Merge pull request #65 from rundeck-plugins/RUN-3900-hashi-corp-vault-integration-modification-time-issue

edbaltra · web-flow · commit 55dc0ee17da1 · 2025-12-17T12:00:23.000-03:00
RUN-3900:  Hashi corp vault integration modification time issue
diff --git a/src/main/java/io/github/valfadeev/rundeck/plugin/vault/KeyObject.java b/src/main/java/io/github/valfadeev/rundeck/plugin/vault/KeyObject.java
@@ -15,6 +15,7 @@ public abstract class KeyObject {
     protected Map<String, String> payload;
     protected Map<String, Object> keys;
     protected Path                path;
+    protected Map<String, String> vaultMetadata;
 
     protected boolean             error;
     protected String              errorMessage;
@@ -84,6 +85,14 @@ public void setError(final boolean error) {
         this.error = error;
     }
 
+    public Map<String, String> getVaultMetadata() {
+        return vaultMetadata;
+    }
+
+    public void setVaultMetadata(final Map<String, String> vaultMetadata) {
+        this.vaultMetadata = vaultMetadata;
+    }
+
     @Override
     public String toString() {
         return "KeyObject{" +
@@ -92,6 +101,7 @@ public String toString() {
                ", payload=" + payload +
                ", keys=" + keys +
                ", path=" + path +
+               ", vaultMetadata=" + vaultMetadata +
                ", error=" + error +
                ", errorMessage='" + errorMessage + '\'' +
                '}';
diff --git a/src/main/java/io/github/valfadeev/rundeck/plugin/vault/KeyObjectBuilder.java b/src/main/java/io/github/valfadeev/rundeck/plugin/vault/KeyObjectBuilder.java
@@ -3,8 +3,10 @@
 import io.github.jopenlibs.vault.VaultException;
 import io.github.jopenlibs.vault.api.Logical;
 import io.github.jopenlibs.vault.response.LogicalResponse;
+import io.github.jopenlibs.vault.response.DataMetadata;
 import org.rundeck.storage.api.Path;
 import org.rundeck.storage.api.PathUtil;
+import java.util.Map;
 
 public class KeyObjectBuilder {
 
@@ -45,10 +47,20 @@ KeyObject build(){
             response = vault.read(VaultStoragePlugin.getVaultPath(path.getPath(),vaultSecretBackend,vaultPrefix));
             String data = response.getData().get(VaultStoragePlugin.VAULT_STORAGE_KEY);
 
+            // Extract metadata from response for KV v2
+            Map<String, String> metadata = null;
+            DataMetadata dataMetadata = response.getDataMetadata();
+            if (dataMetadata != null && !dataMetadata.isEmpty()) {
+                metadata = dataMetadata.getMetadataMap();
+            }
+
             if(data !=null) {
+                // RundeckKey stores timestamps in its own payload format, doesn't use Vault metadata
                 object = new RundeckKey(response,path);
             }else{
+                // VaultKey uses Vault metadata for timestamps
                 object = new VaultKey(response,path);
+                object.setVaultMetadata(metadata);
             }
 
             if(response.getRestResponse().getStatus()!=200){
@@ -97,8 +109,14 @@ public KeyObject getVaultParentObject(Path path){
             }
 
             parentObject=new VaultKey(response, parentPath);
-        } catch (VaultException e) {
 
+            // Extract metadata for parent object too
+            DataMetadata dataMetadata = response.getDataMetadata();
+            if (dataMetadata != null && !dataMetadata.isEmpty()) {
+                parentObject.setVaultMetadata(dataMetadata.getMetadataMap());
+            }
+        } catch (VaultException e) {
+            // Parent object doesn't exist, return null - this is expected in some cases
         }
 
         return parentObject;
diff --git a/src/main/java/io/github/valfadeev/rundeck/plugin/vault/VaultKey.java b/src/main/java/io/github/valfadeev/rundeck/plugin/vault/VaultKey.java
@@ -14,11 +14,24 @@
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.UnsupportedEncodingException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.format.DateTimeParseException;
+import java.util.Date;
 import java.util.HashMap;
+import java.util.Locale;
 import java.util.Map;
+import java.util.TimeZone;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class VaultKey extends KeyObject {
 
+    private static final Logger LOG = LoggerFactory.getLogger(VaultKey.class);
+    private static final int RFC3339_DATETIME_PREFIX_LENGTH = 19; // Length of "yyyy-MM-dd'T'HH:mm:ss"
+
     KeyObject parent;
 
     public VaultKey(LogicalResponse response, Path path) {
@@ -54,6 +67,70 @@ public VaultKey(final Path path, final String item, final Object value) {
 
     }
 
+    /**
+     * Parses a timestamp string with multiple fallback strategies to handle various formats.
+     * This method is designed to be resilient to future format changes from Vault.
+     *
+     * @param timestamp The timestamp string to parse
+     * @param fieldName The field name (for logging purposes)
+     * @return A Date object, or null if parsing fails with all strategies
+     */
+    private Date parseTimestampWithFallback(String timestamp, String fieldName) {
+        if (timestamp == null || timestamp.isEmpty()) {
+            return null;
+        }
+
+        // Try parsing as RFC3339/ISO 8601 using Java 8+ Instant (most robust)
+        // This handles formats like: "2025-03-13T16:25:00.123456Z", "2025-03-13T16:25:00Z", etc.
+        try {
+            Instant instant = Instant.parse(timestamp);
+            LOG.debug("Successfully parsed {} using Instant.parse()", fieldName);
+            return Date.from(instant);
+        } catch (DateTimeParseException e) {
+            LOG.debug("Failed to parse {} '{}' with Instant.parse(), trying fallback strategies", fieldName, timestamp);
+        }
+
+        // Try parsing with SimpleDateFormat including fractional seconds
+        // Handles: "2025-03-13T16:25:00.123456Z"
+        try {
+            SimpleDateFormat formatWithFractional = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'", Locale.ENGLISH);
+            formatWithFractional.setTimeZone(TimeZone.getTimeZone("UTC"));
+            LOG.debug("Successfully parsed {} using SimpleDateFormat with fractional seconds", fieldName);
+            return formatWithFractional.parse(timestamp);
+        } catch (ParseException e) {
+            LOG.debug("Failed to parse {} with fractional seconds pattern", fieldName);
+        }
+
+        // Try parsing with SimpleDateFormat for milliseconds
+        // Handles: "2025-03-13T16:25:00.123Z"
+        try {
+            SimpleDateFormat formatWithMillis = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", Locale.ENGLISH);
+            formatWithMillis.setTimeZone(TimeZone.getTimeZone("UTC"));
+            LOG.debug("Successfully parsed {} using SimpleDateFormat with milliseconds", fieldName);
+            return formatWithMillis.parse(timestamp);
+        } catch (ParseException e) {
+            LOG.debug("Failed to parse {} with milliseconds pattern", fieldName);
+        }
+
+        // Try substring approach (original implementation)
+        // Handles: Any format with at least "yyyy-MM-ddTHH:mm:ss" prefix
+        if (timestamp.length() >= RFC3339_DATETIME_PREFIX_LENGTH) {
+            try {
+                SimpleDateFormat vaultDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss", Locale.ENGLISH);
+                vaultDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
+                Date parsed = vaultDateFormat.parse(timestamp.substring(0, RFC3339_DATETIME_PREFIX_LENGTH));
+                LOG.debug("Successfully parsed {} using substring strategy", fieldName);
+                return parsed;
+            } catch (ParseException e) {
+                LOG.debug("Failed to parse {} with substring strategy", fieldName);
+            }
+        }
+
+        // All strategies failed
+        LOG.warn("Failed to parse {} '{}' with all available strategies", fieldName, timestamp);
+        return null;
+    }
+
     public Map<String, Object> saveResource(ResourceMeta content, String event, ByteArrayOutputStream baoStream){
 
         Path path=this.getPath();
@@ -148,6 +225,28 @@ ResourceBase loadResource(){
                 builder.setMeta(VaultStoragePlugin.RUNDECK_DATA_TYPE, "password");
             }
 
+            // Parse and set timestamps from Vault metadata (KV v2)
+            if (this.vaultMetadata != null && !this.vaultMetadata.isEmpty()) {
+                String createdTime = this.vaultMetadata.get("created_time");
+                String updatedTime = this.vaultMetadata.get("updated_time");
+
+                // Parse creation time with fallback strategies
+                Date creationDate = parseTimestampWithFallback(createdTime, "created_time");
+
+                if (creationDate != null) {
+                    builder.setCreationTime(creationDate);
+
+                    // Use updated_time for modification time if available, otherwise use created_time
+                    Date modificationDate = parseTimestampWithFallback(updatedTime, "updated_time");
+                    if (modificationDate != null) {
+                        builder.setModificationTime(modificationDate);
+                    } else {
+                        // Fall back to creation time if updated_time is missing or unparseable
+                        builder.setModificationTime(creationDate);
+                    }
+                }
+            }
+
             ByteArrayInputStream baiStream = new ByteArrayInputStream(value.getBytes());
 
             return new ResourceBase<>(
diff --git a/src/test/java/io/github/valfadeev/rundeck/plugin/vault/VaultKeyTest.java b/src/test/java/io/github/valfadeev/rundeck/plugin/vault/VaultKeyTest.java
