org.springframework.vault.authentication

Class GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder

java.lang.Object

org.springframework.vault.authentication.GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder

Enclosing class:

GcpIamCredentialsAuthenticationOptions

public static class GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder
extends Object

Builder for GcpIamCredentialsAuthenticationOptions.

Method Summary

Modifier and Type	Method and Description
GcpIamCredentialsAuthenticationOptions	build() Build a new GcpIamCredentialsAuthenticationOptions instance.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	clock(Clock clock) Configure the Clock used to calculate epoch seconds until the JWT expiration.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	credentials(com.google.auth.oauth2.GoogleCredentials credentials) Configure static Google credentials, required to create a signed JWT.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	credentialsSupplier(GoogleCredentialsSupplier credentialsSupplier) Configure a GoogleCredentialsSupplier, required to create a signed JWT.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	jwtValidity(Duration jwtValidity) Configure the Duration for the JWT expiration.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	path(String path) Configure the mount path, defaults to aws.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	role(String role) Configure the name of the role against which the login is being attempted.
GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder	serviceAccountId(String serviceAccountId) Configure an explicit service account id to use in GCP IAM calls.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

path

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder path(String path)

Configure the mount path, defaults to aws.

Parameters:

path - must not be empty or null.

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

credentials

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder credentials(com.google.auth.oauth2.GoogleCredentials credentials)

Configure static Google credentials, required to create a signed JWT. Either use static credentials or provide a credentials provider.

Parameters:

credentials - must not be null.

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

See Also:

credentialsSupplier(GoogleCredentialsSupplier)

credentialsSupplier

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder credentialsSupplier(GoogleCredentialsSupplier credentialsSupplier)

Configure a GoogleCredentialsSupplier, required to create a signed JWT. Alternatively, configure static credentials.

Parameters:

credentialsSupplier - must not be null.

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

See Also:

credentials(GoogleCredentials)

serviceAccountId

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder serviceAccountId(String serviceAccountId)

Configure an explicit service account id to use in GCP IAM calls. If none is configured, falls back to using ServiceAccountCredentials.getAccount().

Parameters:

serviceAccountId - the service account id (email) to use

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

Since:

2.1

role

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder role(String role)

Configure the name of the role against which the login is being attempted.

Parameters:

role - must not be empty or null.

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

jwtValidity

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder jwtValidity(Duration jwtValidity)

Configure the Duration for the JWT expiration. This defaults to 15 minutes and cannot be more than a hour.

Parameters:

jwtValidity - must not be null.

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

clock

public GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder clock(Clock clock)

Configure the Clock used to calculate epoch seconds until the JWT expiration.

Parameters:

clock - must not be null.

Returns:

this GcpIamCredentialsAuthenticationOptions.GcpIamCredentialsAuthenticationOptionsBuilder.

build

public GcpIamCredentialsAuthenticationOptions build()

Build a new GcpIamCredentialsAuthenticationOptions instance.

Returns:

a new GcpIamCredentialsAuthenticationOptions.