update AppRole model and builder to current API

Add missing JSON fields and remove unprefixed, already deprecated fields

CHANGELOG.md

@@ -11,8 +11,17 @@
 ### Improvements
 * Added `entity_id`, `token_policies`, `token_type` and `orphan` flags to auth response
 * Added `entity_id`, `expire_time`, `explicit_max_ttl`, `issue_time`, `renewable` and `type` flags to token data
+* Added `enable_local_secret_ids`, `token_bound_cidrs`, `token_explicit_max_ttl`, `token_no_default_policy`, 
+  `token_num_uses`, `token_period` and `token_type` flags to _AppRole_ model
 * Minor dependency updates
 
+### Deprecations
+* `AppRole#getPolicies()` and `#setPolicies()` are deprecated in favor of `#getTokenPolicies()` and `#setTokenPolicies()`
+* `AppRole#getPeriod()` is deprecated in favor of `#getTokenPeriod()`
+
+### Removals
+* Deprecated methods `AppRole#getBoundCidrList()`, `#setBoundCidrList()` and `getBoundCidrListString()` have been removed.
+
 
 ## 0.8.2 (2019-10-20)
 

src/main/java/de/stklcode/jvault/connector/VaultConnector.java

@@ -226,7 +226,7 @@ public interface VaultConnector extends AutoCloseable, Serializable {
      */
     default boolean createAppRole(final String roleName, final List<String> policies, final String roleID)
             throws VaultConnectorException {
-        return createAppRole(new AppRoleBuilder(roleName).withPolicies(policies).withId(roleID).build());
+        return createAppRole(new AppRoleBuilder(roleName).withTokenPolicies(policies).withId(roleID).build());
     }
 
     /**

src/main/java/de/stklcode/jvault/connector/model/AppRole.java

@@ -50,12 +50,8 @@ public final class AppRole {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Boolean bindSecretId;
 
-    private List<String> boundCidrList;
-
     private List<String> secretIdBoundCidrs;
 
-    private List<String> policies;
-
     @JsonProperty("secret_id_num_uses")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Integer secretIdNumUses;
@@ -64,6 +60,10 @@ public final class AppRole {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Integer secretIdTtl;
 
+    @JsonProperty("enable_local_secret_ids")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private Boolean enableLocalSecretIds;
+
     @JsonProperty("token_ttl")
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Integer tokenTtl;
@@ -72,9 +72,31 @@ public final class AppRole {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     private Integer tokenMaxTtl;
 
-    @JsonProperty("period")
+    private List<String> tokenPolicies;
+
+    @JsonProperty("token_bound_cidrs")
     @JsonInclude(JsonInclude.Include.NON_NULL)
-    private Integer period;
+    private List<String> tokenBoundCidrs;
+
+    @JsonProperty("token_explicit_max_ttl")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private Integer tokenExplicitMaxTtl;
+
+    @JsonProperty("token_no_default_policy")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private Boolean tokenNoDefaultPolicy;
+
+    @JsonProperty("token_num_uses")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private Integer tokenNumUses;
+
+    @JsonProperty("token_period")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private Integer tokenPeriod;
+
+    @JsonProperty("token_type")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    private String tokenType;
 
     /**
      * Construct empty {@link AppRole} object.
@@ -83,66 +105,49 @@ public final class AppRole {
 
     }
 
-    /**
-     * Construct complete {@link AppRole} object.
-     *
-     * @param name               Role name (required)
-     * @param id                 Role ID (optional)
-     * @param bindSecretId       Bind secret ID (optional)
-     * @param secretIdBoundCidrs Whitelist of subnets in CIDR notation (optional)
-     * @param policies           List of policies (optional)
-     * @param secretIdNumUses    Maximum number of uses per secret (optional)
-     * @param secretIdTtl        Maximum TTL in seconds for secrets (optional)
-     * @param tokenTtl           Token TTL in seconds (optional)
-     * @param tokenMaxTtl        Maximum token TTL in seconds, including renewals (optional)
-     * @param period             Duration in seconds, if set the token is a periodic token (optional)
-     */
-    public AppRole(final String name, final String id, final Boolean bindSecretId, final List<String> secretIdBoundCidrs,
-                   final List<String> policies, final Integer secretIdNumUses, final Integer secretIdTtl,
-                   final Integer tokenTtl, final Integer tokenMaxTtl, final Integer period) {
-        this.name = name;
-        this.id = id;
-        this.bindSecretId = bindSecretId;
-        this.secretIdBoundCidrs = secretIdBoundCidrs;
-        this.policies = policies;
-        this.secretIdNumUses = secretIdNumUses;
-        this.secretIdTtl = secretIdTtl;
-        this.tokenTtl = tokenTtl;
-        this.tokenMaxTtl = tokenMaxTtl;
-        this.period = period;
-    }
-
     /**
      * Construct complete {@link AppRole} object.
      * <p>
      * This constructor is used for transition from {@code bound_cidr_list} to {@code secret_id_bound_cidrs} only.
      *
-     * @param name               Role name (required)
+     * @param name                 Role name (required)
-     * @param id                 Role ID (optional)
+     * @param id                   Role ID (optional)
-     * @param bindSecretId       Bind secret ID (optional)
+     * @param bindSecretId         Bind secret ID (optional)
-     * @param boundCidrList      Whitelist of subnets in CIDR notation (optional)
+     * @param secretIdBoundCidrs   Whitelist of subnets in CIDR notation (optional)
-     * @param secretIdBoundCidrs Whitelist of subnets in CIDR notation (optional)
+     * @param secretIdNumUses      Maximum number of uses per secret (optional)
-     * @param policies           List of policies (optional)
+     * @param secretIdTtl          Maximum TTL in seconds for secrets (optional)
-     * @param secretIdNumUses    Maximum number of uses per secret (optional)
+     * @param enableLocalSecretIds Enable local secret IDs (optional)
-     * @param secretIdTtl        Maximum TTL in seconds for secrets (optional)
+     * @param tokenTtl             Token TTL in seconds (optional)
-     * @param tokenTtl           Token TTL in seconds (optional)
+     * @param tokenMaxTtl          Maximum token TTL in seconds, including renewals (optional)
-     * @param tokenMaxTtl        Maximum token TTL in seconds, including renewals (optional)
+     * @param tokenPolicies        List of token policies (optional)
-     * @param period             Duration in seconds, if set the token is a periodic token (optional)
+     * @param tokenBoundCidrs      Whitelist of subnets in CIDR notation for associated tokens (optional)
+     * @param tokenExplicitMaxTtl  Explicit maximum TTL for associated tokens (optional)
+     * @param tokenNoDefaultPolicy Enable or disable default policy for associated tokens (optional)
+     * @param tokenNumUses         Number of uses for tokens (optional)
+     * @param tokenPeriod          Duration in seconds, if set the token is a periodic token (optional)
+     * @param tokenType            Token type (optional)
      */
-    AppRole(final String name, final String id, final Boolean bindSecretId, final List<String> boundCidrList,
+    AppRole(final String name, final String id, final Boolean bindSecretId, final List<String> secretIdBoundCidrs,
-            final List<String> secretIdBoundCidrs, final List<String> policies, final Integer secretIdNumUses,
+            final Integer secretIdNumUses, final Integer secretIdTtl, final Boolean enableLocalSecretIds,
-            final Integer secretIdTtl, final Integer tokenTtl, final Integer tokenMaxTtl, final Integer period) {
+            final Integer tokenTtl, final Integer tokenMaxTtl, final List<String> tokenPolicies,
+            final List<String> tokenBoundCidrs, final Integer tokenExplicitMaxTtl, final Boolean tokenNoDefaultPolicy,
+            final Integer tokenNumUses, final Integer tokenPeriod, final String tokenType) {
         this.name = name;
         this.id = id;
         this.bindSecretId = bindSecretId;
-        this.boundCidrList = boundCidrList;
         this.secretIdBoundCidrs = secretIdBoundCidrs;
-        this.policies = policies;
+        this.tokenPolicies = tokenPolicies;
         this.secretIdNumUses = secretIdNumUses;
         this.secretIdTtl = secretIdTtl;
+        this.enableLocalSecretIds = enableLocalSecretIds;
         this.tokenTtl = tokenTtl;
         this.tokenMaxTtl = tokenMaxTtl;
-        this.period = period;
+        this.tokenBoundCidrs = tokenBoundCidrs;
+        this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
+        this.tokenNoDefaultPolicy = tokenNoDefaultPolicy;
+        this.tokenNumUses = tokenNumUses;
+        this.tokenPeriod = tokenPeriod;
+        this.tokenType = tokenType;
     }
 
     /**
@@ -167,41 +172,38 @@ public final class AppRole {
     }
 
     /**
-     * @return list of bound CIDR subnets
+     * @return list of bound CIDR subnets of assiciated tokens
-     * @deprecated Use {@link #getSecretIdBoundCidrs()} instead, as this parameter is deprecated in Vault.
+     * @since 0.9
      */
-    @Deprecated
+    public List<String> getTokenBoundCidrs() {
-    public List<String> getBoundCidrList() {
+        return tokenBoundCidrs;
-        return boundCidrList;
     }
 
     /**
      * @param boundCidrList list of subnets in CIDR notation to bind role to
-     * @deprecated Use {@link #setSecretIdBoundCidrs(List)} instead, as this parameter is deprecated in Vault.
+     * @since 0.9
      */
-    @Deprecated
+    @JsonSetter("token_bound_cidrs")
-    @JsonSetter("bound_cidr_list")
+    public void setBoundCidrs(final List<String> boundCidrList) {
-    public void setBoundCidrList(final List<String> boundCidrList) {
+        this.tokenBoundCidrs = boundCidrList;
-        this.boundCidrList = boundCidrList;
     }
 
     /**
      * @return list of subnets in CIDR notation as comma-separated {@link String}
-     * @deprecated Use {@link #getSecretIdBoundCidrsString()} instead, as this parameter is deprecated in Vault.
+     * @since 0.9
      */
-    @Deprecated
+    @JsonGetter("token_bound_cidrs")
-    @JsonGetter("bound_cidr_list")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
-    public String getBoundCidrListString() {
+    public String getTokenBoundCidrsString() {
-        if (boundCidrList == null || boundCidrList.isEmpty()) {
+        if (tokenBoundCidrs == null || tokenBoundCidrs.isEmpty()) {
             return "";
         }
-        return String.join(",", boundCidrList);
+        return String.join(",", tokenBoundCidrs);
     }
 
     /**
      * @return list of bound CIDR subnets
-     * @since 0.8 replaces {@link #getBoundCidrList()}
+     * @since 0.8 replaces {@code getBoundCidrList()}
      */
     public List<String> getSecretIdBoundCidrs() {
         return secretIdBoundCidrs;
@@ -209,7 +211,7 @@ public final class AppRole {
 
     /**
      * @param secretIdBoundCidrs List of subnets in CIDR notation to bind secrets of this role to.
-     * @since 0.8 replaces {@link #setBoundCidrList(List)}
+     * @since 0.8 replaces {@code setBoundCidrList(List)}
      */
     @JsonSetter("secret_id_bound_cidrs")
     public void setSecretIdBoundCidrs(final List<String> secretIdBoundCidrs) {
@@ -218,7 +220,7 @@ public final class AppRole {
 
     /**
      * @return List of subnets in CIDR notation as comma-separated {@link String}
-     * @since 0.8 replaces {@link #getBoundCidrListString()} ()}
+     * @since 0.8 replaces {@code getBoundCidrListString()} ()}
      */
     @JsonGetter("secret_id_bound_cidrs")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
@@ -230,30 +232,63 @@ public final class AppRole {
     }
 
     /**
-     * @return list of policies
+     * @return list of token policies
+     * @since 0.9
      */
+    public List<String> getTokenPolicies() {
+        return tokenPolicies;
+    }
+
+    /**
+     * @return list of token policies
+     * @deprecated Use {@link #getTokenPolicies()} instead.
+     */
+    @Deprecated
+    @JsonIgnore
     public List<String> getPolicies() {
-        return policies;
+        return getTokenPolicies();
+    }
+
+    /**
+     * @param tokenPolicies list of token policies
+     * @since 0.9
+     */
+    @JsonSetter("token_policies")
+    public void setTokenPolicies(final List<String> tokenPolicies) {
+        this.tokenPolicies = tokenPolicies;
     }
 
     /**
      * @param policies list of policies
+     * @deprecated Use {@link #setTokenPolicies(List)} instead.
      */
-    @JsonSetter("policies")
+    @Deprecated
+    @JsonIgnore
     public void setPolicies(final List<String> policies) {
-        this.policies = policies;
+        setTokenPolicies(policies);
     }
 
     /**
      * @return list of policies as comma-separated {@link String}
+     * @since 0.9
      */
-    @JsonGetter("policies")
+    @JsonGetter("token_policies")
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
-    public String getPoliciesString() {
+    public String getTokenPoliciesString() {
-        if (policies == null || policies.isEmpty()) {
+        if (tokenPolicies == null || tokenPolicies.isEmpty()) {
             return "";
         }
-        return String.join(",", policies);
+        return String.join(",", tokenPolicies);
+    }
+
+    /**
+     * @return list of policies as comma-separated {@link String}
+     * @deprecated Use {@link #getTokenPoliciesString()} instead.
+     */
+    @Deprecated
+    @JsonIgnore
+    public String getPoliciesString() {
+        return getTokenPoliciesString();
     }
 
     /**
@@ -270,6 +305,14 @@ public final class AppRole {
         return secretIdTtl;
     }
 
+    /**
+     * @return Enable local secret IDs?
+     * @since 0.9
+     */
+    public Boolean getEnableLocalSecretIds() {
+        return enableLocalSecretIds;
+    }
+
     /**
      * @return token TTL in seconds
      */
@@ -285,9 +328,52 @@ public final class AppRole {
     }
 
     /**
-     * @return duration in seconds, if specified
+     * @return explicit maximum token TTL in seconds, including renewals
+     * @since 0.9
      */
+    public Integer getTokenExplicitMaxTtl() {
+        return tokenExplicitMaxTtl;
+    }
+
+    /**
+     * @return enable default policy for token?
+     * @since 0.9
+     */
+    public Boolean getTokenNoDefaultPolicy() {
+        return tokenNoDefaultPolicy;
+    }
+
+    /**
+     * @return number of uses for token
+     * @since 0.9
+     */
+    public Integer getTokenNumUses() {
+        return tokenNumUses;
+    }
+
+    /**
+     * @return duration in seconds, if specified
+     * @since 0.9
+     */
+    public Integer getTokenPeriod() {
+        return tokenPeriod;
+    }
+
+    /**
+     * @return duration in seconds, if specified
+     * @deprecated Use {@link #getTokenPeriod()} instead.
+     */
+    @Deprecated
+    @JsonIgnore
     public Integer getPeriod() {
-        return period;
+        return getTokenPeriod();
+    }
+
+    /**
+     * @return duration in seconds, if specified
+     * @since 0.9
+     */
+    public String getTokenType() {
+        return tokenType;
     }
 }

src/main/java/de/stklcode/jvault/connector/model/AppRoleBuilder.java

@@ -29,14 +29,19 @@ public final class AppRoleBuilder {
     private String name;
     private String id;
     private Boolean bindSecretId;
-    private List<String> boundCidrList;
     private List<String> secretIdBoundCidrs;
-    private List<String> policies;
+    private List<String> tokenPolicies;
     private Integer secretIdNumUses;
     private Integer secretIdTtl;
+    private Boolean enableLocalSecretIds;
     private Integer tokenTtl;
     private Integer tokenMaxTtl;
-    private Integer period;
+    private List<String> tokenBoundCidrs;
+    private Integer tokenExplicitMaxTtl;
+    private Boolean tokenNoDefaultPolicy;
+    private Integer tokenNumUses;
+    private Integer tokenPeriod;
+    private Token.Type tokenType;
 
     /**
      * Construct {@link AppRoleBuilder} with only the role name set.
@@ -89,47 +94,48 @@ public final class AppRoleBuilder {
         return withBindSecretID(false);
     }
 
-    /**
-     * Set bound CIDR blocks.
-     *
-     * @param boundCidrList List of CIDR blocks which can perform login
-     * @return self
-     * @deprecated Use {@link #withSecretIdBoundCidrs(List)} instead, as this parameter is deprecated in Vault.
-     */
-    @Deprecated
-    public AppRoleBuilder withBoundCidrList(final List<String> boundCidrList) {
-        this.boundCidrList = boundCidrList;
-        return this;
-    }
-
     /**
      * Set bound CIDR blocks.
      *
      * @param secretIdBoundCidrs List of CIDR blocks which can perform login
      * @return self
-     * @since 0.8 replaces {@link #withBoundCidrList(List)}
+     * @since 0.8 replaces {@code withBoundCidrList(List)}
      */
     public AppRoleBuilder withSecretIdBoundCidrs(final List<String> secretIdBoundCidrs) {
-        this.secretIdBoundCidrs = secretIdBoundCidrs;
+        if (this.secretIdBoundCidrs == null) {
+            this.secretIdBoundCidrs = new ArrayList<>();
+        }
+        this.secretIdBoundCidrs.addAll(secretIdBoundCidrs);
         return this;
     }
 
     /**
-     * Add a CIDR block to list of bound blocks.
+     * Add a CIDR block to list of bound blocks for secret.
      *
-     * @param cidrBlock the CIDR block
+     * @param secretBoundCidr the CIDR block
      * @return self
+     * @since 0.9
      */
-    public AppRoleBuilder withCidrBlock(final String cidrBlock) {
+    public AppRoleBuilder withSecretBoundCidr(final String secretBoundCidr) {
-        if (boundCidrList == null) {
-            boundCidrList = new ArrayList<>();
-        }
-        boundCidrList.add(cidrBlock);
-
         if (secretIdBoundCidrs == null) {
             secretIdBoundCidrs = new ArrayList<>();
         }
-        secretIdBoundCidrs.add(cidrBlock);
+        secretIdBoundCidrs.add(secretBoundCidr);
+        return this;
+    }
+
+    /**
+     * Add given policies.
+     *
+     * @param tokenPolicies the token policies
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenPolicies(final List<String> tokenPolicies) {
+        if (this.tokenPolicies == null) {
+            this.tokenPolicies = new ArrayList<>();
+        }
+        this.tokenPolicies.addAll(tokenPolicies);
         return this;
     }
 
@@ -138,12 +144,25 @@ public final class AppRoleBuilder {
      *
      * @param policies the policies
      * @return self
+     * @deprecated Use {@link #withTokenPolicies(List)} instead.
      */
+    @Deprecated
     public AppRoleBuilder withPolicies(final List<String> policies) {
-        if (this.policies == null) {
+        return withTokenPolicies(policies);
-            this.policies = new ArrayList<>();
+    }
+
+    /**
+     * Add a single policy.
+     *
+     * @param tokenPolicy the token policy
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenPolicy(final String tokenPolicy) {
+        if (this.tokenPolicies == null) {
+            this.tokenPolicies = new ArrayList<>();
         }
-        this.policies.addAll(policies);
+        tokenPolicies.add(tokenPolicy);
         return this;
     }
 
@@ -152,13 +171,11 @@ public final class AppRoleBuilder {
      *
      * @param policy the policy
      * @return self
+     * @deprecated Use {@link #withTokenPolicy(String)} instead.
      */
+    @Deprecated
     public AppRoleBuilder withPolicy(final String policy) {
-        if (this.policies == null) {
+        return withTokenPolicy(policy);
-            this.policies = new ArrayList<>();
-        }
-        policies.add(policy);
-        return this;
     }
 
     /**
@@ -183,6 +200,18 @@ public final class AppRoleBuilder {
         return this;
     }
 
+    /**
+     * Enable or disable local secret IDs.
+     *
+     * @param enableLocalSecretIds Enable local secret IDs?
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withEnableLocalSecretIds(final Boolean enableLocalSecretIds) {
+        this.enableLocalSecretIds = enableLocalSecretIds;
+        return this;
+    }
+
     /**
      * Set default token TTL in seconds.
      *
@@ -205,17 +234,106 @@ public final class AppRoleBuilder {
         return this;
     }
 
+    /**
+     * Set bound CIDR blocks for associated tokens.
+     *
+     * @param tokenBoundCidrs List of CIDR blocks which can perform login
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenBoundCidrs(final List<String> tokenBoundCidrs) {
+        if (this.tokenBoundCidrs == null) {
+            this.tokenBoundCidrs = new ArrayList<>();
+        }
+        this.tokenBoundCidrs.addAll(tokenBoundCidrs);
+        return this;
+    }
+
+    /**
+     * Add a CIDR block to list of bound blocks for token.
+     *
+     * @param tokenBoundCidr the CIDR block
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenBoundCidr(final String tokenBoundCidr) {
+        if (tokenBoundCidrs == null) {
+            tokenBoundCidrs = new ArrayList<>();
+        }
+        tokenBoundCidrs.add(tokenBoundCidr);
+        return this;
+    }
+
+    /**
+     * Set explicit maximum token TTL in seconds.
+     *
+     * @param tokenExplicitMaxTtl the TTL
+     * @return self
+     */
+    public AppRoleBuilder withTokenExplicitMaxTtl(final Integer tokenExplicitMaxTtl) {
+        this.tokenExplicitMaxTtl = tokenExplicitMaxTtl;
+        return this;
+    }
+
+    /**
+     * Enable or disable default policy for generated token.
+     *
+     * @param tokenNoDefaultPolicy Enable default policy for token?
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenNoDefaultPolicy(final Boolean tokenNoDefaultPolicy) {
+        this.tokenNoDefaultPolicy = tokenNoDefaultPolicy;
+        return this;
+    }
+
+    /**
+     * Set number of uses for generated tokens.
+     *
+     * @param tokenNumUses number of uses for tokens
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenNumUses(final Integer tokenNumUses) {
+        this.tokenNumUses = tokenNumUses;
+        return this;
+    }
+
+    /**
+     * Set renewal period for generated token in seconds.
+     *
+     * @param tokenPeriod period in seconds
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder wit0hTokenPeriod(final Integer tokenPeriod) {
+        this.tokenPeriod = tokenPeriod;
+        return this;
+    }
+
     /**
      * Set renewal period for generated token in seconds.
      *
      * @param period period in seconds
      * @return self
+     * @deprecated Use {@link #wit0hTokenPeriod(Integer)} instead.
      */
+    @Deprecated
     public AppRoleBuilder withPeriod(final Integer period) {
-        this.period = period;
+        return wit0hTokenPeriod(period);
-        return this;
     }
 
+    /**
+     * Set type of generated token.
+     *
+     * @param tokenType token type
+     * @return self
+     * @since 0.9
+     */
+    public AppRoleBuilder withTokenType(final Token.Type tokenType) {
+        this.tokenType = tokenType;
+        return this;
+    }
 
     /**
      * Build the AppRole role based on given parameters.
@@ -223,16 +341,23 @@ public final class AppRoleBuilder {
      * @return the role
      */
     public AppRole build() {
-        return new AppRole(name,
+        return new AppRole(
+                name,
                 id,
                 bindSecretId,
-                boundCidrList,
                 secretIdBoundCidrs,
-                policies,
                 secretIdNumUses,
                 secretIdTtl,
+                enableLocalSecretIds,
                 tokenTtl,
                 tokenMaxTtl,
-                period);
+                tokenPolicies,
+                tokenBoundCidrs,
+                tokenExplicitMaxTtl,
+                tokenNoDefaultPolicy,
+                tokenNumUses,
+                tokenPeriod,
+                tokenType != null ? tokenType.value() : null
+        );
     }
 }

src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java

@@ -881,6 +881,28 @@ public class HTTPVaultConnectorTest {
                 fail("Role ID lookup failed.");
             }
 
+            /* Update role model with custom flags */
+            role = AppRole.builder(roleName)
+                    .wit0hTokenPeriod(321)
+                    .build();
+
+            /* Create role */
+            try {
+                boolean res = connector.createAppRole(role);
+                assertThat("No result given.", res, is(notNullValue()));
+            } catch (VaultConnectorException e) {
+                fail("Role creation failed.");
+            }
+
+            /* Lookup updated role */
+            try {
+                AppRoleResponse res = connector.lookupAppRole(roleName);
+                assertThat("Role lookup returned no role.", res.getRole(), is(notNullValue()));
+                assertThat("Token period not set for role.", res.getRole().getTokenPeriod(), is(321));
+            } catch (VaultConnectorException e) {
+                fail("Role lookup failed.");
+            }
+
             /* Create role by name */
             roleName = "RoleByName";
             try {

src/test/java/de/stklcode/jvault/connector/model/AppRoleBuilderTest.java

@@ -34,8 +34,6 @@ import static org.hamcrest.Matchers.*;
  * @since 0.4.0
  */
 public class AppRoleBuilderTest {
-
-
     private static final String NAME = "TestRole";
     private static final String ID = "test-id";
     private static final Boolean BIND_SECRET_ID = true;
@@ -47,12 +45,17 @@ public class AppRoleBuilderTest {
     private static final String POLICY_2 = "policy2";
     private static final Integer SECRET_ID_NUM_USES = 10;
     private static final Integer SECRET_ID_TTL = 7200;
+    private static final Boolean ENABLE_LOCAL_SECRET_IDS = false;
     private static final Integer TOKEN_TTL = 4800;
     private static final Integer TOKEN_MAX_TTL = 9600;
-    private static final Integer PERIOD = 1234;
+    private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
+    private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
+    private static final Integer TOKEN_NUM_USES = 42;
+    private static final Integer TOKEN_PERIOD = 1234;
+    private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
     private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
-    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"bound_cidr_list\":\"%s\",\"secret_id_bound_cidrs\":\"%s\",\"policies\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"token_ttl\":%d,\"token_max_ttl\":%d,\"period\":%d}",
+    private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"enable_local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
-            NAME, ID, BIND_SECRET_ID, CIDR_1, CIDR_1, POLICY, SECRET_ID_NUM_USES, SECRET_ID_TTL, TOKEN_TTL, TOKEN_MAX_TTL, PERIOD);
+            NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, ENABLE_LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
 
     @BeforeAll
     public static void init() {
@@ -68,14 +71,21 @@ public class AppRoleBuilderTest {
         AppRole role = new AppRoleBuilder(NAME).build();
         assertThat(role.getId(), is(nullValue()));
         assertThat(role.getBindSecretId(), is(nullValue()));
-        assertThat(role.getBoundCidrList(), is(nullValue()));
         assertThat(role.getSecretIdBoundCidrs(), is(nullValue()));
+        assertThat(role.getTokenPolicies(), is(nullValue()));
         assertThat(role.getPolicies(), is(nullValue()));
         assertThat(role.getSecretIdNumUses(), is(nullValue()));
         assertThat(role.getSecretIdTtl(), is(nullValue()));
+        assertThat(role.getEnableLocalSecretIds(), is(nullValue()));
         assertThat(role.getTokenTtl(), is(nullValue()));
         assertThat(role.getTokenMaxTtl(), is(nullValue()));
+        assertThat(role.getTokenBoundCidrs(), is(nullValue()));
+        assertThat(role.getTokenExplicitMaxTtl(), is(nullValue()));
+        assertThat(role.getTokenNoDefaultPolicy(), is(nullValue()));
+        assertThat(role.getTokenNumUses(), is(nullValue()));
+        assertThat(role.getTokenPeriod(), is(nullValue()));
         assertThat(role.getPeriod(), is(nullValue()));
+        assertThat(role.getTokenType(), is(nullValue()));
 
         /* optional fields should be ignored, so JSON string should only contain role_name */
         assertThat(new ObjectMapper().writeValueAsString(role), is(JSON_MIN));
@@ -89,26 +99,38 @@ public class AppRoleBuilderTest {
         AppRole role = new AppRoleBuilder(NAME)
                 .withId(ID)
                 .withBindSecretID(BIND_SECRET_ID)
-                .withBoundCidrList(BOUND_CIDR_LIST)
                 .withSecretIdBoundCidrs(BOUND_CIDR_LIST)
-                .withPolicies(POLICIES)
+                .withTokenPolicies(POLICIES)
                 .withSecretIdNumUses(SECRET_ID_NUM_USES)
                 .withSecretIdTtl(SECRET_ID_TTL)
+                .withEnableLocalSecretIds(ENABLE_LOCAL_SECRET_IDS)
                 .withTokenTtl(TOKEN_TTL)
                 .withTokenMaxTtl(TOKEN_MAX_TTL)
-                .withPeriod(PERIOD)
+                .withTokenBoundCidrs(BOUND_CIDR_LIST)
+                .withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
+                .withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
+                .withTokenNumUses(TOKEN_NUM_USES)
+                .wit0hTokenPeriod(TOKEN_PERIOD)
+                .withTokenType(TOKEN_TYPE)
                 .build();
         assertThat(role.getName(), is(NAME));
         assertThat(role.getId(), is(ID));
         assertThat(role.getBindSecretId(), is(BIND_SECRET_ID));
-        assertThat(role.getBoundCidrList(), is(BOUND_CIDR_LIST));
         assertThat(role.getSecretIdBoundCidrs(), is(BOUND_CIDR_LIST));
-        assertThat(role.getPolicies(), is(POLICIES));
+        assertThat(role.getTokenPolicies(), is(POLICIES));
+        assertThat(role.getPolicies(), is(role.getTokenPolicies()));
         assertThat(role.getSecretIdNumUses(), is(SECRET_ID_NUM_USES));
         assertThat(role.getSecretIdTtl(), is(SECRET_ID_TTL));
+        assertThat(role.getEnableLocalSecretIds(), is(ENABLE_LOCAL_SECRET_IDS));
         assertThat(role.getTokenTtl(), is(TOKEN_TTL));
         assertThat(role.getTokenMaxTtl(), is(TOKEN_MAX_TTL));
-        assertThat(role.getPeriod(), is(PERIOD));
+        assertThat(role.getTokenBoundCidrs(), is(BOUND_CIDR_LIST));
+        assertThat(role.getTokenExplicitMaxTtl(), is(TOKEN_EXPLICIT_MAX_TTL));
+        assertThat(role.getTokenNoDefaultPolicy(), is(TOKEN_NO_DEFAULT_POLICY));
+        assertThat(role.getTokenNumUses(), is(TOKEN_NUM_USES));
+        assertThat(role.getTokenPeriod(), is(TOKEN_PERIOD));
+        assertThat(role.getPeriod(), is(TOKEN_PERIOD));
+        assertThat(role.getTokenType(), is(TOKEN_TYPE.value()));
 
         /* Verify that all parameters are included in JSON string */
         assertThat(new ObjectMapper().writeValueAsString(role), is(JSON_FULL));
@@ -128,29 +150,33 @@ public class AppRoleBuilderTest {
         assertThat(role.getBindSecretId(), is(false));
 
         /* Add single CIDR subnet */
-        role = new AppRoleBuilder(NAME).withCidrBlock(CIDR_2).build();
+        role = new AppRoleBuilder(NAME).withSecretBoundCidr(CIDR_2).withTokenBoundCidr(CIDR_2).build();
-        assertThat(role.getBoundCidrList(), hasSize(1));
-        assertThat(role.getBoundCidrList(), contains(CIDR_2));
         assertThat(role.getSecretIdBoundCidrs(), hasSize(1));
         assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_2));
+        assertThat(role.getTokenBoundCidrs(), hasSize(1));
+        assertThat(role.getTokenBoundCidrs(), contains(CIDR_2));
         role = new AppRoleBuilder(NAME)
                 .withSecretIdBoundCidrs(BOUND_CIDR_LIST)
-                .withCidrBlock(CIDR_2)
+                .withSecretBoundCidr(CIDR_2)
+                .withTokenBoundCidrs(BOUND_CIDR_LIST)
+                .withTokenBoundCidr(CIDR_2)
                 .build();
-        assertThat(role.getBoundCidrList(), hasSize(1));
-        assertThat(role.getBoundCidrList(), contains(CIDR_2));
         assertThat(role.getSecretIdBoundCidrs(), hasSize(2));
         assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_1, CIDR_2));
+        assertThat(role.getTokenBoundCidrs(), hasSize(2));
+        assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_1, CIDR_2));
 
         /* Add single policy */
-        role = new AppRoleBuilder(NAME).withPolicy(POLICY_2).build();
+        role = new AppRoleBuilder(NAME).withTokenPolicy(POLICY_2).build();
-        assertThat(role.getPolicies(), hasSize(1));
+        assertThat(role.getTokenPolicies(), hasSize(1));
-        assertThat(role.getPolicies(), contains(POLICY_2));
+        assertThat(role.getTokenPolicies(), contains(POLICY_2));
+        assertThat(role.getPolicies(), is(role.getTokenPolicies()));
         role = new AppRoleBuilder(NAME)
-                .withPolicies(POLICIES)
+                .withTokenPolicies(POLICIES)
-                .withPolicy(POLICY_2)
+                .withTokenPolicy(POLICY_2)
                 .build();
-        assertThat(role.getPolicies(), hasSize(2));
+        assertThat(role.getTokenPolicies(), hasSize(2));
-        assertThat(role.getPolicies(), contains(POLICY, POLICY_2));
+        assertThat(role.getTokenPolicies(), contains(POLICY, POLICY_2));
+        assertThat(role.getPolicies(), is(role.getTokenPolicies()));
     }
 }

src/test/java/de/stklcode/jvault/connector/model/response/AppRoleResponseTest.java

@@ -53,10 +53,10 @@ public class AppRoleResponseTest {
             "    \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
             "    \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
             "    \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
-            "    \"policies\": [\n" +
+            "    \"token_policies\": [\n" +
             "      \"" + ROLE_POLICY + "\"\n" +
             "    ],\n" +
-            "    \"period\": " + ROLE_PERIOD + ",\n" +
+            "    \"token_period\": " + ROLE_PERIOD + ",\n" +
             "    \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
             "    \"bound_cidr_list\": \"\"\n" +
             "  },\n" +
@@ -68,7 +68,7 @@ public class AppRoleResponseTest {
     private static final Map<String, Object> INVALID_DATA = new HashMap<>();
 
     static {
-        INVALID_DATA.put("policies", "fancy-policy");
+        INVALID_DATA.put("token_policies", "fancy-policy");
     }
 
     /**
@@ -104,12 +104,15 @@ public class AppRoleResponseTest {
             assertThat("Incorrect token max TTL", role.getTokenMaxTtl(), is(ROLE_TOKEN_MAX_TTL));
             assertThat("Incorrect secret ID TTL", role.getSecretIdTtl(), is(ROLE_SECRET_TTL));
             assertThat("Incorrect secret ID umber of uses", role.getSecretIdNumUses(), is(ROLE_SECRET_NUM_USES));
+            assertThat("Incorrect number of policies", role.getTokenPolicies(), hasSize(1));
+            assertThat("Incorrect role policies", role.getTokenPolicies(), contains(ROLE_POLICY));
             assertThat("Incorrect number of policies", role.getPolicies(), hasSize(1));
             assertThat("Incorrect role policies", role.getPolicies(), contains(ROLE_POLICY));
+            assertThat("Incorrect role period", role.getTokenPeriod(), is(ROLE_PERIOD));
             assertThat("Incorrect role period", role.getPeriod(), is(ROLE_PERIOD));
             assertThat("Incorrect role bind secret ID flag", role.getBindSecretId(), is(ROLE_BIND_SECRET));
-            assertThat("Incorrect biund CIDR list", role.getBoundCidrList(), is(nullValue()));
+            assertThat("Incorrect bound CIDR list", role.getTokenBoundCidrs(), is(nullValue()));
-            assertThat("Incorrect biund CIDR list string", role.getBoundCidrListString(), is(emptyString()));
+            assertThat("Incorrect bound CIDR list string", role.getTokenBoundCidrsString(), is(emptyString()));
         } catch (IOException e) {
             fail("AuthResponse deserialization failed: " + e.getMessage());
         }