Add Vault Transit key administration

docs/src/main/asciidoc/vault.adoc

@@ -446,12 +446,13 @@ discouraged in production as it is not more secure than talking to Vault in plai
 == Vault Provisioning
 
 Beside the typical client use cases, the Quarkus extension can be used to provision Vault as well, 
-for instance as part of a CD pipeline. Specific CDI beans support this scenario:
+for instance as part of a CD pipeline. Specific CDI beans and operations support this scenario:
 
 * `VaultSystemBackendEngine`: create Vault Policies. See the https://www.vaultproject.io/api-docs/system/policy[Vault documentation].
 * `VaultKubernetesAuthService`. See the https://www.vaultproject.io/api-docs/auth/kubernetes[Vault documentation].
 ** Configure the Kubernetes Auth Method (Kubernetes host, certificates, keys, ...)
 ** Create Kubernetes Auth Roles (association between Kubernetes service accounts, Kubernetes namespaces and Vault policies)
+* `VaultTransitSecretEngine`: _CRUD_ operations on keys. See the https://www.vaultproject.io/api-docs/secret/transit[Vault documentation].
 
 For instance:
 

extensions/vault/deployment/pom.xml

@@ -18,10 +18,6 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-vault</artifactId>
         </dependency>
-        <dependency>
-            <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-vault-model</artifactId>
-        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-core-deployment</artifactId>

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitCreateKeyBody.java

@@ -0,0 +1,16 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultTransitCreateKeyBody implements VaultModel {
+
+    @JsonProperty("convergent_encryption")
+    public String convergentEncryption;
+    public Boolean derived;
+    public Boolean exportable;
+    @JsonProperty("allow_plaintext_backup")
+    public Boolean allowPlaintextBackup;
+    public String type;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitKeyConfigBody.java

@@ -0,0 +1,18 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultTransitKeyConfigBody implements VaultModel {
+
+    @JsonProperty("min_decryption_version")
+    public Integer minDecryptionVersion;
+    @JsonProperty("min_encryption_version")
+    public Integer minEncryptionVersion;
+    @JsonProperty("deletion_allowed")
+    public Boolean deletionAllowed;
+    public Boolean exportable;
+    @JsonProperty("allow_plaintext_backup")
+    public Boolean allowPlaintextBackup;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitKeyExport.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultTransitKeyExport extends AbstractVaultDTO<VaultTransitKeyExportData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitKeyExportData.java

@@ -0,0 +1,11 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import java.util.Map;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultTransitKeyExportData implements VaultModel {
+
+    public String name;
+    public Map<String, String> keys;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitListKeysData.java

@@ -0,0 +1,10 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import java.util.List;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultTransitListKeysData implements VaultModel {
+
+    public List<String> keys;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitListKeysResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultTransitListKeysResult extends AbstractVaultDTO<VaultTransitListKeysData, Object> {
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitReadKeyData.java

@@ -0,0 +1,32 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultTransitReadKeyData implements VaultModel {
+
+    public String detail;
+    @JsonProperty(value = "deletion_allowed")
+    public boolean deletionAllowed;
+    public boolean derived;
+    public boolean exportable;
+    @JsonProperty(value = "allow_plaintext_backup")
+    public boolean allowPlaintextBackup;
+    public Map<String, Integer> keys;
+    @JsonProperty(value = "min_decryption_version")
+    public int minDecryptionVersion;
+    @JsonProperty(value = "min_encryption_version")
+    public int minEncryptionVersion;
+    public String name;
+    @JsonProperty(value = "supports_encryption")
+    public boolean supportsEncryption;
+    @JsonProperty(value = "supports_decryption")
+    public boolean supportsDecryption;
+    @JsonProperty(value = "supports_derivation")
+    public boolean supportsDerivation;
+    @JsonProperty(value = "supports_signing")
+    public boolean supportsSigning;
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/transit/VaultTransitReadKeyResult.java

@@ -0,0 +1,6 @@
+package io.quarkus.vault.runtime.client.dto.transit;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultTransitReadKeyResult extends AbstractVaultDTO<VaultTransitReadKeyData, Object> {
+}

extensions/vault/runtime/src/main/java/io/quarkus/vault/VaultTransitExportKeyType.java

@@ -0,0 +1,10 @@
+package io.quarkus.vault;
+
+/**
+ * key type used in transit key export
+ */
+public enum VaultTransitExportKeyType {
+    encryption,
+    signing,
+    hmac
+}

extensions/vault/runtime/src/main/java/io/quarkus/vault/VaultTransitKeyDetail.java

@@ -0,0 +1,137 @@
+package io.quarkus.vault;
+
+import java.util.Map;
+
+public class VaultTransitKeyDetail {
+
+    private String name;
+    private String detail;
+    private boolean deletionAllowed;
+    private boolean derived;
+    private boolean exportable;
+    private boolean allowPlaintextBackup;
+    private Map<String, Integer> keys;
+    private int minDecryptionVersion;
+    private int minEncryptionVersion;
+    private boolean supportsEncryption;
+    private boolean supportsDecryption;
+    private boolean supportsDerivation;
+    private boolean supportsSigning;
+
+    public String getName() {
+        return name;
+    }
+
+    public VaultTransitKeyDetail setName(String name) {
+        this.name = name;
+        return this;
+    }
+
+    public String getDetail() {
+        return detail;
+    }
+
+    public VaultTransitKeyDetail setDetail(String detail) {
+        this.detail = detail;
+        return this;
+    }
+
+    public boolean isDeletionAllowed() {
+        return deletionAllowed;
+    }
+
+    public VaultTransitKeyDetail setDeletionAllowed(boolean deletionAllowed) {
+        this.deletionAllowed = deletionAllowed;
+        return this;
+    }
+
+    public boolean isDerived() {
+        return derived;
+    }
+
+    public VaultTransitKeyDetail setDerived(boolean derived) {
+        this.derived = derived;
+        return this;
+    }
+
+    public boolean isExportable() {
+        return exportable;
+    }
+
+    public VaultTransitKeyDetail setExportable(boolean exportable) {
+        this.exportable = exportable;
+        return this;
+    }
+
+    public boolean isAllowPlaintextBackup() {
+        return allowPlaintextBackup;
+    }
+
+    public VaultTransitKeyDetail setAllowPlaintextBackup(boolean allowPlaintextBackup) {
+        this.allowPlaintextBackup = allowPlaintextBackup;
+        return this;
+    }
+
+    public Map<String, Integer> getKeys() {
+        return keys;
+    }
+
+    public VaultTransitKeyDetail setKeys(Map<String, Integer> keys) {
+        this.keys = keys;
+        return this;
+    }
+
+    public int getMinDecryptionVersion() {
+        return minDecryptionVersion;
+    }
+
+    public VaultTransitKeyDetail setMinDecryptionVersion(int minDecryptionVersion) {
+        this.minDecryptionVersion = minDecryptionVersion;
+        return this;
+    }
+
+    public int getMinEncryptionVersion() {
+        return minEncryptionVersion;
+    }
+
+    public VaultTransitKeyDetail setMinEncryptionVersion(int minEncryptionVersion) {
+        this.minEncryptionVersion = minEncryptionVersion;
+        return this;
+    }
+
+    public boolean isSupportsEncryption() {
+        return supportsEncryption;
+    }
+
+    public VaultTransitKeyDetail setSupportsEncryption(boolean supportsEncryption) {
+        this.supportsEncryption = supportsEncryption;
+        return this;
+    }
+
+    public boolean isSupportsDecryption() {
+        return supportsDecryption;
+    }
+
+    public VaultTransitKeyDetail setSupportsDecryption(boolean supportsDecryption) {
+        this.supportsDecryption = supportsDecryption;
+        return this;
+    }
+
+    public boolean isSupportsDerivation() {
+        return supportsDerivation;
+    }
+
+    public VaultTransitKeyDetail setSupportsDerivation(boolean supportsDerivation) {
+        this.supportsDerivation = supportsDerivation;
+        return this;
+    }
+
+    public boolean isSupportsSigning() {
+        return supportsSigning;
+    }
+
+    public VaultTransitKeyDetail setSupportsSigning(boolean supportsSigning) {
+        this.supportsSigning = supportsSigning;
+        return this;
+    }
+}