Class AwsEc2Authentication
java.lang.Object
org.springframework.vault.authentication.AwsEc2Authentication
- All Implemented Interfaces:
AuthenticationStepsFactory,ClientAuthentication
public class AwsEc2Authentication
extends Object
implements ClientAuthentication, AuthenticationStepsFactory
AWS-EC2 login implementation.
AWS-EC2 login uses the EC2 identity document and a nonce to login into
Vault. AWS-EC2 login obtains the PKCS#7 signed EC2 identity document and
generates a nonce. Instances of this class are
immutable once constructed.
- Author:
- Mark Paluch
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionAwsEc2Authentication(AwsEc2AuthenticationOptions options, RestClient vaultClient, RestClient awsMetadataClient) Create a newAwsEc2AuthenticationspecifyingAwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specificRestClient.AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestOperations vaultRestOperations, RestOperations awsMetadataRestOperations) Create a newAwsEc2AuthenticationspecifyingAwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specificRestOperations.AwsEc2Authentication(RestClient vaultClient) Create a newAwsEc2Authentication.AwsEc2Authentication(RestOperations vaultRestOperations) Create a newAwsEc2Authentication. -
Method Summary
Modifier and TypeMethodDescriptionstatic AuthenticationStepsCreateAuthenticationStepsfor AWS-EC2 authentication givenAwsEc2AuthenticationOptions.protected static AuthenticationStepscreateAuthenticationSteps(AwsEc2AuthenticationOptions options, AtomicReference<char[]> nonce, Supplier<char[]> nonceSupplier) protected char[]Get theAuthenticationStepsdescribing an authentication flow.login()Obtain aVaultTokenfor authenticated Vault access.
-
Constructor Details
-
AwsEc2Authentication
Create a newAwsEc2Authentication.- Parameters:
vaultRestOperations- must not be null.
-
AwsEc2Authentication
public AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestOperations vaultRestOperations, RestOperations awsMetadataRestOperations) Create a newAwsEc2AuthenticationspecifyingAwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specificRestOperations.- Parameters:
options- must not be null.vaultRestOperations- must not be null.awsMetadataRestOperations- must not be null.
-
AwsEc2Authentication
Create a newAwsEc2Authentication.- Parameters:
vaultClient- must not be null.- Since:
- 4.0
-
AwsEc2Authentication
public AwsEc2Authentication(AwsEc2AuthenticationOptions options, RestClient vaultClient, RestClient awsMetadataClient) Create a newAwsEc2AuthenticationspecifyingAwsEc2AuthenticationOptions, a Vault and an AWS-Metadata-specificRestClient.- Parameters:
options- must not be null.vaultClient- must not be null.awsMetadataClient- must not be null.- Since:
- 4.0
-
-
Method Details
-
createAuthenticationSteps
CreateAuthenticationStepsfor AWS-EC2 authentication givenAwsEc2AuthenticationOptions.- Parameters:
options- must not be null.- Returns:
AuthenticationStepsfor AWS-EC2 authentication.- Since:
- 2.0
-
createAuthenticationSteps
protected static AuthenticationSteps createAuthenticationSteps(AwsEc2AuthenticationOptions options, AtomicReference<char[]> nonce, Supplier<char[]> nonceSupplier) -
login
Description copied from interface:ClientAuthenticationObtain aVaultTokenfor authenticated Vault access.This method may perform an authentication request to Vault or return a cached or pre-configured token.
- Specified by:
loginin interfaceClientAuthentication- Returns:
- the Vault token for subsequent authenticated requests
- Throws:
VaultLoginException- if authentication fails.VaultException- See Also:
-
getAuthenticationSteps
Description copied from interface:AuthenticationStepsFactoryGet theAuthenticationStepsdescribing an authentication flow.- Specified by:
getAuthenticationStepsin interfaceAuthenticationStepsFactory- Returns:
- the
AuthenticationStepsdescribing an authentication flow.
-
getEc2Login
-
createNonce
protected char[] createNonce()
-