Move AWS IAM authentication into nested class.

Having the AWS IAM authentication code inside the method body creating AwsIamAuthentication causes class loading of the AwsCredentialsProvider class although the return type is ClientAuthentication. With the code moved to an inner class, we mitigate that issue without actually knowing why the JVM attempts to load AwsIamAuthentication even the method isn't used. Closes gh-786
spring-projects · Apr 20, 2023 · 053a67f · 053a67f
1 parent 33c1492
commit 053a67f
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/...lt-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java b/...lt-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java
@@ -39,7 +39,6 @@
 import org.springframework.vault.authentication.AppRoleAuthenticationOptions.RoleId;
 import org.springframework.vault.authentication.AppRoleAuthenticationOptions.SecretId;
 import org.springframework.vault.authentication.AwsEc2AuthenticationOptions.AwsEc2AuthenticationOptionsBuilder;
-import org.springframework.vault.authentication.AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder;
 import org.springframework.vault.authentication.AzureMsiAuthenticationOptions.AzureMsiAuthenticationOptionsBuilder;
 import org.springframework.vault.authentication.CubbyholeAuthenticationOptions.CubbyholeAuthenticationOptionsBuilder;
 import org.springframework.vault.authentication.KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder;
@@ -389,11 +388,7 @@ protected ClientAuthentication awsIamAuthentication() {
 		Assert.isTrue(StringUtils.hasText(role),
 				"Vault AWS-IAM authentication: Role (vault.aws-iam.role) must not be empty");
 
-		AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions.builder()
-			.role(role)
-			.credentialsProvider(DefaultCredentialsProvider.create());
-
-		return new AwsIamAuthentication(builder.build(), restOperations());
+		return AwsIam.doCreateIamAuthentication(role, restOperations());
 	}
 
 	protected ClientAuthentication azureMsiAuthentication() {
@@ -491,4 +486,18 @@ enum AuthenticationMethod {
 
 	}
 
+	static class AwsIam {
+
+		static ClientAuthentication doCreateIamAuthentication(String role, RestOperations restOperations) {
+
+			AwsIamAuthenticationOptions.AwsIamAuthenticationOptionsBuilder builder = AwsIamAuthenticationOptions
+				.builder()
+				.role(role)
+				.credentialsProvider(DefaultCredentialsProvider.create());
+
+			return new AwsIamAuthentication(builder.build(), restOperations);
+		}
+
+	}
+
 }