org.springframework.vault.authentication.AwsEc2AuthenticationOptions Java Examples

The following examples show how to use org.springframework.vault.authentication.AwsEc2AuthenticationOptions. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ClientAuthenticationFactory.java    From spring-cloud-vault with Apache License 2.0 5 votes vote down vote up
private ClientAuthentication awsEc2Authentication(VaultProperties vaultProperties) {

		VaultProperties.AwsEc2Properties awsEc2 = vaultProperties.getAwsEc2();

		Nonce nonce = StringUtils.hasText(awsEc2.getNonce())
				? Nonce.provided(awsEc2.getNonce().toCharArray()) : Nonce.generated();

		AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions
				.builder().role(awsEc2.getRole()) //
				.path(awsEc2.getAwsEc2Path()) //
				.nonce(nonce) //
				.identityDocumentUri(URI.create(awsEc2.getIdentityDocument())) //
				.build();

		return new AwsEc2Authentication(authenticationOptions, this.restOperations,
				this.externalRestOperations);
	}
 
Example #2
Source File: AwsEc2ClientAuthenticationProvider.java    From spring-cloud-config with Apache License 2.0 5 votes vote down vote up
@Override
public ClientAuthentication getClientAuthentication(
		VaultEnvironmentProperties vaultProperties,
		RestOperations vaultRestOperations, RestOperations externalRestOperations) {

	VaultEnvironmentProperties.AwsEc2Properties awsEc2 = vaultProperties.getAwsEc2();

	AwsEc2AuthenticationOptions.Nonce nonce = StringUtils.hasText(awsEc2.getNonce())
			? AwsEc2AuthenticationOptions.Nonce
					.provided(awsEc2.getNonce().toCharArray())
			: AwsEc2AuthenticationOptions.Nonce.generated();

	AwsEc2AuthenticationOptions authenticationOptions = AwsEc2AuthenticationOptions
			.builder().role(awsEc2.getRole()) //
			.path(awsEc2.getAwsEc2Path()) //
			.nonce(nonce) //
			.identityDocumentUri(URI.create(awsEc2.getIdentityDocument())) //
			.build();

	return new AwsEc2Authentication(authenticationOptions, vaultRestOperations,
			externalRestOperations);
}
 
Example #3
Source File: EnvironmentVaultConfiguration.java    From spring-vault with Apache License 2.0 3 votes vote down vote up
protected ClientAuthentication awsEc2Authentication() {

		String role = getProperty("vault.aws-ec2.role");
		String roleId = getProperty("vault.aws-ec2.role-id");
		String identityDocument = getProperty("vault.aws-ec2.identity-document");
		String path = getProperty("vault.aws-ec2.aws-ec2-path",
				AwsEc2AuthenticationOptions.DEFAULT_AWS_AUTHENTICATION_PATH);

		Assert.isTrue(StringUtils.hasText(roleId) || StringUtils.hasText(role),
				"Vault AWS-EC2 authentication: Role (vault.aws-ec2.role) must not be empty");

		if (StringUtils.hasText(roleId) && StringUtils.hasText(role)) {
			throw new IllegalStateException("AWS-EC2 Authentication: Only one of Role (vault.aws-ec2.role) or"
					+ " RoleId (deprecated, vault.aws-ec2.roleId) must be provided");
		}

		if (StringUtils.hasText(roleId)) {
			logger.warn(
					"AWS-EC2 Authentication: vault.aws-ec2.roleId is deprecated. Please use vault.aws-ec2.role instead.");
		}

		AwsEc2AuthenticationOptionsBuilder builder = AwsEc2AuthenticationOptions.builder()
				.role(StringUtils.hasText(role) ? role : roleId).path(path);

		if (StringUtils.hasText(identityDocument)) {
			builder.identityDocumentUri(URI.create(identityDocument));
		}

		return new AwsEc2Authentication(builder.build(), restOperations(), restOperations());
	}