Package org.keycloak.vault

Class AbstractVaultProvider

java.lang.Object

org.keycloak.vault.AbstractVaultProvider

All Implemented Interfaces:

Provider, VaultProvider

Direct Known Subclasses:

FilesKeystoreVaultProvider, FilesPlainTextVaultProvider

public abstract class AbstractVaultProvider
extends Object
implements VaultProvider

Abstract class that is meant to be extended by implementations of VaultProvider that want to have support for key resolvers.

This class implements the obtainSecret(String) method by iterating through the configured resolvers in order and, using the final key name provided by each resolver, calls the obtainSecretInternal(String) method that must be implemented by sub-classes. If obtainSecretInternal(String) returns a non-empty secret, it is immediately returned; otherwise the implementation tries again using the next configured resolver until a non-empty secret is obtained or all resolvers have been tried, in which case an empty VaultRawSecret is returned.

Concrete implementations must, in addition to implementing the obtainSecretInternal(String) method, ensure that each constructor calls the AbstractVaultProvider(String, List) constructor from this class so that the realm and list of key resolvers are properly initialized.

Author:

Stefan Guilhen

Field Summary

Fields

Modifier and Type	Field	Description
protected final String	realm
protected final List<VaultKeyResolver>	resolvers

Constructor Summary

Constructors

Constructor	Description
AbstractVaultProvider(String realm, List<VaultKeyResolver> configuredResolvers)	Creates an instance of AbstractVaultProvider with the specified realm and list of key resolvers.

Method Summary

Modifier and Type	Method	Description
VaultRawSecret	obtainSecret(String vaultSecretId)
protected abstract VaultRawSecret	obtainSecretInternal(String vaultKey)	Subclasses of AbstractVaultProvider must implement this method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.Provider

close

Field Details

realm

protected final String realm

resolvers

protected final List<VaultKeyResolver> resolvers

Constructor Details

AbstractVaultProvider

public AbstractVaultProvider(String realm,
 List<VaultKeyResolver> configuredResolvers)

Creates an instance of AbstractVaultProvider with the specified realm and list of key resolvers.

Parameters:

realm - the name of the keycloak realm.

configuredResolvers - a List containing the configured key resolvers.

Method Details

obtainSecret

public VaultRawSecret obtainSecret(String vaultSecretId)

Specified by:

obtainSecret in interface VaultProvider

obtainSecretInternal

protected abstract VaultRawSecret obtainSecretInternal(String vaultKey)

Subclasses of AbstractVaultProvider must implement this method. It is meant to be implemented in the same way as the obtainSecret(String) method from the VaultProvider interface, but the specified vault key must be used as is - i.e. implementations should refrain from processing the key again as the format was already defined by one of the configured key resolvers.

Parameters:

vaultKey - a String representing the name of the entry that is being fetched from the vault.

Returns:

a VaultRawSecret representing the obtained secret. It can be a empty secret if no secret could be obtained using the specified vault key.