org.springframework.vault.authentication.ClientAuthentication Java Examples

The following examples show how to use org.springframework.vault.authentication.ClientAuthentication. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EnvironmentVaultConfiguration.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
protected ClientAuthentication azureMsiAuthentication() {

		String role = getProperty("vault.azure-msi.role");
		String path = getProperty("vault.azure-msi.azure-path",
				AzureMsiAuthenticationOptions.DEFAULT_AZURE_AUTHENTICATION_PATH);
		URI metadataServiceUri = getUri("vault.azure-msi.metadata-service",
				AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI);
		URI identityTokenServiceUri = getUri("vault.azure-msi.identity-token-service",
				AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI);
		Assert.hasText(role, "Vault Azure MSI authentication: Role (vault.azure-msi.role) must not be empty");

		AzureMsiAuthenticationOptionsBuilder builder = AzureMsiAuthenticationOptions.builder().role(role).path(path)
				.instanceMetadataUri(metadataServiceUri).identityTokenServiceUri(identityTokenServiceUri);

		return new AzureMsiAuthentication(builder.build(), restOperations());
	}
 
Example #2
Source File: HashicorpKeyVaultServiceFactoryUtilTest.java    From tessera with Apache License 2.0 6 votes vote down vote up
@Test
public void configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);

    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");

    when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("approle"));

    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);

    assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
 
Example #3
Source File: GcpGceClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.GcpGceProperties gcp = vaultProperties.getGcpGce();

	Assert.hasText(gcp.getRole(), missingPropertyForAuthMethod("gcp-iam.role",
			AuthenticationMethod.GCP_GCE));

	GcpComputeAuthenticationOptions.GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions
			.builder().path(gcp.getGcpPath()).role(gcp.getRole());

	if (StringUtils.hasText(gcp.getServiceAccount())) {
		builder.serviceAccount(gcp.getServiceAccount());
	}

	return new GcpComputeAuthentication(builder.build(), vaultRestOperations,
			externalRestOperations);
}
 
Example #4
Source File: HashicorpKeyVaultServiceFactoryUtilTest.java    From tessera with Apache License 2.0 6 votes vote down vote up
@Test
public void configureClientAuthenticationIfOnlyRoleIdAndSecretIdSetThenAppRoleMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);

    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);

    when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("somepath"));

    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);

    assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
 
Example #5
Source File: AzureMsiClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.AzureMsiProperties azureMsi = vaultProperties
			.getAzureMsi();

	Assert.hasText(azureMsi.getRole(), missingPropertyForAuthMethod("azure-msi.role",
			AuthenticationMethod.AZURE_MSI));

	AzureMsiAuthenticationOptions options = AzureMsiAuthenticationOptions.builder()
			.role(azureMsi.getRole()).path(azureMsi.getAzurePath())
			.instanceMetadataUri(getUri(azureMsi.getMetadataService(),
					AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI))
			.identityTokenServiceUri(getUri(azureMsi.getIdentityTokenService(),
					AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI))
			.build();

	return new AzureMsiAuthentication(options, vaultRestOperations,
			externalRestOperations);
}
 
Example #6
Source File: CubbyholeClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	String token = vaultProperties.getToken();

	Assert.hasText(token,
			missingPropertyForAuthMethod("token", AuthenticationMethod.CUBBYHOLE));

	CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
			.wrapped() //
			.initialToken(VaultToken.of(token)) //
			.build();

	return new CubbyholeAuthentication(options, vaultRestOperations);
}
 
Example #7
Source File: EnvironmentVaultConfiguration.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
protected ClientAuthentication appRoleAuthentication() {

		String roleId = getProperty("vault.app-role.role-id");
		String secretId = getProperty("vault.app-role.secret-id");
		String path = getProperty("vault.app-role.app-role-path",
				AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH);

		Assert.hasText(roleId, "Vault AppRole authentication: RoleId (vault.app-role.role-id) must not be empty");

		AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder()
				.roleId(RoleId.provided(roleId)).path(path);

		if (StringUtils.hasText(secretId)) {
			builder = builder.secretId(SecretId.provided(secretId));
		}

		return new AppRoleAuthentication(builder.build(), restOperations());
	}
 
Example #8
Source File: VaultConfig.java    From cloudbreak with Apache License 2.0 6 votes vote down vote up
@Override
public ClientAuthentication clientAuthentication() {
    if (AUTH_TYPE_K8S.equalsIgnoreCase(authType)) {
        LOGGER.info("Kubernetes based Vault auth is configured");
        try {
            String token = FileReaderUtils.readFileFromPath(Paths.get(kubernetesSATokenPath));
            KubernetesAuthenticationOptions k8sOptions = KubernetesAuthenticationOptions.builder()
                    .jwtSupplier(() -> token)
                    .role(kubernetesLoginRole)
                    .path(kubernetesMountPath)
                    .build();
            return new KubernetesAuthentication(k8sOptions, restOperations());
        } catch (IOException e) {
            throw new RuntimeException("Failed to read the Kubernetes service account token", e);
        }
    } else {
        LOGGER.info("Token based Vault auth is configured");
        return new TokenAuthentication(rootToken);
    }
}
 
Example #9
Source File: EnvironmentVaultConfiguration.java    From spring-vault with Apache License 2.0 6 votes vote down vote up
protected ClientAuthentication kubeAuthentication() {

		String role = getProperty("vault.kubernetes.role");
		String tokenFile = getProperty("vault.kubernetes.service-account-token-file",
				KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE);
		String path = getProperty("vault.kubernetes.kubernetes-path",
				KubernetesAuthenticationOptions.DEFAULT_KUBERNETES_AUTHENTICATION_PATH);

		Assert.hasText(role, "Vault Kubernetes authentication: role must not be empty");

		KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile);

		KubernetesAuthenticationOptionsBuilder builder = KubernetesAuthenticationOptions.builder().role(role)
				.jwtSupplier(jwtSupplier).path(path);

		return new KubernetesAuthentication(builder.build(), restOperations());
	}
 
Example #10
Source File: KubernetesClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.KubernetesProperties kubernetes = vaultProperties
			.getKubernetes();

	Assert.hasText(kubernetes.getRole(), missingPropertyForAuthMethod(
			"kubernetes.role", AuthenticationMethod.KUBERNETES));
	Assert.hasText(kubernetes.getServiceAccountTokenFile(),
			missingPropertyForAuthMethod("kubernetes.service-account-token-file",
					AuthenticationMethod.KUBERNETES));

	KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions
			.builder().path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
			.jwtSupplier(new KubernetesServiceAccountTokenFile(
					kubernetes.getServiceAccountTokenFile()))
			.build();

	return new KubernetesAuthentication(options, vaultRestOperations);
}
 
Example #11
Source File: SpringVaultClientConfiguration.java    From spring-cloud-config with Apache License 2.0 6 votes vote down vote up
/**
 * @return a new {@link ClientAuthentication}.
 */
public ClientAuthentication clientAuthentication() {

	AuthenticationMethod authentication = this.vaultProperties.getAuthentication();

	if (authentication == null) {
		return new ConfigTokenProviderAuthentication(this.configTokenProvider);
	}

	if (this.authProviders == null || this.authProviders.isEmpty()) {
		throw new UnsupportedOperationException(
				"No Vault client authentication providers are configured");
	}

	for (SpringVaultClientAuthenticationProvider authProvider : this.authProviders) {
		if (authProvider.supports(this.vaultProperties)) {
			return authProvider.getClientAuthentication(this.vaultProperties,
					restOperations(), this.externalRestOperations);
		}
	}

	throw new UnsupportedOperationException(
			String.format("Client authentication %s not supported", authentication));
}
 
Example #12
Source File: HashicorpVaultAliasService.java    From knox with Apache License 2.0 6 votes vote down vote up
@Override
public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
  this.config = config;
  Map<String, String> remoteAliasServiceConfiguration = config.getRemoteAliasServiceConfiguration();
  Map<String, String> vaultConfiguration = new HashMap<>();
  for(Map.Entry<String, String> entry : remoteAliasServiceConfiguration.entrySet()) {
    if(entry.getKey().startsWith(VAULT_CONFIG_PREFIX)) {
      vaultConfiguration.put(entry.getKey(),
          entry.getValue());
    }
  }

  String vaultAddress = vaultConfiguration.get(VAULT_ADDRESS_KEY);
  String vaultSecretsEngine = vaultConfiguration.get(VAULT_SECRETS_ENGINE_KEY);
  vaultPathPrefix = getVaultPathPrefix(vaultConfiguration);

  VaultEndpoint vaultEndpoint;
  try {
    vaultEndpoint = VaultEndpoint.from(new URI(vaultAddress));
    ClientAuthentication vaultAuthentication = getClientAuthentication(vaultConfiguration);
    VaultTemplate vaultTemplate = new VaultTemplate(vaultEndpoint, vaultAuthentication);
    vault = vaultTemplate.opsForVersionedKeyValue(vaultSecretsEngine);
  } catch (Exception e) {
    throw new ServiceLifecycleException("Failed to init", e);
  }
}
 
Example #13
Source File: ClientAuthenticationFactoryUnitTests.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
@Test
public void shouldSupportPcfAuthentication() {

	VaultProperties properties = new VaultProperties();
	properties.setAuthentication(VaultProperties.AuthenticationMethod.PCF);
	properties.getPcf().setRole("my-role");
	properties.getPcf().setInstanceKey(new ClassPathResource("bootstrap.yml"));
	properties.getPcf()
			.setInstanceCertificate(new ClassPathResource("bootstrap.yml"));

	ClientAuthentication clientAuthentication = new ClientAuthenticationFactory(
			properties, new RestTemplate(), new RestTemplate())
					.createClientAuthentication();

	assertThat(clientAuthentication).isInstanceOf(PcfAuthentication.class);
}
 
Example #14
Source File: VaultBootstrapConfiguration.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
/**
 * @return the {@link SessionManager} for Vault session management.
 * @param clientAuthentication the {@link ClientAuthentication}.
 * @param asyncTaskExecutorFactory the {@link ObjectFactory} for
 * {@link TaskSchedulerWrapper}.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public SessionManager vaultSessionManager(ClientAuthentication clientAuthentication,
		ObjectFactory<TaskSchedulerWrapper> asyncTaskExecutorFactory) {

	if (this.vaultProperties.getConfig().getLifecycle().isEnabled()) {
		RestTemplate restTemplate = this.restTemplateBuilder.build();
		return new LifecycleAwareSessionManager(clientAuthentication,
				asyncTaskExecutorFactory.getObject().getTaskScheduler(),
				restTemplate);
	}

	return new SimpleSessionManager(clientAuthentication);
}
 
Example #15
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
private ClientAuthentication pcfAuthentication(VaultProperties vaultProperties) {

		VaultProperties.PcfProperties pcfProperties = vaultProperties.getPcf();

		Assert.isTrue(
				ClassUtils.isPresent("org.bouncycastle.crypto.signers.PSSSigner",
						getClass().getClassLoader()),
				"BouncyCastle (bcpkix-jdk15on) must be on the classpath");
		Assert.hasText(pcfProperties.getRole(),
				"Role (spring.cloud.vault.pcf.role) must not be empty");

		PcfAuthenticationOptions.PcfAuthenticationOptionsBuilder builder = PcfAuthenticationOptions
				.builder().role(pcfProperties.getRole()).path(pcfProperties.getPcfPath());

		if (pcfProperties.getInstanceCertificate() != null) {
			builder.instanceCertificate(new ResourceCredentialSupplier(
					pcfProperties.getInstanceCertificate()));
		}

		if (pcfProperties.getInstanceKey() != null) {
			builder.instanceKey(
					new ResourceCredentialSupplier(pcfProperties.getInstanceKey()));
		}

		return new PcfAuthentication(builder.build(), this.restOperations);
	}
 
Example #16
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
private ClientAuthentication kubernetesAuthentication(
		VaultProperties vaultProperties) {

	VaultProperties.KubernetesProperties kubernetes = vaultProperties.getKubernetes();

	Assert.hasText(kubernetes.getRole(),
			"Role (spring.cloud.vault.kubernetes.role) must not be empty");
	Assert.hasText(kubernetes.getServiceAccountTokenFile(),
			"Service account token file (spring.cloud.vault.kubernetes.service-account-token-file) must not be empty");

	KubernetesAuthenticationOptions options = KubernetesAuthenticationOptions
			.builder().path(kubernetes.getKubernetesPath()).role(kubernetes.getRole())
			.jwtSupplier(new KubernetesServiceAccountTokenFile(
					kubernetes.getServiceAccountTokenFile()))
			.build();

	return new KubernetesAuthentication(options, this.restOperations);
}
 
Example #17
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
private ClientAuthentication gcpIamAuthentication(VaultProperties vaultProperties) {

		VaultProperties.GcpIamProperties gcp = vaultProperties.getGcpIam();

		Assert.hasText(gcp.getRole(),
				"Role (spring.cloud.vault.gcp-iam.role) must not be empty");

		GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions.builder()
				.path(gcp.getGcpPath()).role(gcp.getRole())
				.jwtValidity(gcp.getJwtValidity());

		if (StringUtils.hasText(gcp.getProjectId())) {
			builder.projectId(gcp.getProjectId());
		}

		if (StringUtils.hasText(gcp.getServiceAccountId())) {
			builder.serviceAccountId(gcp.getServiceAccountId());
		}

		GcpCredentialSupplier supplier = () -> getGoogleCredential(gcp);
		builder.credential(supplier.get());

		GcpIamAuthenticationOptions options = builder.build();

		return new GcpIamAuthentication(options, this.restOperations);
	}
 
Example #18
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 6 votes vote down vote up
private ClientAuthentication gcpGceAuthentication(VaultProperties vaultProperties) {

		VaultProperties.GcpGceProperties gcp = vaultProperties.getGcpGce();

		Assert.hasText(gcp.getRole(),
				"Role (spring.cloud.vault.gcp-gce.role) must not be empty");

		GcpComputeAuthenticationOptionsBuilder builder = GcpComputeAuthenticationOptions
				.builder().path(gcp.getGcpPath()).role(gcp.getRole());

		if (StringUtils.hasText(gcp.getServiceAccount())) {
			builder.serviceAccount(gcp.getServiceAccount());
		}

		return new GcpComputeAuthentication(builder.build(), this.restOperations,
				this.externalRestOperations);
	}
 
Example #19
Source File: AwsEc2ClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.AwsEc2Properties awsEc2 = vaultProperties.getAwsEc2();

	AwsEc2AuthenticationOptions.Nonce nonce = StringUtils.hasText(awsEc2.getNonce())
			? AwsEc2AuthenticationOptions.Nonce
					.provided(awsEc2.getNonce().toCharArray())
			: AwsEc2AuthenticationOptions.Nonce.generated();

	AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions
			.builder().role(awsEc2.getRole()) //
			.path(awsEc2.getAwsEc2Path()) //
			.nonce(nonce) //
			.identityDocumentUri(URI.create(awsEc2.getIdentityDocument())) //
			.build();

	return new AwsEc2Authentication(authenticationOptions, vaultRestOperations,
			externalRestOperations);
}
 
Example #20
Source File: TokenClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	Assert.hasText(vaultProperties.getToken(),
			missingPropertyForAuthMethod("token", AuthenticationMethod.TOKEN));

	return new TokenAuthentication(vaultProperties.getToken());
}
 
Example #21
Source File: CertificateClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	return new ClientCertificateAuthentication(vaultRestOperations);
}
 
Example #22
Source File: GcpIamClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	assertClassPresent(
			"com.google.api.client.googleapis.auth.oauth2.GoogleCredential",
			missingClassForAuthMethod("GoogleCredential", "google-api-client",
					AuthenticationMethod.GCP_IAM));

	VaultEnvironmentProperties.GcpIamProperties gcp = vaultProperties.getGcpIam();

	Assert.hasText(gcp.getRole(), missingPropertyForAuthMethod("gcp-iam.role",
			AuthenticationMethod.GCP_IAM));

	GcpIamAuthenticationOptions.GcpIamAuthenticationOptionsBuilder builder = GcpIamAuthenticationOptions
			.builder().path(gcp.getGcpPath()).role(gcp.getRole())
			.jwtValidity(gcp.getJwtValidity());

	if (StringUtils.hasText(gcp.getProjectId())) {
		builder.projectId(gcp.getProjectId());
	}

	if (StringUtils.hasText(gcp.getServiceAccountId())) {
		builder.serviceAccountId(gcp.getServiceAccountId());
	}

	GcpCredentialSupplier supplier = GcpCredentialProvider.getGoogleCredential(gcp);
	builder.credential(supplier.get());

	GcpIamAuthenticationOptions options = builder.build();

	return new GcpIamAuthentication(options, vaultRestOperations);
}
 
Example #23
Source File: VaultBootstrapConfigurationTests.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldConfigureWithoutAuthentication() {

	this.contextRunner.withPropertyValues("spring.cloud.vault.kv.enabled=false",
			"spring.cloud.vault.authentication=NONE").run(context -> {

				assertThat(context).doesNotHaveBean(SessionManager.class);
				assertThat(context).doesNotHaveBean(ClientAuthentication.class);
				assertThat(context).hasSingleBean(VaultTemplate.class);
			});
}
 
Example #24
Source File: VaultBootstrapConfiguration.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
/**
 * @return the {@link ClientAuthentication} to obtain a
 * {@link org.springframework.vault.support.VaultToken}.
 * @see SessionManager
 * @see LifecycleAwareSessionManager
 */
@Bean
@ConditionalOnMissingBean
@ConditionalOnAuthentication
public ClientAuthentication clientAuthentication() {

	RestTemplate restTemplate = this.restTemplateBuilder.build();
	ClientAuthenticationFactory factory = new ClientAuthenticationFactory(
			this.vaultProperties, restTemplate, this.externalRestOperations);

	return factory.createClientAuthentication();
}
 
Example #25
Source File: AwsIamClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	assertClassPresent("com.amazonaws.auth.AWSCredentials", missingClassForAuthMethod(
			"AWSCredentials", "aws-java-sdk-core", AuthenticationMethod.AWS_IAM));

	VaultEnvironmentProperties.AwsIamProperties awsIam = vaultProperties.getAwsIam();

	AWSCredentialsProvider credentialsProvider = AwsCredentialProvider
			.getAwsCredentialsProvider();

	AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions
			.builder();

	if (StringUtils.hasText(awsIam.getRole())) {
		builder.role(awsIam.getRole());
	}

	if (StringUtils.hasText(awsIam.getServerName())) {
		builder.serverName(awsIam.getServerName());
	}

	if (awsIam.getEndpointUri() != null) {
		builder.endpointUri(awsIam.getEndpointUri());
	}

	builder.path(awsIam.getAwsPath()) //
			.credentialsProvider(credentialsProvider);

	AwsIamAuthenticationOptions options = builder
			.credentialsProvider(credentialsProvider).build();

	return new AwsIamAuthentication(options, vaultRestOperations);
}
 
Example #26
Source File: SpringVaultClientConfigurationTests.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
private void assertClientAuthenticationOfType(VaultEnvironmentProperties properties,
		Class<? extends ClientAuthentication> type) {
	ClientAuthentication clientAuthentication = getConfiguration(properties)
			.clientAuthentication();

	assertThat(clientAuthentication).isInstanceOf(type);
}
 
Example #27
Source File: VaultConfiguration.java    From vault-crd with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication clientAuthentication() {
    KubernetesAuthenticationOptions options =
            KubernetesAuthenticationOptions.builder().path(path).role(role).build();

    return new KubernetesAuthentication(options, restOperations());
}
 
Example #28
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
private ClientAuthentication cubbyholeAuthentication() {

		Assert.hasText(this.vaultProperties.getToken(),
				"Initial Token (spring.cloud.vault.token) for Cubbyhole authentication must not be empty");

		CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder() //
				.wrapped() //
				.initialToken(VaultToken.of(this.vaultProperties.getToken())) //
				.build();

		return new CubbyholeAuthentication(options, this.restOperations);
	}
 
Example #29
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
private ClientAuthentication awsIamAuthentication(VaultProperties vaultProperties) {

		AwsIamProperties awsIam = vaultProperties.getAwsIam();

		AWSCredentialsProvider credentialsProvider = AwsCredentialProvider
				.getAwsCredentialsProvider();

		AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions
				.builder();

		if (StringUtils.hasText(awsIam.getRole())) {
			builder.role(awsIam.getRole());
		}

		if (StringUtils.hasText(awsIam.getServerName())) {
			builder.serverName(awsIam.getServerName());
		}

		if (awsIam.getEndpointUri() != null) {
			builder.endpointUri(awsIam.getEndpointUri());
		}

		builder.path(awsIam.getAwsPath()) //
				.credentialsProvider(credentialsProvider);

		AwsIamAuthenticationOptions options = builder
				.credentialsProvider(credentialsProvider).build();

		return new AwsIamAuthentication(options, this.restOperations);
	}
 
Example #30
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
private ClientAuthentication awsEc2Authentication(VaultProperties vaultProperties) {

		VaultProperties.AwsEc2Properties awsEc2 = vaultProperties.getAwsEc2();

		Nonce nonce = StringUtils.hasText(awsEc2.getNonce())
				? Nonce.provided(awsEc2.getNonce().toCharArray()) : Nonce.generated();

		AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions
				.builder().role(awsEc2.getRole()) //
				.path(awsEc2.getAwsEc2Path()) //
				.nonce(nonce) //
				.identityDocumentUri(URI.create(awsEc2.getIdentityDocument())) //
				.build();

		return new AwsEc2Authentication(authenticationOptions, this.restOperations,
				this.externalRestOperations);
	}