Module io.helidon.integrations.vault.auths.token
Package io.helidon.integrations.vault.auths.token

Class CreateTokenRole.Request

    • Method Detail

      • roleName

        public CreateTokenRole.Request roleName​(String roleName)
        The name of the token role.
        Parameters:
        roleName - role name
        Returns:
        updated request

      • addAllowedPolicy

        public CreateTokenRole.Request addAllowedPolicy​(String policyName)
        If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. If at creation time tokenNoDefaultPolicy(boolean) is not set and "default" is not contained in addDisallowedPolicy(String), the "default" policy will be added to the created token automatically.
        Parameters:
        policyName - policy name
        Returns:
        updated request

      • addDisallowedPolicy

        public CreateTokenRole.Request addDisallowedPolicy​(String policyName)
        If set, successful token creation via this role will require that no policies in the given list are requested. Adding "default" to this list will prevent "default" from being added automatically to created tokens.
        Parameters:
        policyName - policy name
        Returns:
        updated request

      • orphan

        public CreateTokenRole.Request orphan​(boolean orphan)
        If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token. Defaults to false.
        Parameters:
        orphan - whether to create orphan tokens
        Returns:
        updated request

      • renewable

        public CreateTokenRole.Request renewable​(boolean renewable)
        Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL. Defaults to true.
        Parameters:
        renewable - whether the tokens should be renewable
        Returns:
        updated request

      • pathSuffix

        public CreateTokenRole.Request pathSuffix​(String pathSuffix)
        If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.
        Parameters:
        pathSuffix - path suffix
        Returns:
        updated request

      • addAllowedEntityAlias

        public CreateTokenRole.Request addAllowedEntityAlias​(String alias)
        f set, specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.
        Parameters:
        alias - alias to add
        Returns:
        updated request

      • addTokenBoundCidr

        public CreateTokenRole.Request addTokenBoundCidr​(String cidr)
        List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
        Parameters:
        cidr - CIDR to add
        Returns:
        updated request

      • tokenNoDefaultPolicy

        public CreateTokenRole.Request tokenNoDefaultPolicy​(boolean noDefaultPolicy)
        If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in addAllowedPolicy(String).
        Parameters:
        noDefaultPolicy - whether to disable default policy
        Returns:
        updated request

      • tokenNumUses

        public CreateTokenRole.Request tokenNumUses​(int uses)
        The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
        Parameters:
        uses - number of uses
        Returns:
        updated request

      • tokenPeriod

        public CreateTokenRole.Request tokenPeriod​(int period)
        The period, if any, to set on the token.
        Parameters:
        period - period
        Returns:
        updated request

      • tokenType

        public CreateTokenRole.Request tokenType​(String type)
        The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
        Parameters:
        type - type of token
        Returns:
        updated request
        See Also:
        TokenAuthRx.TYPE_SERVICE, TokenAuthRx.TYPE_BATCH, TokenAuthRx.TYPE_DEFAULT