java.lang.Object
io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth.UamiJwtRetriever
All Implemented Interfaces:
Closeable, AutoCloseable, org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable, org.apache.kafka.common.security.oauthbearer.JwtRetriever

public class UamiJwtRetriever extends Object implements org.apache.kafka.common.security.oauthbearer.JwtRetriever
UamiJwtRetriever is a JwtRetriever that retrieves a JWT access token from the Azure Instance Metadata Service (IMDS) using a User Assigned Managed Identity (UAMI).

It issues a GET request to the configured IMDS endpoint with a user-supplied query string appended, and retries on transient failures using exponential backoff.

The default endpoint is the standard Azure IMDS address (DEFAULT_IMDS_ENDPOINT), but can be overridden for Azure Arc or testing environments.

  • Field Details

  • Constructor Details

    • UamiJwtRetriever

      public UamiJwtRetriever(String query, String endpointUrl, long retryBackoffMs, long retryBackoffMaxMs, Integer connectTimeoutMs, Integer readTimeoutMs)
  • Method Details

    • retrieve

      public String retrieve() throws org.apache.kafka.common.security.oauthbearer.JwtRetrieverException
      Issues a GET request to the IMDS endpoint and returns the raw JWT access token string. Retries on transient (non-4xx) HTTP errors using exponential backoff.
      Specified by:
      retrieve in interface org.apache.kafka.common.security.oauthbearer.JwtRetriever
      Returns:
      Non-null JWT access token string
      Throws:
      org.apache.kafka.common.security.oauthbearer.JwtRetrieverException - on IO errors or a non-retryable HTTP response