Class: Vault::AuthToken

Inherits:
Request show all
Defined in:
lib/vault/api/auth_token.rb

Instance Attribute Summary

Attributes inherited from Request

#client

Instance Method Summary collapse

Methods inherited from Request

#initialize, #inspect, #to_s

Methods included from EncodePath

encode_path

Constructor Details

This class inherits a constructor from Vault::Request

Instance Method Details

#accessors(options = {}) ⇒ Array<Secret>

Lists all token accessors.

Examples:

Listing token accessors

result = Vault.auth_token.accessors #=> #<Vault::Secret>
result.data[:keys] #=> ["476ea048-ded5-4d07-eeea-938c6b4e43ec", "bb00c093-b7d3-b0e9-69cc-c4d85081165b"]

Returns:



25
26
27
28
29
 
# File 'lib/vault/api/auth_token.rb', line 25

def accessors(options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/auth/token/accessors", options, headers)
  return Secret.decode(json)
end

#create(options = {}) ⇒ Secret

Create an authentication token. Note that the parameters specified below are not validated and passed directly to the Vault server. Depending on the version of Vault in operation, some of these options may not work, and newer options may be available that are not listed here.

Examples:

Creating a token

Vault.auth_token.create #=> #<Vault::Secret lease_id="">

Creating a token assigned to policies with a wrap TTL

Vault.auth_token.create(
  policies: ["myapp"],
  wrap_ttl: 500,
)

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :id (String)

    The ID of the client token - this can only be specified for root tokens

  • :policies (Array<String>)

    List of policies to apply to the token

  • :wrap_ttl (Fixnum, String)

    The number of seconds or a golang-formatted timestamp like “5s” or “10m” for the TTL on the wrapped response

  • :meta (Hash<String, String>)

    A map of metadata that is passed to audit backends

  • :no_parent (Boolean)

    Create a token without a parent - see also #create_orphan

  • :no_default_policy (Boolean)

    Create a token without the default policy attached

  • :renewable (Boolean)

    Set whether this token is renewable or not

  • :display_name (String)

    Name of the token

  • :num_uses (Fixnum)

    Maximum number of uses for the token

Returns:



67
68
69
70
71
 
# File 'lib/vault/api/auth_token.rb', line 67

def create(options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end

#create_orphan(options = {}) ⇒ Secret

Create an orphaned authentication token.

Examples:

Vault.auth_token.create_orphan #=> #<Vault::Secret lease_id="">

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :id (String)

    The ID of the client token - this can only be specified for root tokens

  • :policies (Array<String>)

    List of policies to apply to the token

  • :wrap_ttl (Fixnum, String)

    The number of seconds or a golang-formatted timestamp like “5s” or “10m” for the TTL on the wrapped response

  • :meta (Hash<String, String>)

    A map of metadata that is passed to audit backends

  • :no_parent (Boolean)

    Create a token without a parent - see also #create_orphan

  • :no_default_policy (Boolean)

    Create a token without the default policy attached

  • :renewable (Boolean)

    Set whether this token is renewable or not

  • :display_name (String)

    Name of the token

  • :num_uses (Fixnum)

    Maximum number of uses for the token

Returns:



82
83
84
85
86
 
# File 'lib/vault/api/auth_token.rb', line 82

def create_orphan(options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create-orphan", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end

#create_with_role(name, options = {}) ⇒ Secret

Create an orphaned authentication token.

Examples:

Vault.auth_token.create_with_role("developer") #=> #<Vault::Secret lease_id="">

Parameters:

  • options (Hash) (defaults to: {})

Returns:



96
97
98
99
100
 
# File 'lib/vault/api/auth_token.rb', line 96

def create_with_role(name, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create/#{encode_path(name)}", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end

#lookup(token) ⇒ Secret

Lookup information about the current token.

Examples:

Vault.auth_token.lookup_self("abcd-...") #=> #<Vault::Secret lease_id="">

Parameters:

  • token (String)

Returns:



110
111
112
113
 
# File 'lib/vault/api/auth_token.rb', line 110

def lookup(token)
  json = client.get("/v1/auth/token/lookup/#{encode_path(token)}")
  return Secret.decode(json)
end

#lookup_accessor(accessor) ⇒ Object

Lookup information about the given token accessor.

Examples:

Vault.auth_token.lookup_accessor("acbd-...") #=> #<Vault::Secret lease_id="">



119
120
121
122
123
124
 
# File 'lib/vault/api/auth_token.rb', line 119

def lookup_accessor(accessor)
  json = client.post("/v1/auth/token/lookup-accessor", JSON.fast_generate(
    accessor: accessor,
  ))
  return Secret.decode(json)
end

#lookup_selfSecret

Lookup information about the given token.

Examples:

Vault.auth_token.lookup_self #=> #<Vault::Secret lease_id="">

Returns:



132
133
134
135
 
# File 'lib/vault/api/auth_token.rb', line 132

def lookup_self
  json = client.get("/v1/auth/token/lookup-self")
  return Secret.decode(json)
end

#renew(id, increment = 0) ⇒ Secret

Renew the given authentication token.

Examples:

Vault.auth_token.renew("abcd-1234") #=> #<Vault::Secret lease_id="">

Parameters:

  • id (String)

    the auth id

  • increment (Fixnum) (defaults to: 0)

Returns:



147
148
149
150
151
152
 
# File 'lib/vault/api/auth_token.rb', line 147

def renew(id, increment = 0)
  json = client.put("/v1/auth/token/renew/#{id}", JSON.fast_generate(
    increment: increment,
  ))
  return Secret.decode(json)
end

#renew_self(increment = 0) ⇒ Secret

Renews a lease associated with the callign token.

Examples:

Vault.auth_token.renew_self #=> #<Vault::Secret lease_id="">

Parameters:

  • increment (Fixnum) (defaults to: 0)

Returns:



162
163
164
165
166
167
 
# File 'lib/vault/api/auth_token.rb', line 162

def renew_self(increment = 0)
  json = client.put("/v1/auth/token/renew-self", JSON.fast_generate(
    increment: increment,
  ))
  return Secret.decode(json)
end

#revoke_orphan(id) ⇒ true

Revoke exactly the orphans at the id.

Examples:

Vault.auth_token.revoke_orphan("abcd-1234") #=> true

Parameters:

  • id (String)

    the auth id

Returns:

  • (true) 


188
189
190
191
 
# File 'lib/vault/api/auth_token.rb', line 188

def revoke_orphan(id)
  client.put("/v1/auth/token/revoke-orphan/#{id}", nil)
  return true
end

#revoke_prefix(prefix) ⇒ true

Revoke all auth at the given prefix.

Examples:

Vault.auth_token.revoke_prefix("abcd-1234") #=> true

Parameters:

  • prefix (String)

    the prefix to revoke

Returns:

  • (true) 


202
203
204
205
 
# File 'lib/vault/api/auth_token.rb', line 202

def revoke_prefix(prefix)
  client.put("/v1/auth/token/revoke-prefix/#{prefix}", nil)
  return true
end

#revoke_selfObject

Revokes the token used to call it.

Examples:

Vault.auth_token.revoke_self #=> 204

Returns:

  • response code.



175
176
177
 
# File 'lib/vault/api/auth_token.rb', line 175

def revoke_self
  client.post("/v1/auth/token/revoke-self")
end

#revoke_tree(id) ⇒ true

Revoke all auths in the tree.

Examples:

Vault.auth_token.revoke_tree("abcd-1234") #=> true

Parameters:

  • id (String)

    the auth id

Returns:

  • (true) 


216
217
218
219
 
# File 'lib/vault/api/auth_token.rb', line 216

def revoke_tree(id)
  client.put("/v1/auth/token/revoke/#{id}", nil)
  return true
end