Package org.springframework.vault.authentication

Class AwsEc2Authentication

java.lang.Object

org.springframework.vault.authentication.AwsEc2Authentication

All Implemented Interfaces:

AuthenticationStepsFactory, ClientAuthentication

public class AwsEc2Authentication
extends Object
implements ClientAuthentication, AuthenticationStepsFactory

AWS-EC2 login implementation.

AWS-EC2 login uses the EC2 identity document and a nonce to login into Vault. AWS-EC2 login obtains the PKCS#7 signed EC2 identity document and generates a nonce. Instances of this class are immutable once constructed.

Author:

Mark Paluch

See Also:

• AwsEc2AuthenticationOptions
• RestOperations
• Auth Backend: aws-ec2

Constructor Summary

Constructors

Constructor	Description
AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestOperations vaultRestOperations, RestOperations awsMetadataRestOperations)	Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specific RestOperations.
AwsEc2Authentication(RestOperations vaultRestOperations)	Create a new AwsEc2Authentication.

Method Summary

Modifier and Type	Method	Description
static AuthenticationSteps	createAuthenticationSteps(AwsEc2AuthenticationOptions options)	Creates a AuthenticationSteps for AWS-EC2 authentication given AwsEc2AuthenticationOptions.
protected static AuthenticationSteps	createAuthenticationSteps(AwsEc2AuthenticationOptions options, AtomicReference<char[]> nonce, Supplier<char[]> nonceSupplier)
protected char[]	createNonce()
AuthenticationSteps	getAuthenticationSteps()	Get the AuthenticationSteps describing an authentication flow.
protected Map<String,String>	getEc2Login()
VaultToken	login()	Return a VaultToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AwsEc2Authentication

public AwsEc2Authentication(RestOperations vaultRestOperations)

Create a new AwsEc2Authentication.

Parameters:

vaultRestOperations - must not be null.

AwsEc2Authentication

public AwsEc2Authentication(AwsEc2AuthenticationOptions options,
 RestOperations vaultRestOperations,
 RestOperations awsMetadataRestOperations)

Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specific RestOperations.

Parameters:

options - must not be null.

vaultRestOperations - must not be null.

awsMetadataRestOperations - must not be null.

Method Details

createAuthenticationSteps

public static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options)

Creates a AuthenticationSteps for AWS-EC2 authentication given AwsEc2AuthenticationOptions.

Parameters:

options - must not be null.

Returns:

AuthenticationSteps for AWS-EC2 authentication.

Since:

2.0

createAuthenticationSteps

protected static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options,
 AtomicReference<char[]> nonce,
 Supplier<char[]> nonceSupplier)

login

public VaultToken login()
                 throws VaultException

Description copied from interface: ClientAuthentication

Return a VaultToken. This method can optionally log into Vault to obtain a token.

Specified by:

login in interface ClientAuthentication

Returns:

a VaultToken.

Throws:

VaultException

getAuthenticationSteps

public AuthenticationSteps getAuthenticationSteps()

Description copied from interface: AuthenticationStepsFactory

Get the AuthenticationSteps describing an authentication flow.

Specified by:

getAuthenticationSteps in interface AuthenticationStepsFactory

Returns:

the AuthenticationSteps describing an authentication flow.

getEc2Login

protected Map<String,String> getEc2Login()

createNonce

protected char[] createNonce()