Class AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder
java.lang.Object
org.springframework.vault.authentication.AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder
- Enclosing class:
- AwsIamAuthenticationOptions
Builder for
AwsIamAuthenticationOptions.-
Method Summary
Modifier and TypeMethodDescriptionbuild()Build a newAwsIamAuthenticationOptionsinstance.credentials(software.amazon.awssdk.auth.credentials.AwsCredentials credentials) Configure static AWS credentials, required to calculate the signature.credentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider credentialsProvider) Configure anAwsCredentialsProvider, required to calculate the signature.endpointUri(URI endpointUri) Configure an endpoint URI of the STS API, defaults to https://sts.amazonaws.com/.Configure the mount path, defaults to aws.region(software.amazon.awssdk.regions.Region region) Configure aRegion, used for computing the signature.regionProvider(software.amazon.awssdk.regions.providers.AwsRegionProvider regionProvider) Configure anAwsRegionProvider, required to calculate the region to be used for computing the signature.Configure the name of the role against which the login is being attempted.Configure a server name (used for Vault-AWS-IAM-Server-ID) that is included in the signature to mitigate the risk of replay attacks.serverName(String serverName) Configure a server name that is included in the signature to mitigate the risk of replay attacks.
-
Method Details
-
path
Configure the mount path, defaults to aws.- Parameters:
path- must not be empty or null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.
-
credentials
public AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder credentials(software.amazon.awssdk.auth.credentials.AwsCredentials credentials) Configure static AWS credentials, required to calculate the signature. Either use static credentials or provide acredentials provider.- Parameters:
credentials- must not be null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.- See Also:
-
credentialsProvider
public AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder credentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider credentialsProvider) Configure anAwsCredentialsProvider, required to calculate the signature. Alternatively, configure staticcredentials.- Parameters:
credentialsProvider- must not be null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.- See Also:
-
region
public AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder region(software.amazon.awssdk.regions.Region region) Configure aRegion, used for computing the signature.- Parameters:
region- must not be null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.- Since:
- 3.0.2
-
regionProvider
public AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder regionProvider(software.amazon.awssdk.regions.providers.AwsRegionProvider regionProvider) Configure anAwsRegionProvider, required to calculate the region to be used for computing the signature.- Parameters:
regionProvider- must not be null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.- Since:
- 3.0
-
role
Configure the name of the role against which the login is being attempted. If role is not specified, the friendly name (i.e., role name or username) of the IAM principal authenticated. If a matching role is not found, login fails.- Parameters:
role- must not be empty or null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.
-
serverId
Configure a server name (used for Vault-AWS-IAM-Server-ID) that is included in the signature to mitigate the risk of replay attacks. Preferably use the Vault server DNS name.- Parameters:
serverId- must not be null or empty.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.- Since:
- 2.1
-
serverName
Configure a server name that is included in the signature to mitigate the risk of replay attacks. Preferably use the Vault server DNS name.- Parameters:
serverName- must not be null or empty.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.
-
endpointUri
Configure an endpoint URI of the STS API, defaults to https://sts.amazonaws.com/.- Parameters:
endpointUri- must not be null.- Returns:
thisAwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder.
-
build
Build a newAwsIamAuthenticationOptionsinstance.- Returns:
- a new
AwsIamAuthenticationOptions.
-