Package org.springframework.vault.authentication

Class AwsEc2Authentication

java.lang.Object

org.springframework.vault.authentication.AwsEc2Authentication

All Implemented Interfaces:

AuthenticationStepsFactory, ClientAuthentication

public class AwsEc2Authentication
extends Object
implements ClientAuthentication, AuthenticationStepsFactory

AWS-EC2 login implementation.

AWS-EC2 login uses the EC2 identity document and a nonce to login into Vault. AWS-EC2 login obtains the PKCS#7 signed EC2 identity document and generates a nonce. Instances of this class are immutable once constructed.

Author:

Mark Paluch

See Also:

• AwsEc2AuthenticationOptions
• VaultClient
• Auth Method: aws-ec2

Constructor Summary

Constructors

Constructor	Description
AwsEc2Authentication(AwsEc2AuthenticationOptions options, VaultClient vaultClient, RestClient awsMetadataClient)	Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a VaultClient and an AWS-Metadata-specific RestClient.
AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestClient vaultClient, RestClient awsMetadataClient)	Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, VaultClient and a AWS-Metadata-specific RestClient.
AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestOperations vaultRestOperations, RestOperations awsMetadataRestOperations)	Deprecated.
AwsEc2Authentication(VaultClient vaultClient)	Create a new AwsEc2Authentication specifying VaultClient.
AwsEc2Authentication(VaultClient vaultClient, RestClient awsMetadataClient)	Create a new AwsEc2Authentication specifying VaultClient and an AWS-Metadata-specific RestClient.
AwsEc2Authentication(RestClient restClient)	Create a new AwsEc2Authentication.
AwsEc2Authentication(RestOperations vaultRestOperations)	Deprecated. since 4.1, use AwsEc2Authentication(AwsEc2AuthenticationOptions, VaultClient, RestClient) instead.

Method Summary

Modifier and Type	Method	Description
static AuthenticationSteps	createAuthenticationSteps(AwsEc2AuthenticationOptions options)	Create AuthenticationSteps for AWS-EC2 authentication given AwsEc2AuthenticationOptions.
protected static AuthenticationSteps	createAuthenticationSteps(AwsEc2AuthenticationOptions options, AtomicReference<char[]> nonce, Supplier<char[]> nonceSupplier)
protected char[]	createNonce()
AuthenticationSteps	getAuthenticationSteps()	Get the AuthenticationSteps describing an authentication flow.
protected Map<String,String>	getEc2Login()
VaultToken	login()	Obtain a VaultToken for authenticated Vault access.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AwsEc2Authentication

@Deprecated(since="4.1")
public AwsEc2Authentication(RestOperations vaultRestOperations)

Deprecated.

since 4.1, use AwsEc2Authentication(AwsEc2AuthenticationOptions, VaultClient, RestClient) instead.

Create a new AwsEc2Authentication.

Parameters:

vaultRestOperations - must not be null.

AwsEc2Authentication

@Deprecated(since="4.1")
public AwsEc2Authentication(AwsEc2AuthenticationOptions options,
 RestOperations vaultRestOperations,
 RestOperations awsMetadataRestOperations)

Deprecated.

Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specific RestOperations.

Parameters:

options - must not be null.

vaultRestOperations - must not be null.

awsMetadataRestOperations - must not be null. AwsEc2Authentication(AwsEc2AuthenticationOptions, VaultClient, RestClient) instead.

AwsEc2Authentication

public AwsEc2Authentication(RestClient restClient)

Create a new AwsEc2Authentication.

Parameters:

restClient - must not be null.

Since:

4.0

AwsEc2Authentication

public AwsEc2Authentication(AwsEc2AuthenticationOptions options,
 RestClient vaultClient,
 RestClient awsMetadataClient)

Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, VaultClient and a AWS-Metadata-specific RestClient.

Parameters:

options - must not be null.

vaultClient - must not be null.

awsMetadataClient - must not be null.

Since:

4.0

AwsEc2Authentication

public AwsEc2Authentication(VaultClient vaultClient)

Create a new AwsEc2Authentication specifying VaultClient.

Parameters:

vaultClient - must not be null.

Since:

4.1

AwsEc2Authentication

public AwsEc2Authentication(VaultClient vaultClient,
 RestClient awsMetadataClient)

Create a new AwsEc2Authentication specifying VaultClient and an AWS-Metadata-specific RestClient.

Parameters:

vaultClient - must not be null.

awsMetadataClient - must not be null.

Since:

4.1

AwsEc2Authentication

public AwsEc2Authentication(AwsEc2AuthenticationOptions options,
 VaultClient vaultClient,
 RestClient awsMetadataClient)

Create a new AwsEc2Authentication specifying AwsEc2AuthenticationOptions, a VaultClient and an AWS-Metadata-specific RestClient.

Parameters:

options - must not be null.

vaultClient - must not be null.

awsMetadataClient - must not be null.

Since:

4.1

Method Details

createAuthenticationSteps

public static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options)

Create AuthenticationSteps for AWS-EC2 authentication given AwsEc2AuthenticationOptions.

Parameters:

options - must not be null.

Returns:

AuthenticationSteps for AWS-EC2 authentication.

Since:

2.0

createAuthenticationSteps

protected static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options,
 AtomicReference<char[]> nonce,
 Supplier<char[]> nonceSupplier)

login

public VaultToken login()
                 throws VaultException

Description copied from interface: ClientAuthentication

Obtain a VaultToken for authenticated Vault access.

This method may perform an authentication request to Vault or return a cached or pre-configured token.

Specified by:

login in interface ClientAuthentication

Returns:

the Vault token for subsequent authenticated requests

Throws:

VaultLoginException - if authentication fails.

VaultException

See Also:

• LoginToken

getAuthenticationSteps

public AuthenticationSteps getAuthenticationSteps()

Description copied from interface: AuthenticationStepsFactory

Get the AuthenticationSteps describing an authentication flow.

Specified by:

getAuthenticationSteps in interface AuthenticationStepsFactory

Returns:

the AuthenticationSteps describing an authentication flow.

getEc2Login

protected Map<String,String> getEc2Login()

createNonce

protected char[] createNonce()