Merge branch 'master' into login-error-response-bodies

Author: steve-perkins

README.md

@@ -13,17 +13,6 @@ NOTE:  Although the binary artifact produced by the project is backwards-compati
 
 This Change
 -----------
-This change generalizes the vault Java driver to allow prefix paths to 
-contain multiple path elements.  That is, instead of restricting v2 paths
-to be **v1**/*something*/**data**/*anything*/*else* (e.g., for a read or write),
-paths can be **v1**/*my*/*long*/*prefix*/*path*/**data**/*anything*/*else*.
-The length of the prefix path in path elements, or the prefix path itself
-(from which the length in path elements can be derived) is passed in the 
-VaultConfig build sequence.  This allows Vault administrators greater
-flexibility in configuring the system.
-
-The default is a prefix path length of one, which makes the library's
-behavior backwards-compatible with v5.0.0.
 
 Table of Contents
 -----------------
@@ -48,7 +37,7 @@ The driver is available from Maven Central, for all modern Java build systems.
 Gradle:
 ```
 dependencies {
-    implementation 'com.bettercloud:vault-java-driver:5.0.0'
+    implementation 'com.bettercloud:vault-java-driver:5.1.0'
 }
 ```
 
@@ -57,7 +46,7 @@ Maven:
 <dependency>
     <groupId>com.bettercloud</groupId>
     <artifactId>vault-java-driver</artifactId>
-    <version>5.0.0</version>
+    <version>5.1.0</version>
 </dependency>
 ```
 
@@ -124,6 +113,22 @@ for both K/V versions.
     but leave the map `null`.  Note that this option requires your authentication credentials to have access to read Vault's `/v1/sys/mounts` 
     path.
 
+Version 2 of the K/V engine dynamically injects a qualifier element into your secret paths, which varies depending on the type of for read and write operations, in between the root version 
+operation.  For example, for read and write operations, the secret path:
+
+```v1/mysecret```
+
+... has a "data" qualifier injected:
+
+```v1/data/mysecret```
+
+The default behavior of this driver is to insert the appropriate qualifier one level deep (i.e. in between the root version number 
+and the rest of the path).  However, if your secret path is prefixed, such that the qualifier should be injected further down:
+
+```v1/my/long/prefix/data/anything/else```
+
+... then you should accordingly set the `VaultConfig.prefixPathDepth` property when constructing your `Vault` instance.
+
 
 SSL Config
 ----------
@@ -266,7 +271,11 @@ Note that changes to the major version (i.e. the first number) represent possibl
 may require modifications in your code to migrate.  Changes to the minor version (i.e. the second number)
 should represent non-breaking changes.  The third number represents any very minor bugfix patches.
 
-* **5.0.0 (IN PROGRESS)**:  This release contains the following updates:
+* **5.1.0 (IN PROGRESS)**:  This release contains the following updates:
+  * Supports path prefixes when using K/V engine V2.  [(PR #189)](https://github.com/BetterCloud/vault-java-driver/pull/189)
+  * Support all options for the createToken operation.  [(PR # 199)](https://github.com/BetterCloud/vault-java-driver/pull/199)
+  
+* **5.0.0**:  This release contains the following updates:
   * Changes the retry behavior, to no longer attempt retries on 4xx response codes (for which retries generally won't succeed anyway).  This 
     is the only (mildly) breaking change in this release, necessitating a major version bump. [(PR #176)](https://github.com/BetterCloud/vault-java-driver/pull/176)
   * Implements support for the Database secret engine. [(PR #175)](https://github.com/BetterCloud/vault-java-driver/pull/175)

build.gradle

@@ -5,7 +5,7 @@ apply plugin: 'checkstyle'
 
 group 'com.bettercloud'
 archivesBaseName = 'vault-java-driver'
-version '5.0.0'
+version '5.1.0-SNAPSHOT'
 ext.isReleaseVersion = !version.endsWith('SNAPSHOT')
 
 // This project is actually limited to Java 8 compatibility.  See below.
@@ -19,7 +19,7 @@ repositories {
 dependencies {
     testCompile('junit:junit:4.12')
     testCompile('org.mockito:mockito-core:2.28.2')
-    testCompile('org.testcontainers:testcontainers:1.12.0')
+    testCompile('org.testcontainers:testcontainers:1.12.3')
     testCompile('org.eclipse.jetty:jetty-server:9.4.19.v20190610')
     testCompile('org.slf4j:slf4j-api:1.7.26')
     testCompile('org.bouncycastle:bcprov-jdk15on:1.62')

src/main/java/com/bettercloud/vault/VaultConfig.java

@@ -211,9 +211,9 @@ public VaultConfig readTimeout(final Integer readTimeout) {
     /**
      * <p>Set the "path depth" of the prefix path.  Normally this is just
      * 1, to correspond to one path element in the prefix path.  To use
-     * a longer prefix path, set this value
+     * a longer prefix path, set this value.</p>
      *
-     * @param prefixPathDepth integer number of path elements in the prefix path
+     * @param pathLength integer number of path elements in the prefix path
      */
     public VaultConfig prefixPathDepth(int prefixPathDepth) {
        if (prefixPathDepth < 1) {

src/main/java/com/bettercloud/vault/api/Auth.java

@@ -47,6 +47,11 @@ public static class TokenRequest implements Serializable {
         private String displayName;
         private Long numUses;
         private String role;
+        private Boolean renewable;
+        private String type;
+        private String explicitMaxTtl;
+        private String period;
+        private String entityAlias;
 
         /**
          * @param id (optional) The ID of the client token. Can only be specified by a root token. Otherwise, the token ID is a randomly generated UUID.
@@ -129,6 +134,57 @@ public TokenRequest role(final String role) {
             return this;
         }
 
+        /**
+         * @param renewable Set to false to disable the ability of the token to be renewed past its
+         * initial TTL. Setting the value to true will allow the token to be renewable up to
+         * the system/mount maximum TTL.
+         * @return This object, with its renewable field populated
+         */
+        public TokenRequest renewable(final Boolean renewable) {
+            this.renewable = renewable;
+            return this;
+        }
+
+        /**
+         *
+         * @param type The token type. Can be "batch" or "service".
+         * @return This object, with its type field populated
+         */
+        public TokenRequest type(final String type) {
+            this.type = type;
+            return this;
+        }
+
+        /**
+         *
+         * @param explicitMaxTtl If set, the token will have an explicit max TTL set upon it.
+         * @return This object, with its explicitMaxTtl field populated
+         */
+        public TokenRequest explicitMaxTtl(final String explicitMaxTtl) {
+            this.explicitMaxTtl = explicitMaxTtl;
+            return this;
+        }
+
+        /**
+         *
+         * @param period If specified, the token will be periodic
+         * @return This object, with its period field populated
+         */
+        public TokenRequest period(final String period) {
+            this.period = period;
+            return this;
+        }
+
+        /**
+         *
+         * @param entityAlias Name of the entity alias to associate with during token creation.
+         * @return This object, with its period field populated
+         */
+        public TokenRequest entityAlias(final String entityAlias) {
+            this.entityAlias = entityAlias;
+            return this;
+        }
+
         public UUID getId() {
             return id;
         }
@@ -164,6 +220,26 @@ public Long getNumUses() {
         public String getRole() {
             return role;
         }
+
+        public Boolean getRenewable() {
+            return renewable;
+        }
+
+        public String getType() {
+            return type;
+        }
+
+        public String getExplicitMaxTtl() {
+            return explicitMaxTtl;
+        }
+
+        public String getPeriod() {
+            return period;
+        }
+
+        public String getEntityAlias() {
+            return entityAlias;
+        }
     }
 
     private final VaultConfig config;
@@ -249,6 +325,11 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
                 if (tokenRequest.ttl != null) jsonObject.add("ttl", tokenRequest.ttl);
                 if (tokenRequest.displayName != null) jsonObject.add("display_name", tokenRequest.displayName);
                 if (tokenRequest.numUses != null) jsonObject.add("num_uses", tokenRequest.numUses);
+                if (tokenRequest.renewable != null) jsonObject.add("renewable", tokenRequest.renewable);
+                if (tokenRequest.type != null) jsonObject.add("type", tokenRequest.type);
+                if (tokenRequest.explicitMaxTtl != null) jsonObject.add("explicit_max_ttl", tokenRequest.explicitMaxTtl);
+                if (tokenRequest.period != null) jsonObject.add("period", tokenRequest.period);
+                if (tokenRequest.entityAlias != null) jsonObject.add("entity_alias", tokenRequest.entityAlias);
                 final String requestJson = jsonObject.toString();
 
                 final StringBuilder urlBuilder = new StringBuilder(config.getAddress())//NOPMD

src/main/java/com/bettercloud/vault/api/Logical.java

@@ -20,7 +20,6 @@
 import static com.bettercloud.vault.api.LogicalUtilities.adjustPathForVersionUnDelete;
 import static com.bettercloud.vault.api.LogicalUtilities.jsonObjectToWriteFromEngineVersion;
 
-
 /**
  * <p>The implementing class for Vault's core/logical operations (e.g. read, write).</p>
  *