Update AppRole documentation with modern parameters

CHANGELOG.md

@@ -5,6 +5,7 @@
 IMPROVEMENTS
 
 - Added `cluster_address` field to `LeaderStatus` response from `sys/leader` endpoint [GH-204]
+- Updated AppRole `set_role` documentation to include modern parameters like `secret_id_bound_cidrs`, `token_bound_cidrs`, and `token_policies`. Added reference to official Vault API docs for complete parameter list. [GH-220]
 
 BUG FIXES
 

lib/vault/api/approle.rb

@@ -24,39 +24,52 @@ class AppRole < Request
     # @example
     #   Vault.approle.set_role("testrole", {
     #     secret_id_ttl: "10m",
+    #     secret_id_bound_cidrs: ["10.0.0.0/8"],
     #     token_ttl:     "20m",
-    #     policies:      "default",
-    #     period:        3600,
+    #     token_policies: ["default", "app-policy"],
+    #     token_bound_cidrs: ["10.0.0.0/8"],
     #   }) #=> true
     #
     # @param [String] name
     #   The name of the AppRole
     # @param [Hash] options
     # @option options [Boolean] :bind_secret_id
     #   Require secret_id to be presented when logging in using this AppRole.
-    # @option options [String] :bound_cidr_list
-    #   Comma-separated list of CIDR blocks. Specifies blocks of IP addresses
-    #   which can perform the login operation.
-    # @option options [String] :policies
-    #   Comma-separated list of policies set on tokens issued via this AppRole.
+    # @option options [Array<String>] :secret_id_bound_cidrs
+    #   Array of CIDR blocks. If set, specifies blocks of IP addresses which
+    #   can perform the login operation.
     # @option options [String] :secret_id_num_uses
     #   Number of times any particular SecretID can be used to fetch a token
     #   from this AppRole, after which the SecretID will expire.
     # @option options [Fixnum, String] :secret_id_ttl
     #   The number of seconds or a golang-formatted timestamp like "60m" after
     #   which any SecretID expires.
+    # @option options [Boolean] :local_secret_ids
+    #   If set, the secret IDs generated using this role will be cluster local.
+    # @option options [Array<String>] :token_policies
+    #   Array of policies to be set on tokens issued using this AppRole.
+    # @option options [Array<String>] :token_bound_cidrs
+    #   Array of CIDR blocks. If set, specifies blocks of IP addresses which
+    #   can authenticate using tokens generated by this AppRole.
     # @option options [Fixnum, String] :token_ttl
     #   The number of seconds or a golang-formatted timestamp like "60m" to set
     #   as the TTL for issued tokens and at renewal time.
     # @option options [Fixnum, String] :token_max_ttl
     #   The number of seconds or a golang-formatted timestamp like "60m" after
     #   which the issued token can no longer be renewed.
-    # @option options [Fixnum, String] :period
-    #   The number of seconds or a golang-formatted timestamp like "60m".
-    #   If set, the token generated using this AppRole is a periodic token.
-    #   So long as it is renewed it never expires, but the TTL set on the token
-    #   at each renewal is fixed to the value specified here. If this value is
-    #   modified, the token will pick up the new value at its next renewal.
+    # @option options [Fixnum, String] :token_explicit_max_ttl
+    #   If set, tokens created via this role carry an explicit maximum TTL.
+    # @option options [Boolean] :token_no_default_policy
+    #   If set, the default policy will not be set on tokens issued via this role.
+    # @option options [Fixnum] :token_num_uses
+    #   The maximum number of times a generated token may be used.
+    # @option options [Fixnum, String] :token_period
+    #   The maximum allowed period value when a periodic token is requested.
+    # @option options [String] :token_type
+    #   The type of token that should be generated (service, batch, or default).
+    #
+    # For a complete list of parameters, see the Vault AppRole API documentation:
+    # https://developer.hashicorp.com/vault/api-docs/auth/approle
     #
     # @return [true]
     def set_role(name, options = {})