org.springframework.vault.authentication

Class AwsEc2Authentication

java.lang.Object

org.springframework.vault.authentication.AwsEc2Authentication

All Implemented Interfaces:

AuthenticationStepsFactory, ClientAuthentication

public class AwsEc2Authentication
extends Object
implements ClientAuthentication, AuthenticationStepsFactory

AWS-EC2 login implementation.

AWS-EC2 login uses the EC2 identity document and a nonce to login into Vault. AWS-EC2 login obtains the PKCS#7 signed EC2 identity document and generates a nonce. Instances of this class are immutable once constructed.

Author:

Mark Paluch

See Also:

AwsEc2AuthenticationOptions, RestOperations, Auth Backend: aws-ec2

Constructor Summary

Constructors

Constructor and Description
AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestOperations vaultRestOperations, RestOperations awsMetadataRestOperations) Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specific RestOperations.
AwsEc2Authentication(RestOperations vaultRestOperations) Create a new AwsEc2Authentication.

Method Summary

Modifier and Type	Method and Description
static AuthenticationSteps	createAuthenticationSteps(AwsEc2AuthenticationOptions options) Creates a AuthenticationSteps for AWS-EC2 authentication given AwsEc2AuthenticationOptions.
protected static AuthenticationSteps	createAuthenticationSteps(AwsEc2AuthenticationOptions options, AtomicReference<char[]> nonce, Supplier<char[]> nonceSupplier)
protected char[]	createNonce()
AuthenticationSteps	getAuthenticationSteps() Get the AuthenticationSteps describing an authentication flow.
protected Map<String,String>	getEc2Login()
VaultToken	login() Return a VaultToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AwsEc2Authentication

public AwsEc2Authentication(RestOperations vaultRestOperations)

Create a new AwsEc2Authentication.

Parameters:

vaultRestOperations - must not be null.

AwsEc2Authentication

public AwsEc2Authentication(AwsEc2AuthenticationOptions options,
                            RestOperations vaultRestOperations,
                            RestOperations awsMetadataRestOperations)

Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specific RestOperations.

Parameters:

options - must not be null.

vaultRestOperations - must not be null.

awsMetadataRestOperations - must not be null.

Method Detail

createAuthenticationSteps

public static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options)

Creates a AuthenticationSteps for AWS-EC2 authentication given AwsEc2AuthenticationOptions.

Parameters:

options - must not be null.

Returns:

AuthenticationSteps for AWS-EC2 authentication.

Since:

2.0

createAuthenticationSteps

protected static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options,
                                                               AtomicReference<char[]> nonce,
                                                               Supplier<char[]> nonceSupplier)

login

public VaultToken login()
                 throws VaultException

Description copied from interface: ClientAuthentication

Return a VaultToken. This method can optionally log into Vault to obtain a token.

Specified by:

login in interface ClientAuthentication

Returns:

a VaultToken.

Throws:

VaultException

getAuthenticationSteps

public AuthenticationSteps getAuthenticationSteps()

Description copied from interface: AuthenticationStepsFactory

Get the AuthenticationSteps describing an authentication flow.

Specified by:

getAuthenticationSteps in interface AuthenticationStepsFactory

Returns:

the AuthenticationSteps describing an authentication flow.

getEc2Login

protected Map<String,String> getEc2Login()

createNonce

protected char[] createNonce()