Move AWS IAM authentication into nested class.

mp911de · mp911de · commit b47022906e56 · 2023-04-20T18:02:05.000+02:00
Having the AWS IAM authentication code inside the method body creating AwsIamAuthentication causes class loading of the AwsCredentialsProvider class although the return type is ClientAuthentication. With the code moved to an inner class, we mitigate that issue without actually knowing why the JVM attempts to load AwsIamAuthentication even the method isn't used. Closes gh-786
diff --git a/spring-vault-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java b/spring-vault-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java
@@ -39,7 +39,6 @@
 import org.springframework.vault.authentication.AppRoleAuthenticationOptions.RoleId;
 import org.springframework.vault.authentication.AppRoleAuthenticationOptions.SecretId;
 import org.springframework.vault.authentication.AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder;
-import org.springframework.vault.authentication.AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder;
 import org.springframework.vault.authentication.AzureMsiAuthenticationOptions.AzureMsiAuthenticationOptionsBuilder;
 import org.springframework.vault.authentication.CubbyholeAuthenticationOptions.CubbyholeAuthenticationOptionsBuilder;
 import org.springframework.vault.authentication.KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder;
@@ -389,11 +388,7 @@ protected ClientAuthentication awsIamAuthentication() {
 		Assert.isTrue(StringUtils.hasText(role),
 				"Vault AWS-IAM authentication: Role (vault.aws-iam.role) must not be empty");
 
-		AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions.builder()
-			.role(role)
-			.credentialsProvider(DefaultCredentialsProvider.create());
-
-		return new AwsIamAuthentication(builder.build(), restOperations());
+		return AwsIam.doCreateIamAuthentication(role, restOperations());
 	}
 
 	protected ClientAuthentication azureMsiAuthentication() {
@@ -491,4 +486,18 @@ enum AuthenticationMethod {
 
 	}
 
+	static class AwsIam {
+
+		static ClientAuthentication doCreateIamAuthentication(String role, RestOperations restOperations) {
+
+			AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions
+				.builder()
+				.role(role)
+				.credentialsProvider(DefaultCredentialsProvider.create());
+
+			return new AwsIamAuthentication(builder.build(), restOperations);
+		}
+
+	}
+
 }
