Support any Vault dynamic credentials secrets plugin in VaultCredenti…

…alsProvider

This change is in preparation of support for dynamic Vault credentials for RabbitMQ. It renames the "database" dynamic credentials supports to use "dynamic" in the names in an effort to be clear about its use.

Vault dynamic credentials all have basicallly identical responses so the credentials provider should support any of them easily.

This does essentially 4 things.
1. Renames `VaultDatabaseCredentials`, `VaultDBManager` and supporting classes to use the naming  "Dynamic"
2. Renames & deprecates `databaseCredentialsRole` to `credentialsRole`
3. `credentialsMount` config and adds this as a parameter to `VaultDynamicCredentialsManager.getDynamicCredentials`
4. Adds an `expires-at` property to the returned credentials which is calculated from the Vault lease duration.

docs/src/main/asciidoc/vault-datasource.adoc

@@ -278,11 +278,12 @@ path "database/creds/mydbrole" {
 EOF
 ----
 
-Now that Vault knows how to create users in PostgreSQL, we juste need to change the `mydatabase` credentials
-provider to use a `database-credentials-role`.
+Now that Vault knows how to create users in PostgreSQL, we just need to change the `mydatabase` credentials
+provider to use  `credentials-role` & `credentials-mount`.
 [source, properties]
 ----
-quarkus.vault.credentials-provider.mydatabase.database-credentials-role=mydbrole
+quarkus.vault.credentials-provider.mydatabase.credentials-role=mydbrole
+quarkus.vault.credentials-provider.mydatabase.credentials-mount=database
 ----
 
 [NOTE]

extensions/credentials/runtime/src/main/java/io/quarkus/credentials/CredentialsProvider.java

@@ -9,6 +9,7 @@ public interface CredentialsProvider {
 
     String USER_PROPERTY_NAME = "user";
     String PASSWORD_PROPERTY_NAME = "password";
+    String EXPIRATION_TIMESTAMP_PROPERTY_NAME = "expires-at";
 
     /**
      * Returns the credentials for a given credentials provider

extensions/vault/deployment/src/main/java/io/quarkus/vault/VaultProcessor.java

@@ -21,7 +21,7 @@
 import io.quarkus.vault.runtime.VaultAuthManager;
 import io.quarkus.vault.runtime.VaultConfigHolder;
 import io.quarkus.vault.runtime.VaultCredentialsProvider;
-import io.quarkus.vault.runtime.VaultDbManager;
+import io.quarkus.vault.runtime.VaultDynamicCredentialsManager;
 import io.quarkus.vault.runtime.VaultKubernetesAuthManager;
 import io.quarkus.vault.runtime.VaultKvManager;
 import io.quarkus.vault.runtime.VaultPKIManager;
@@ -37,7 +37,7 @@
 import io.quarkus.vault.runtime.client.authmethod.VaultInternalUserpassAuthMethod;
 import io.quarkus.vault.runtime.client.backend.VaultInternalSystemBackend;
 import io.quarkus.vault.runtime.client.dto.VaultModel;
-import io.quarkus.vault.runtime.client.secretengine.VaultInternalDatabaseSecretEngine;
+import io.quarkus.vault.runtime.client.secretengine.VaultInternalDynamicCredentialsSecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalKvV1SecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalKvV2SecretEngine;
 import io.quarkus.vault.runtime.client.secretengine.VaultInternalPKISecretEngine;
@@ -87,7 +87,7 @@ AdditionalBeanBuildItem registerAdditionalBeans() {
                 .addBeanClass(VaultSystemBackendManager.class)
                 .addBeanClass(VaultKubernetesAuthManager.class)
                 .addBeanClass(VaultAuthManager.class)
-                .addBeanClass(VaultDbManager.class)
+                .addBeanClass(VaultDynamicCredentialsManager.class)
                 .addBeanClass(VertxVaultClient.class)
                 .addBeanClass(VaultConfigHolder.class)
                 .addBeanClass(VaultPKIManager.class)
@@ -101,7 +101,7 @@ AdditionalBeanBuildItem registerAdditionalBeans() {
                 .addBeanClass(VaultInternalKubernetesAuthMethod.class)
                 .addBeanClass(VaultInternalTokenAuthMethod.class)
                 .addBeanClass(VaultInternalUserpassAuthMethod.class)
-                .addBeanClass(VaultInternalDatabaseSecretEngine.class)
+                .addBeanClass(VaultInternalDynamicCredentialsSecretEngine.class)
                 .addBeanClass(VaultInternalPKISecretEngine.class)
                 .build();
     }

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/dynamic/VaultDynamicCredentials.java

@@ -0,0 +1,7 @@
+package io.quarkus.vault.runtime.client.dto.dynamic;
+
+import io.quarkus.vault.runtime.client.dto.AbstractVaultDTO;
+
+public class VaultDynamicCredentials extends AbstractVaultDTO<VaultDynamicCredentialsData, Object> {
+
+}

extensions/vault/model/src/main/java/io/quarkus/vault/runtime/client/dto/dynamic/VaultDynamicCredentialsData.java

@@ -0,0 +1,10 @@
+package io.quarkus.vault.runtime.client.dto.dynamic;
+
+import io.quarkus.vault.runtime.client.dto.VaultModel;
+
+public class VaultDynamicCredentialsData implements VaultModel {
+
+    public String username;
+    public String password;
+
+}

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/VaultCredentialsProvider.java

@@ -1,5 +1,8 @@
 package io.quarkus.vault.runtime;
 
+import static io.quarkus.vault.runtime.config.CredentialsProviderConfig.DATABASE_MOUNT;
+import static io.quarkus.vault.runtime.config.CredentialsProviderConfig.DEFAULT_REQUEST_PATH;
+
 import java.util.HashMap;
 import java.util.Map;
 
@@ -20,10 +23,11 @@ public class VaultCredentialsProvider implements CredentialsProvider {
     @Inject
     private VaultKVSecretEngine vaultKVSecretEngine;
     @Inject
-    private VaultDbManager vaultDbManager;
+    private VaultDynamicCredentialsManager vaultDynamicCredentialsManager;
     @Inject
     private VaultConfigHolder vaultConfigHolder;
 
+    @SuppressWarnings("deprecation")
     @Override
     public Map<String, String> getCredentials(String credentialsProviderName) {
 
@@ -34,7 +38,13 @@ public Map<String, String> getCredentials(String credentialsProviderName) {
         }
 
         if (config.databaseCredentialsRole.isPresent()) {
-            return vaultDbManager.getDynamicDbCredentials(config.databaseCredentialsRole.get());
+            return vaultDynamicCredentialsManager.getDynamicCredentials(DATABASE_MOUNT, DEFAULT_REQUEST_PATH,
+                    config.databaseCredentialsRole.get());
+        }
+
+        if (config.credentialsRole.isPresent()) {
+            return vaultDynamicCredentialsManager.getDynamicCredentials(config.credentialsMount, config.credentialsRequestPath,
+                    config.credentialsRole.get());
         }
 
         if (config.kvPath.isPresent()) {

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/VaultDynamicDatabaseCredentials.java → extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/VaultDynamicCredentials.java

@@ -3,12 +3,12 @@
 import static io.quarkus.vault.runtime.LogConfidentialityLevel.LOW;
 import static io.quarkus.vault.runtime.LogConfidentialityLevel.MEDIUM;
 
-public class VaultDynamicDatabaseCredentials extends LeaseBase {
+public class VaultDynamicCredentials extends LeaseBase {
 
     public String username;
     public String password;
 
-    public VaultDynamicDatabaseCredentials(LeaseBase lease, String username, String password) {
+    public VaultDynamicCredentials(LeaseBase lease, String username, String password) {
         super(lease);
         this.username = username;
         this.password = password;