Packages

case class Role(allowedPolicies: List[String] = List.empty, disallowedPolicies: List[String] = List.empty, orphan: Boolean = false, renewable: Boolean = true, pathSuffix: String = "", allowedEntityAliases: List[String] = List.empty, tokenBoundCidrs: List[String] = List.empty, tokenExplicitMaxTtl: Duration = Duration.Undefined, tokenNoDefaultPolicy: Boolean = false, tokenNumUses: Int = 0, tokenPeriod: Duration = Duration.Undefined, tokenType: TokenType = TokenType.DefaultService) extends Product with Serializable

allowedPolicies

If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy names. If at creation time no_default_policy is not set and "default" is not contained in disallowed_policies, the "default" policy will be added to the created token automatically.

disallowedPolicies

If set, successful token creation via this role will require that no policies in the given list are requested. The parameter is a comma-delimited string of policy names. Adding "default" to this list will prevent "default" from being added automatically to created tokens.

orphan

If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token.

renewable

Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL.

pathSuffix

If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.

allowedEntityAliases

specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.

tokenBoundCidrs

specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

tokenExplicitMaxTtl

Provides a maximum lifetime for any tokens issued against this role, including periodic tokens. Unlike direct token creation, where the value for an explicit max TTL is stored in the token, for roles this check will always use the current value set in the role. The main use of this is to provide a hard upper bound on periodic tokens, which otherwise can live forever as long as they are renewed. This is an integer number of seconds.

tokenNoDefaultPolicy

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in allowed_policies.

tokenNumUses

The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.

tokenPeriod

The period, if any, to set on the token.

tokenType

Specifies the type of tokens that should be returned by the role. If either service or batch is specified, that kind of token will always be returned. If default-service, service tokens will be returned unless the client requests a batch type token at token creation time. If default-batch, batch tokens will be returned unless the client requests a service type token at token creation time.

Source
Role.scala
Linear Supertypes
Type Hierarchy
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. Role
  2. Serializable
  3. Product
  4. Equals
  5. AnyRef
  6. Any
Implicitly
  1. by StringFormat
  2. by Ensuring
  3. by ArrowAssoc
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new Role(allowedPolicies: List[String] = List.empty, disallowedPolicies: List[String] = List.empty, orphan: Boolean = false, renewable: Boolean = true, pathSuffix: String = "", allowedEntityAliases: List[String] = List.empty, tokenBoundCidrs: List[String] = List.empty, tokenExplicitMaxTtl: Duration = Duration.Undefined, tokenNoDefaultPolicy: Boolean = false, tokenNumUses: Int = 0, tokenPeriod: Duration = Duration.Undefined, tokenType: TokenType = TokenType.DefaultService)

    allowedPolicies

    If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy names. If at creation time no_default_policy is not set and "default" is not contained in disallowed_policies, the "default" policy will be added to the created token automatically.

    disallowedPolicies

    If set, successful token creation via this role will require that no policies in the given list are requested. The parameter is a comma-delimited string of policy names. Adding "default" to this list will prevent "default" from being added automatically to created tokens.

    orphan

    If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token.

    renewable

    Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL.

    pathSuffix

    If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.

    allowedEntityAliases

    specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.

    tokenBoundCidrs

    specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

    tokenExplicitMaxTtl

    Provides a maximum lifetime for any tokens issued against this role, including periodic tokens. Unlike direct token creation, where the value for an explicit max TTL is stored in the token, for roles this check will always use the current value set in the role. The main use of this is to provide a hard upper bound on periodic tokens, which otherwise can live forever as long as they are renewed. This is an integer number of seconds.

    tokenNoDefaultPolicy

    If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in allowed_policies.

    tokenNumUses

    The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.

    tokenPeriod

    The period, if any, to set on the token.

    tokenType

    Specifies the type of tokens that should be returned by the role. If either service or batch is specified, that kind of token will always be returned. If default-service, service tokens will be returned unless the client requests a batch type token at token creation time. If default-batch, batch tokens will be returned unless the client requests a service type token at token creation time.

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. def ->[B](y: B): (Role, B)
    Implicit
    This member is added by an implicit conversion from Role toArrowAssoc[Role] performed by method ArrowAssoc in scala.Predef.
    Definition Classes
    ArrowAssoc
    Annotations
    @inline()
  4. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  5. val allowedEntityAliases: List[String]
  6. val allowedPolicies: List[String]
  7. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  8. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native()
  9. val disallowedPolicies: List[String]
  10. def ensuring(cond: (Role) => Boolean, msg: => Any): Role
    Implicit
    This member is added by an implicit conversion from Role toEnsuring[Role] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  11. def ensuring(cond: (Role) => Boolean): Role
    Implicit
    This member is added by an implicit conversion from Role toEnsuring[Role] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  12. def ensuring(cond: Boolean, msg: => Any): Role
    Implicit
    This member is added by an implicit conversion from Role toEnsuring[Role] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  13. def ensuring(cond: Boolean): Role
    Implicit
    This member is added by an implicit conversion from Role toEnsuring[Role] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  14. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  15. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable])
  16. def formatted(fmtstr: String): String
    Implicit
    This member is added by an implicit conversion from Role toStringFormat[Role] performed by method StringFormat in scala.Predef.
    Definition Classes
    StringFormat
    Annotations
    @inline()
  17. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  18. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  19. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  20. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  21. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  22. val orphan: Boolean
  23. val pathSuffix: String
  24. def productElementNames: Iterator[String]
    Definition Classes
    Product
  25. val renewable: Boolean
  26. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  27. val tokenBoundCidrs: List[String]
  28. val tokenExplicitMaxTtl: Duration
  29. val tokenNoDefaultPolicy: Boolean
  30. val tokenNumUses: Int
  31. val tokenPeriod: Duration
  32. val tokenType: TokenType
  33. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  34. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  35. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()

Deprecated Value Members

  1. def [B](y: B): (Role, B)
    Implicit
    This member is added by an implicit conversion from Role toArrowAssoc[Role] performed by method ArrowAssoc in scala.Predef.
    Definition Classes
    ArrowAssoc
    Annotations
    @deprecated
    Deprecated

    (Since version 2.13.0) Use -> instead. If you still wish to display it as one character, consider using a font with programming ligatures such as Fira Code.

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Inherited by implicit conversion StringFormat fromRole to StringFormat[Role]

Inherited by implicit conversion Ensuring fromRole to Ensuring[Role]

Inherited by implicit conversion ArrowAssoc fromRole to ArrowAssoc[Role]

Ungrouped