Class: Vault::AuthToken

Inherits:

Request

• Object
• Request
• Vault::AuthToken

Defined in:

lib/vault/api/auth_token.rb

Instance Attribute Summary

Attributes inherited from Request

#client

Instance Method Summary

• #accessors(options = {}) ⇒ Array<Secret>

  Lists all token accessors.

• #create(options = {}) ⇒ Secret

  Create an authentication token.

• #create_orphan(options = {}) ⇒ Secret

  Create an orphaned authentication token.

• #create_with_role(name, options = {}) ⇒ Secret

  Create an orphaned authentication token.

• #lookup(token, options = {}) ⇒ Secret

  Lookup information about the current token.

• #lookup_accessor(accessor, options = {}) ⇒ Object

  Lookup information about the given token accessor.

• #lookup_self ⇒ Secret

  Lookup information about the given token.

• #renew(token, increment = 0, options = {}) ⇒ Secret

  Renew the given authentication token.

• #renew_self(increment = 0, options = {}) ⇒ Secret

  Renews a lease associated with the calling token.

• #revoke(token, options = {}) ⇒ true (also: #revoke_tree)

  Revoke the token and all its children.

• #revoke_accessor(accessor, options = {}) ⇒ true

  Revoke exactly the orphans at the id.

• #revoke_orphan(token, options = {}) ⇒ true

  Revoke exactly the orphans at the id.

• #revoke_self ⇒ Object

  Revokes the token used to call it.

Methods inherited from Request

#initialize, #inspect, #to_s

Methods included from EncodePath

encode_path

Constructor Details

This class inherits a constructor from Vault::Request

Instance Method Details

#accessors(options = {}) ⇒ Array<Secret>

Lists all token accessors.

Examples:

Listing token accessors

result = Vault.auth_token.accessors #=> #<Vault::Secret>
result.data[:keys] #=> ["476ea048-ded5-4d07-eeea-938c6b4e43ec", "bb00c093-b7d3-b0e9-69cc-c4d85081165b"]

Returns:

• (Array<Secret>)

# File 'lib/vault/api/auth_token.rb', line 28

def accessors(options = {})
  headers = extract_headers!(options)
  json = client.list("/v1/auth/token/accessors", options, headers)
  return Secret.decode(json)
end

#create(options = {}) ⇒ Secret

Create an authentication token. Note that the parameters specified below are not validated and passed directly to the Vault server. Depending on the version of Vault in operation, some of these options may not work, and newer options may be available that are not listed here.

Examples:

Creating a token

Vault.auth_token.create #=> #<Vault::Secret lease_id="">

Creating a token assigned to policies with a wrap TTL

Vault.auth_token.create(
  policies: ["myapp"],
  wrap_ttl: 500,
)

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :id (String) —

  The ID of the client token - this can only be specified for root tokens

• :policies (Array<String>) —

  List of policies to apply to the token

• :wrap_ttl (Fixnum, String) —

  The number of seconds or a golang-formatted timestamp like “5s” or “10m” for the TTL on the wrapped response

• :meta (Hash<String, String>) —

  A map of metadata that is passed to audit backends

• :no_parent (Boolean) —

  Create a token without a parent - see also #create_orphan

• :no_default_policy (Boolean) —

  Create a token without the default policy attached

• :renewable (Boolean) —

  Set whether this token is renewable or not

• :display_name (String) —

  Name of the token

• :num_uses (Fixnum) —

  Maximum number of uses for the token

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 70

def create(options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end

#create_orphan(options = {}) ⇒ Secret

Create an orphaned authentication token.

Examples:

Vault.auth_token.create_orphan #=> #<Vault::Secret lease_id="">

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :id (String) —

  The ID of the client token - this can only be specified for root tokens

• :policies (Array<String>) —

  List of policies to apply to the token

• :wrap_ttl (Fixnum, String) —

  The number of seconds or a golang-formatted timestamp like “5s” or “10m” for the TTL on the wrapped response

• :meta (Hash<String, String>) —

  A map of metadata that is passed to audit backends

• :no_parent (Boolean) —

  Create a token without a parent - see also #create_orphan

• :no_default_policy (Boolean) —

  Create a token without the default policy attached

• :renewable (Boolean) —

  Set whether this token is renewable or not

• :display_name (String) —

  Name of the token

• :num_uses (Fixnum) —

  Maximum number of uses for the token

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 85

def create_orphan(options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create-orphan", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end

#create_with_role(name, options = {}) ⇒ Secret

Create an orphaned authentication token.

Examples:

Vault.auth_token.create_with_role("developer") #=> #<Vault::Secret lease_id="">

Parameters:

• options (Hash) (defaults to: {})

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 99

def create_with_role(name, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/create/#{encode_path(name)}", JSON.fast_generate(options), headers)
  return Secret.decode(json)
end

#lookup(token, options = {}) ⇒ Secret

Lookup information about the current token.

Examples:

Vault.auth_token.lookup("abcd-...") #=> #<Vault::Secret lease_id="">

Parameters:

• token (String)
• options (Hash) (defaults to: {})

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 114

def lookup(token, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/lookup", JSON.fast_generate(
    token: token,
  ), headers)
  return Secret.decode(json)
end

#lookup_accessor(accessor, options = {}) ⇒ Object

Lookup information about the given token accessor.

Examples:

Vault.auth_token.lookup_accessor("acbd-...") #=> #<Vault::Secret lease_id="">

Parameters:

• accessor (String)
• options (Hash) (defaults to: {})

# File 'lib/vault/api/auth_token.rb', line 129

def lookup_accessor(accessor, options = {})
  headers = extract_headers!(options)
  json = client.post("/v1/auth/token/lookup-accessor", JSON.fast_generate(
    accessor: accessor,
  ), headers)
  return Secret.decode(json)
end

#lookup_self ⇒ Secret

Lookup information about the given token.

Examples:

Vault.auth_token.lookup_self #=> #<Vault::Secret lease_id="">

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 143

def lookup_self
  json = client.get("/v1/auth/token/lookup-self")
  return Secret.decode(json)
end

#renew(token, increment = 0, options = {}) ⇒ Secret

Renew the given authentication token.

Examples:

Vault.auth_token.renew("abcd-1234") #=> #<Vault::Secret lease_id="">

Parameters:

• token (String) —

  the auth token

• increment (Fixnum) (defaults to: 0)

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 158

def renew(token, increment = 0, options = {})
  headers = extract_headers!(options)
  json = client.put("/v1/auth/token/renew", JSON.fast_generate(
    token: token,
    increment: increment,
  ), headers)
  return Secret.decode(json)
end

#renew_self(increment = 0, options = {}) ⇒ Secret

Renews a lease associated with the calling token.

Examples:

Vault.auth_token.renew_self #=> #<Vault::Secret lease_id="">

Parameters:

• increment (Fixnum) (defaults to: 0)

Returns:

• (Secret)

# File 'lib/vault/api/auth_token.rb', line 175

def renew_self(increment = 0, options = {})
  headers = extract_headers!(options)
  json = client.put("/v1/auth/token/renew-self", JSON.fast_generate(
    increment: increment,
  ), headers)
  return Secret.decode(json)
end

#revoke(token, options = {}) ⇒ true Also known as: revoke_tree

Revoke the token and all its children.

Examples:

Vault.auth_token.revoke("abcd-1234") #=> true

Parameters:

• token (String) —

  the auth token

Returns:

• (true)

# File 'lib/vault/api/auth_token.rb', line 236

def revoke(token, options = {})
  headers = extract_headers!(options)
  client.put("/v1/auth/token/revoke", JSON.fast_generate(
    token: token,
  ), headers)
  return true
end

#revoke_accessor(accessor, options = {}) ⇒ true

Revoke exactly the orphans at the id.

Examples:

Vault.auth_token.revoke_accessor("abcd-1234") #=> true

Parameters:

• accessor (String) —

  the accessor to revoke

Returns:

• (true)

# File 'lib/vault/api/auth_token.rb', line 219

def revoke_accessor(accessor, options = {})
  headers = extract_headers!(options)
  client.put("/v1/auth/token/revoke-accessor", JSON.fast_generate(
    accessor: accessor,
  ), headers)
  return true
end

#revoke_orphan(token, options = {}) ⇒ true

Revoke exactly the orphans at the id.

Examples:

Vault.auth_token.revoke_orphan("abcd-1234") #=> true

Parameters:

• token (String) —

  the token to revoke

Returns:

• (true)

# File 'lib/vault/api/auth_token.rb', line 202

def revoke_orphan(token, options = {})
  headers = extract_headers!(options)
  client.put("/v1/auth/token/revoke-orphan", JSON.fast_generate(
    token: token,
  ), headers)
  return true
end

#revoke_self ⇒ Object

Revokes the token used to call it.

Examples:

Vault.auth_token.revoke_self #=> 204

Returns:

• response code.

# File 'lib/vault/api/auth_token.rb', line 189

def revoke_self
  client.post("/v1/auth/token/revoke-self")
end