java.lang.Object
- org.keycloak.vault.AbstractVaultProviderFactory

All Implemented Interfaces:

ProviderFactory<VaultProvider>, VaultProviderFactory

Direct Known Subclasses:

FilesPlainTextVaultProviderFactory
```
public abstract class AbstractVaultProviderFactory
extends Object
implements VaultProviderFactory
```
Abstract class that is meant to be extended by implementations of VaultProviderFactory that want to offer support for the configuration of key resolvers.
It implements the init(Config.Scope) method, where is looks for the keyResolvers property. The value is a comma-separated list of key resolver names. It then verifies if the resolver names match one of the available key resolver implementations and then creates a list of VaultKeyResolver instances that subclasses can pass to VaultProvider instances on ProviderFactory.create(KeycloakSession).
The list of currently available resolvers follows:
- KEY_ONLY: only the key name is used as is, realm is ignored;
- REALM_UNDERSCORE_KEY: realm and key are combined using an underscore ('_') character. Any occurrences of underscore in both the realm and key are escaped by an additional underscore character;
- REALM_FILESEPARATOR_KEY: realm and key are combined using the platform file separator character. It might not be suitable for every vault provider but it enables the grouping of secrets using a directory structure;
- FACTORY_PROVIDED: the format of the constructed key is determined by the factory's getFactoryResolver() implementation. it allows for the customization of the final key format by extending the factory and overriding the getFactoryResolver() method.
Note: When extending the standard factories to use the FACTORY_PROVIDED resolver, it is important to also override the ProviderFactory.getId() method so that the custom factory has its own id and as such can be configured in the keycloak server.
If no resolver is explicitly configured for the factory, it defaults to using the REALM_UNDERSCORE_KEY resolver. When one or more resolvers are explicitly configured, this factory iterates through them in order and for each one attempts to obtain the respective VaultKeyResolver implementation. If it fails (for example, the name doesn't match one of the existing resolvers), it logs a message and ignores the resolver. If it fails to load all configured resolvers, it throws a VaultConfigurationException.
Concrete implementations must also make sure to call the super.init(config) in their own init(Config.Scope) implementations so tha the processing of the key resolvers is performed correctly.
Author:

Stefan Guilhen

Nested Class Summary

Nested Classes
Modifier and Type Class Description

protected static class AbstractVaultProviderFactory.AvailableResolvers
Enum containing the available VaultKeyResolvers.

Field Summary

Fields
Modifier and Type Field Description

protected static String KEY_RESOLVERS

protected List<VaultKeyResolver> keyResolvers

Constructor Summary

Constructors
Constructor Description

AbstractVaultProviderFactory()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected VaultKeyResolver`	`getFactoryResolver()`	Obtains the `VaultKeyResolver` implementation that is provided by the factory itself.
`protected String`	`getRealmName(KeycloakSession session)`	Obtains the name of realm from the `KeycloakSession`.
`void`	`init(Config.Scope config)`	Only called once when the factory is first created.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ProviderFactory
close, create, getConfigMetadata, getId, order, postInit

- Field Detail
  - KEY_RESOLVERS
```
protected static final String KEY_RESOLVERS
```
    See Also:
    
    Constant Field Values
  - keyResolvers
```
protected List<VaultKeyResolver> keyResolvers
```
- Constructor Detail
  - AbstractVaultProviderFactory
```
public AbstractVaultProviderFactory()
```
- Method Detail
  - init
```
public void init(Config.Scope config)
```
    Description copied from interface: ProviderFactory
    
    Only called once when the factory is first created. This config is pulled from keycloak_server.json
    
    Specified by:
    
    init in interface ProviderFactory<VaultProvider>
  - getFactoryResolver
```
protected VaultKeyResolver getFactoryResolver()
```
    Obtains the VaultKeyResolver implementation that is provided by the factory itself. By default this method throws an UnsupportedOperationException, so an attempt to use the FACTORY_PROVIDED resolver on a factory that doesn't override this method will result in a failure to use this resolver.
    
    Returns:
    
    the factory-provided VaultKeyResolver.
  - getRealmName
```
protected String getRealmName(KeycloakSession session)
```
    Obtains the name of realm from the KeycloakSession.
    
    Parameters:
    
    session - a reference to the KeycloakSession.
    
    Returns:
    
    the name of the realm.

Modifier and Type	Field	Description
`protected static String`	`KEY_RESOLVERS`
`protected List<VaultKeyResolver>`	`keyResolvers`

Class AbstractVaultProviderFactory

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.provider.ProviderFactory

Field Detail

KEY_RESOLVERS

keyResolvers

Constructor Detail

AbstractVaultProviderFactory

Method Detail

init

getFactoryResolver

getRealmName