@@ -154,8 +154,33 @@ public Auth(final VaultConfig config) {
154154 * @return The auth token, with additional response metadata
155155 * @throws VaultException If any error occurs, or unexpected response received from Vault
156156 */
157- public AuthResponse createToken (final TokenRequest tokenRequest ) throws VaultException {
157+ public AuthResponse createToken (final TokenRequest tokenRequest ) throws VaultException {
158+ return createToken (tokenRequest , "token" );
159+ }
160+
161+ /**
162+ * <p>Operation to create an authentication token. Relies on another token already being present in
163+ * the <code>VaultConfig</code> instance. Example usage:</p>
164+ *
165+ * <blockquote>
166+ * <pre>{@code
167+ * final VaultConfig config = new VaultConfig().address(...).token(...).build();
168+ * final Vault vault = new Vault(config);
169+ * final AuthResponse response = vault.auth().createToken(new TokenRequest().withTtl("1h"));
170+ *
171+ * final String token = response.getAuthClientToken();
172+ * }</pre>
173+ * </blockquote>
174+ *
175+ * @param tokenRequest A container of optional configuration parameters
176+ * @param tokenAuthMount The mount name of the token authentication back end. If null, defaults to "token"
177+ * @return The auth token, with additional response metadata
178+ * @throws VaultException If any error occurs, or unexpected response received from Vault
179+ */
180+ public AuthResponse createToken (final TokenRequest tokenRequest , final String tokenAuthMount ) throws VaultException {
158181 int retryCount = 0 ;
182+
183+ final String mount = tokenAuthMount != null ? tokenAuthMount : "token" ;
159184 while (true ) {
160185 try {
161186 // Parse parameters to JSON
@@ -178,8 +203,8 @@ public AuthResponse createToken(final TokenRequest tokenRequest) throws VaultExc
178203 if (tokenRequest .displayName != null ) jsonObject .add ("display_name" , tokenRequest .displayName );
179204 if (tokenRequest .numUses != null ) jsonObject .add ("num_uses" , tokenRequest .numUses );
180205 final String requestJson = jsonObject .toString ();
181-
182- final StringBuilder urlBuilder = new StringBuilder (config .getAddress ()).append ("/v1/auth/token /create" );//NOPMD
206+
207+ final StringBuilder urlBuilder = new StringBuilder (config .getAddress ()).append ("/v1/auth/" + mount + " /create"//NOPMD
183208 if (tokenRequest .role != null ) {
184209 urlBuilder .append ("/" ).append (tokenRequest .role );
185210 }
@@ -368,13 +393,36 @@ public AuthResponse loginByAppRole(final String path, final String roleId, final
368393 * @throws VaultException If any error occurs, or unexpected response received from Vault
369394 */
370395 public AuthResponse loginByUserPass (final String username , final String password ) throws VaultException {
396+ return loginByUserPass (username , password , "userpass" );
397+ }
398+
399+ /**
400+ * <p>Basic login operation to authenticate to a Username & Password backend. Example usage:</p>
401+ *
402+ * <blockquote>
403+ * <pre>{@code
404+ * final AuthResponse response = vault.auth().loginByUserPass("test", "password");
405+ *
406+ * final String token = response.getAuthClientToken();
407+ * }</pre>
408+ * </blockquote>
409+ *
410+ * @param username The username used for authentication
411+ * @param password The password used for authentication
412+ * @param userpassAuthMount The mount name of the userpass authentication back end. If null, defaults to "userpass"
413+ * @return The auth token, with additional response metadata
414+ * @throws VaultException If any error occurs, or unexpected response received from Vault
415+ */
416+ public AuthResponse loginByUserPass (final String username , final String password , final String userpassAuthMount ) throws VaultException {
371417 int retryCount = 0 ;
418+
419+ final String mount = userpassAuthMount != null ? userpassAuthMount : "userpass" ;
372420 while (true ) {
373421 try {
374422 // HTTP request to Vault
375423 final String requestJson = Json .object ().add ("password" , password ).toString ();
376424 final RestResponse restResponse = new Rest ()//NOPMD
377- .url (config .getAddress () + "/v1/auth/userpass /login/" + username )
425+ .url (config .getAddress () + "/v1/auth/" + mount + " /login/"username )
378426 .body (requestJson .getBytes ("UTF-8" ))
379427 .connectTimeoutSeconds (config .getOpenTimeout ())
380428 .readTimeoutSeconds (config .getReadTimeout ())
@@ -411,6 +459,25 @@ public AuthResponse loginByUserPass(final String username, final String password
411459 }
412460 }
413461
462+ /**
463+ * <p>Basic login operation to authenticate to an github backend. Example usage:</p>
464+ *
465+ * <blockquote>
466+ * <pre>{@code
467+ * final AuthResponse response = vault.auth().loginByGithub("githubToken");
468+ *
469+ * final String token = response.getAuthClientToken();
470+ * }</pre>
471+ * </blockquote>
472+ *
473+ * @param githubToken The app-id used for authentication
474+ * @return The auth token, with additional response metadata
475+ * @throws VaultException If any error occurs, or unexpected response received from Vault
476+ */
477+ public AuthResponse loginByGithub (final String githubToken ) throws VaultException {
478+ return loginByGithub (githubToken , "github" );
479+ }
480+
414481 /**
415482 * <p>Basic login operation to authenticate to an github backend. Example usage:</p>
416483 *
@@ -423,20 +490,23 @@ public AuthResponse loginByUserPass(final String username, final String password
423490 * </blockquote>
424491 *
425492 * @param githubToken The app-id used for authentication
493+ * @param githubAuthMount The mount name of the github authentication back end. If null, defaults to "github"
426494 * @return The auth token, with additional response metadata
427495 * @throws VaultException If any error occurs, or unexpected response received from Vault
428496 */
429- public AuthResponse loginByGithub (final String githubToken ) throws VaultException {
497+ public AuthResponse loginByGithub (final String githubToken , final String githubAuthMount ) throws VaultException {
430498
431499 // TODO: Add (optional?) integration test coverage
432500
433501 int retryCount = 0 ;
502+
503+ final String mount = githubAuthMount != null ? githubAuthMount : "github" ;
434504 while (true ) {
435505 try {
436506 // HTTP request to Vault
437507 final String requestJson = Json .object ().add ("token" , githubToken ).toString ();
438508 final RestResponse restResponse = new Rest ()//NOPMD
439- .url (config .getAddress () + "/v1/auth/github /login" )
509+ .url (config .getAddress () + "/v1/auth/" + mount + " /login"
440510 .body (requestJson .getBytes ("UTF-8" ))
441511 .connectTimeoutSeconds (config .getOpenTimeout ())
442512 .readTimeoutSeconds (config .getReadTimeout ())
@@ -497,11 +567,41 @@ public AuthResponse loginByGithub(final String githubToken) throws VaultExceptio
497567 * @throws VaultException If any error occurs, or unexpected response received from Vault
498568 */
499569 public AuthResponse loginByCert () throws VaultException {
570+ return loginByCert ("cert" );
571+ }
572+
573+ /**
574+ * <p>Basic login operation to authenticate using Vault's TLS Certificate auth backend. Example usage:</p>
575+ *
576+ * <blockquote>
577+ * <pre>{@code
578+ * final SslConfig sslConfig = new SslConfig()
579+ * .keystore("keystore.jks")
580+ * .truststore("truststore.jks")
581+ * .build();
582+ * final VaultConfig vaultConfig = new VaultConfig()
583+ * .address("https://127.0.0.1:8200")
584+ * .sslConfig(sslConfig)
585+ * .build();
586+ * final Vault vault = new Vault(vaultConfig);
587+ *
588+ * final AuthResponse response = vault.auth().loginByCert();
589+ * final String token = response.getAuthClientToken();
590+ * }</pre>
591+ * </blockquote>
592+ *
593+ * @param certAuthMount The mount name of the cert authentication back end. If null, defaults to "cert"
594+ * @return The auth token, with additional response metadata
595+ * @throws VaultException If any error occurs, or unexpected response received from Vault
596+ */
597+ public AuthResponse loginByCert (final String certAuthMount ) throws VaultException {
500598 int retryCount = 0 ;
599+
600+ final String mount = certAuthMount != null ? certAuthMount : "cert" ;
501601 while (true ) {
502602 try {
503603 final RestResponse restResponse = new Rest ()//NOPMD
504- .url (config .getAddress () + "/v1/auth/cert /login" )
604+ .url (config .getAddress () + "/v1/auth/" + mount + " /login"
505605 .connectTimeoutSeconds (config .getOpenTimeout ())
506606 .readTimeoutSeconds (config .getReadTimeout ())
507607 .sslVerification (config .getSslConfig ().isVerify ())
@@ -558,13 +658,29 @@ public AuthResponse renewSelf() throws VaultException {
558658 * @throws VaultException If any error occurs, or unexpected response received from Vault
559659 */
560660 public AuthResponse renewSelf (final long increment ) throws VaultException {
661+ return renewSelf (increment , "token" );
662+ }
663+
664+ /**
665+ * <p>Renews the lease associated with the calling token. This version of the method accepts a parameter to
666+ * explicitly declare how long the new lease period should be (in seconds). The Vault documentation suggests
667+ * that this value may be ignored, however.</p>
668+ *
669+ * @param increment The number of seconds requested for the new lease lifespan
670+ * @param tokenAuthMount The mount name of the token authentication back end. If null, defaults to "token"
671+ * @return The response information returned from Vault
672+ * @throws VaultException If any error occurs, or unexpected response received from Vault
673+ */
674+ public AuthResponse renewSelf (final long increment , final String tokenAuthMount ) throws VaultException {
561675 int retryCount = 0 ;
676+
677+ final String mount = tokenAuthMount != null ? tokenAuthMount : "token" ;
562678 while (true ) {
563679 try {
564680 // HTTP request to Vault
565681 final String requestJson = Json .object ().add ("increment" , increment ).toString ();
566682 final RestResponse restResponse = new Rest ()//NOPMD
567- .url (config .getAddress () + "/v1/auth/token /renew-self" )
683+ .url (config .getAddress () + "/v1/auth/" + mount + " /renew-self"
568684 .header ("X-Vault-Token" , config .getToken ())
569685 .body (increment < 0 ? null : requestJson .getBytes ("UTF-8" ))
570686 .connectTimeoutSeconds (config .getOpenTimeout ())
@@ -603,17 +719,29 @@ public AuthResponse renewSelf(final long increment) throws VaultException {
603719
604720 /**
605721 * <p>Returns information about the current client token.</p>
606- *
722+ *
607723 * @return The response information returned from Vault
608724 * @throws VaultException If any error occurs, or unexpected response received from Vault
609725 */
610726 public LookupResponse lookupSelf () throws VaultException {
727+ return lookupSelf ("token" );
728+ }
729+
730+ /**
731+ * <p>Returns information about the current client token.</p>
732+ *
733+ * @param tokenAuthMount The mount name of the token authentication back end. If null, defaults to "token"
734+ * @return The response information returned from Vault
735+ * @throws VaultException If any error occurs, or unexpected response received from Vault
736+ */
737+ public LookupResponse lookupSelf (final String tokenAuthMount ) throws VaultException {
611738 int retryCount = 0 ;
739+ final String mount = tokenAuthMount != null ? tokenAuthMount : "token" ;
612740 while (true ) {
613741 try {
614742 // HTTP request to Vault
615743 final RestResponse restResponse = new Rest ()//NOPMD
616- .url (config .getAddress () + "/v1/auth/token /lookup-self" )
744+ .url (config .getAddress () + "/v1/auth/" + mount + " /lookup-self"
617745 .header ("X-Vault-Token" , config .getToken ())
618746 .connectTimeoutSeconds (config .getOpenTimeout ())
619747 .readTimeoutSeconds (config .getReadTimeout ())
0 commit comments