com.bettercloud.vault.api

Class Auth

java.lang.Object

com.bettercloud.vault.api.Auth

public class Auth
extends java.lang.Object

The implementing class for operations on Vault's /v1/auth/* REST endpoints.

This class is not intended to be constructed directly. Rather, it is meant to used by way of Vault in a DSL-style builder pattern. See the Javadoc comments of each public method for usage examples.

Constructor Summary

Constructors

Constructor and Description
Auth(VaultConfig config)

Method Summary

Modifier and Type	Method and Description
AuthResponse	createToken(java.util.UUID id, java.util.List<java.lang.String> policies, java.util.Map<java.lang.String,java.lang.String> meta, java.lang.Boolean noParent, java.lang.Boolean noDefaultPolicy, java.lang.String ttl, java.lang.String displayName, java.lang.Long numUses) Operation to create an authentication token.
AuthResponse	loginByAppID(java.lang.String path, java.lang.String appId, java.lang.String userId) Deprecated.
AuthResponse	loginByAppRole(java.lang.String path, java.lang.String roleId, java.lang.String secretId) Basic login operation to authenticate to an app-role backend.
AuthResponse	loginByGithub(java.lang.String githubToken) Basic login operation to authenticate to an github backend.
AuthResponse	loginByUserPass(java.lang.String username, java.lang.String password) Basic login operation to authenticate to a Username & Password backend.
AuthResponse	renewSelf() Renews the lease associated with the calling token.
AuthResponse	renewSelf(long increment) Renews the lease associated with the calling token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Auth

public Auth(VaultConfig config)

Method Detail

createToken

public AuthResponse createToken(java.util.UUID id,
                                java.util.List<java.lang.String> policies,
                                java.util.Map<java.lang.String,java.lang.String> meta,
                                java.lang.Boolean noParent,
                                java.lang.Boolean noDefaultPolicy,
                                java.lang.String ttl,
                                java.lang.String displayName,
                                java.lang.Long numUses)
                         throws VaultException

Operation to create an authentication token. Relies on another token already being present in the VaultConfig instance. Example usage:

 final VaultConfig config = new VaultConfig(address, rootToken);
 final Vault vault = new Vault(config);
 final AuthResponse response = vault.auth().createToken(null, null, null, null, null, "1h", null, null);

 final String token = response.getAuthClientToken();
 

All parameters to this method are optional, and can be null.

Parameters:

id - (optional) The ID of the client token. Can only be specified by a root token. Otherwise, the token ID is a randomly generated UUID.

policies - (optional) A list of policies for the token. This must be a subset of the policies belonging to the token making the request, unless root. If not specified, defaults to all the policies of the calling token.

meta - (optional) A map of string to string valued metadata. This is passed through to the audit backends.

noParent - (optional) If true and set by a root caller, the token will not have the parent token of the caller. This creates a token with no parent.

noDefaultPolicy - (optional) If true the default policy will not be a part of this token's policy set.

ttl - (optional) The TTL period of the token, provided as "1h", where hour is the largest suffix. If not provided, the token is valid for the default lease TTL, or indefinitely if the root policy is used.

displayName - (optional) The display name of the token. Defaults to "token".

numUses - (optional) The maximum uses for the given token. This can be used to create a one-time-token or limited use token. Defaults to 0, which has no limit to the number of uses.

Returns:

The auth token

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByAppID

@Deprecated
public AuthResponse loginByAppID(java.lang.String path,
                                              java.lang.String appId,
                                              java.lang.String userId)
                                       throws VaultException

Deprecated.

Basic login operation to authenticate to an app-id backend. Example usage:

 final AuthResponse response = vault.auth().loginByAppID("app-id/login", "app_id", "user_id");

 final String token = response.getAuthClientToken();
 

NOTE: As of Vault 0.6.1, Hashicorp has deprecated the App ID authentication backend in favor of AppRole.

Parameters:

path - The path on which the authentication is performed (e.g. auth/app-id/login)

appId - The app-id used for authentication

userId - The user-id used for authentication

Returns:

The auth token

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByAppRole

public AuthResponse loginByAppRole(java.lang.String path,
                                   java.lang.String roleId,
                                   java.lang.String secretId)
                            throws VaultException

Basic login operation to authenticate to an app-role backend. Example usage:

 final AuthResponse response = vault.auth().loginByAppRole("approle", "9e1aede8-dcc6-a293-8223-f0d824a467ed", "9ff4b26e-6460-834c-b925-a940eddb6880");

 final String token = response.getAuthClientToken();
 

Parameters:

path - The path on which the authentication is performed (e.g. auth/approle/login)

roleId - The role-id used for authentication

secretId - The secret-id used for authentication

Returns:

The auth token

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByUserPass

public AuthResponse loginByUserPass(java.lang.String username,
                                    java.lang.String password)
                             throws VaultException

Basic login operation to authenticate to a Username & Password backend. Example usage:

 final AuthResponse response = vault.auth().loginByUserPass("test", "password");

 final String token = response.getAuthClientToken();
 

Parameters:

username - The username used for authentication

password - The password used for authentication

Returns:

The auth token

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

loginByGithub

public AuthResponse loginByGithub(java.lang.String githubToken)
                           throws VaultException

Basic login operation to authenticate to an github backend. Example usage:

 final AuthResponse response = vault.auth().loginByGithub("githubToken");

 final String token = response.getAuthClientToken();
 

Parameters:

githubToken - The app-id used for authentication

Returns:

The auth token

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

renewSelf

public AuthResponse renewSelf()
                       throws VaultException

Renews the lease associated with the calling token. This version of the method tells Vault to use the default lifespan for the new lease.

Returns:

The response information returned from Vault

Throws:

VaultException - If any error occurs, or unexpected response received from Vault

renewSelf

public AuthResponse renewSelf(long increment)
                       throws VaultException

Renews the lease associated with the calling token. This version of the method accepts a parameter to explicitly declare how long the new lease period should be (in seconds). The Vault documentation suggests that this value may be ignored, however.

Parameters:

increment - The number of seconds requested for the new lease lifespan

Returns:

The response information returned from Vault

Throws:

VaultException - If any error occurs, or unexpected response received from Vault