Merge pull request #40 from anders-swanson/oke-workload-identity

OKE Workload Identity Authentication

Author: anders-swanson

.gitignore

@@ -5,6 +5,7 @@
 **/*.rpm
 **/*.jar
 **/*.bin
+pom.xml.versionsBackup
 
 ### STS ###
 .apt_generated

README.md

@@ -15,7 +15,8 @@ For a deep dive into the project, refer to the Spring Cloud OCI documentation:
 | Version                | Reference Docs                                                                              | API Docs                                                                        |
 |------------------------|---------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
 | Spring Cloud OCI 1.0.0 | [Reference Docs](https://oracle.github.io/spring-cloud-oci/1.0.0/reference/html/index.html) | [API Docs](https://oracle.github.io/spring-cloud-oci/1.0.0/javadocs/index.html) |
-| Spring Cloud OCI 1.0.1 | [Reference Docs](https://oracle.github.io/spring-cloud-oci/1.0.0/reference/html/index.html) | [API Docs](https://oracle.github.io/spring-cloud-oci/1.0.0/javadocs/index.html) 
+| Spring Cloud OCI 1.0.1 | [Reference Docs](https://oracle.github.io/spring-cloud-oci/1.0.0/reference/html/index.html) | [API Docs](https://oracle.github.io/spring-cloud-oci/1.0.0/javadocs/index.html) |
+
 
 ## Compatibility with Spring Project Versions
 
@@ -25,6 +26,7 @@ This project has dependency and transitive dependencies on Spring Projects. The
 |------------------|--------------|--------------|--------------|
 | 1.0.0            | 2022.0.x     | 3.1.x, 3.0.x | 3.24.0       |
 | 1.0.1            | 2023.0.x     | 3.2.x        | 3.41.1       |
+| 1.1.0            | 2023.0.x     | 3.2.x        | 3.41.1       |
 
 ## Try out samples
 

docs/pom.xml

@@ -18,7 +18,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<name>spring-cloud-oci-docs</name>
 	<groupId>com.oracle.cloud.spring</groupId>
 	<artifactId>spring-cloud-oci-docs</artifactId>
-	<version>1.0.1-SNAPSHOT</version>
+	<version>1.1.0-SNAPSHOT</version>
 	<packaging>pom</packaging>
 	<licenses>
 		<license>

docs/src/main/asciidoc/_configprops.adoc

@@ -6,7 +6,7 @@
 
 |spring.cloud.oci.config.profile | `DEFAULT` | Name of the profile in OCI Auth config file
 |spring.cloud.oci.config.file | NA | Location of the OCI Auth config file
-|spring.cloud.oci.config.type | FILE | Config/Auth type to be used. Allowed values are FILE, SIMPLE, INSTANCE_PRINCIPAL, RESOURCE_PRINCIPAL and SESSION_TOKEN
+|spring.cloud.oci.config.type | FILE | Config/Auth type to be used. Allowed values are FILE, SIMPLE, INSTANCE_PRINCIPAL, RESOURCE_PRINCIPAL, SESSION_TOKEN, and WORKLOAD_IDENTITY
 |spring.cloud.oci.config.userId | NA | OCID of the user used for creating the API key. This is needed only if spring.cloud.oci.config.type is `SIMPLE`
 |spring.cloud.oci.config.tenantId | NA | Tenancy OCID where the API key is created. This is needed only if spring.cloud.oci.config.type is `SIMPLE`
 |spring.cloud.oci.config.fingerprint | NA | Fingerprint for the public key that was added to the user mentioned in `spring.cloud.oci.config.userId`. This is needed only if spring.cloud.oci.config.type is `SIMPLE`

docs/src/main/asciidoc/core.adoc

@@ -82,6 +82,16 @@ Set the config.type to `SESSION_TOKEN` as shown here.
 spring.cloud.oci.config.type = SESSION_TOKEN
 ----
 
+==== Workload Identity Configuration
+
+Set the config.type to `WORKLOAD_IDENTITY` as shown here.
+
+----
+spring.cloud.oci.config.type = WORKLOAD_IDENTITY
+----
+
+For further details, refer to https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contenggrantingworkloadaccesstoresources.htm[OKE Workload Identity Authentication]
+
 For further details, refer to https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm#ariaid-title12
 
 === Region Configuration

pom.xml

@@ -16,7 +16,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     </parent>
     <groupId>com.oracle.cloud.spring</groupId>
     <artifactId>spring-cloud-oci</artifactId>
-    <version>1.0.1-SNAPSHOT</version>
+    <version>1.1.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>Spring Cloud OCI</name>

spring-cloud-oci-autoconfigure/pom.xml

@@ -11,7 +11,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     <parent>
         <artifactId>spring-cloud-oci</artifactId>
         <groupId>com.oracle.cloud.spring</groupId>
-        <version>1.0.1-SNAPSHOT</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>spring-cloud-oci-autoconfigure</artifactId>

spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/autoconfigure/core/CredentialsProperties.java

@@ -22,6 +22,7 @@ public enum ConfigType {
         FILE,
         INSTANCE_PRINCIPAL,
         RESOURCE_PRINCIPAL,
+        WORKLOAD_IDENTITY,
         SIMPLE,
         SESSION_TOKEN
     }

spring-cloud-oci-autoconfigure/src/main/java/com/oracle/cloud/spring/autoconfigure/core/CredentialsProvider.java

@@ -14,6 +14,7 @@
 import com.oracle.bmc.auth.SessionTokenAuthenticationDetailsProvider;
 import com.oracle.bmc.auth.SimpleAuthenticationDetailsProvider;
 import com.oracle.bmc.auth.SimplePrivateKeySupplier;
+import com.oracle.bmc.auth.okeworkloadidentity.OkeWorkloadIdentityAuthenticationDetailsProvider;
 
 import java.io.IOException;
 
@@ -41,6 +42,9 @@ private static BasicAuthenticationDetailsProvider createCredentialsProvider(Cred
         BasicAuthenticationDetailsProvider authenticationDetailsProvider;
 
         switch (properties.getType()) {
+            case WORKLOAD_IDENTITY:
+                authenticationDetailsProvider = OkeWorkloadIdentityAuthenticationDetailsProvider.builder().build();
+                break;
             case RESOURCE_PRINCIPAL:
                 authenticationDetailsProvider = ResourcePrincipalAuthenticationDetailsProvider.builder().build();
                 break;

spring-cloud-oci-autoconfigure/src/test/java/com/oracle/cloud/spring/autoconfigure/core/CredentialsProviderAutoConfigurationTests.java

@@ -7,6 +7,7 @@
 
 import com.oracle.bmc.Region;
 import com.oracle.bmc.auth.*;
+import com.oracle.bmc.auth.okeworkloadidentity.OkeWorkloadIdentityAuthenticationDetailsProvider;
 import org.junit.jupiter.api.Test;
 import org.mockito.MockedConstruction;
 import org.mockito.MockedStatic;
@@ -71,6 +72,19 @@ void testConfigurationValueConfiguredAreAsExpected() {
                         });
     }
 
+    @Test
+    void testWorkloadIdentityProvider() throws Exception {
+        CredentialsProperties properties = new CredentialsProperties();
+        properties.setType(CredentialsProperties.ConfigType.WORKLOAD_IDENTITY);
+        CredentialsProviderAutoConfiguration configuration = new CredentialsProviderAutoConfiguration(properties);
+        try (MockedStatic mocked = mockStatic(OkeWorkloadIdentityAuthenticationDetailsProvider.class)) {
+            OkeWorkloadIdentityAuthenticationDetailsProvider.OkeWorkloadIdentityAuthenticationDetailsProviderBuilder builder =
+                    mock(OkeWorkloadIdentityAuthenticationDetailsProvider.OkeWorkloadIdentityAuthenticationDetailsProviderBuilder.class);
+            when(OkeWorkloadIdentityAuthenticationDetailsProvider.builder()).thenReturn(builder);
+            BasicAuthenticationDetailsProvider provider = configuration.credentialsProvider().getAuthenticationDetailsProvider();
+        }
+    }
+
     @Test
     void testResourcePrincipalProvider() throws Exception {
         CredentialsProperties properties = new CredentialsProperties();

spring-cloud-oci-core/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     <parent>
         <artifactId>spring-cloud-oci</artifactId>
         <groupId>com.oracle.cloud.spring</groupId>
-        <version>1.0.1-SNAPSHOT</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>spring-cloud-oci-core</artifactId>
@@ -67,6 +67,10 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
             <groupId>com.oracle.oci.sdk</groupId>
             <artifactId>oci-java-sdk-identity</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.oracle.oci.sdk</groupId>
+            <artifactId>oci-java-sdk-addons-oke-workload-identity</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.oracle.oci.sdk</groupId>
             <artifactId>oci-java-sdk-common-httpclient-jersey</artifactId>

spring-cloud-oci-dependencies/pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.oracle.cloud.spring</groupId>
     <artifactId>spring-cloud-oci-dependencies</artifactId>
-    <version>1.0.1-SNAPSHOT</version>
+    <version>1.1.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>Spring Cloud OCI Dependencies</name>

spring-cloud-oci-function/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<artifactId>spring-cloud-oci</artifactId>
 		<groupId>com.oracle.cloud.spring</groupId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-cloud-oci-function</artifactId>

spring-cloud-oci-logging/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<artifactId>spring-cloud-oci</artifactId>
 		<groupId>com.oracle.cloud.spring</groupId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-cloud-oci-logging</artifactId>

spring-cloud-oci-notification/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<artifactId>spring-cloud-oci</artifactId>
 		<groupId>com.oracle.cloud.spring</groupId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-cloud-oci-notification</artifactId>

spring-cloud-oci-queue/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<artifactId>spring-cloud-oci</artifactId>
 		<groupId>com.oracle.cloud.spring</groupId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-cloud-oci-queue</artifactId>

spring-cloud-oci-samples/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     <parent>
         <artifactId>spring-cloud-oci</artifactId>
         <groupId>com.oracle.cloud.spring</groupId>
-        <version>1.0.1-SNAPSHOT</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <packaging>pom</packaging>

spring-cloud-oci-samples/spring-cloud-oci-common-samples-utils/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     <parent>
         <groupId>com.oracle.cloud.spring</groupId>
         <artifactId>spring-cloud-oci-samples</artifactId>
-        <version>1.0.1-SNAPSHOT</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
     <groupId>com.oracle.cloud.spring.sample.common</groupId>
     <artifactId>spring-cloud-oci-common-samples-utils</artifactId>

spring-cloud-oci-samples/spring-cloud-oci-function-sample/README.md

@@ -11,7 +11,7 @@ This application has the following classes:
 Configuration items that are needed to run the Application can be configured in `application.properties`.
 
 * `spring.cloud.oci.region.static` - OCI Region name(Ex: us-phoenix-1) where the OCI resources need to be created.
-* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SIMPLE, SESSION_TOKEN and FILE. If nothing is specified, FILE type is used by default.
+* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SIMPLE, SESSION_TOKEN, FILE, and WORKLOAD_IDENTITY. If nothing is specified, FILE type is used by default.
 * `spring.cloud.oci.config.file` - The file path set to this property will be used as the configuration file for FILE type authentication which uses the OCI configuration file. If nothing is specified, the OCI configuration file from the user's home directory will be used.
 * `spring.cloud.oci.config.profile` - Profile to be used in the OCI config file for Authentication. If a profile is not specified, a DEFAULT profile will be used.
 

spring-cloud-oci-samples/spring-cloud-oci-function-sample/pom.xml

@@ -9,7 +9,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<groupId>com.oracle.cloud.spring</groupId>
 		<artifactId>spring-cloud-oci-samples</artifactId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.oracle.cloud.spring.sample.function</groupId>

spring-cloud-oci-samples/spring-cloud-oci-logging-sample/README.md

@@ -11,7 +11,7 @@ This application has the following classes:
 Configuration items that are needed to run the Application can be configured in `application.properties`. These include the following:
 
 * `spring.cloud.oci.region.static` - OCI Region name(Ex: us-phoenix-1) where the OCI resources need to be created.
-* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE and FILE. If nothing is specified, FILE type is used by default.
+* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE, FILE, and WORKLOAD_IDENTITY. If nothing is specified, FILE type is used by default.
 * `spring.cloud.oci.config.file` - The file path set to this property will be used as a configuration file for FILE type authentication which uses the OCI configuration file. If nothing is specified, the OCI configuration file from the user's home directory will be used.
 * `spring.cloud.oci.config.profile` - Profile to be used in the OCI configuration file for Authentication. If a profile is not specified, a DEFAULT profile will be used.
 * `spring.cloud.oci.logging.logId` - OCID of the OCI Log where the logs need to be ingested.

spring-cloud-oci-samples/spring-cloud-oci-logging-sample/pom.xml

@@ -9,7 +9,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<groupId>com.oracle.cloud.spring</groupId>
 		<artifactId>spring-cloud-oci-samples</artifactId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 		</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.oracle.cloud.spring.sample.logging</groupId>

spring-cloud-oci-samples/spring-cloud-oci-notification-sample/README.md

@@ -17,7 +17,7 @@ This application has the following classes:
 Configuration items that are needed to run the Application can be configured in `application.properties`.
 
 * `spring.cloud.oci.region.static` - OCI Region name(Ex: us-phoenix-1) where the OCI resources need to be created.
-* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE and FILE. If nothing is specified, FILE type is used by default.
+* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE, FILE, and WORKLOAD_IDENTITY. If nothing is specified, FILE type is used by default.
 * `spring.cloud.oci.config.file` - The file path set to this property will be used as the configuration file for FILE type authentication which uses the OCI configuration file. If nothing is specified, the OCI configuration file from the user's home directory will be used.
 * `spring.cloud.oci.config.profile` - Profile to be used in the OCI config file for Authentication. If a profile is not specified, a DEFAULT profile will be used.
 

spring-cloud-oci-samples/spring-cloud-oci-notification-sample/pom.xml

@@ -9,7 +9,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<groupId>com.oracle.cloud.spring</groupId>
 		<artifactId>spring-cloud-oci-samples</artifactId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.oracle.cloud.spring.sample.notification</groupId>

spring-cloud-oci-samples/spring-cloud-oci-queue-sample/README.md

@@ -20,7 +20,7 @@ This application has the following classes:
 Configuration items that are needed to run the Application can be configured in `application.properties`.
 
 * `spring.cloud.oci.region.static` - OCI Region name(Ex: us-phoenix-1) where the OCI resources need to be created.
-* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE and FILE. If nothing is specified, FILE type is used by default.
+* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCEPRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE, FILE, and WORKLOAD_IDENTITY. If nothing is specified, FILE type is used by default.
 * `spring.cloud.oci.config.file` - The file path set to this property will be used as the configuration file for FILE type authentication which uses the OCI configuration file. If nothing is specified, the OCI configuration file from the user's home directory will be used.
 * `spring.cloud.oci.config.profile` - Profile to be used in the OCI config file for Authentication. If a profile is not specified, a DEFAULT profile will be used.
 

spring-cloud-oci-samples/spring-cloud-oci-queue-sample/pom.xml

@@ -9,7 +9,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<groupId>com.oracle.cloud.spring</groupId>
 		<artifactId>spring-cloud-oci-samples</artifactId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.oracle.cloud.spring.sample.queue</groupId>

spring-cloud-oci-samples/spring-cloud-oci-storage-sample/README.md

@@ -14,7 +14,7 @@ OCI provides customers with high-performance computing and low-cost cloud storag
 Configuration items that are needed to run the Application can be configured in `application.properties`.
 
 * `spring.cloud.oci.region.static` - OCI Region name(Ex: us-phoenix-1) where the OCI resources need to be created.
-* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE and FILE. If nothing is specified, FILE type is used by default.
+* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SESSION_TOKEN, SIMPLE, FILE, and WORKLOAD_IDENTITY. If nothing is specified, FILE type is used by default.
 * `spring.cloud.oci.config.file` - The file path set to this property will be used as the configuration file for FILE type authentication which uses the OCI configuration file. If nothing is specified, the OCI configuration file from the user's home directory will be used.
 * `spring.cloud.oci.config.profile` - Profile to be used in the OCI config file for Authentication. If a profile is not specified, a DEFAULT profile will be used.
 

spring-cloud-oci-samples/spring-cloud-oci-storage-sample/pom.xml

@@ -10,7 +10,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
     <parent>
         <groupId>com.oracle.cloud.spring</groupId>
         <artifactId>spring-cloud-oci-samples</artifactId>
-        <version>1.0.1-SNAPSHOT</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
     <groupId>com.oracle.cloud.spring.sample.storage</groupId>
     <artifactId>spring-cloud-oci-storage-sample</artifactId>

spring-cloud-oci-samples/spring-cloud-oci-streaming-sample/README.md

@@ -11,7 +11,7 @@ This application has the following classes:
 Configuration items that are needed to run the Application can be configured in `application.properties`. These include the following:
 
 * `spring.cloud.oci.region.static` - OCI Region name(Ex: us-phoenix-1) where the OCI resources need to be created.
-* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SIMPLE and FILE. If nothing is specified, FILE type is used by default.
+* `spring.cloud.oci.config.type` - Authentication type to be used for OCI. It could be one of the following: RESOURCE_PRINCIPAL, INSTANCE_PRINCIPAL, SIMPLE, FILE, and WORKLOAD_IDENTITY. If nothing is specified, FILE type is used by default.
 * `spring.cloud.oci.config.file` - The file path set to this property will be used as a configuration file for FILE type authentication which uses the OCI configuration file. If nothing is specified, the OCI configuration file from the user's home directory will be used.
 * `spring.cloud.oci.config.profile` - Profile to be used in the OCI configuration file for Authentication. If a profile is not specified, a DEFAULT profile will be used.
 

spring-cloud-oci-samples/spring-cloud-oci-streaming-sample/pom.xml

@@ -9,7 +9,7 @@ Licensed under the Universal Permissive License v 1.0 as shown at https://oss.or
 	<parent>
 		<groupId>com.oracle.cloud.spring</groupId>
 		<artifactId>spring-cloud-oci-samples</artifactId>
-		<version>1.0.1-SNAPSHOT</version>
+		<version>1.1.0-SNAPSHOT</version>
 		</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.oracle.cloud.spring.sample.streaming</groupId>