public abstract class AbstractVaultProvider extends Object implements VaultProvider
VaultProvider
that want to have support for
key resolvers.
This class implements the obtainSecret(String)
method by iterating through the configured resolvers in order and,
using the final key name provided by each resolver, calls the obtainSecretInternal(String)
method that must be
implemented by sub-classes. If obtainSecretInternal(String)
returns a non-empty secret, it is immediately returned;
otherwise the implementation tries again using the next configured resolver until a non-empty secret is obtained or all
resolvers have been tried, in which case an empty VaultRawSecret
is returned.
Concrete implementations must, in addition to implementing the obtainSecretInternal(String)
method, ensure that
each constructor calls the AbstractVaultProvider(String, List)
constructor from this class
so that the realm and list of key resolvers are properly initialized.Modifier and Type | Field and Description |
---|---|
protected String |
realm |
protected List<VaultKeyResolver> |
resolvers |
Constructor and Description |
---|
AbstractVaultProvider(String realm,
List<VaultKeyResolver> configuredResolvers)
Creates an instance of
AbstractVaultProvider with the specified realm and list of key resolvers. |
Modifier and Type | Method and Description |
---|---|
VaultRawSecret |
obtainSecret(String vaultSecretId) |
protected abstract VaultRawSecret |
obtainSecretInternal(String vaultKey)
Subclasses of
AbstractVaultProvider must implement this method. |
protected final String realm
protected final List<VaultKeyResolver> resolvers
public AbstractVaultProvider(String realm, List<VaultKeyResolver> configuredResolvers)
AbstractVaultProvider
with the specified realm and list of key resolvers.realm
- the name of the keycloak realm.configuredResolvers
- a List
containing the configured key resolvers.public VaultRawSecret obtainSecret(String vaultSecretId)
obtainSecret
in interface VaultProvider
protected abstract VaultRawSecret obtainSecretInternal(String vaultKey)
AbstractVaultProvider
must implement this method. It is meant to be implemented in the same
way as the obtainSecret(String)
method from the VaultProvider
interface, but the specified vault
key must be used as is - i.e. implementations should refrain from processing the key again as the format was already
defined by one of the configured key resolvers.vaultKey
- a String
representing the name of the entry that is being fetched from the vault.VaultRawSecret
representing the obtained secret. It can be a empty secret if no secret could be
obtained using the specified vault key.Copyright © 2021 JBoss by Red Hat. All rights reserved.