Add support for Vault’s PKI secret engine

* Supports all endpoints of PKI secret engine, except prvileged endpoints.
* Has complete test coverage for all endpoints and options.

extensions/vault/deployment/src/main/java/io/quarkus/vault/VaultProcessor.java

@@ -24,6 +24,8 @@
 import io.quarkus.vault.runtime.VaultDbManager;
 import io.quarkus.vault.runtime.VaultKubernetesAuthManager;
 import io.quarkus.vault.runtime.VaultKvManager;
+import io.quarkus.vault.runtime.VaultPKIManager;
+import io.quarkus.vault.runtime.VaultPKIManagerFactory;
 import io.quarkus.vault.runtime.VaultRecorder;
 import io.quarkus.vault.runtime.VaultSystemBackendManager;
 import io.quarkus.vault.runtime.VaultTOTPManager;
@@ -38,6 +40,7 @@
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalDatabaseSecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalKvV1SecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalKvV2SecretEngine;
+import io.quarkus.vault.runtime.client.secretengine.VaultInternalPKISecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalTOPTSecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalTransitSecretEngine;
 import io.quarkus.vault.runtime.config.VaultBootstrapConfig;
@@ -87,6 +90,8 @@ AdditionalBeanBuildItem registerAdditionalBeans() {
                 .addBeanClass(VaultDbManager.class)
                 .addBeanClass(VertxVaultClient.class)
                 .addBeanClass(VaultConfigHolder.class)
+                .addBeanClass(VaultPKIManager.class)
+                .addBeanClass(VaultPKIManagerFactory.class)
                 .addBeanClass(VaultInternalKvV1SecretEngine.class)
                 .addBeanClass(VaultInternalKvV2SecretEngine.class)
                 .addBeanClass(VaultInternalTransitSecretEngine.class)
@@ -97,6 +102,7 @@ AdditionalBeanBuildItem registerAdditionalBeans() {
                 .addBeanClass(VaultInternalTokenAuthMethod.class)
                 .addBeanClass(VaultInternalUserpassAuthMethod.class)
                 .addBeanClass(VaultInternalDatabaseSecretEngine.class)
+                .addBeanClass(VaultInternalPKISecretEngine.class)
                 .build();
     }
 

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKICRLRotateData.java

@@ -0,0 +1,7 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKICRLRotateData implements VaultModel {
+    public boolean success;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKICRLRotateResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKICRLRotateResult extends AbstractVaultDTO<VaultPKICRLRotateData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKICertificateData.java

@@ -0,0 +1,7 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKICertificateData implements VaultModel {
+    public String certificate;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKICertificateListData.java

@@ -0,0 +1,9 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import java.util.List;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKICertificateListData implements VaultModel {
+    public List<String> keys;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKICertificateListResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKICertificateListResult extends AbstractVaultDTO<VaultPKICertificateListData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKICertificateResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKICertificateResult extends AbstractVaultDTO<VaultPKICertificateData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigCABody.java

@@ -0,0 +1,12 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIConfigCABody implements VaultModel {
+
+    @JsonProperty("pem_bundle")
+    public String pemBundle;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigCRLBody.java

@@ -0,0 +1,4 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+public class VaultPKIConfigCRLBody extends VaultPKIConfigCRLData {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigCRLData.java

@@ -0,0 +1,11 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIConfigCRLData implements VaultModel {
+
+    public String expiry;
+
+    public Boolean disable;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigCRLResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKIConfigCRLResult extends AbstractVaultDTO<VaultPKIConfigCRLData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigURLsBody.java

@@ -0,0 +1,4 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+public class VaultPKIConfigURLsBody extends VaultPKIConfigURLsData {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigURLsData.java

@@ -0,0 +1,20 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIConfigURLsData implements VaultModel {
+
+    @JsonProperty("issuing_certificates")
+    public List<String> issuingCertificates;
+
+    @JsonProperty("crl_distribution_points")
+    public List<String> crlDistributionPoints;
+
+    @JsonProperty("ocsp_servers")
+    public List<String> ocspServers;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIConfigURLsResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKIConfigURLsResult extends AbstractVaultDTO<VaultPKIConfigURLsData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateCertificateBody.java

@@ -0,0 +1,37 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIGenerateCertificateBody implements VaultModel {
+
+    @JsonProperty("common_name")
+    public String subjectCommonName;
+
+    @JsonProperty("alt_names")
+    public String subjectAlternativeNames;
+
+    @JsonProperty("ip_sans")
+    public String ipSubjectAlternativeNames;
+
+    @JsonProperty("uri_sans")
+    public String uriSubjectAlternativeNames;
+
+    @JsonProperty("other_sans")
+    public List<String> otherSubjectAlternativeNames;
+
+    @JsonProperty("ttl")
+    public String timeToLive;
+
+    public String format = "pem";
+
+    @JsonProperty("private_key_format")
+    public String privateKeyFormat = "pkcs8";
+
+    @JsonProperty("exclude_cn_from_sans")
+    public Boolean excludeCommonNameFromSubjectAlternativeNames;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateCertificateData.java

@@ -0,0 +1,28 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIGenerateCertificateData implements VaultModel {
+
+    public String certificate;
+
+    @JsonProperty("issuing_ca")
+    public String issuingCA;
+
+    @JsonProperty("ca_chain")
+    public List<String> caChain;
+
+    @JsonProperty("private_key")
+    public String privateKey;
+
+    @JsonProperty("private_key_type")
+    public String privateKeyType;
+
+    @JsonProperty("serial_number")
+    public String serialNumber;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateCertificateResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKIGenerateCertificateResult extends AbstractVaultDTO<VaultPKIGenerateCertificateData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateIntermediateCSRBody.java

@@ -0,0 +1,64 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIGenerateIntermediateCSRBody implements VaultModel {
+
+    @JsonProperty("common_name")
+    public String subjectCommonName;
+
+    @JsonProperty("organization")
+    public String subjectOrganization;
+
+    @JsonProperty("ou")
+    public String subjectOrganizationalUnit;
+
+    @JsonProperty("street_address")
+    public String subjectStreetAddress;
+
+    @JsonProperty("postal_code")
+    public String subjectPostalCode;
+
+    @JsonProperty("locality")
+    public String subjectLocality;
+
+    @JsonProperty("province")
+    public String subjectProvince;
+
+    @JsonProperty("country")
+    public String subjectCountry;
+
+    @JsonProperty("alt_names")
+    public String subjectAlternativeNames;
+
+    @JsonProperty("ip_sans")
+    public String ipSubjectAlternativeNames;
+
+    @JsonProperty("uri_sans")
+    public String uriSubjectAlternativeNames;
+
+    @JsonProperty("other_sans")
+    public List<String> otherSubjectAlternativeNames;
+
+    @JsonProperty("serial_number")
+    public String subjectSerialNumber;
+
+    public String format = "pem";
+
+    @JsonProperty("private_key_format")
+    public String privateKeyFormat = "pkcs8";
+
+    @JsonProperty("key_type")
+    public String keyType;
+
+    @JsonProperty("key_bits")
+    public Integer keyBits;
+
+    @JsonProperty("exclude_cn_from_sans")
+    public Boolean excludeCommonNameFromSubjectAlternativeNames;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateIntermediateCSRData.java

@@ -0,0 +1,17 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIGenerateIntermediateCSRData implements VaultModel {
+
+    public String csr;
+
+    @JsonProperty("private_key")
+    public String privateKey;
+
+    @JsonProperty("private_key_type")
+    public String privateKeyType;
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateIntermediateCSRResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultPKIGenerateIntermediateCSRResult extends AbstractVaultDTO<VaultPKIGenerateIntermediateCSRData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/pki/VaultPKIGenerateRootBody.java

@@ -0,0 +1,73 @@
+package io.quarkus.vault.runtime.client.dto.pki;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultPKIGenerateRootBody implements VaultModel {
+
+    @JsonProperty("common_name")
+    public String subjectCommonName;
+
+    @JsonProperty("organization")
+    public String subjectOrganization;
+
+    @JsonProperty("ou")
+    public String subjectOrganizationalUnit;
+
+    @JsonProperty("street_address")
+    public String subjectStreetAddress;
+
+    @JsonProperty("postal_code")
+    public String subjectPostalCode;
+
+    @JsonProperty("locality")
+    public String subjectLocality;
+
+    @JsonProperty("province")
+    public String subjectProvince;
+
+    @JsonProperty("country")
+    public String subjectCountry;
+
+    @JsonProperty("alt_names")
+    public String subjectAlternativeNames;
+
+    @JsonProperty("ip_sans")
+    public String ipSubjectAlternativeNames;
+
+    @JsonProperty("uri_sans")
+    public String uriSubjectAlternativeNames;
+
+    @JsonProperty("other_sans")
+    public List<String> otherSubjectAlternativeNames;
+
+    @JsonProperty("serial_number")
+    public String subjectSerialNumber;
+
+    @JsonProperty("ttl")
+    public String timeToLive;
+
+    public String format = "pem";
+
+    @JsonProperty("private_key_format")
+    public String privateKeyFormat = "pkcs8";
+
+    @JsonProperty("key_type")
+    public String keyType;
+
+    @JsonProperty("key_bits")
+    public Integer keyBits;
+
+    @JsonProperty("max_path_length")
+    public Integer maxPathLength;
+
+    @JsonProperty("exclude_cn_from_sans")
+    public Boolean excludeCommonNameFromSubjectAlternativeNames;
+
+    @JsonProperty("permitted_dns_domains")
+    public List<String> permittedDnsDomains;
+
+}