust store.
|
||||
* Create a new {@link SslConfiguration} for the given trust store.
|
||||
*
|
||||
* @param trustStore resource pointing to an existing trust store, must not be
|
||||
* {@literal null}.
|
||||
@@ -96,7 +96,7 @@ public class SslConfiguration {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link SslConfiguration} for the given key store.
|
||||
* Create a new {@link SslConfiguration} for the given key store.
|
||||
*
|
||||
* @param keyStore resource pointing to an existing key store, must not be
|
||||
* {@literal null}.
|
||||
@@ -114,7 +114,7 @@ public class SslConfiguration {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link SslConfiguration} for the given truststore.
|
||||
* Create a new {@link SslConfiguration} for the given truststore.
|
||||
*
|
||||
* @param keyStore resource pointing to an existing keystore, must not be
|
||||
* {@literal null}.
|
||||
|
||||
@@ -75,7 +75,7 @@ public class VaultCertificateRequest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultCertificateRequest} given a {@code commonName}.
|
||||
* Create a new {@link VaultCertificateRequest} given a {@code commonName}.
|
||||
*
|
||||
* @param commonName must not be empty or {@literal null}.
|
||||
* @return the created {@link VaultCertificateRequest}.
|
||||
@@ -189,7 +189,7 @@ public class VaultCertificateRequest {
|
||||
|
||||
/**
|
||||
* Configure a TTL.
|
||||
*
|
||||
*
|
||||
* @param ttl the TTL, must be a positive number.
|
||||
* @return {@code this} {@link VaultCertificateRequestBuilder}.
|
||||
*/
|
||||
@@ -221,7 +221,7 @@ public class VaultCertificateRequest {
|
||||
* Exclude the given common name from DNS or Email Subject Alternate Names (as
|
||||
* appropriate). Useful if the CN is not a hostname or email address, but is
|
||||
* instead some human-readable identifier.
|
||||
*
|
||||
*
|
||||
* @return {@code this} {@link VaultCertificateRequestBuilder}.
|
||||
*/
|
||||
public VaultCertificateRequestBuilder excludeCommonNameFromSubjectAltNames() {
|
||||
|
||||
@@ -56,7 +56,7 @@ public class VaultMount {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultMount} given a {@code type}.
|
||||
* Create a new {@link VaultMount} given a {@code type}.
|
||||
*
|
||||
* @param type backend type, must not be empty or {@literal null}.
|
||||
* @return the created {@link VaultMount}.
|
||||
@@ -109,7 +109,7 @@ public class VaultMount {
|
||||
|
||||
/**
|
||||
* Configure the backend type.
|
||||
*
|
||||
*
|
||||
* @param type the backend type, must not be empty or {@literal null}.
|
||||
* @return {@literal this} {@link VaultMountBuilder}.
|
||||
*/
|
||||
@@ -123,7 +123,7 @@ public class VaultMount {
|
||||
|
||||
/**
|
||||
* Configure a human readable description of this mount.
|
||||
*
|
||||
*
|
||||
* @param description a human readable description of this mount.
|
||||
* @return {@literal this} {@link VaultMountBuilder}.
|
||||
*/
|
||||
@@ -134,7 +134,7 @@ public class VaultMount {
|
||||
|
||||
/**
|
||||
* Set additional configuration details for this mount.
|
||||
*
|
||||
*
|
||||
* @param config additional configuration details for this mount.
|
||||
* @return {@literal this} {@link VaultMountBuilder}.
|
||||
*/
|
||||
|
||||
@@ -40,8 +40,8 @@ public class VaultToken {
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link VaultToken}.
|
||||
*
|
||||
* Create a new {@link VaultToken}.
|
||||
*
|
||||
* @param token must not be empty or {@literal null}.
|
||||
* @return the created {@link VaultToken}
|
||||
*/
|
||||
|
||||
@@ -17,14 +17,14 @@ package org.springframework.vault.support;
|
||||
|
||||
/**
|
||||
* Value object to bind Vault HTTP Token API responses.
|
||||
*
|
||||
*
|
||||
* @author Mark Paluch
|
||||
*/
|
||||
public class VaultTokenResponse extends VaultResponse {
|
||||
|
||||
/**
|
||||
* Returns a {@link VaultToken} from the {@link VaultResponse}.
|
||||
*
|
||||
* Return a {@link VaultToken} from the {@link VaultResponse}.
|
||||
*
|
||||
* @return the {@link VaultToken}.
|
||||
*/
|
||||
public VaultToken getToken() {
|
||||
|
||||
Reference in New Issue
Block a user