case class Role(allowedPolicies: List[String] = List.empty, disallowedPolicies: List[String] = List.empty, orphan: Boolean = false, renewable: Boolean = true, pathSuffix: String = "", allowedEntityAliases: List[String] = List.empty, tokenBoundCidrs: List[String] = List.empty, tokenExplicitMaxTtl: Duration = Duration.Undefined, tokenNoDefaultPolicy: Boolean = false, tokenNumUses: Int = 0, tokenPeriod: Duration = Duration.Undefined, tokenType: TokenType = TokenType.DefaultService) extends Product with Serializable
- allowedPolicies
If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy names. If at creation time no_default_policy is not set and "default" is not contained in disallowed_policies, the "default" policy will be added to the created token automatically.
- disallowedPolicies
If set, successful token creation via this role will require that no policies in the given list are requested. The parameter is a comma-delimited string of policy names. Adding "default" to this list will prevent "default" from being added automatically to created tokens.
- orphan
If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token.
- renewable
Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL.
- pathSuffix
If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.
- allowedEntityAliases
specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.
- tokenBoundCidrs
specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- tokenExplicitMaxTtl
Provides a maximum lifetime for any tokens issued against this role, including periodic tokens. Unlike direct token creation, where the value for an explicit max TTL is stored in the token, for roles this check will always use the current value set in the role. The main use of this is to provide a hard upper bound on periodic tokens, which otherwise can live forever as long as they are renewed. This is an integer number of seconds.
- tokenNoDefaultPolicy
If set, the
default
policy will not be set on generated tokens; otherwise it will be added to the policies set in allowed_policies.- tokenNumUses
The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- tokenPeriod
The period, if any, to set on the token.
- tokenType
Specifies the type of tokens that should be returned by the role. If either
service
orbatch
is specified, that kind of token will always be returned. Ifdefault-service
,service
tokens will be returned unless the client requests abatch
type token at token creation time. Ifdefault-batch
,batch
tokens will be returned unless the client requests aservice
type token at token creation time.
- Source
- Role.scala
- Alphabetic
- By Inheritance
- Role
- Serializable
- Product
- Equals
- AnyRef
- Any
- by StringFormat
- by Ensuring
- by ArrowAssoc
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new Role(allowedPolicies: List[String] = List.empty, disallowedPolicies: List[String] = List.empty, orphan: Boolean = false, renewable: Boolean = true, pathSuffix: String = "", allowedEntityAliases: List[String] = List.empty, tokenBoundCidrs: List[String] = List.empty, tokenExplicitMaxTtl: Duration = Duration.Undefined, tokenNoDefaultPolicy: Boolean = false, tokenNumUses: Int = 0, tokenPeriod: Duration = Duration.Undefined, tokenType: TokenType = TokenType.DefaultService)
- allowedPolicies
If set, tokens can be created with any subset of the policies in this list, rather than the normal semantics of tokens being a subset of the calling token's policies. The parameter is a comma-delimited string of policy names. If at creation time no_default_policy is not set and "default" is not contained in disallowed_policies, the "default" policy will be added to the created token automatically.
- disallowedPolicies
If set, successful token creation via this role will require that no policies in the given list are requested. The parameter is a comma-delimited string of policy names. Adding "default" to this list will prevent "default" from being added automatically to created tokens.
- orphan
If true, tokens created against this policy will be orphan tokens (they will have no parent). As such, they will not be automatically revoked by the revocation of any other token.
- renewable
Set to false to disable the ability of the token to be renewed past its initial TTL. Setting the value to true will allow the token to be renewable up to the system/mount maximum TTL.
- pathSuffix
If set, tokens created against this role will have the given suffix as part of their path in addition to the role name. This can be useful in certain scenarios, such as keeping the same role name in the future but revoking all tokens created against it before some point in time. The suffix can be changed, allowing new callers to have the new suffix as part of their path, and then tokens with the old suffix can be revoked via /sys/leases/revoke-prefix.
- allowedEntityAliases
specifies the entity aliases which are allowed to be used during token generation. This field supports globbing.
- tokenBoundCidrs
specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
- tokenExplicitMaxTtl
Provides a maximum lifetime for any tokens issued against this role, including periodic tokens. Unlike direct token creation, where the value for an explicit max TTL is stored in the token, for roles this check will always use the current value set in the role. The main use of this is to provide a hard upper bound on periodic tokens, which otherwise can live forever as long as they are renewed. This is an integer number of seconds.
- tokenNoDefaultPolicy
If set, the
default
policy will not be set on generated tokens; otherwise it will be added to the policies set in allowed_policies.- tokenNumUses
The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
- tokenPeriod
The period, if any, to set on the token.
- tokenType
Specifies the type of tokens that should be returned by the role. If either
service
orbatch
is specified, that kind of token will always be returned. Ifdefault-service
,service
tokens will be returned unless the client requests abatch
type token at token creation time. Ifdefault-batch
,batch
tokens will be returned unless the client requests aservice
type token at token creation time.
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- def ->[B](y: B): (Role, B)
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val allowedEntityAliases: List[String]
- val allowedPolicies: List[String]
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native()
- val disallowedPolicies: List[String]
- def ensuring(cond: (Role) => Boolean, msg: => Any): Role
- def ensuring(cond: (Role) => Boolean): Role
- def ensuring(cond: Boolean, msg: => Any): Role
- def ensuring(cond: Boolean): Role
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable])
- def formatted(fmtstr: String): String
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- val orphan: Boolean
- val pathSuffix: String
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- val renewable: Boolean
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- val tokenBoundCidrs: List[String]
- val tokenExplicitMaxTtl: Duration
- val tokenNoDefaultPolicy: Boolean
- val tokenNumUses: Int
- val tokenPeriod: Duration
- val tokenType: TokenType
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
Deprecated Value Members
- def →[B](y: B): (Role, B)
- Implicit
- This member is added by an implicit conversion from Role toArrowAssoc[Role] performed by method ArrowAssoc in scala.Predef.
- Definition Classes
- ArrowAssoc
- Annotations
- @deprecated
- Deprecated
(Since version 2.13.0) Use
->
instead. If you still wish to display it as one character, consider using a font with programming ligatures such as Fira Code.