Module io.helidon.integrations.vault.auths.k8s
Package io.helidon.integrations.vault.auths.k8s

Class CreateRole.Request

    • Method Detail

      • addBoundServiceAccountName

        public CreateRole.Request addBoundServiceAccountName​(String serviceAccountName)
        Add a service account name able to access this role. If set to "*" all names are allowed, both this and addBoundServiceAccountNamespace(String) can not be "*".
        Parameters:
        serviceAccountName - service account name
        Returns:
        updated request

      • addBoundServiceAccountNamespace

        public CreateRole.Request addBoundServiceAccountNamespace​(String serviceAccountNamespace)
        Add a namespace allowed to access this role. If set to "*" all namespaces are allowed, both this and addBoundServiceAccountName(String) can not be set to "*".
        Parameters:
        serviceAccountNamespace - service account namespace
        Returns:
        updated request

      • audience

        public CreateRole.Request audience​(String audience)
        Optional Audience claim to verify in the JWT.
        Parameters:
        audience - audience
        Returns:
        updated request

      • tokenTtl

        public CreateRole.Request tokenTtl​(int ttl)
        The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
        Parameters:
        ttl - time to live
        Returns:
        updated request

      • tokenMaxTtl

        public CreateRole.Request tokenMaxTtl​(int ttl)
        The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
        Parameters:
        ttl - time to live
        Returns:
        updated request

      • addTokenPolicy

        public CreateRole.Request addTokenPolicy​(String policy)
        Add a policy to encode on the generated token.
        Parameters:
        policy - policy to add
        Returns:
        updated request

      • addTokenBoundCidr

        public CreateRole.Request addTokenBoundCidr​(String cidr)
        Add CIDR block. f set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
        Parameters:
        cidr - CIDR to add
        Returns:
        updated request

      • tokenExplicitMaxTtl

        public CreateRole.Request tokenExplicitMaxTtl​(int ttl)
        If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
        Parameters:
        ttl - time to live
        Returns:
        updated request

      • tokenNoDefaultPolicy

        public CreateRole.Request tokenNoDefaultPolicy​(boolean noDefaultPolicy)
        If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
        Parameters:
        noDefaultPolicy - whether to disable default policy for this role
        Returns:
        updated request

      • tokenNumUses

        public CreateRole.Request tokenNumUses​(int numUses)
        The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
        Parameters:
        numUses - number of uses
        Returns:
        updated request

      • tokenPeriod

        public CreateRole.Request tokenPeriod​(int period)
        The period, if any, to set on the token.
        Parameters:
        period - period
        Returns:
        updated request

      • tokenType

        public CreateRole.Request tokenType​(String type)
        The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
        Parameters:
        type - type
        Returns:
        updated request
        See Also:
        K8sAuthRx.TYPE_SERVICE, K8sAuthRx.TYPE_BATCH, K8sAuthRx.TYPE_DEFAULT

      • roleName

        public CreateRole.Request roleName​(String roleName)
        Name of the role to create.
        Parameters:
        roleName - role name
        Returns:
        updated request

      • roleName

        public String roleName()
        Name of the configured role.
        Returns:
        role name