Package com.ibm.cloud.sdk.core.security
Class VpcInstanceAuthenticator
- java.lang.Object
-
- com.ibm.cloud.sdk.core.security.AuthenticatorBase
-
- com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticatorImmutable<T,R>
-
- com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticator<IamToken,VpcTokenResponse>
-
- com.ibm.cloud.sdk.core.security.VpcInstanceAuthenticator
-
- All Implemented Interfaces:
Authenticator
public class VpcInstanceAuthenticator extends TokenRequestBasedAuthenticator<IamToken,VpcTokenResponse> implements Authenticator
VpcInstanceAuthenticator implements an authentication scheme in which it retrieves an "instance identity token" and exchanges that for an IAM access token using the VPC Instance Metadata Service API which is available on a local VPC-managed compute resource (VM).The instance identity token is similar to an IAM apikey, except that it is managed automatically by the compute resource provider (VPC).
The resulting IAM access token is then added to outbound requests in an Authorization header of the form: "Authorization: Bearer <access-token>"
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classVpcInstanceAuthenticator.BuilderThis Builder class is used to construct IamAuthenticator instances.
-
Field Summary
-
Fields inherited from class com.ibm.cloud.sdk.core.security.AuthenticatorBase
ERRORMSG_ACCOUNTID_PROP_ERROR, ERRORMSG_ATLEAST_ONE_PROP_ERROR, ERRORMSG_ATMOST_ONE_PROP_ERROR, ERRORMSG_EXCLUSIVE_PROP_ERROR, ERRORMSG_PROP_INVALID, ERRORMSG_PROP_INVALID_BOOL, ERRORMSG_PROP_INVALID_INTEGER_VALUE, ERRORMSG_PROP_MISSING, ERRORMSG_REQ_FAILED
-
Fields inherited from interface com.ibm.cloud.sdk.core.security.Authenticator
AUTHTYPE_BASIC, AUTHTYPE_BEARER_TOKEN, AUTHTYPE_CONTAINER, AUTHTYPE_CP4D, AUTHTYPE_CP4D_SERVICE, AUTHTYPE_CP4D_SERVICE_INSTANCE, AUTHTYPE_IAM, AUTHTYPE_IAM_ASSUME, AUTHTYPE_MCSP, AUTHTYPE_MCSPV2, AUTHTYPE_NOAUTH, AUTHTYPE_VPC, PROPNAME_APIKEY, PROPNAME_AUTH_TYPE, PROPNAME_BEARER_TOKEN, PROPNAME_CALLER_EXT_CLAIM, PROPNAME_CLIENT_ID, PROPNAME_CLIENT_SECRET, PROPNAME_CR_TOKEN_FILENAME, PROPNAME_DISABLE_SSL, PROPNAME_DISPLAY_NAME, PROPNAME_EXPIRATION_TIME, PROPNAME_IAM_ACCOUNT_ID, PROPNAME_IAM_PROFILE_CRN, PROPNAME_IAM_PROFILE_ID, PROPNAME_IAM_PROFILE_NAME, PROPNAME_INCLUDE_BUILTIN_ACTIONS, PROPNAME_INCLUDE_CUSTOM_ACTIONS, PROPNAME_INCLUDE_ROLES, PROPNAME_PASSWORD, PROPNAME_PERMISSIONS, PROPNAME_PREFIX_ROLES, PROPNAME_SCOPE, PROPNAME_SCOPE_COLLECTION_TYPE, PROPNAME_SCOPE_ID, PROPNAME_SERVICE_BROKER_SECRET, PROPNAME_SERVICE_INSTANCE_ID, PROPNAME_UID, PROPNAME_URL, PROPNAME_USERNAME
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringauthenticationType()Returns the authentication type associated with this Authenticator.static VpcInstanceAuthenticatorfromConfiguration(java.util.Map<java.lang.String,java.lang.String> config)Constructs a ContainerAuthenticator instance using properties contained in the specified Map.java.lang.StringgetIamProfileCrn()java.lang.StringgetIamProfileId()java.lang.StringgetURL()VpcInstanceAuthenticator.BuildernewBuilder()Returns a new Builder instance pre-loaded with the configuration from "this".IamTokenrequestToken()Fetches an IAM access token using the authenticator's configuration.IamTokenretrieveIamAccessToken(java.lang.String instanceIdentityToken)Retrieves the IAM access token by invoking the VPC "create_iam_token" operation.java.lang.StringretrieveInstanceIdentityToken()Retrieves the local compute resource's instance identity token using the "create_access_token" operation of the local VPC Instance Metadata Service API.voidvalidate()Validates the configuration of the authenticator and throws an exception if validation fails.-
Methods inherited from class com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticator
setClient, setDisableSSLVerification, setHeaders, setProxy, setProxyAuthenticator
-
Methods inherited from class com.ibm.cloud.sdk.core.security.TokenRequestBasedAuthenticatorImmutable
authenticate, getClient, getDisableSSLVerification, getHeaders, getProxy, getProxyAuthenticator, getToken
-
Methods inherited from class com.ibm.cloud.sdk.core.security.AuthenticatorBase
constructBasicAuthHeader, constructBearerTokenAuthHeader
-
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.ibm.cloud.sdk.core.security.Authenticator
authenticate
-
-
-
-
Method Detail
-
newBuilder
public VpcInstanceAuthenticator.Builder newBuilder()
Returns a new Builder instance pre-loaded with the configuration from "this".- Returns:
- the Builder instance
-
fromConfiguration
public static VpcInstanceAuthenticator fromConfiguration(java.util.Map<java.lang.String,java.lang.String> config)
Constructs a ContainerAuthenticator instance using properties contained in the specified Map.- Parameters:
config- a map containing the configuration properties- Returns:
- the ContainerAuthenticator instance
-
validate
public void validate()
Validates the configuration of the authenticator and throws an exception if validation fails.- Specified by:
validatein interfaceAuthenticator- Specified by:
validatein classTokenRequestBasedAuthenticatorImmutable<IamToken,VpcTokenResponse>
-
authenticationType
public java.lang.String authenticationType()
Returns the authentication type associated with this Authenticator.- Specified by:
authenticationTypein interfaceAuthenticator- Specified by:
authenticationTypein classTokenRequestBasedAuthenticatorImmutable<IamToken,VpcTokenResponse>- Returns:
- the authentication type ("vpc")
-
getIamProfileCrn
public java.lang.String getIamProfileCrn()
- Returns:
- the iamProfileCrn configured on this Authenticator.
-
getIamProfileId
public java.lang.String getIamProfileId()
- Returns:
- the iamProfileId configured on this Authenticator.
-
getURL
public java.lang.String getURL()
- Returns:
- the URL configured on this Authenticator.
-
requestToken
public IamToken requestToken()
Fetches an IAM access token using the authenticator's configuration.- Specified by:
requestTokenin classTokenRequestBasedAuthenticatorImmutable<IamToken,VpcTokenResponse>- Returns:
- an IamToken instance that contains the access token
-
retrieveInstanceIdentityToken
public java.lang.String retrieveInstanceIdentityToken() throws java.lang.ThrowableRetrieves the local compute resource's instance identity token using the "create_access_token" operation of the local VPC Instance Metadata Service API.- Returns:
- the instance identity token
- Throws:
java.lang.Throwable- if an error occurred
-
retrieveIamAccessToken
public IamToken retrieveIamAccessToken(java.lang.String instanceIdentityToken)
Retrieves the IAM access token by invoking the VPC "create_iam_token" operation.- Parameters:
instanceIdentityToken- the current compute resource's instance identity token- Returns:
- the IamToken instance containing the IAM access token
-
-