/** * Returns the capabilities of the token on the given path. * * If token is empty, 'capabilities-self' is assumed * * @see https://www.vaultproject.io/docs/http/sys-capabilities.html * @see https://www.vaultproject.io/docs/http/sys-capabilities-self.html * @param string $path * @param string|null $token * @return mixed */ public function capabilities($path, $token = null) { $params = ['body' => json_encode(array_filter(compact('token', 'path')))]; if (empty($token)) { return $this->client->post('/v1/sys/capabilities-self', $params); } return $this->client->post('/v1/sys/capabilities', $params); }
/** * Creates (or replaces) the named role. * * Roles enforce specific behavior when creating tokens that allow token functionality that is otherwise not * available or would require sudo/root privileges to access. * * Role parameters, when set, override any provided options to the create endpoints. * * The role name is also included in the token path, allowing all tokens created against a role to be revoked * using the sys/revoke-prefix endpoint. * * @see https://www.vaultproject.io/docs/auth/token.html * @return mixed */ public function createRole(string $role, array $body = []) { $body = OptionsResolver::resolve($body, ['allowed_policies', 'orphan', 'period', 'renewable', 'path_suffix', 'explicit_max_ttl']); $params = ['body' => json_encode($body)]; return $this->client->post('/v1/auth/token/roles/' . $role, $params); }