Class CreateTokenRole.Request
java.lang.Object
io.helidon.integrations.common.rest.ApiJsonBuilder<T>
io.helidon.integrations.common.rest.ApiJsonRequest<T>
io.helidon.integrations.vault.VaultRequest<CreateTokenRole.Request>
io.helidon.integrations.vault.auths.token.CreateTokenRole.Request
- All Implemented Interfaces:
ApiRequest<CreateTokenRole.Request>
- Enclosing class:
- CreateTokenRole
Request object. Can be configured with additional headers, query parameters etc.
-
Method Summary
Modifier and TypeMethodDescriptionaddAllowedEntityAlias
(String alias) f set, specifies the entity aliases which are allowed to be used during token generation.addAllowedPolicy
(String policyName) If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies.addDisallowedPolicy
(String policyName) If set, successful token creation via this role will require that no policies in the given list are requested.addTokenBoundCidr
(String cidr) List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.static CreateTokenRole.Request
builder()
Fluent API builder for configuring a request.orphan
(boolean orphan) If true, tokens created against this policy will be orphan tokens (they will have no parent).pathSuffix
(String pathSuffix) If set, tokens created against this role will have the given suffix as part of their path in addition to the role name.renewable
(boolean renewable) Set to false to disable the ability of the token to be renewed past its initial TTL.The name of the token role.tokenExplicitMaxTtl
(Duration duration) If set, will encode an explicit max TTL onto the token.tokenNoDefaultPolicy
(boolean noDefaultPolicy) If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set inaddAllowedPolicy(String)
.tokenNumUses
(int uses) The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.tokenPeriod
(int period) The period, if any, to set on the token.The type of token that should be generated.Methods inherited from class io.helidon.integrations.vault.VaultRequest
add, addCommaDelimitedArray, addToCommaDelimitedArray, durationToTtl, preBuild
Methods inherited from class io.helidon.integrations.common.rest.ApiJsonRequest
addHeader, addQueryParam, headers, queryParams, requestId, requestId, requestMediaType, requestMediaType, responseMediaType, responseMediaType
Methods inherited from class io.helidon.integrations.common.rest.ApiJsonBuilder
add, add, add, add, add, add, addBase64, addToArray, addToArray, addToArray, addToArray, addToArray, addToArray, addToObject, addToObject, addToObject, addToObject, addToObject, emptyArray, me, postBuild, toJson
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.helidon.integrations.common.rest.ApiRequest
toJson
-
Method Details
-
builder
Fluent API builder for configuring a request. The request builder is passed as is, without a build method. The equivalent of a build method isApiJsonBuilder.toJson(jakarta.json.JsonBuilderFactory)
used by theRestApi
.- Returns:
- new request builder
-
roleName
The name of the token role.- Parameters:
roleName
- role name- Returns:
- updated request
-
addAllowedPolicy
If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. If at creation timetokenNoDefaultPolicy(boolean)
is not set and "default" is not contained inaddDisallowedPolicy(String)
, the "default" policy will be added to the created token automatically.- Parameters:
policyName
- policy name- Returns:
- updated request
-
addDisallowedPolicy
If set, successful token creation via this role will require that no policies in the given list are requested. Adding "default" to this list will prevent "default" from being added automatically to created tokens.- Parameters:
policyName
- policy name- Returns:
- updated request
-
orphan
If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token. Defaults tofalse
.- Parameters:
orphan
- whether to create orphan tokens- Returns:
- updated request
-
renewable
Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL. Defaults totrue
.- Parameters:
renewable
- whether the tokens should be renewable- Returns:
- updated request
-
pathSuffix
If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.- Parameters:
pathSuffix
- path suffix- Returns:
- updated request
-
addAllowedEntityAlias
f set, specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.- Parameters:
alias
- alias to add- Returns:
- updated request
-
addTokenBoundCidr
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.- Parameters:
cidr
- CIDR to add- Returns:
- updated request
-
tokenExplicitMaxTtl
If set, will encode an explicit max TTL onto the token. This is a hard cap even ifCreateToken.Request.ttl(java.time.Duration)
andCreateToken.Request.explicitMaxTtl(java.time.Duration)
would otherwise allow a renewal.- Parameters:
duration
- max time to live- Returns:
- updated request
-
tokenNoDefaultPolicy
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set inaddAllowedPolicy(String)
.- Parameters:
noDefaultPolicy
- whether to disabledefault
policy- Returns:
- updated request
-
tokenNumUses
The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.- Parameters:
uses
- number of uses- Returns:
- updated request
-
tokenPeriod
The period, if any, to set on the token.- Parameters:
period
- period- Returns:
- updated request
-
tokenType
The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.- Parameters:
type
- type of token- Returns:
- updated request
- See Also:
-