public class Auth
extends java.lang.Object
The implementing class for operations on Vault's /v1/auth/*
REST endpoints.
This class is not intended to be constructed directly. Rather, it is meant to used by way of Vault
in a DSL-style builder pattern. See the Javadoc comments of each public
method for usage examples.
Constructor and Description |
---|
Auth(VaultConfig config) |
Modifier and Type | Method and Description |
---|---|
AuthResponse |
createToken(java.util.UUID id,
java.util.List<java.lang.String> policies,
java.util.Map<java.lang.String,java.lang.String> meta,
java.lang.Boolean noParent,
java.lang.Boolean noDefaultPolicy,
java.lang.String ttl,
java.lang.String displayName,
java.lang.Long numUses)
Operation to create an authentication token.
|
AuthResponse |
loginByAppID(java.lang.String path,
java.lang.String appId,
java.lang.String userId)
Deprecated.
|
AuthResponse |
loginByAppRole(java.lang.String path,
java.lang.String roleId,
java.lang.String secretId)
Basic login operation to authenticate to an app-role backend.
|
AuthResponse |
loginByGithub(java.lang.String githubToken)
Basic login operation to authenticate to an github backend.
|
AuthResponse |
loginByUserPass(java.lang.String username,
java.lang.String password)
Basic login operation to authenticate to a Username & Password backend.
|
AuthResponse |
renewSelf()
Renews the lease associated with the calling token.
|
AuthResponse |
renewSelf(long increment)
Renews the lease associated with the calling token.
|
public Auth(VaultConfig config)
public AuthResponse createToken(java.util.UUID id, java.util.List<java.lang.String> policies, java.util.Map<java.lang.String,java.lang.String> meta, java.lang.Boolean noParent, java.lang.Boolean noDefaultPolicy, java.lang.String ttl, java.lang.String displayName, java.lang.Long numUses) throws VaultException
Operation to create an authentication token. Relies on another token already being present in
the VaultConfig
instance. Example usage:
final VaultConfig config = new VaultConfig(address, rootToken); final Vault vault = new Vault(config); final AuthResponse response = vault.auth().createToken(null, null, null, null, null, "1h", null, null); final String token = response.getAuthClientToken();
All parameters to this method are optional, and can be null
.
id
- (optional) The ID of the client token. Can only be specified by a root token. Otherwise, the token ID is a randomly generated UUID.policies
- (optional) A list of policies for the token. This must be a subset of the policies belonging to the token making the request, unless root. If not specified, defaults to all the policies of the calling token.meta
- (optional) A map of string to string valued metadata. This is passed through to the audit backends.noParent
- (optional) If true and set by a root caller, the token will not have the parent token of the caller. This creates a token with no parent.noDefaultPolicy
- (optional) If true
the default policy will not be a part of this token's policy set.ttl
- (optional) The TTL period of the token, provided as "1h", where hour is the largest suffix. If not provided, the token is valid for the default lease TTL, or indefinitely if the root policy is used.displayName
- (optional) The display name of the token. Defaults to "token".numUses
- (optional) The maximum uses for the given token. This can be used to create a one-time-token or limited use token. Defaults to 0, which has no limit to the number of uses.VaultException
- If any error occurs, or unexpected response received from Vault@Deprecated public AuthResponse loginByAppID(java.lang.String path, java.lang.String appId, java.lang.String userId) throws VaultException
Basic login operation to authenticate to an app-id backend. Example usage:
NOTE: As of Vault 0.6.1, Hashicorp has deprecated the App ID authentication backend in favor of AppRole.final AuthResponse response = vault.auth().loginByAppID("app-id/login", "app_id", "user_id"); final String token = response.getAuthClientToken();
path
- The path on which the authentication is performed (e.g. auth/app-id/login
)appId
- The app-id used for authenticationuserId
- The user-id used for authenticationVaultException
- If any error occurs, or unexpected response received from Vaultpublic AuthResponse loginByAppRole(java.lang.String path, java.lang.String roleId, java.lang.String secretId) throws VaultException
Basic login operation to authenticate to an app-role backend. Example usage:
final AuthResponse response = vault.auth().loginByAppRole("approle", "9e1aede8-dcc6-a293-8223-f0d824a467ed", "9ff4b26e-6460-834c-b925-a940eddb6880"); final String token = response.getAuthClientToken();
path
- The path on which the authentication is performed (e.g. auth/approle/login
)roleId
- The role-id used for authenticationsecretId
- The secret-id used for authenticationVaultException
- If any error occurs, or unexpected response received from Vaultpublic AuthResponse loginByUserPass(java.lang.String username, java.lang.String password) throws VaultException
Basic login operation to authenticate to a Username & Password backend. Example usage:
final AuthResponse response = vault.auth().loginByUserPass("test", "password"); final String token = response.getAuthClientToken();
username
- The username used for authenticationpassword
- The password used for authenticationVaultException
- If any error occurs, or unexpected response received from Vaultpublic AuthResponse loginByGithub(java.lang.String githubToken) throws VaultException
Basic login operation to authenticate to an github backend. Example usage:
final AuthResponse response = vault.auth().loginByGithub("githubToken"); final String token = response.getAuthClientToken();
githubToken
- The app-id used for authenticationVaultException
- If any error occurs, or unexpected response received from Vaultpublic AuthResponse renewSelf() throws VaultException
Renews the lease associated with the calling token. This version of the method tells Vault to use the default lifespan for the new lease.
VaultException
- If any error occurs, or unexpected response received from Vaultpublic AuthResponse renewSelf(long increment) throws VaultException
Renews the lease associated with the calling token. This version of the method accepts a parameter to explicitly declare how long the new lease period should be (in seconds). The Vault documentation suggests that this value may be ignored, however.
increment
- The number of seconds requested for the new lease lifespanVaultException
- If any error occurs, or unexpected response received from Vault