Module io.helidon.integrations.vault.auths.k8s
Package io.helidon.integrations.vault.auths.k8s

Interface K8sAuthRx

    • Method Detail

      • createRole

        Single<CreateRole.Response> createRole​(CreateRole.Request request)
        Registers a role in the auth method. Role types have specific entities that can perform login operations against this endpoint. Constraints specific to the role type must be set on the role. These are applied to the authenticated entities attempting to login.
        Parameters:
        request - create role request
        Returns:
        when the role is created

      • login

        Single<Login.Response> login​(Login.Request request)
        Fetch a token. This endpoint takes a signed JSON Web Token (JWT) and a role name for some entity. It verifies the JWT signature to authenticate that entity and then authorizes the entity for the given role.
        Parameters:
        request - login request
        Returns:
        login response

      • configure

        Single<ConfigureK8s.Response> configure​(ConfigureK8s.Request request)
        Configure this authentication method.

        The Kubernetes auth method validates service account JWTs and verifies their existence with the Kubernetes TokenReview API. This endpoint configures the public key used to validate the JWT signature and the necessary information to access the Kubernetes API.

        Caveats

        If Vault is running in a Kubernetes Pod, the kubernetes_ca_cert and token_reviewer_jwt parameters will automatically default to the local CA cert (/var/run/secrets/kubernetes.io/serviceaccount/ca.crt) and local service account JWT (/var/run/secrets/kubernetes.io/serviceaccount/token). This behavior may be disabled by setting disable_local_ca_jwt to true. When Vault is running in a non-Kubernetes environment, either kubernetes_ca_cert or pem_keys must be set by the user.

        Parameters:
        request - request to configure
        Returns:
        when configured