Liking cljdoc? Tell your friends :D
Clojure only.

vault.auth.approle

The /auth/approle endpoint manages approle role-id & secret-id authentication functionality.

Reference: https://www.vaultproject.io/api-docs/auth/approle

The `/auth/approle` endpoint manages approle role-id & secret-id authentication functionality.

Reference: https://www.vaultproject.io/api-docs/auth/approle
raw docstring

APIcljprotocol

The approle auth endpoints manage role_id and secret_id authentication.

The approle auth endpoints manage role_id and secret_id authentication.

configure-role!clj

(configure-role! client role-name opts)

Create a new role or update an existing role. At least one option must be specified. This method uses the /auth/approle/role/:role_name endpoint.

Options:

  • :bind-secret-id (boolean)

    If a secret-id is required to be presented when logging in with this role.

  • :secret-id-bound-cidrs (collection)

    Collection of CIDR blocks. When set, specifies blocks of IP addresses which can perform the login operation.

  • :secret-id-num-uses (integer)

    The number of times any single secret-id can be used to fetch a token from this approle, after which the secret-id will expire. Specify 0 for unlimited uses.

  • :secret-id-ttl (string)

    Duration in either an integer number of seconds (3600) or a string time unit (60m) after which any secret-id expires.

  • :local-secret-ids (boolean)

    If set, the secret IDs generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later.

  • :token-ttl (integer or string)

    The incremental lifetime for generated tokens.

  • :token-max-ttl (integer or string)

    The maximum lifetime for generated tokens.

  • :token-policies (collection)

    List of policies to encode onto generated tokens.

  • :token-bound-cidrs (collection)

    List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully.

  • :token-explicit-max-ttl (integer or string)

    If set, will encode an explicit hard cap for token life.

  • :token-no-default-policy (boolean)

    If set, the default policy will not be set on generated tokens, otherwise it will be added to the policies set in :token-policies.

  • :token-num-uses (integer)

    The maximum amount of times a generated token may be used. Specify 0 for unlimited uses.

  • :token-period (integer or string)

    The period to set on a token.

  • :token-type (string)

    The type of token that should be generated.

Create a new role or update an existing role. At least one option must be
specified. This method uses the `/auth/approle/role/:role_name` endpoint.

Options:

- `:bind-secret-id` (boolean)

  If a `secret-id` is required to be presented when logging in with this
  role.

- `:secret-id-bound-cidrs` (collection)

  Collection of CIDR blocks. When set, specifies blocks of IP addresses
  which can perform the login operation.

- `:secret-id-num-uses` (integer)

  The number of times any single `secret-id` can be used to fetch a token
  from this approle, after which the `secret-id` will expire. Specify `0` for
  unlimited uses.

- `:secret-id-ttl` (string)

  Duration in either an integer number of seconds (`3600`) or a string time
  unit (`60m`) after which any `secret-id` expires.

- `:local-secret-ids` (boolean)

  If set, the secret IDs generated using this role will be cluster local.
  This can only be set during role creation and once set, it can't be reset
  later.

- `:token-ttl` (integer or string)

  The incremental lifetime for generated tokens.

- `:token-max-ttl` (integer or string)

  The maximum lifetime for generated tokens.

- `:token-policies` (collection)

  List of policies to encode onto generated tokens.

- `:token-bound-cidrs` (collection)

  List of CIDR blocks; if set, specifies blocks of IP addresses which can
  authenticate successfully.

- `:token-explicit-max-ttl` (integer or string)

  If set, will encode an explicit hard cap for token life.

- `:token-no-default-policy` (boolean)

  If set, the default policy will not be set on generated tokens, otherwise
  it will be added to the policies set in `:token-policies`.

- `:token-num-uses` (integer)

  The maximum amount of times a generated token may be used. Specify `0`
  for unlimited uses.

- `:token-period` (integer or string)

  The period to set on a token.

- `:token-type` (string)

  The type of token that should be generated.

generate-secret-id!clj

(generate-secret-id! client role-name)
(generate-secret-id! client role-name opts)

Generate a new secret-id for an existing role. This method uses the /auth/approle/role/:role_name/secret-id endpoint.

Options:

  • :metadata (string)

    Metadata tied to the secret-id. This should be a JSON-formatted string containing key-value pairs. This metadata is logged in audit logs in plaintext.

  • :cidr-list (collection)

    Collection of CIDR blocks enforcing secret-ids to be used from specific IP addresses.

  • :token-bound-cidrs (collection)

    Collection of CIDR blocks; when set, specifies blocks of IP addresses that can use auth tokens generated by the secret-id.

Generate a new `secret-id` for an existing role. This method uses the
`/auth/approle/role/:role_name/secret-id` endpoint.

Options:

- `:metadata` (string)

  Metadata tied to the `secret-id`. This should be a JSON-formatted string
  containing key-value pairs. This metadata is logged in audit logs in plaintext.

- `:cidr-list` (collection)

  Collection of CIDR blocks enforcing `secret-ids` to be used from specific IP addresses.

- `:token-bound-cidrs` (collection)

  Collection of CIDR blocks; when set, specifies blocks of IP addresses that can use
  auth tokens generated by the `secret-id`.

list-rolesclj

(list-roles client)

Return a list of the existing roles. This method uses the /auth/approle/role endpoint.

Return a list of the existing roles. This method uses the
`/auth/approle/role` endpoint.

loginclj

(login client role-id secret-id)

Login using an approle role-id and secret-id. This method uses the /auth/approle/login endpoint.

Returns the auth map from the login endpoint and updates the auth information in the client, including the new client token.

Login using an approle `role-id` and `secret-id`. This method uses the
`/auth/approle/login` endpoint.

Returns the `auth` map from the login endpoint and updates the auth
information in the client, including the new client token.

read-roleclj

(read-role client role-name)

Read the properities associated with an approle. This method uses the /auth/approle/role/:role_name endpoint.

Read the properities associated with an approle. This method uses the
`/auth/approle/role/:role_name` endpoint.

read-role-idclj

(read-role-id client role-name)

Read the role-id of an exiting role. This method uses the /auth/approle/role/:role_name/role-id endpont.

Read the `role-id` of an exiting role. This method uses the
`/auth/approle/role/:role_name/role-id` endpont.

with-mountclj

(with-mount client mount)

Return an updated client which will resolve calls against the provided mount instead of the default. Passing nil will reset the client to the default.

Return an updated client which will resolve calls against the provided
mount instead of the default. Passing `nil` will reset the client to the
default.
sourceraw docstring

default-mountclj

Default mount point to use if one is not provided.

Default mount point to use if one is not provided.
sourceraw docstring

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcutsReport a problemcljdoc on GitHub
× close