Class AzureMsiAuthentication
java.lang.Object
org.springframework.vault.authentication.AzureMsiAuthentication
- All Implemented Interfaces:
AuthenticationStepsFactory,ClientAuthentication
public class AzureMsiAuthentication
extends Object
implements ClientAuthentication, AuthenticationStepsFactory
Azure MSI (Managed Service Identity) authentication using Azure as trusted
third party.
Azure MSI authentication uses AzureVmEnvironment and the MSI
OAuth2 token (referenced as JWT token in Vault docs) to log into Vault. VM
environment and OAuth2 token are fetched from the Azure Instance Metadata
service. Instances of this class are immutable once constructed.
- Since:
- 2.1
- Author:
- Mark Paluch
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionAzureMsiAuthentication(AzureMsiAuthenticationOptions options, VaultClient vaultClient) AzureMsiAuthentication(AzureMsiAuthenticationOptions options, VaultClient vaultClient, RestClient azureMetadataClient) Create a newAzureMsiAuthenticationspecifyingAzureMsiAuthenticationOptions,VaultClientand an Azure-Metadata-specificRestClient.AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestClient client) Create a newAzureMsiAuthentication.AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestClient vaultClient, RestClient azureMetadataClient) Create a newAzureMsiAuthenticationspecifyingAzureMsiAuthenticationOptions, a Vault and an Azure-Metadata-specificRestClient.AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestOperations restOperations) Deprecated.AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations azureMetadataRestOperations) Create a newAzureMsiAuthenticationspecifyingAzureMsiAuthenticationOptions, a Vault and an Azure-Metadata-specificRestOperations. -
Method Summary
Modifier and TypeMethodDescriptionstatic AuthenticationStepsCreateAuthenticationStepsfor Azure authentication givenAzureMsiAuthenticationOptions.protected static AuthenticationStepscreateAuthenticationSteps(AzureMsiAuthenticationOptions options, @Nullable AzureVmEnvironment environment) Get theAuthenticationStepsdescribing an authentication flow.login()Obtain aVaultTokenfor authenticated Vault access.
-
Constructor Details
-
AzureMsiAuthentication
@Deprecated(since="4.1") public AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestOperations restOperations) Deprecated.since 4.1, useAzureMsiAuthentication(AzureMsiAuthenticationOptions, VaultClient, RestClient)instead.Create a newAzureMsiAuthentication.- Parameters:
options- must not be null.restOperations- must not be null.
-
AzureMsiAuthentication
public AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations azureMetadataRestOperations) Create a newAzureMsiAuthenticationspecifyingAzureMsiAuthenticationOptions, a Vault and an Azure-Metadata-specificRestOperations.- Parameters:
options- must not be null.vaultRestOperations- must not be null.azureMetadataRestOperations- must not be null.
-
AzureMsiAuthentication
Create a newAzureMsiAuthentication.- Parameters:
options- must not be null.client- must not be null.- Since:
- 4.0
-
AzureMsiAuthentication
public AzureMsiAuthentication(AzureMsiAuthenticationOptions options, RestClient vaultClient, RestClient azureMetadataClient) Create a newAzureMsiAuthenticationspecifyingAzureMsiAuthenticationOptions, a Vault and an Azure-Metadata-specificRestClient.- Parameters:
options- must not be null.vaultClient- must not be null.azureMetadataClient- must not be null.- Since:
- 4.0
-
AzureMsiAuthentication
- Parameters:
options- must not be null.vaultClient- must not be null.- Since:
- 4.1
-
AzureMsiAuthentication
public AzureMsiAuthentication(AzureMsiAuthenticationOptions options, VaultClient vaultClient, RestClient azureMetadataClient) Create a newAzureMsiAuthenticationspecifyingAzureMsiAuthenticationOptions,VaultClientand an Azure-Metadata-specificRestClient.- Parameters:
options- must not be null.vaultClient- must not be null.azureMetadataClient- must not be null.- Since:
- 4.1
-
-
Method Details
-
createAuthenticationSteps
CreateAuthenticationStepsfor Azure authentication givenAzureMsiAuthenticationOptions.- Parameters:
options- must not be null.- Returns:
AuthenticationStepsfor Azure authentication.
-
createAuthenticationSteps
protected static AuthenticationSteps createAuthenticationSteps(AzureMsiAuthenticationOptions options, @Nullable AzureVmEnvironment environment) -
login
Description copied from interface:ClientAuthenticationObtain aVaultTokenfor authenticated Vault access.This method may perform an authentication request to Vault or return a cached or pre-configured token.
- Specified by:
loginin interfaceClientAuthentication- Returns:
- the Vault token for subsequent authenticated requests
- Throws:
VaultLoginException- if authentication fails.VaultException- See Also:
-
getAuthenticationSteps
Description copied from interface:AuthenticationStepsFactoryGet theAuthenticationStepsdescribing an authentication flow.- Specified by:
getAuthenticationStepsin interfaceAuthenticationStepsFactory- Returns:
- the
AuthenticationStepsdescribing an authentication flow.
-
AzureMsiAuthentication(AzureMsiAuthenticationOptions, VaultClient, RestClient)instead.