Package org.springframework.vault.authentication

Class AzureMsiAuthentication

java.lang.Object

org.springframework.vault.authentication.AzureMsiAuthentication

All Implemented Interfaces:

AuthenticationStepsFactory, ClientAuthentication

public class AzureMsiAuthentication
extends Object
implements ClientAuthentication, AuthenticationStepsFactory

Azure MSI (Managed Service Identity) authentication using Azure as trusted third party.

Azure MSI authentication uses AzureVmEnvironment and the MSI OAuth2 token (referenced as JWT token in Vault docs) to log into Vault. VM environment and OAuth2 token are fetched from the Azure Instance Metadata service. Instances of this class are immutable once constructed.

Since:

2.1

Author:

Mark Paluch

See Also:

• AzureMsiAuthenticationOptions
• RestOperations
• Auth Backend: azure

Constructor Summary

Constructors

Constructor	Description
AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestOperations restOperations)	Create a new AzureMsiAuthentication.
AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations azureMetadataRestOperations)	Create a new AzureMsiAuthentication specifying AzureMsiAuthenticationOptions, a Vault and an Azure-Metadata-specific RestOperations.

Method Summary

Modifier and Type	Method	Description
static AuthenticationSteps	createAuthenticationSteps(AzureMsiAuthenticationOptions options)	Creates a AuthenticationSteps for Azure authentication given AzureMsiAuthenticationOptions.
protected static AuthenticationSteps	createAuthenticationSteps(AzureMsiAuthenticationOptions options, AzureVmEnvironment environment)
AuthenticationSteps	getAuthenticationSteps()	Get the AuthenticationSteps describing an authentication flow.
VaultToken	login()	Return a VaultToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AzureMsiAuthentication

public AzureMsiAuthentication(AzureMsiAuthenticationOptions options,
 RestOperations restOperations)

Create a new AzureMsiAuthentication.

Parameters:

options - must not be null.

restOperations - must not be null.

AzureMsiAuthentication

public AzureMsiAuthentication(AzureMsiAuthenticationOptions options,
 RestOperations vaultRestOperations,
 RestOperations azureMetadataRestOperations)

Create a new AzureMsiAuthentication specifying AzureMsiAuthenticationOptions, a Vault and an Azure-Metadata-specific RestOperations.

Parameters:

options - must not be null.

vaultRestOperations - must not be null.

azureMetadataRestOperations - must not be null.

Method Details

createAuthenticationSteps

public static AuthenticationSteps createAuthenticationSteps(AzureMsiAuthenticationOptions options)

Creates a AuthenticationSteps for Azure authentication given AzureMsiAuthenticationOptions.

Parameters:

options - must not be null.

Returns:

AuthenticationSteps for Azure authentication.

createAuthenticationSteps

protected static AuthenticationSteps createAuthenticationSteps(AzureMsiAuthenticationOptions options,
 @Nullable
 AzureVmEnvironment environment)

login

public VaultToken login()
                 throws VaultException

Description copied from interface: ClientAuthentication

Return a VaultToken. This method can optionally log into Vault to obtain a token.

Specified by:

login in interface ClientAuthentication

Returns:

a VaultToken.

Throws:

VaultException

getAuthenticationSteps

public AuthenticationSteps getAuthenticationSteps()

Description copied from interface: AuthenticationStepsFactory

Get the AuthenticationSteps describing an authentication flow.

Specified by:

getAuthenticationSteps in interface AuthenticationStepsFactory

Returns:

the AuthenticationSteps describing an authentication flow.