use of com.google.cloud.iam.credentials.v1.SignJwtResponse in project spring-vault by spring-projects.
the class GcpIamCredentialsAuthentication method signJwt.
protected String signJwt() {
String serviceAccount = getServiceAccountId();
Map<String, Object> jwtPayload = getJwtPayload(this.options, serviceAccount);
try {
IamCredentialsSettings credentialsSettings = IamCredentialsSettings.newBuilder().setCredentialsProvider(() -> this.credentials).setTransportChannelProvider(this.transportChannelProvider).build();
try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create(credentialsSettings)) {
String payload = JSON_FACTORY.toString(jwtPayload);
ServiceAccountName serviceAccountName = ServiceAccountName.of("-", serviceAccount);
SignJwtResponse response = iamCredentialsClient.signJwt(serviceAccountName, Collections.emptyList(), payload);
return response.getSignedJwt();
}
} catch (IOException e) {
throw new VaultLoginException("Cannot sign JWT", e);
}
}
Aggregations