Class GcpComputeAuthentication
java.lang.Object
org.springframework.vault.authentication.GcpJwtAuthenticationSupport
org.springframework.vault.authentication.GcpComputeAuthentication
- All Implemented Interfaces:
AuthenticationStepsFactory,ClientAuthentication
public class GcpComputeAuthentication
extends GcpJwtAuthenticationSupport
implements ClientAuthentication, AuthenticationStepsFactory
GCP GCE (Google Compute Engine)-based login implementation using GCE's
metadata service to create signed JSON Web Token.
This authentication method uses Googles GCE's metadata service in combination with the default/specified service account to obtain an identity document as JWT using a HTTP client. Credentials and authenticity are implied from the runtime itself and are not required to be configured.
- Since:
- 2.1
- Author:
- Mark Paluch
- See Also:
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionGcpComputeAuthentication(GcpComputeAuthenticationOptions options, VaultClient vaultClient) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandVaultClient.GcpComputeAuthentication(GcpComputeAuthenticationOptions options, VaultClient vaultClient, RestClient googleMetadataClient) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptions,VaultClientand Google APIRestClient.GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestClient client) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestClientfor Vault and Google API use.GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestClient vaultClient, RestClient googleMetadataClient) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestClientfor Vault and Google API use.GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations) Deprecated.GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations googleMetadataRestOperations) Deprecated.since 4.1, useGcpComputeAuthentication(GcpComputeAuthenticationOptions, VaultClient, RestClient)instead. -
Method Summary
Modifier and TypeMethodDescriptionstatic AuthenticationStepsCreateAuthenticationStepsfor GCE authentication givenGcpComputeAuthenticationOptions.Get theAuthenticationStepsdescribing an authentication flow.login()Obtain aVaultTokenfor authenticated Vault access.protected StringsignJwt()
-
Field Details
-
COMPUTE_METADATA_URL_TEMPLATE
- See Also:
-
-
Constructor Details
-
GcpComputeAuthentication
@Deprecated(since="4.1") public GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations) Deprecated.since 4.1, useGcpComputeAuthentication(GcpComputeAuthenticationOptions, VaultClient, RestClient)instead.Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestOperationsfor Vault and Google API use.- Parameters:
options- must not be null.vaultRestOperations- must not be null.
-
GcpComputeAuthentication
@Deprecated(since="4.1") public GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestOperations vaultRestOperations, RestOperations googleMetadataRestOperations) Deprecated.since 4.1, useGcpComputeAuthentication(GcpComputeAuthenticationOptions, VaultClient, RestClient)instead.Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestOperationsfor Vault and Google API use.- Parameters:
options- must not be null.vaultRestOperations- must not be null.googleMetadataRestOperations- must not be null.
-
GcpComputeAuthentication
Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestClientfor Vault and Google API use.- Parameters:
options- must not be null.client- must not be null.- Since:
- 4.0
-
GcpComputeAuthentication
public GcpComputeAuthentication(GcpComputeAuthenticationOptions options, RestClient vaultClient, RestClient googleMetadataClient) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandRestClientfor Vault and Google API use.- Parameters:
options- must not be null.vaultClient- must not be null.googleMetadataClient- must not be null.- Since:
- 4.0
-
GcpComputeAuthentication
Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptionsandVaultClient.- Parameters:
options- must not be null.vaultClient- must not be null.- Since:
- 4.1
-
GcpComputeAuthentication
public GcpComputeAuthentication(GcpComputeAuthenticationOptions options, VaultClient vaultClient, RestClient googleMetadataClient) Create a newGcpComputeAuthenticationinstance givenGcpComputeAuthenticationOptions,VaultClientand Google APIRestClient.- Parameters:
options- must not be null.vaultClient- must not be null.googleMetadataClient- must not be null.- Since:
- 4.1
-
-
Method Details
-
createAuthenticationSteps
public static AuthenticationSteps createAuthenticationSteps(GcpComputeAuthenticationOptions options) CreateAuthenticationStepsfor GCE authentication givenGcpComputeAuthenticationOptions.- Parameters:
options- must not be null.- Returns:
AuthenticationStepsfor cubbyhole authentication.
-
login
Description copied from interface:ClientAuthenticationObtain aVaultTokenfor authenticated Vault access.This method may perform an authentication request to Vault or return a cached or pre-configured token.
- Specified by:
loginin interfaceClientAuthentication- Returns:
- the Vault token for subsequent authenticated requests
- Throws:
VaultLoginException- if authentication fails.VaultException- See Also:
-
getAuthenticationSteps
Description copied from interface:AuthenticationStepsFactoryGet theAuthenticationStepsdescribing an authentication flow.- Specified by:
getAuthenticationStepsin interfaceAuthenticationStepsFactory- Returns:
- the
AuthenticationStepsdescribing an authentication flow.
-
signJwt
-
GcpComputeAuthentication(GcpComputeAuthenticationOptions, VaultClient, RestClient)instead.