Java Code Examples for org.springframework.vault.authentication.ClientAuthentication

The following examples show how to use org.springframework.vault.authentication.ClientAuthentication. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Test
public void configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);

    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");

    when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("approle"));

    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);

    assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
 
Example 2
@Test
public void configureClientAuthenticationIfOnlyRoleIdAndSecretIdSetThenAppRoleMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);

    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);

    when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("somepath"));

    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);

    assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
 
Example 3
protected ClientAuthentication appRoleAuthentication() {

		String roleId = getProperty("vault.app-role.role-id");
		String secretId = getProperty("vault.app-role.secret-id");
		String path = getProperty("vault.app-role.app-role-path",
				AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH);

		Assert.hasText(roleId, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");

		AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
				.roleId(RoleId.provided(roleId)).path(path);

		if (StringUtils.hasText(secretId)) {
			builder = builder.secretId(SecretId.provided(secretId));
		}

		return new AppRoleAuthentication(builder.build(), restOperations());
	}
 
Example 4
protected ClientAuthentication azureMsiAuthentication() {

		String role = getProperty("vault.azure-msi.role");
		String path = getProperty("vault.azure-msi.azure-path",
				AzureMsiAuthenticationOptions.DEFAULT_AZURE_AUTHENTICATION_PATH);
		URI metadataServiceUri = getUri("vault.azure-msi.metadata-service",
				AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI);
		URI identityTokenServiceUri = getUri("vault.azure-msi.identity-token-service",
				AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI);
		Assert.hasText(role, "Vault Azure MSI authentication: Role (vault.azure-msi.role) must not be empty");

		AzureMsiAuthenticationOptionsBuilder builder = AzureMsiAuthenticationOptions.builder().role(role).path(path)
				.instanceMetadataUri(metadataServiceUri).identityTokenServiceUri(identityTokenServiceUri);

		return new AzureMsiAuthentication(builder.build(), restOperations());
	}
 
Example 5
protected ClientAuthentication kubeAuthentication() {

		String role = getProperty("vault.kubernetes.role");
		String tokenFile = getProperty("vault.kubernetes.service-account-token-file",
				KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE);
		String path = getProperty("vault.kubernetes.kubernetes-path",
				KubernetesAuthenticationOptions.DEFAULT_KUBERNETES_AUTHENTICATION_PATH);

		Assert.hasText(role, "Vault Kubernetes authentication: role must not be empty");

		KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile);

		KubernetesAuthenticationOptionsBuilder builder = KubernetesAuthenticationOptions.builder().role(role)
				.jwtSupplier(jwtSupplier).path(path);

		return new KubernetesAuthentication(builder.build(), restOperations());
	}
 
Example 6
private ClientAuthentication gcpGceAuthentication(VaultProperties vaultProperties) {

		VaultProperties.GcpGceProperties gcp = vaultProperties.getGcpGce();

		Assert.hasText(gcp.getRole(),
				"Role (spring.cloud.vault.gcp-gce.role) must not be empty");

		GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions
				.builder().path(gcp.getGcpPath()).role(gcp.getRole());

		if (StringUtils.hasText(gcp.getServiceAccount())) {
			builder.serviceAccount(gcp.getServiceAccount());
		}

		return new GcpComputeAuthentication(builder.build(), this.restOperations,
				this.externalRestOperations);
	}
 
Example 7
private ClientAuthentication gcpIamAuthentication(VaultProperties vaultProperties) {

		VaultProperties.GcpIamProperties gcp = vaultProperties.getGcpIam();

		Assert.hasText(gcp.getRole(),
				"Role (spring.cloud.vault.gcp-iam.role) must not be empty");

		GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder()
				.path(gcp.getGcpPath()).role(gcp.getRole())
				.jwtValidity(gcp.getJwtValidity());

		if (StringUtils.hasText(gcp.getProjectId())) {
			builder.projectId(gcp.getProjectId());
		}

		if (StringUtils.hasText(gcp.getServiceAccountId())) {
			builder.serviceAccountId(gcp.getServiceAccountId());
		}

		GcpCredentialSupplier supplier = () -> getGoogleCredential(gcp);
		builder.credential(supplier.get());

		GcpIamAuthenticationOptions options = builder.build();

		return new GcpIamAuthentication(options, this.restOperations);
	}
 
Example 8
private ClientAuthentication kubernetesAuthentication(
		VaultProperties vaultProperties) {

	VaultProperties.KubernetesProperties kubernetes = vaultProperties.getKubernetes();

	Assert.hasText(kubernetes.getRole(),
			"Role (spring.cloud.vault.kubernetes.role) must not be empty");
	Assert.hasText(kubernetes.getServiceAccountTokenFile(),
			"Service account token file (spring.cloud.vault.kubernetes.service-account-token-file) must not be empty");

	KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions
			.builder().path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
			.jwtSupplier(new KubernetesServiceAccountTokenFile(
					kubernetes.getServiceAccountTokenFile()))
			.build();

	return new KubernetesAuthentication(options, this.restOperations);
}
 
Example 9
private ClientAuthentication pcfAuthentication(VaultProperties vaultProperties) {

		VaultProperties.PcfProperties pcfProperties = vaultProperties.getPcf();

		Assert.isTrue(
				ClassUtils.isPresent("org.bouncycastle.crypto.signers.PSSSigner",
						getClass().getClassLoader()),
				"BouncyCastle (bcpkix-jdk15on) must be on the classpath");
		Assert.hasText(pcfProperties.getRole(),
				"Role (spring.cloud.vault.pcf.role) must not be empty");

		PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder builder = PcfAuthenticationOptions
				.builder().role(pcfProperties.getRole()).path(pcfProperties.getPcfPath());

		if (pcfProperties.getInstanceCertificate() != null) {
			builder.instanceCertificate(new ResourceCredentialSupplier(
					pcfProperties.getInstanceCertificate()));
		}

		if (pcfProperties.getInstanceKey() != null) {
			builder.instanceKey(
					new ResourceCredentialSupplier(pcfProperties.getInstanceKey()));
		}

		return new PcfAuthentication(builder.build(), this.restOperations);
	}
 
Example 10
/**
 * @return the {@link SessionManager} for Vault session management.
 * @param clientAuthentication the {@link ClientAuthentication}.
 * @param asyncTaskExecutorFactory the {@link ObjectFactory} for
 * {@link TaskSchedulerWrapper}.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ClientAuthentication clientAuthentication,
		ObjectFactory<TaskSchedulerWrapper> asyncTaskExecutorFactory) {

	if (this.vaultProperties.getConfig().getLifecycle().isEnabled()) {
		RestTemplate restTemplate = this.restTemplateBuilder.build();
		return new LifecycleAwareSessionManager(clientAuthentication,
				asyncTaskExecutorFactory.getObject().getTaskScheduler(),
				restTemplate);
	}

	return new SimpleSessionManager(clientAuthentication);
}
 
Example 11
@Test
public void shouldSupportPcfAuthentication() {

	VaultProperties properties = new VaultProperties();
	properties.setAuthentication(VaultProperties.AuthenticationMethod.PCF);
	properties.getPcf().setRole("my-role");
	properties.getPcf().setInstanceKey(new ClassPathResource("bootstrap.yml"));
	properties.getPcf()
			.setInstanceCertificate(new ClassPathResource("bootstrap.yml"));

	ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(
			properties, new RestTemplate(), new RestTemplate())
					.createClientAuthentication();

	assertThat(clientAuthentication).isInstanceOf(PcfAuthentication.class);
}
 
Example 12
Source Project: knox   Source File: HashicorpVaultAliasService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
  this.config = config;
  Map<String, String> remoteAliasServiceConfiguration = config.getRemoteAliasServiceConfiguration();
  Map<String, String> vaultConfiguration = new HashMap<>();
  for(Map.Entry<String, String> entry : remoteAliasServiceConfiguration.entrySet()) {
    if(entry.getKey().startsWith(VAULT_CONFIG_PREFIX)) {
      vaultConfiguration.put(entry.getKey(),
          entry.getValue());
    }
  }

  String vaultAddress = vaultConfiguration.get(VAULT_ADDRESS_KEY);
  String vaultSecretsEngine = vaultConfiguration.get(VAULT_SECRETS_ENGINE_KEY);
  vaultPathPrefix = getVaultPathPrefix(vaultConfiguration);

  VaultEndpoint vaultEndpoint;
  try {
    vaultEndpoint = VaultEndpoint.from(new URI(vaultAddress));
    ClientAuthentication vaultAuthentication = getClientAuthentication(vaultConfiguration);
    VaultTemplate vaultTemplate = new VaultTemplate(vaultEndpoint, vaultAuthentication);
    vault = vaultTemplate.opsForVersionedKeyValue(vaultSecretsEngine);
  } catch (Exception e) {
    throw new ServiceLifecycleException("Failed to init", e);
  }
}
 
Example 13
/**
 * @return a new {@link ClientAuthentication}.
 */
public ClientAuthentication clientAuthentication() {

	AuthenticationMethod authentication = this.vaultProperties.getAuthentication();

	if (authentication == null) {
		return new ConfigTokenProviderAuthentication(this.configTokenProvider);
	}

	if (this.authProviders == null || this.authProviders.isEmpty()) {
		throw new UnsupportedOperationException(
				"No Vault client authentication providers are configured");
	}

	for (SpringVaultClientAuthenticationProvider authProvider : this.authProviders) {
		if (authProvider.supports(this.vaultProperties)) {
			return authProvider.getClientAuthentication(this.vaultProperties,
					restOperations(), this.externalRestOperations);
		}
	}

	throw new UnsupportedOperationException(
			String.format("Client authentication %s not supported", authentication));
}
 
Example 14
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.KubernetesProperties kubernetes = vaultProperties
			.getKubernetes();

	Assert.hasText(kubernetes.getRole(), missingPropertyForAuthMethod(
			"kubernetes.role", AuthenticationMethod.KUBERNETES));
	Assert.hasText(kubernetes.getServiceAccountTokenFile(),
			missingPropertyForAuthMethod("kubernetes.service-account-token-file",
					AuthenticationMethod.KUBERNETES));

	KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions
			.builder().path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
			.jwtSupplier(new KubernetesServiceAccountTokenFile(
					kubernetes.getServiceAccountTokenFile()))
			.build();

	return new KubernetesAuthentication(options, vaultRestOperations);
}
 
Example 15
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	String token = vaultProperties.getToken();

	Assert.hasText(token,
			missingPropertyForAuthMethod("token", AuthenticationMethod.CUBBYHOLE));

	CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
			.wrapped() //
			.initialToken(VaultToken.of(token)) //
			.build();

	return new CubbyholeAuthentication(options, vaultRestOperations);
}
 
Example 16
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.AzureMsiProperties azureMsi = vaultProperties
			.getAzureMsi();

	Assert.hasText(azureMsi.getRole(), missingPropertyForAuthMethod("azure-msi.role",
			AuthenticationMethod.AZURE_MSI));

	AzureMsiAuthenticationOptions options = AzureMsiAuthenticationOptions.builder()
			.role(azureMsi.getRole()).path(azureMsi.getAzurePath())
			.instanceMetadataUri(getUri(azureMsi.getMetadataService(),
					AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI))
			.identityTokenServiceUri(getUri(azureMsi.getIdentityTokenService(),
					AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI))
			.build();

	return new AzureMsiAuthentication(options, vaultRestOperations,
			externalRestOperations);
}
 
Example 17
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.GcpGceProperties gcp = vaultProperties.getGcpGce();

	Assert.hasText(gcp.getRole(), missingPropertyForAuthMethod("gcp-iam.role",
			AuthenticationMethod.GCP_GCE));

	GcpComputeAuthenticationOptions.GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions
			.builder().path(gcp.getGcpPath()).role(gcp.getRole());

	if (StringUtils.hasText(gcp.getServiceAccount())) {
		builder.serviceAccount(gcp.getServiceAccount());
	}

	return new GcpComputeAuthentication(builder.build(), vaultRestOperations,
			externalRestOperations);
}
 
Example 18
Source Project: cloudbreak   Source File: VaultConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public ClientAuthentication clientAuthentication() {
    if (AUTH_TYPE_K8S.equalsIgnoreCase(authType)) {
        LOGGER.info("Kubernetes based Vault auth is configured");
        try {
            String token = FileReaderUtils.readFileFromPath(Paths.get(kubernetesSATokenPath));
            KubernetesAuthenticationOptions k8sOptions = KubernetesAuthenticationOptions.builder()
                    .jwtSupplier(() -> token)
                    .role(kubernetesLoginRole)
                    .path(kubernetesMountPath)
                    .build();
            return new KubernetesAuthentication(k8sOptions, restOperations());
        } catch (IOException e) {
            throw new RuntimeException("Failed to read the Kubernetes service account token", e);
        }
    } else {
        LOGGER.info("Token based Vault auth is configured");
        return new TokenAuthentication(rootToken);
    }
}
 
Example 19
Source Project: vault-crd   Source File: VaultConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication clientAuthentication() {
    KubernetesAuthenticationOptions options =
            KubernetesAuthenticationOptions.builder().path(path).role(role).build();

    return new KubernetesAuthentication(options, restOperations());
}
 
Example 20
@Test
public void configureClientAuthenticationIfOnlyTokenSetThenTokenMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);

    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");

    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);

    assertThat(result).isInstanceOf(TokenAuthentication.class);
}
 
Example 21
/**
 * Construct a {@link VaultTokenSupplier} using {@link #clientAuthentication()}.
 * @return the {@link VaultTokenSupplier} for Vault session token management.
 * @see VaultTokenSupplier
 * @see #clientAuthentication()
 */
protected VaultTokenSupplier vaultTokenSupplier() {

	ClientAuthentication clientAuthentication = clientAuthentication();

	Assert.notNull(clientAuthentication, "ClientAuthentication must not be null");

	if (clientAuthentication instanceof TokenAuthentication) {

		TokenAuthentication authentication = (TokenAuthentication) clientAuthentication;
		return () -> Mono.just(authentication.login());
	}

	if (clientAuthentication instanceof AuthenticationStepsFactory) {

		AuthenticationStepsFactory factory = (AuthenticationStepsFactory) clientAuthentication;

		WebClient webClient = getWebClientFactory().create();
		AuthenticationStepsOperator stepsOperator = new AuthenticationStepsOperator(
				factory.getAuthenticationSteps(), webClient);

		return CachingVaultTokenSupplier.of(stepsOperator);
	}

	throw new IllegalStateException(String.format(
			"Cannot construct VaultTokenSupplier from %s. "
					+ "ClientAuthentication must implement AuthenticationStepsFactory or be TokenAuthentication",
			clientAuthentication));
}
 
Example 22
@Override
public ClientAuthentication clientAuthentication() {

	String authentication = getProperty("vault.authentication", AuthenticationMethod.TOKEN.name()).toUpperCase()
			.replace('-', '_');

	AuthenticationMethod authenticationMethod = AuthenticationMethod.valueOf(authentication);

	switch (authenticationMethod) {

	case TOKEN:
		return tokenAuthentication();
	case APPID:
		return appIdAuthentication();
	case APPROLE:
		return appRoleAuthentication();
	case AWS_EC2:
		return awsEc2Authentication();
	case AZURE:
		return azureMsiAuthentication();
	case CERT:
		return new ClientCertificateAuthentication(restOperations());
	case CUBBYHOLE:
		return cubbyholeAuthentication();
	case KUBERNETES:
		return kubeAuthentication();
	default:
		throw new IllegalStateException(String.format("Vault authentication method %s is not supported with %s",
				authenticationMethod, getClass().getSimpleName()));
	}
}
 
Example 23
protected ClientAuthentication appIdAuthentication() {

		String appId = getProperty("vault.app-id.app-id", getProperty("spring.application.name"));
		String userId = getProperty("vault.app-id.user-id");
		String path = getProperty("vault.app-id.app-id-path",
				AppIdAuthenticationOptions.DEFAULT_APPID_AUTHENTICATION_PATH);

		Assert.hasText(appId, "Vault AppId authentication: AppId (vault.app-id.app-id) must not be empty");
		Assert.hasText(userId, "Vault AppId authentication: UserId (vault.app-id.user-id) must not be empty");

		AppIdAuthenticationOptionsBuilder builder = AppIdAuthenticationOptions.builder().appId(appId)
				.userIdMechanism(getAppIdUserIdMechanism(userId)).path(path);

		return new AppIdAuthentication(builder.build(), restOperations());
	}
 
Example 24
@Test
void shouldConfigureTokenAuthentication() {

	ClientAuthentication clientAuthentication = this.configuration.clientAuthentication();

	assertThat(clientAuthentication).isInstanceOf(TokenAuthentication.class);
	assertThat(clientAuthentication.login()).isEqualTo(VaultToken.of("my-token"));
}
 
Example 25
@Test
void shouldConfigureAuthentication(@Autowired EnvironmentVaultConfiguration configuration) {

	ClientAuthentication clientAuthentication = configuration.clientAuthentication();

	assertThat(clientAuthentication).isInstanceOf(AzureMsiAuthentication.class);

	DirectFieldAccessor accessor = new DirectFieldAccessor(clientAuthentication);
	AzureMsiAuthenticationOptions options = (AzureMsiAuthenticationOptions) accessor.getPropertyValue("options");

	assertThat(options.getIdentityTokenServiceUri())
			.isEqualTo(AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI);
	assertThat(options.getInstanceMetadataServiceUri()).isEqualTo(URI.create("http://foo"));
}
 
Example 26
private ClientAuthentication appIdAuthentication(VaultProperties vaultProperties) {

		VaultProperties.AppIdProperties appId = vaultProperties.getAppId();
		Assert.hasText(appId.getUserId(),
				"UserId (spring.cloud.vault.app-id.user-id) must not be empty");

		AppIdAuthenticationOptions authenticationOptions = AppIdAuthenticationOptions
				.builder().appId(vaultProperties.getApplicationName()) //
				.path(appId.getAppIdPath()) //
				.userIdMechanism(getAppIdMechanism(appId)).build();

		return new AppIdAuthentication(authenticationOptions, this.restOperations);
	}
 
Example 27
private ClientAuthentication awsEc2Authentication(VaultProperties vaultProperties) {

		VaultProperties.AwsEc2Properties awsEc2 = vaultProperties.getAwsEc2();

		Nonce nonce = StringUtils.hasText(awsEc2.getNonce())
				? Nonce.provided(awsEc2.getNonce().toCharArray()) : Nonce.generated();

		AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions
				.builder().role(awsEc2.getRole()) //
				.path(awsEc2.getAwsEc2Path()) //
				.nonce(nonce) //
				.identityDocumentUri(URI.create(awsEc2.getIdentityDocument())) //
				.build();

		return new AwsEc2Authentication(authenticationOptions, this.restOperations,
				this.externalRestOperations);
	}
 
Example 28
private ClientAuthentication awsIamAuthentication(VaultProperties vaultProperties) {

		AwsIamProperties awsIam = vaultProperties.getAwsIam();

		AWSCredentialsProvider credentialsProvider = AwsCredentialProvider
				.getAwsCredentialsProvider();

		AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions
				.builder();

		if (StringUtils.hasText(awsIam.getRole())) {
			builder.role(awsIam.getRole());
		}

		if (StringUtils.hasText(awsIam.getServerName())) {
			builder.serverName(awsIam.getServerName());
		}

		if (awsIam.getEndpointUri() != null) {
			builder.endpointUri(awsIam.getEndpointUri());
		}

		builder.path(awsIam.getAwsPath()) //
				.credentialsProvider(credentialsProvider);

		AwsIamAuthenticationOptions options = builder
				.credentialsProvider(credentialsProvider).build();

		return new AwsIamAuthentication(options, this.restOperations);
	}
 
Example 29
private ClientAuthentication cubbyholeAuthentication() {

		Assert.hasText(this.vaultProperties.getToken(),
				"Initial Token (spring.cloud.vault.token) for Cubbyhole authentication must not be empty");

		CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
				.wrapped() //
				.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
				.build();

		return new CubbyholeAuthentication(options, this.restOperations);
	}
 
Example 30
/**
 * @return the {@link ClientAuthentication} to obtain a
 * {@link org.springframework.vault.support.VaultToken}.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public ClientAuthentication clientAuthentication() {

	RestTemplate restTemplate = this.restTemplateBuilder.build();
	ClientAuthenticationFactory factory = new ClientAuthenticationFactory(
			this.vaultProperties, restTemplate, this.externalRestOperations);

	return factory.createClientAuthentication();
}