Class GcpComputeAuthentication
java.lang.Object
org.springframework.vault.authentication.GcpJwtAuthenticationSupport
org.springframework.vault.authentication.GcpComputeAuthentication
- All Implemented Interfaces:
AuthenticationStepsFactory,ClientAuthentication
public class GcpComputeAuthentication
extends GcpJwtAuthenticationSupport
implements ClientAuthentication, AuthenticationStepsFactory
GCP GCE (Google Compute Engine)-based login implementation using GCE's metadata service
to create signed JSON Web Token.
This authentication method uses Googles GCE's metadata service in combination with the
default/specified service account to obtain an identity document as JWT using a HTTP
client. Credentials and authenticity are implied from the runtime itself and are not
required to be configured.
- Since:
- 2.1
- Author:
- Mark Paluch
- See Also:
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionGcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestOperationsfor Vault and Google API use.GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations googleMetadataRestOperations) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestOperationsfor Vault and Google API use. -
Method Summary
Modifier and TypeMethodDescriptionstatic AuthenticationStepsCreates aAuthenticationStepsfor GCE authentication givenGcpComputeAuthenticationOptions.Get theAuthenticationStepsdescribing an authentication flow.login()Return aVaultToken.protected StringsignJwt()
-
Field Details
-
COMPUTE_METADATA_URL_TEMPLATE
- See Also:
-
-
Constructor Details
-
GcpComputeAuthentication
public GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestOperationsfor Vault and Google API use.- Parameters:
options- must not be null.vaultRestOperations- must not be null.
-
GcpComputeAuthentication
public GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations googleMetadataRestOperations) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestOperationsfor Vault and Google API use.- Parameters:
options- must not be null.vaultRestOperations- must not be null.googleMetadataRestOperations- must not be null.
-
-
Method Details
-
createAuthenticationSteps
public static AuthenticationSteps createAuthenticationSteps(GcpComputeAuthenticationOptions options) Creates aAuthenticationStepsfor GCE authentication givenGcpComputeAuthenticationOptions.- Parameters:
options- must not be null.- Returns:
AuthenticationStepsfor cubbyhole authentication.
-
login
Description copied from interface:ClientAuthenticationReturn aVaultToken. This method can optionally log into Vault to obtain atoken.- Specified by:
loginin interfaceClientAuthentication- Returns:
- a
VaultToken. - Throws:
VaultException
-
getAuthenticationSteps
Description copied from interface:AuthenticationStepsFactoryGet theAuthenticationStepsdescribing an authentication flow.- Specified by:
getAuthenticationStepsin interfaceAuthenticationStepsFactory- Returns:
- the
AuthenticationStepsdescribing an authentication flow.
-
signJwt
-