BetterCloud · steve-perkins · Dec 11, 2019 · Dec 7, 2019
diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java
@@ -47,6 +47,11 @@ public static class TokenRequest implements Serializable {
         private String displayName;
         private Long numUses;
         private String role;
+        private Boolean renewable;
+        private String type;
+        private String explicitMaxTtl;
+        private String period;
+        private String entityAlias;
 
         /**
          * @param id (optional) The ID of the client token. Can only be specified by a root token. Otherwise, the token ID is a randomly generated UUID.
@@ -129,6 +134,57 @@ public TokenRequest role(final String role) {
             return this;
         }
 
+        /**
+         * @param renewable Set to false to disable the ability of the token to be renewed past its
+         * initial TTL. Setting the value to true will allow the token to be renewable up to
+         * the system/mount maximum TTL.
+         * @return This object, with its renewable field populated
+         */
+        public TokenRequest renewable(final Boolean renewable) {
+            this.renewable = renewable;
+            return this;
+        }
+
+        /**
+         *
+         * @param type The token type. Can be "batch" or "service".
+         * @return This object, with its type field populated
+         */
+        public TokenRequest type(final String type) {
+            this.type = type;
+            return this;
+        }
+
+        /**
+         *
+         * @param explicitMaxTtl If set, the token will have an explicit max TTL set upon it.
+         * @return This object, with its explicitMaxTtl field populated
+         */
+        public TokenRequest explicitMaxTtl(final String explicitMaxTtl) {
+            this.explicitMaxTtl = explicitMaxTtl;
+            return this;
+        }
+
+        /**
+         *
+         * @param period If specified, the token will be periodic
+         * @return This object, with its period field populated
+         */
+        public TokenRequest period(final String period) {
+            this.period = period;
+            return this;
+        }
+
+        /**
+         *
+         * @param entityAlias Name of the entity alias to associate with during token creation.
+         * @return This object, with its period field populated
+         */
+        public TokenRequest entityAlias(final String entityAlias) {
+            this.entityAlias = entityAlias;
+            return this;
+        }
+
         public UUID getId() {
             return id;
         }
@@ -164,6 +220,26 @@ public Long getNumUses() {
         public String getRole() {
             return role;
         }
+
+        public Boolean getRenewable() {
+            return renewable;
+        }
+
+        public String getType() {
+            return type;
+        }
+
+        public String getExplicitMaxTtl() {
+            return explicitMaxTtl;
+        }
+
+        public String getPeriod() {
+            return period;
+        }
+
+        public String getEntityAlias() {
+            return entityAlias;
+        }
     }
 
     private final VaultConfig config;
@@ -249,6 +325,11 @@ public AuthResponse createToken(final TokenRequest tokenRequest, final String to
                 if (tokenRequest.ttl != null) jsonObject.add("ttl", tokenRequest.ttl);
                 if (tokenRequest.displayName != null) jsonObject.add("display_name", tokenRequest.displayName);
                 if (tokenRequest.numUses != null) jsonObject.add("num_uses", tokenRequest.numUses);
+                if (tokenRequest.renewable != null) jsonObject.add("renewable", tokenRequest.renewable);
+                if (tokenRequest.type != null) jsonObject.add("type", tokenRequest.type);
+                if (tokenRequest.explicitMaxTtl != null) jsonObject.add("explicit_max_ttl", tokenRequest.explicitMaxTtl);
+                if (tokenRequest.period != null) jsonObject.add("period", tokenRequest.period);
+                if (tokenRequest.entityAlias != null) jsonObject.add("entity_alias", tokenRequest.entityAlias);
                 final String requestJson = jsonObject.toString();
 
                 final StringBuilder urlBuilder = new StringBuilder(config.getAddress())//NOPMD

diff --git a/src/main/java/com/bettercloud/vault/response/AuthResponse.java b/src/main/java/com/bettercloud/vault/response/AuthResponse.java
@@ -17,6 +17,7 @@ public class AuthResponse extends VaultResponse {
 
     private Boolean renewable;
     private String authClientToken;
+    private String tokenAccessor;
     private List<String> authPolicies;
     private long authLeaseDuration;
     private boolean authRenewable;
@@ -50,6 +51,7 @@ public AuthResponse(final RestResponse restResponse, final int retries) {
                 nonce = metadata.getString("nonce", "");
             }
             authClientToken = authJsonObject.getString("client_token", "");
+            tokenAccessor = authJsonObject.getString("accessor", "");
             final JsonArray authPoliciesJsonArray = authJsonObject.get("policies").asArray();
             authPolicies = new ArrayList<>();
             for (final JsonValue authPolicy : authPoliciesJsonArray) {
@@ -92,4 +94,6 @@ public String getUserId() {
     }
 
     public String getNonce() { return nonce; }
+
+    public String getTokenAccessor() { return tokenAccessor; }
 }
diff --git a/src/test-integration/java/com/bettercloud/vault/api/AuthBackendTokenTests.java b/src/test-integration/java/com/bettercloud/vault/api/AuthBackendTokenTests.java
@@ -8,6 +8,9 @@
 import com.bettercloud.vault.util.VaultContainer;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
@@ -37,10 +40,30 @@ public static void setupClass() throws IOException, InterruptedException {
     public void testCreateTokenWithRequest() throws VaultException {
         final Vault vault = container.getRootVault();
 
-        final AuthResponse response = vault.auth().createToken(new Auth.TokenRequest().ttl("1h"));
+        final AuthResponse response = vault.auth().createToken(
+            new Auth.TokenRequest()
+            .id(UUID.randomUUID())
+            .polices(Arrays.asList("policy"))
+            .noParent(true)
+            .noDefaultPolicy(false)
+            .ttl("1h")
+            .displayName("display name")
+            .numUses(1L)
+            .renewable(true)
+            .type("service")
+            .explicitMaxTtl("2h")
+            .period("2h")
+            .entityAlias("entityId")
+        );
         final String token = response.getAuthClientToken();
+        final String accessor = response.getTokenAccessor();
 
+        assertNotNull(accessor);
         assertNotNull(token);
+        assertEquals(2, response.getAuthPolicies().size());
+        assertEquals("default", response.getAuthPolicies().get(0));
+        assertEquals("policy", response.getAuthPolicies().get(1));
+        assertEquals(7200, response.getAuthLeaseDuration());
     }
 
     /**