com.oracle.bmc.auth

Class ResourcePrincipalAuthenticationDetailsProvider

java.lang.Object

com.oracle.bmc.auth.AbstractRequestingAuthenticationDetailsProvider

com.oracle.bmc.auth.ResourcePrincipalAuthenticationDetailsProvider

All Implemented Interfaces:

AbstractAuthenticationDetailsProvider, BasicAuthenticationDetailsProvider, ConfigurableRefreshOnNotAuthenticatedProvider<String>, RefreshableOnNotAuthenticatedProvider<String>, RegionProvider

public class ResourcePrincipalAuthenticationDetailsProvider
extends AbstractRequestingAuthenticationDetailsProvider
implements RegionProvider, RefreshableOnNotAuthenticatedProvider<String>, ConfigurableRefreshOnNotAuthenticatedProvider<String>

This constructs a default implementation of the ResourcePrincipalAuthenticationDetailsProvider, constructed in accordance with the following environment variable settings:

• OCI_RESOURCE_PRINCIPAL_VERSION:

  permitted values are "2.2" and "1.1" For OCI_RESOURCE_PRINCIPAL_VERSION = "2.2",

• OCI_RESOURCE_PRINCIPAL_RPST:

  If this is an absolute path, then the filesystem-supplied resource principal session token will be retrieved from that location. This mode supports token refresh (if the environment replaces the RPST in the filesystem).

  Otherwise, the environment variable is taken to hold the raw value of an RPST. Under these circumstances, the RPST cannot be refreshed; consequently, this mode is only usable for short-lived executables.

• OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM:

  If this is an absolute path, then the filesystem-supplied private key will be retrieved from that location. As with the OCI_RESOURCE_PRINCIPAL_RPST, this mode supports token refresh if the environment can update the file contents.

  Otherwise, the value is interpreted as the direct injection of a private key. The same considerations as to the lifetime of this value apply when directly injecting a key.

• OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE:

  This is optional. If set, it contains either the location (as an absolute path) or the value of the passphrase associated with the private key.

• OCI_RESOURCE_PRINCIPAL_REGION:

  If set, this holds the canonical form of the local region. This is intended to enable executables to locate their "local" OCI service endpoints. For OCI_RESOURCE_PRINCIPAL_VERSION = "1.1",

• OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT:

  This is required.

• OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT:

  If set, the value from environment variable is used.

  Otherwise, it uses the default resource principal token path provider.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ResourcePrincipalAuthenticationDetailsProvider.ClaimKeys
static class	ResourcePrincipalAuthenticationDetailsProvider.ResourcePrincipalAuthenticationDetailsProviderBuilder Builder for ResourcePrincipalAuthenticationDetailsProvider that understands the V2.2 configuration

Nested classes/interfaces inherited from class com.oracle.bmc.auth.AbstractRequestingAuthenticationDetailsProvider

AbstractRequestingAuthenticationDetailsProvider.Builder<B extends AbstractRequestingAuthenticationDetailsProvider.Builder<B>>, AbstractRequestingAuthenticationDetailsProvider.CachingSessionKeySupplier

Field Summary

Fields inherited from class com.oracle.bmc.auth.AbstractRequestingAuthenticationDetailsProvider

federationClient, sessionKeySupplier

Method Summary

Modifier and Type	Method and Description
static ResourcePrincipalAuthenticationDetailsProvider.ResourcePrincipalAuthenticationDetailsProviderBuilder	builder()
Region	getRegion() Returns the region.
String	getStringClaim(String key) Session tokens carry JWT-like claims.
String	refresh() Refreshes the authentication data used by the provider
String	refreshIfExpiringWithin(Duration time) Refreshes the authentication data used by the provider
String	refreshIfExpiringWithin(Duration time, boolean refreshKeys) Refreshes the authentication data used by the provider

Methods inherited from class com.oracle.bmc.auth.AbstractRequestingAuthenticationDetailsProvider

getKeyId, getPassPhrase, getPassphraseCharacters, getPrivateKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getRegion

public Region getRegion()

Description copied from interface: RegionProvider

Returns the region.

Specified by:

getRegion in interface RegionProvider

Returns:

Region object.

builder

public static ResourcePrincipalAuthenticationDetailsProvider.ResourcePrincipalAuthenticationDetailsProviderBuilder builder()

getStringClaim

public String getStringClaim(String key)

Session tokens carry JWT-like claims. Permit the retrieval of the value of those claims from the token. At the least, the token should carry claims for ResourcePrincipalAuthenticationDetailsProvider.ClaimKeys.COMPARTMENT_ID_CLAIM_KEY and ResourcePrincipalAuthenticationDetailsProvider.ClaimKeys.TENANT_ID_CLAIM_KEY

Parameters:

key - the name of a claim in the session token

Returns:

the claim value.

refresh

public String refresh()

Refreshes the authentication data used by the provider

Specified by:

refresh in interface RefreshableOnNotAuthenticatedProvider<String>

Returns:

the refreshed authentication data

refreshIfExpiringWithin

public String refreshIfExpiringWithin(Duration time)

Refreshes the authentication data used by the provider

Specified by:

refreshIfExpiringWithin in interface ConfigurableRefreshOnNotAuthenticatedProvider<String>

Parameters:

time - the duration to check

Returns:

the refreshed authentication data

refreshIfExpiringWithin

public String refreshIfExpiringWithin(Duration time,
                                      boolean refreshKeys)

Refreshes the authentication data used by the provider

Specified by:

refreshIfExpiringWithin in interface ConfigurableRefreshOnNotAuthenticatedProvider<String>

Parameters:

time - the duration to check

refreshKeys - boolean value to enable/disable refresh of keys

Returns:

the refreshed authentication data