Class GcpComputeAuthentication

java.lang.Object

org.springframework.vault.authentication.GcpJwtAuthenticationSupport

org.springframework.vault.authentication.GcpComputeAuthentication

All Implemented Interfaces:

AuthenticationStepsFactory, ClientAuthentication

public class GcpComputeAuthentication
extends GcpJwtAuthenticationSupport
implements ClientAuthentication, AuthenticationStepsFactory

GCP GCE (Google Compute Engine)-based login implementation using GCE's metadata service to create signed JSON Web Token.

This authentication method uses Googles GCE's metadata service in combination with the default/specified service account to obtain an identity document as JWT using a HTTP client. Credentials and authenticity are implied from the runtime itself and are not required to be configured.

Since:

2.1

Author:

Mark Paluch

See Also:

• GcpComputeAuthenticationOptions
• Auth Backend: gcp (IAM)
• Google Compute Engine: Verifying the Identity of Instances

Field Summary

Fields

Modifier and Type	Field	Description
static final String	COMPUTE_METADATA_URL_TEMPLATE

Constructor Summary

Constructors

Constructor	Description
GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestClient client)	Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestClient for Vault and Google API use.
GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestClient vaultClient, RestClient googleMetadataClient)	Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestClient for Vault and Google API use.
GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations)	Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestOperations for Vault and Google API use.
GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations googleMetadataRestOperations)	Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestOperations for Vault and Google API use.

Method Summary

Modifier and Type	Method	Description
static AuthenticationSteps	createAuthenticationSteps(GcpComputeAuthenticationOptions options)	Creates a AuthenticationSteps for GCE authentication given GcpComputeAuthenticationOptions.
AuthenticationSteps	getAuthenticationSteps()	Get the AuthenticationSteps describing an authentication flow.
VaultToken	login()	Return a VaultToken.
protected String	signJwt()

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

COMPUTE_METADATA_URL_TEMPLATE

public static final String COMPUTE_METADATA_URL_TEMPLATE

See Also:

• Constant Field Values

Constructor Details

GcpComputeAuthentication

public GcpComputeAuthentication(GcpComputeAuthenticationOptions options,
 RestOperations vaultRestOperations)

Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestOperations for Vault and Google API use.

Parameters:

options - must not be null.

vaultRestOperations - must not be null.

GcpComputeAuthentication

public GcpComputeAuthentication(GcpComputeAuthenticationOptions options,
 RestOperations vaultRestOperations,
 RestOperations googleMetadataRestOperations)

Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestOperations for Vault and Google API use.

Parameters:

options - must not be null.

vaultRestOperations - must not be null.

googleMetadataRestOperations - must not be null.

GcpComputeAuthentication

public GcpComputeAuthentication(GcpComputeAuthenticationOptions options,
 RestClient client)

Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestClient for Vault and Google API use.

Parameters:

options - must not be null.

client - must not be null.

Since:

4.0

GcpComputeAuthentication

public GcpComputeAuthentication(GcpComputeAuthenticationOptions options,
 RestClient vaultClient,
 RestClient googleMetadataClient)

Create a new GcpComputeAuthentication instance given GcpComputeAuthenticationOptions and RestClient for Vault and Google API use.

Parameters:

options - must not be null.

vaultClient - must not be null.

googleMetadataClient - must not be null.

Since:

4.0

Method Details

createAuthenticationSteps

public static AuthenticationSteps createAuthenticationSteps(GcpComputeAuthenticationOptions options)

Creates a AuthenticationSteps for GCE authentication given GcpComputeAuthenticationOptions.

Parameters:

options - must not be null.

Returns:

AuthenticationSteps for cubbyhole authentication.

login

public VaultToken login()
                 throws VaultException

Description copied from interface: ClientAuthentication

Return a VaultToken. This method can optionally log into Vault to obtain a token.

Specified by:

login in interface ClientAuthentication

Returns:

a VaultToken.

Throws:

VaultException

getAuthenticationSteps

public AuthenticationSteps getAuthenticationSteps()

Description copied from interface: AuthenticationStepsFactory

Get the AuthenticationSteps describing an authentication flow.

Specified by:

getAuthenticationSteps in interface AuthenticationStepsFactory

Returns:

the AuthenticationSteps describing an authentication flow.

signJwt

protected String signJwt()