/**
* Returns the capabilities of the token on the given path.
*
* If token is empty, 'capabilities-self' is assumed
*
* @see https://www.vaultproject.io/docs/http/sys-capabilities.html
* @see https://www.vaultproject.io/docs/http/sys-capabilities-self.html
* @param string $path
* @param string|null $token
* @return mixed
*/
public function capabilities($path, $token = null)
{
$params = ['body' => json_encode(array_filter(compact('token', 'path')))];
if (empty($token)) {
return $this->client->post('/v1/sys/capabilities-self', $params);
}
return $this->client->post('/v1/sys/capabilities', $params);
}
/**
* Creates (or replaces) the named role.
*
* Roles enforce specific behavior when creating tokens that allow token functionality that is otherwise not
* available or would require sudo/root privileges to access.
*
* Role parameters, when set, override any provided options to the create endpoints.
*
* The role name is also included in the token path, allowing all tokens created against a role to be revoked
* using the sys/revoke-prefix endpoint.
*
* @see https://www.vaultproject.io/docs/auth/token.html
* @return mixed
*/
public function createRole(string $role, array $body = [])
{
$body = OptionsResolver::resolve($body, ['allowed_policies', 'orphan', 'period', 'renewable', 'path_suffix', 'explicit_max_ttl']);
$params = ['body' => json_encode($body)];
return $this->client->post('/v1/auth/token/roles/' . $role, $params);
}
