Polishing.

mp911de · mp911de · commit a11769d910ac · 2023-03-17T10:12:46.000+01:00
Remove superfluous dependencies. Fix Javadoc. Update documentation. Add missing import. See gh-761 Original pull request gh-765
diff --git a/pom.xml b/pom.xml
@@ -234,12 +234,6 @@
 				<version>${aws-java-sdk.version}</version>
 				<optional>true</optional>
 			</dependency>
-			<dependency>
-				<groupId>software.amazon.awssdk</groupId>
-				<artifactId>sts</artifactId>
-				<version>${aws-java-sdk.version}</version>
-				<optional>true</optional>
-			</dependency>
 
 			<!-- GCP SDK -->
 			<dependency>
diff --git a/spring-vault-core/pom.xml b/spring-vault-core/pom.xml
@@ -189,21 +189,6 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
-		<dependency>
-			<groupId>software.amazon.awssdk</groupId>
-			<artifactId>sts</artifactId>
-			<optional>true</optional>
-			<exclusions>
-				<exclusion>
-					<groupId>software.amazon.ion</groupId>
-					<artifactId>ion-java</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>com.fasterxml.jackson.dataformat</groupId>
-					<artifactId>jackson-dataformat-cbor</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
 
 		<dependency>
 			<groupId>com.google.apis</groupId>
diff --git a/spring-vault-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java b/spring-vault-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java
@@ -23,6 +23,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
@@ -47,7 +48,6 @@
 import org.springframework.vault.support.SslConfiguration.KeyStoreConfiguration;
 import org.springframework.vault.support.VaultToken;
 import org.springframework.web.client.RestOperations;
-import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 
 /**
  * Configuration using Spring's {@link org.springframework.core.env.Environment} to
@@ -98,8 +98,8 @@
  * </li>
  * <li>Authentication method: {@code vault.authentication} (defaults to {@literal TOKEN},
  * supported authentication methods are:
- * {@literal TOKEN, APPID, APPROLE, AWS_EC2, AZURE, CERT, CUBBYHOLE, KUBERNETES}, see
- * {@link AuthenticationMethod})</li>
+ * {@literal TOKEN, APPID, APPROLE, AWS_EC2, AWS_IAM, AZURE, CERT, CUBBYHOLE, KUBERNETES},
+ * see {@link AuthenticationMethod})</li>
  * <li>Token authentication
  * <ul>
  * <li>Vault Token: {@code vault.token}</li>
@@ -130,6 +130,10 @@
  * <li>Identity Document URL: {@code vault.aws-ec2.identity-document} (defaults to
  * {@link AwsEc2AuthenticationOptions#DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI})</li>
  * </ul>
+ * <li>AWS IAM authentication
+ * <ul>
+ * <li>Role: {@code vault.aws-iam.role} (since 3.0.2)</li>
+ * </ul>
  * <li>Azure MSI authentication
  * <ul>
  * <li>Azure MSI path: {@code vault.azure-msi.azure-path} (since 2.2.1, defaults to
@@ -376,6 +380,7 @@ protected ClientAuthentication awsEc2Authentication() {
 	}
 
 	protected ClientAuthentication awsIamAuthentication() {
+
 		String role = getProperty("vault.aws-iam.role");
 		Assert.isTrue(StringUtils.hasText(role),
 				"Vault AWS-IAM authentication: Role (vault.aws-iam.role) must not be empty");
diff --git a/spring-vault-core/src/test/java/org/springframework/vault/config/EnvironmentVaultConfigurationAwsIamAuthenticationUnitTests.java b/spring-vault-core/src/test/java/org/springframework/vault/config/EnvironmentVaultConfigurationAwsIamAuthenticationUnitTests.java
@@ -29,7 +29,7 @@
 import org.springframework.vault.authentication.ClientAuthentication;
 
 /**
- * Unit tests for {@link EnvironmentVaultConfiguration} with AppRole authentication.
+ * Unit tests for {@link EnvironmentVaultConfiguration} with AWS IAM authentication.
  *
  * @author Nick Tan
  */
diff --git a/src/main/asciidoc/reference/imperative-template.adoc b/src/main/asciidoc/reference/imperative-template.adoc
@@ -178,7 +178,7 @@ vault.token=00000000-0000-0000-0000-000000000000
 ** Truststore type: `vault.ssl.trust-store-type` (optional, typically `jks`, supports also `pem`)
 ** Enabled SSL/TLS protocols: `vault.ssl.enabled-protocols` (since 2.3.2, optional, protocols separated with comma)
 ** Enabled SSL/TLS cipher suites: `vault.ssl.enabled-cipher-suites` (since 2.3.2, optional, cipher suites separated with comma)
-* Authentication method: `vault.authentication` (defaults to `TOKEN`, supported authentication methods are: `TOKEN`, `APPID`, `APPROLE`, `AWS_EC2`, `AZURE`, `CERT`, `CUBBYHOLE`, `KUBERNETES`)
+* Authentication method: `vault.authentication` (defaults to `TOKEN`, supported authentication methods are: `TOKEN`, `APPID`, `APPROLE`, `AWS_EC2`, `AWS_IAM`, `AZURE`, `CERT`, `CUBBYHOLE`, `KUBERNETES`)
 
 **Authentication-specific property keys**
 
@@ -206,6 +206,10 @@ Any other value is used with `StaticUserId`.
 * RoleId: `vault.aws-ec2.role-id` (*deprecated:* use `vault.aws-ec2.role` instead)
 * Identity Document URL: `vault.aws-ec2.identity-document` (defaults to `http://169.254.169.254/latest/dynamic/instance-identity/pkcs7`)
 
+**<<vault.authentication.awsiam>>**
+
+* Role: `vault.aws-iam.role`
+
 **<<vault.authentication.azuremsi>>**
 
 * Azure MSI path: `vault.azure-msi.azure-path` (defaults to `azure`)

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@`
`29`	`29`	`import org.springframework.vault.authentication.ClientAuthentication;`
`30`	`30`
`31`	`31`	`/**`
`32`		`- * Unit tests for {@link EnvironmentVaultConfiguration} with AppRole authentication.`
	`32`	`+ * Unit tests for {@link EnvironmentVaultConfiguration} with AWS IAM authentication.`
`33`	`33`	`*`
`34`	`34`	`* @author Nick Tan`
`35`	`35`	`*/`