Module io.helidon.integrations.vault.auths.token
Package io.helidon.integrations.vault.auths.token

Class CreateTokenRole.Request

java.lang.Object
io.helidon.integrations.common.rest.ApiJsonBuilder<CreateTokenRole.Request>
io.helidon.integrations.common.rest.ApiJsonRequest<CreateTokenRole.Request>
io.helidon.integrations.vault.VaultRequest<CreateTokenRole.Request>
io.helidon.integrations.vault.auths.token.CreateTokenRole.Request
All Implemented Interfaces:
ApiRequest<CreateTokenRole.Request>
Enclosing class:
CreateTokenRole
public static class CreateTokenRole.Request extends VaultRequest<CreateTokenRole.Request>
Request object. Can be configured with additional headers, query parameters etc.

  • Method Details

    • builder

      public static CreateTokenRole.Request builder()
      Fluent API builder for configuring a request. The request builder is passed as is, without a build method. The equivalent of a build method is ApiJsonBuilder.toJson(jakarta.json.JsonBuilderFactory) used by the RestApi.
      Returns:
      new request builder

    • roleName

      public CreateTokenRole.Request roleName(String roleName)
      The name of the token role.
      Parameters:
      roleName - role name
      Returns:
      updated request

    • addAllowedPolicy

      public CreateTokenRole.Request addAllowedPolicy(String policyName)
      If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. If at creation time tokenNoDefaultPolicy(boolean) is not set and "default" is not contained in addDisallowedPolicy(String), the "default" policy will be added to the created token automatically.
      Parameters:
      policyName - policy name
      Returns:
      updated request

    • addDisallowedPolicy

      public CreateTokenRole.Request addDisallowedPolicy(String policyName)
      If set, successful token creation via this role will require that no policies in the given list are requested. Adding "default" to this list will prevent "default" from being added automatically to created tokens.
      Parameters:
      policyName - policy name
      Returns:
      updated request

    • orphan

      public CreateTokenRole.Request orphan(boolean orphan)
      If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token. Defaults to false.
      Parameters:
      orphan - whether to create orphan tokens
      Returns:
      updated request

    • renewable

      public CreateTokenRole.Request renewable(boolean renewable)
      Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL. Defaults to true.
      Parameters:
      renewable - whether the tokens should be renewable
      Returns:
      updated request

    • pathSuffix

      public CreateTokenRole.Request pathSuffix(String pathSuffix)
      If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.
      Parameters:
      pathSuffix - path suffix
      Returns:
      updated request

    • addAllowedEntityAlias

      public CreateTokenRole.Request addAllowedEntityAlias(String alias)
      f set, specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.
      Parameters:
      alias - alias to add
      Returns:
      updated request

    • addTokenBoundCidr

      public CreateTokenRole.Request addTokenBoundCidr(String cidr)
      List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
      Parameters:
      cidr - CIDR to add
      Returns:
      updated request

    • tokenExplicitMaxTtl

      public CreateTokenRole.Request tokenExplicitMaxTtl(Duration duration)
      If set, will encode an explicit max TTL onto the token. This is a hard cap even if CreateToken.Request.ttl(java.time.Duration) and CreateToken.Request.explicitMaxTtl(java.time.Duration) would otherwise allow a renewal.
      Parameters:
      duration - max time to live
      Returns:
      updated request

    • tokenNoDefaultPolicy

      public CreateTokenRole.Request tokenNoDefaultPolicy(boolean noDefaultPolicy)
      If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in addAllowedPolicy(String).
      Parameters:
      noDefaultPolicy - whether to disable default policy
      Returns:
      updated request

    • tokenNumUses

      public CreateTokenRole.Request tokenNumUses(int uses)
      The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
      Parameters:
      uses - number of uses
      Returns:
      updated request

    • tokenPeriod

      public CreateTokenRole.Request tokenPeriod(int period)
      The period, if any, to set on the token.
      Parameters:
      period - period
      Returns:
      updated request

    • tokenType

      public CreateTokenRole.Request tokenType(String type)
      The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
      Parameters:
      type - type of token
      Returns:
      updated request
      See Also: