diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java index 9c36ca78..b00a74b1 100644 --- a/src/main/java/com/bettercloud/vault/api/Auth.java +++ b/src/main/java/com/bettercloud/vault/api/Auth.java @@ -879,23 +879,24 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA } /** - *

Basic login operation to authenticate to an GCP backend. Example usage:

+ *

Basic login operation to authenticate to an JWT backend. Example usage:

* *
* 
{@code
-     * final AuthResponse response = vault.auth().loginByGCP("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
+     * final AuthResponse response = vault.auth().loginByJwt("kubernetes", "dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
      *
      * final String token = response.getAuthClientToken();
      * }
*
* + * @param provider Provider of JWT token. * @param role The gcp role used for authentication * @param jwt The JWT token for the role * @return The auth token, with additional response metadata * @throws VaultException If any error occurs, or unexpected response received from Vault */ // TODO: Needs integration test coverage if possible - public AuthResponse loginByGCP(final String role, final String jwt) throws VaultException { + public AuthResponse loginByJwt(final String provider, final String role, final String jwt) throws VaultException { int retryCount = 0; while (true) { @@ -903,7 +904,7 @@ public AuthResponse loginByGCP(final String role, final String jwt) throws Vault // HTTP request to Vault final String requestJson = Json.object().add("role", role).add("jwt", jwt).toString(); final RestResponse restResponse = new Rest() - .url(config.getAddress() + "/v1/auth/gcp/login") + .url(config.getAddress() + "/v1/auth/" + provider + "/login") .optionalHeader("X-Vault-Namespace", this.nameSpace) .body(requestJson.getBytes(StandardCharsets.UTF_8)) .connectTimeoutSeconds(config.getOpenTimeout()) @@ -941,6 +942,50 @@ public AuthResponse loginByGCP(final String role, final String jwt) throws Vault } } + + /** + *

Basic login operation to authenticate to an GCP backend. Example usage:

+ * + *
+ * 
{@code
+     * final AuthResponse response = vault.auth().loginByGCP("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
+     *
+     * final String token = response.getAuthClientToken();
+     * }
+ *
+ * + * @param role The gcp role used for authentication + * @param jwt The JWT token for the role + * @return The auth token, with additional response metadata + * @throws VaultException If any error occurs, or unexpected response received from Vault + */ + public AuthResponse loginByGCP(final String role, final String jwt) throws VaultException { + return loginByJwt("gcp", role, jwt); + } + + + /** + * Basic login operation to authenticate to an kubernetes backend. Example usage: + * + *
+ * + * 
{@code
+     * final AuthResponse response =
+     *     vault.auth().loginByKubernetes("dev", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...");
+     *
+     * final String token = response.getAuthClientToken();
+     * }
+ *
+ * + * @param role The kubernetes role used for authentication + * @param jwt The JWT token for the role, typically read from /var/run/secrets/kubernetes.io/serviceaccount/token + * @return The auth token, with additional response metadata + * @throws VaultException If any error occurs, or unexpected response received from Vault + */ + public AuthResponse loginByKubernetes(final String role, final String jwt) throws VaultException { + return loginByJwt("kubernetes", role, jwt); + } + /** *

Basic login operation to authenticate using Vault's TLS Certificate auth backend. Example usage:

*