Polishing.

Remove GcpIam and AppId leftovers.

See gh-904
This commit is contained in:
Mark Paluch
2025-03-03 16:18:41 +01:00
parent 69674dba40
commit d01d180d5b
6 changed files with 1 additions and 209 deletions

View File

@@ -1,65 +0,0 @@
/*
* Copyright 2018-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.vault.authentication;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
/**
* Default implementation of{@link GcpProjectIdAccessor} and
* {@link GcpServiceAccountIdAccessor}. Used by {@link GcpIamAuthentication}.
*
* @author Magnus Jungsbluth
* @author Mark Paluch
* @since 2.1
* @see GcpIamAuthentication
*/
enum DefaultGcpCredentialAccessors implements GcpProjectIdAccessor, GcpServiceAccountIdAccessor {
INSTANCE;
/**
* Get the service account id (email) to be placed in the signed JWT.
* @param credential credential object to obtain the service account id from.
* @return the service account id to use.
*/
@Override
public String getServiceAccountId(GoogleCredential credential) {
Assert.notNull(credential, "GoogleCredential must not be null");
Assert.notNull(credential.getServiceAccountId(),
"The configured GoogleCredential does not represent a service account. Configure the service account id with GcpIamAuthenticationOptionsBuilder#serviceAccountId(String).");
return credential.getServiceAccountId();
}
/**
* Get the GCP project id to used in Google Cloud IAM API calls.
* @param credential the credential object to obtain the project id from.
* @return the service account id to use.
*/
@Override
public String getProjectId(GoogleCredential credential) {
Assert.notNull(credential, "GoogleCredential must not be null");
return ObjectUtils.isEmpty(credential.getServiceAccountProjectId()) ? "-"
: credential.getServiceAccountProjectId();
}
}

View File

@@ -33,7 +33,7 @@ enum DefaultGoogleCredentialsAccessors implements GoogleCredentialsAccountIdAcce
INSTANCE;
/**
* Get a the service account id (email) to be placed in the signed JWT.
* Get the service account id (email) to be placed in the signed JWT.
* @param credentials credentials object to obtain the service account id from.
* @return the service account id to use.
*/

View File

@@ -1,56 +0,0 @@
/*
* Copyright 2018-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.vault.authentication;
import java.io.IOException;
import java.util.function.Supplier;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
/**
* Interface to obtain a {@link GoogleCredential} for GCP IAM authentication.
* Implementations are used by {@link GcpIamAuthentication}.
*
* @author Mark Paluch
* @since 2.1
* @see GcpIamAuthentication
*/
@FunctionalInterface
public interface GcpCredentialSupplier extends Supplier<GoogleCredential> {
/**
* Exception-safe helper to get {@link GoogleCredential} from {@link #getCredential}.
* @return the GoogleCredential for JWT signing.
*/
@Override
default GoogleCredential get() {
try {
return getCredential();
}
catch (IOException e) {
throw new IllegalStateException("Cannot obtain GoogleCredential", e);
}
}
/**
* Get a {@link GoogleCredential} for GCP IAM authentication via JWT signing.
* @return the {@link GoogleCredential}.
* @throws IOException if the credential lookup fails.
*/
GoogleCredential getCredential() throws IOException;
}

View File

@@ -1,39 +0,0 @@
/*
* Copyright 2018-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.vault.authentication;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
/**
* Interface to obtain a GCP project id for GCP IAM authentication. Implementations are
* used by {@link GcpIamAuthentication}.
*
* @author Magnus Jungsbluth
* @author Mark Paluch
* @since 2.1
* @see GcpIamAuthentication
*/
@FunctionalInterface
public interface GcpProjectIdAccessor {
/**
* Get a the GCP project id to used in Google Cloud IAM API calls.
* @param credential the credential object to obtain the project id from.
* @return the service account id to use.
*/
String getProjectId(GoogleCredential credential);
}

View File

@@ -1,38 +0,0 @@
/*
* Copyright 2018-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.vault.authentication;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
/**
* Interface to obtain a service account id for GCP IAM authentication. Implementations
* are used by {@link GcpIamAuthentication}.
*
* @author Magnus Jungsbluth
* @since 2.1
* @see GcpIamAuthentication
*/
@FunctionalInterface
public interface GcpServiceAccountIdAccessor {
/**
* Get a the service account id (email) to be placed in the signed JWT.
* @param credential credential object to obtain the service account id from.
* @return the service account id to use.
*/
String getServiceAccountId(GoogleCredential credential);
}

View File

@@ -102,15 +102,6 @@ import org.springframework.web.client.RestOperations;
* <ul>
* <li>Vault Token: {@code vault.token}</li>
* </ul>
* <li>AppId authentication
* <ul>
* <li>AppId path: {@code vault.app-id.app-id-path} (since 2.2.1, defaults to
* {@link AppIdAuthenticationOptions#DEFAULT_APPID_AUTHENTICATION_PATH})</li>
* <li>AppId: {@code vault.app-id.app-id}</li>
* <li>UserId: {@code vault.app-id.user-id}. {@literal MAC_ADDRESS} and
* {@literal IP_ADDRESS} use {@link MacAddressUserId}, respective {@link IpAddressUserId}.
* Any other value is used with {@link StaticUserId}.</li>
* </ul>
* <li>AppRole authentication
* <ul>
* <li>AppRole path: {@code vault.app-role.app-role-path} (since 2.2.1, defaults to
@@ -170,7 +161,6 @@ import org.springframework.web.client.RestOperations;
* @see org.springframework.core.env.Environment
* @see org.springframework.core.env.PropertySource
* @see VaultEndpoint
* @see AppIdAuthentication
* @see AppRoleAuthentication
* @see AwsEc2Authentication
* @see AwsIamAuthentication