Package org.keycloak.vault
Class AbstractVaultProvider
- java.lang.Object
-
- org.keycloak.vault.AbstractVaultProvider
-
- All Implemented Interfaces:
org.keycloak.provider.Provider
,org.keycloak.vault.VaultProvider
- Direct Known Subclasses:
FilesPlainTextVaultProvider
public abstract class AbstractVaultProvider extends Object implements org.keycloak.vault.VaultProvider
Abstract class that is meant to be extended by implementations ofVaultProvider
that want to have support for key resolvers. This class implements theobtainSecret(String)
method by iterating through the configured resolvers in order and, using the final key name provided by each resolver, calls theobtainSecretInternal(String)
method that must be implemented by sub-classes. IfobtainSecretInternal(String)
returns a non-empty secret, it is immediately returned; otherwise the implementation tries again using the next configured resolver until a non-empty secret is obtained or all resolvers have been tried, in which case an emptyVaultRawSecret
is returned. Concrete implementations must, in addition to implementing theobtainSecretInternal(String)
method, ensure that each constructor calls theAbstractVaultProvider(String, List)
constructor from this class so that the realm and list of key resolvers are properly initialized.- Author:
- Stefan Guilhen
-
-
Constructor Summary
Constructors Constructor Description AbstractVaultProvider(String realm, List<org.keycloak.vault.VaultKeyResolver> configuredResolvers)
Creates an instance ofAbstractVaultProvider
with the specified realm and list of key resolvers.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description org.keycloak.vault.VaultRawSecret
obtainSecret(String vaultSecretId)
protected abstract org.keycloak.vault.VaultRawSecret
obtainSecretInternal(String vaultKey)
Subclasses ofAbstractVaultProvider
must implement this method.
-
-
-
Constructor Detail
-
AbstractVaultProvider
public AbstractVaultProvider(String realm, List<org.keycloak.vault.VaultKeyResolver> configuredResolvers)
Creates an instance ofAbstractVaultProvider
with the specified realm and list of key resolvers.- Parameters:
realm
- the name of the keycloak realm.configuredResolvers
- aList
containing the configured key resolvers.
-
-
Method Detail
-
obtainSecret
public org.keycloak.vault.VaultRawSecret obtainSecret(String vaultSecretId)
- Specified by:
obtainSecret
in interfaceorg.keycloak.vault.VaultProvider
-
obtainSecretInternal
protected abstract org.keycloak.vault.VaultRawSecret obtainSecretInternal(String vaultKey)
Subclasses ofAbstractVaultProvider
must implement this method. It is meant to be implemented in the same way as theobtainSecret(String)
method from theVaultProvider
interface, but the specified vault key must be used as is - i.e. implementations should refrain from processing the key again as the format was already defined by one of the configured key resolvers.- Parameters:
vaultKey
- aString
representing the name of the entry that is being fetched from the vault.- Returns:
- a
VaultRawSecret
representing the obtained secret. It can be a empty secret if no secret could be obtained using the specified vault key.
-
-