You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+135Lines changed: 135 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,6 +59,141 @@ Add the dependencies to your project's build file (replace `<SDK_VERSION>` with
59
59
60
60
Examples on services, configuration and authentication possibilities can be found in the [examples folder](https://github.com/stackitcloud/stackit-sdk-java/tree/main/examples).
61
61
62
+
## Authorization
63
+
64
+
To authenticate to the SDK, you will need a [service account](https://docs.stackit.cloud/stackit/en/service-accounts-134415819.html). Create it in the STACKIT Portal and assign it the necessary permissions, e.g. `project.owner`.
65
+
66
+
The Java SDK supports only Key flow for authentication.
67
+
68
+
When setting up authentication, the SDK will search for credentials in several locations, following a specific order:
69
+
70
+
1. Explicit configuration, e.g. by using the option `new CoreConfiguration().serviceAccountKeyPath("path/to/sa_key.json")`
71
+
2. Environment variable, e.g. by setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH`
72
+
3. Credentials file
73
+
74
+
The SDK will check the credentials file located in the path defined by the `STACKIT_CREDENTIALS_PATH` env var, if specified,
75
+
or in `$HOME/.stackit/credentials.json` as a fallback.
76
+
The credentials file should be a json and each credential should be set using the name of the respective environment variable, as stated below in each flow. Example:
"STACKIT_PRIVATE_KEY_PATH": "(OPTIONAL) when the private key isn't included in the Service Account key"
82
+
}
83
+
```
84
+
85
+
### Example
86
+
87
+
The following instructions assume that you have created a service account and assigned it the necessary permissions, e.g. `project.owner`.
88
+
89
+
To use the key flow, you need to have a service account key, which must have an RSA key-pair attached to it.
90
+
91
+
When creating the service account key, a new pair can be created automatically, which will be included in the service account key.
92
+
This will make it much easier to configure the key flow authentication in the SDK, by just providing the service account key.
93
+
94
+
> **Optionally**, you can provide your own private key when creating the service account key, which will then require you to also provide it explicitly to the SDK, additionally to the service account key.
95
+
> Check the STACKIT Knowledge Base for an [example of how to create your own key-pair](https://docs.stackit.cloud/stackit/en/usage-of-the-service-account-keys-in-stackit-175112464.html#UsageoftheserviceaccountkeysinSTACKIT-CreatinganRSAkey-pair).
96
+
97
+
To configure the key flow, follow this steps:
98
+
99
+
1. Create a service account key:
100
+
- Use the STACKIT Portal: go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/stackit/en/create-a-service-account-key-175112456.html).
101
+
2. Save the content of the service account key by copying it and saving it in a JSON file. The expected format of the service account key is **JSON** with the following structure:
ResourceManagerApi api = new ResourceManagerApi(config);
132
+
```
133
+
- setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH`
134
+
- setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` in the credentials file (see above)
135
+
136
+
> **Optionally, only if you have provided your own RSA key-pair when creating the service account key**, you also need to configure your private key (takes precedence over the one included in the service account key, if present). **The private key must be PEM encoded** and can be provided using one of the options below:
137
+
>
138
+
> - using the configuration options:
139
+
> ```java
140
+
> CoreConfiguration config =
141
+
> new CoreConfiguration()
142
+
> ...
143
+
> .privateKeyPath("/path/to/private_key.pem");
144
+
> ```
145
+
> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH`
146
+
> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
147
+
148
+
> **Alternatively, if you can't store the credentials in a file, e.g. when using it in a pipeline**, you can store the credentials in environment variables:
149
+
> - setting the environment variable `STACKIT_SERVICE_ACCOUNT_KEY` with the content of the service account key
150
+
> - (OPTIONAL) setting the environment variable `STACKIT_PRIVATE_KEY` with the content of the private key
151
+
152
+
153
+
4. The SDK will search for the keys and, if valid, will use them to get access and refresh tokens which will be used to authenticate all the requests.
154
+
155
+
Check the [authentication example](examples/authentication/src/main/java/cloud/stackit/sdk/authentication/examples/AuthenticationExample.java) for more details.
156
+
157
+
## Using custom endpoints
158
+
159
+
The example below shows how to use the STACKIT Java SDK in custom STACKIT enviroments.
If you encounter any issues or have suggestions for improvements, please open an issue in the repository or create a ticket in the [STACKIT Help Center](https://support.stackit.cloud/).
0 commit comments