Package org.springframework.vault.authentication

Class AwsEc2AuthenticationOptions

java.lang.Object

org.springframework.vault.authentication.AwsEc2AuthenticationOptions

public class AwsEc2AuthenticationOptions
extends Object

Authentication options for AwsEc2Authentication.

Authentication options provide the path, the Identity Document URI and an optional role. AwsEc2AuthenticationOptions can be constructed using builder(). Instances of this class are immutable once constructed.

Metadata retrieval defaults to IMDSv2 (session-token).

Author:

Mark Paluch

See Also:

• AwsEc2Authentication
• builder()

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder	Builder for AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder.
static enum	AwsEc2AuthenticationOptions.InstanceMetadataServiceVersion	Enumeration for the Instance metadata service version.
static class	AwsEc2AuthenticationOptions.Nonce	Value object for an authentication nonce.

Field Summary

Fields

Modifier and Type	Field	Description
static final AwsEc2AuthenticationOptions	DEFAULT	Default AwsEc2AuthenticationOptions using DEFAULT_AWS_AUTHENTICATION_PATH and DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI.
static final String	DEFAULT_AWS_AUTHENTICATION_PATH
static final URI	DEFAULT_IMDSV2_TOKEN_URI
static final URI	DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI

Method Summary

Modifier and Type	Method	Description
static AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder	builder()
URI	getIdentityDocumentUri()
URI	getMetadataTokenRequestUri()
Duration	getMetadataTokenTtl()
AwsEc2AuthenticationOptions.Nonce	getNonce()
String	getPath()
String	getRole()
AwsEc2AuthenticationOptions.InstanceMetadataServiceVersion	getVersion()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI

public static final URI DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI

DEFAULT_IMDSV2_TOKEN_URI

public static final URI DEFAULT_IMDSV2_TOKEN_URI

Since:

3.2

DEFAULT_AWS_AUTHENTICATION_PATH

public static final String DEFAULT_AWS_AUTHENTICATION_PATH

See Also:

• Constant Field Values

DEFAULT

public static final AwsEc2AuthenticationOptions DEFAULT

Default AwsEc2AuthenticationOptions using DEFAULT_AWS_AUTHENTICATION_PATH and DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI.

Method Details

builder

public static AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder builder()

Returns:

a new AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder.

getPath

public String getPath()

Returns:

the path of the aws-ec2 authentication backend mount.

getIdentityDocumentUri

public URI getIdentityDocumentUri()

Returns:

the URI to the AWS EC2 PKCS#7-signed identity document.

getRole

@Nullable
public String getRole()

Returns:

the role, may be null if none.

getNonce

public AwsEc2AuthenticationOptions.Nonce getNonce()

Returns:

the configured AwsEc2AuthenticationOptions.Nonce.

getVersion

public AwsEc2AuthenticationOptions.InstanceMetadataServiceVersion getVersion()

Returns:

the configured AwsEc2AuthenticationOptions.InstanceMetadataServiceVersion.

Since:

3.2

getMetadataTokenTtl

public Duration getMetadataTokenTtl()

Returns:

the configured IMDSv2 token TTL.

Since:

3.2

getMetadataTokenRequestUri

public URI getMetadataTokenRequestUri()

Returns:

the URI to the AWS EC2 Metadata Service to obtain IMDSv2 tokens.

Since:

3.2