scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

update OpenAPI output to use DisplayAttributes struct (#6928)

Browse Source
This commit is contained in:
Madalyn
2019-06-21 11:08:08 -04:00
committed by GitHub
parent 6dccc2c6df
commit 3c25b19aac
14 changed files with 330 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
builtin/credential/github/path_config.go
View File

@@ -25,17 +25,24 @@ func pathConfig(b *backend) *framework.Path {
Description: `The API endpoint to use. Useful if you
are running GitHub Enterprise or an
API-compatible authentication server.`,
DisplayName: "Base URL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Base URL",
Group: "GitHub Options",
},
},
"ttl": &framework.FieldSchema{
Type: framework.TypeString,
Description: `Duration after which authentication will be expired`,
DisplayName: "TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "TTL",
},
},
"max_ttl": &framework.FieldSchema{
Type: framework.TypeString,
Description: `Maximum duration after which authentication will be expired`,
DisplayName: "Max TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Max TTL",
},
},
},

3
builtin/credential/ldap/path_groups.go
View File

@@ -19,6 +19,9 @@ func pathGroupsList(b *backend) *framework.Path {
HelpSynopsis: pathGroupHelpSyn,
HelpDescription: pathGroupHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Navigation: true,
},
}
}

3
builtin/credential/ldap/path_users.go
View File

@@ -20,6 +20,9 @@ func pathUsersList(b *backend) *framework.Path {
HelpSynopsis: pathUserHelpSyn,
HelpDescription: pathUserHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Navigation: true,
},
}
}

22
builtin/credential/okta/path_config.go
View File

@@ -30,7 +30,9 @@ func pathConfig(b *backend) *framework.Path {
"org_name": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Name of the organization to be used in the Okta API.",
DisplayName: "Organization Name",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Organization Name",
},
},
"token": &framework.FieldSchema{
Type: framework.TypeString,
@@ -40,12 +42,16 @@ func pathConfig(b *backend) *framework.Path {
"api_token": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Okta API key.",
DisplayName: "API Token",
DisplayAttrs: &framework.DisplayAttributes{
Name: "API Token",
},
},
"base_url": &framework.FieldSchema{
Type: framework.TypeString,
Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`,
DisplayName: "Base URL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Base URL",
},
},
"production": &framework.FieldSchema{
Type: framework.TypeBool,
@@ -55,15 +61,23 @@ func pathConfig(b *backend) *framework.Path {
"ttl": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Description: `Duration after which authentication will be expired`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "TTL",
},
},
"max_ttl": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Description: `Maximum duration after which authentication will be expired`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Max TTL",
},
},
"bypass_okta_mfa": &framework.FieldSchema{
Type: framework.TypeBool,
Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
DisplayName: "Bypass Okta MFA",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Bypass Okta MFA",
},
},
},

26
builtin/credential/radius/path_config.go
View File

@@ -15,13 +15,18 @@ func pathConfig(b *backend) *framework.Path {
"host": &framework.FieldSchema{
Type: framework.TypeString,
Description: "RADIUS server host",
DisplayName: "Host",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Host",
},
},
"port": &framework.FieldSchema{
Type: framework.TypeInt,
Default: 1812,
Description: "RADIUS server port (default: 1812)",
DisplayAttrs: &framework.DisplayAttributes{
Value: 1812,
},
},
"secret": &framework.FieldSchema{
Type: framework.TypeString,
@@ -31,29 +36,42 @@ func pathConfig(b *backend) *framework.Path {
Type: framework.TypeString,
Default: "",
Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: empty)",
DisplayName: "Policies for unregistered users",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Policies for unregistered users",
},
},
"dial_timeout": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Default: 10,
Description: "Number of seconds before connect times out (default: 10)",
DisplayAttrs: &framework.DisplayAttributes{
Value: 10,
},
},
"read_timeout": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Default: 10,
Description: "Number of seconds before response times out (default: 10)",
DisplayAttrs: &framework.DisplayAttributes{
Value: 10,
},
},
"nas_port": &framework.FieldSchema{
Type: framework.TypeInt,
Default: 10,
Description: "RADIUS NAS port field (default: 10)",
DisplayName: "NAS Port",
DisplayAttrs: &framework.DisplayAttributes{
Name: "NAS Port",
Value: 10,
},
},
"nas_identifier": &framework.FieldSchema{
Type: framework.TypeString,
Default: "",
Description: "RADIUS NAS Identifier field (optional)",
DisplayName: "NAS Identifier",
DisplayAttrs: &framework.DisplayAttributes{
Name: "NAS Identifier",
},
},
},

27
builtin/logical/aws/path_roles.go
View File

@@ -41,7 +41,9 @@ func pathRoles(b *backend) *framework.Path {
"name": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Name of the policy",
DisplayName: "Policy Name",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Policy Name",
},
},
"credential_type": &framework.FieldSchema{
@@ -52,13 +54,17 @@ func pathRoles(b *backend) *framework.Path {
"role_arns": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: "ARNs of AWS roles allowed to be assumed. Only valid when credential_type is " + assumedRoleCred,
DisplayName: "Role ARNs",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Role ARNs",
},
},
"policy_arns": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: "ARNs of AWS policies to attach to IAM users. Only valid when credential_type is " + iamUserCred,
DisplayName: "Policy ARNs",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Policy ARNs",
},
},
"policy_document": &framework.FieldSchema{
@@ -73,13 +79,17 @@ GetFederationToken API call, acting as a filter on permissions available.`,
"default_sts_ttl": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred),
DisplayName: "Default TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Default TTL",
},
},
"max_sts_ttl": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Description: fmt.Sprintf("Max allowed TTL for %s and %s credential types", assumedRoleCred, federationTokenCred),
DisplayName: "Max TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Max TTL",
},
},
"arn": &framework.FieldSchema{
@@ -98,8 +108,11 @@ or IAM role to assume`,
"user_path": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Path for IAM User. Only valid when credential_type is " + iamUserCred,
DisplayName: "User Path",
Default: "/",
DisplayAttrs: &framework.DisplayAttributes{
Name: "User Path",
Value: "/",
},
Default: "/",
},
},

68
builtin/logical/pki/fields.go
View File

@@ -11,7 +11,9 @@ func addIssueAndSignCommonFields(fields map[string]*framework.FieldSchema) map[s
Description: `If true, the Common Name will not be
included in DNS or Email Subject Alternate Names.
Defaults to false (CN is included).`,
DisplayName: "Exclude Common Name from Subject Alternative Names (SANs)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Exclude Common Name from Subject Alternative Names (SANs)",
},
}
fields["format"] = &framework.FieldSchema{
@@ -22,6 +24,9 @@ or "pem_bundle". If "pem_bundle" any private
key and issuing cert will be appended to the
certificate pem. Defaults to "pem".`,
AllowedValues: []interface{}{"pem", "der", "pem_bundle"},
DisplayAttrs: &framework.DisplayAttributes{
Value: "pem",
},
}
fields["private_key_format"] = &framework.FieldSchema{
@@ -34,27 +39,36 @@ However, this can be set to "pkcs8" to have the returned
private key contain base64-encoded pkcs8 or PEM-encoded
pkcs8 instead. Defaults to "der".`,
AllowedValues: []interface{}{"", "der", "pem", "pkcs8"},
DisplayAttrs: &framework.DisplayAttributes{
Value: "der",
},
}
fields["ip_sans"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `The requested IP SANs, if any, in a
comma-delimited list`,
DisplayName: "IP Subject Alternative Names (SANs)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "IP Subject Alternative Names (SANs)",
},
}
fields["uri_sans"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `The requested URI SANs, if any, in a
comma-delimited list.`,
DisplayName: "URI Subject Alternative Names (SANs)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "URI Subject Alternative Names (SANs)",
},
}
fields["other_sans"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `Requested other SANs, in an array with the format
<oid>;UTF8:<utf8 string value> for each entry.`,
DisplayName: "Other SANs",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Other SANs",
},
}
return fields
@@ -85,7 +99,9 @@ in the role, this may be an email address.`,
in a comma-delimited list. If email protection
is enabled for the role, this may contain
email addresses.`,
DisplayName: "DNS/Email Subject Alternative Names (SANs)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "DNS/Email Subject Alternative Names (SANs)",
},
}
fields["serial_number"] = &framework.FieldSchema{
@@ -102,7 +118,9 @@ sets the expiration date. If not specified
the role default, backend default, or system
default TTL is used, in that order. Cannot
be larger than the role max TTL.`,
DisplayName: "TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "TTL",
},
}
return fields
@@ -118,7 +136,9 @@ func addCACommonFields(fields map[string]*framework.FieldSchema) map[string]*fra
Description: `The requested Subject Alternative Names, if any,
in a comma-delimited list. May contain both
DNS names and email addresses.`,
DisplayName: "DNS/Email Subject Alternative Names (SANs)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "DNS/Email Subject Alternative Names (SANs)",
},
}
fields["common_name"] = &framework.FieldSchema{
@@ -140,14 +160,18 @@ be larger than the mount max TTL. Note:
this only has an effect when generating
a CA cert or signing a CA cert, not when
generating a CSR for an intermediate CA.`,
DisplayName: "TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "TTL",
},
}
fields["ou"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, OU (OrganizationalUnit) will be set to
this value.`,
DisplayName: "OU (Organizational Unit)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "OU (Organizational Unit)",
},
}
fields["organization"] = &framework.FieldSchema{
@@ -166,28 +190,36 @@ this value.`,
Type: framework.TypeCommaStringSlice,
Description: `If set, Locality will be set to
this value.`,
DisplayName: "Locality/City",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Locality/City",
},
}
fields["province"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, Province will be set to
this value.`,
DisplayName: "Province/State",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Province/State",
},
}
fields["street_address"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, Street Address will be set to
this value.`,
DisplayName: "Street Address",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Street Address",
},
}
fields["postal_code"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, Postal Code will be set to
this value.`,
DisplayName: "Postal Code",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Postal Code",
},
}
fields["serial_number"] = &framework.FieldSchema{
@@ -217,6 +249,9 @@ the private key!`,
Description: `The number of bits to use. You will almost
certainly want to change this if you adjust
the key_type.`,
DisplayAttrs: &framework.DisplayAttributes{
Value: 2048,
},
}
fields["key_type"] = &framework.FieldSchema{
@@ -225,6 +260,9 @@ the key_type.`,
Description: `The type of key to use; defaults to RSA. "rsa"
and "ec" are the only valid values.`,
AllowedValues: []interface{}{"rsa", "ec"},
DisplayAttrs: &framework.DisplayAttributes{
Value: "rsa",
},
}
return fields
}
@@ -241,7 +279,9 @@ func addCAIssueFields(fields map[string]*framework.FieldSchema) map[string]*fram
fields["permitted_dns_domains"] = &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).`,
DisplayName: "Permitted DNS Domains",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Permitted DNS Domains",
},
}
return fields

78
builtin/logical/pki/path_roles.go
View File

@@ -48,13 +48,17 @@ func pathRoles(b *backend) *framework.Path {
requested. The lease duration controls the expiration
of certificates issued by this backend. Defaults to
the value of max_ttl.`,
DisplayName: "TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "TTL",
},
},
"max_ttl": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Description: "The maximum allowed lease duration",
DisplayName: "Max TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Max TTL",
},
},
"allow_localhost": &framework.FieldSchema{
@@ -62,6 +66,9 @@ the value of max_ttl.`,
Default: true,
Description: `Whether to allow "localhost" as a valid common
name in a request`,
DisplayAttrs: &framework.DisplayAttributes{
Value: true,
},
},
"allowed_domains": &framework.FieldSchema{
@@ -108,6 +115,9 @@ information.`,
Default: true,
Description: `If set, only valid host names are allowed for
CN and SANs. Defaults to true.`,
DisplayAttrs: &framework.DisplayAttributes{
Value: true,
},
},
"allow_ip_sans": &framework.FieldSchema{
@@ -115,20 +125,27 @@ CN and SANs. Defaults to true.`,
Default: true,
Description: `If set, IP Subject Alternative Names are allowed.
Any valid IP is accepted.`,
DisplayName: "Allow IP Subject Alternative Names",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Allow IP Subject Alternative Names",
Value: true,
},
},
"allowed_uri_sans": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, an array of allowed URIs to put in the URI Subject Alternative Names.
Any valid URI is accepted, these values support globbing.`,
DisplayName: "Allowed URI Subject Alternative Names",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Allowed URI Subject Alternative Names",
},
},
"allowed_other_sans": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, an array of allowed other names to put in SANs. These values support globbing and must be in the format <oid>;<type>:<value>. Currently only "utf8" is a valid type. All values, including globbing values, must use this syntax, with the exception being a single "*" which allows any OID and any value (but type must still be utf8).`,
DisplayName: "Allowed Other Subject Alternative Names",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Allowed Other Subject Alternative Names",
},
},
"allowed_serial_numbers": &framework.FieldSchema{
@@ -141,6 +158,9 @@ Any valid URI is accepted, these values support globbing.`,
Default: true,
Description: `If set, certificates are flagged for server auth use.
Defaults to true.`,
DisplayAttrs: &framework.DisplayAttributes{
Value: true,
},
},
"client_flag": &framework.FieldSchema{
@@ -148,6 +168,9 @@ Defaults to true.`,
Default: true,
Description: `If set, certificates are flagged for client auth use.
Defaults to true.`,
DisplayAttrs: &framework.DisplayAttributes{
Value: true,
},
},
"code_signing_flag": &framework.FieldSchema{
@@ -187,7 +210,9 @@ https://golang.org/pkg/crypto/x509/#KeyUsage
-- simply drop the "KeyUsage" part of the name.
To remove all key usages from being set, set
this value to an empty list.`,
DisplayValue: "DigitalSignature,KeyAgreement,KeyEncipherment",
DisplayAttrs: &framework.DisplayAttributes{
Value: "DigitalSignature,KeyAgreement,KeyEncipherment",
},
},
"ext_key_usage": &framework.FieldSchema{
@@ -198,13 +223,17 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage
-- simply drop the "ExtKeyUsage" part of the name.
To remove all key usages from being set, set
this value to an empty list.`,
DisplayName: "Extended Key Usage",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Extended Key Usage",
},
},
"ext_key_usage_oids": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `A comma-separated string or list of extended key usage oids.`,
DisplayName: "Extended Key Usage OIDs",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Extended Key Usage OIDs",
},
},
"use_csr_common_name": &framework.FieldSchema{
@@ -214,7 +243,10 @@ this value to an empty list.`,
the common name in the CSR will be used. This
does *not* include any requested Subject Alternative
Names. Defaults to true.`,
DisplayName: "Use CSR Common Name",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Use CSR Common Name",
Value: true,
},
},
"use_csr_sans": &framework.FieldSchema{
@@ -223,14 +255,19 @@ Names. Defaults to true.`,
Description: `If set, when used with a signing profile,
the SANs in the CSR will be used. This does *not*
include the Common Name (cn). Defaults to true.`,
DisplayName: "Use CSR Subject Alternative Names",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Use CSR Subject Alternative Names",
Value: true,
},
},
"ou": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, OU (OrganizationalUnit) will be set to
this value in certificates issued by this role.`,
DisplayName: "Organizational Unit",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Organizational Unit",
},
},
"organization": &framework.FieldSchema{
@@ -249,14 +286,18 @@ this value in certificates issued by this role.`,
Type: framework.TypeCommaStringSlice,
Description: `If set, Locality will be set to
this value in certificates issued by this role.`,
DisplayName: "Locality/City",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Locality/City",
},
},
"province": &framework.FieldSchema{
Type: framework.TypeCommaStringSlice,
Description: `If set, Province will be set to
this value in certificates issued by this role.`,
DisplayName: "Province/State",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Province/State",
},
},
"street_address": &framework.FieldSchema{
@@ -299,7 +340,9 @@ for "generate_lease".`,
Type: framework.TypeBool,
Default: true,
Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`,
DisplayName: "Use CSR Common Name",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Require Common Name",
},
},
"policy_identifiers": &framework.FieldSchema{
@@ -310,12 +353,17 @@ for "generate_lease".`,
"basic_constraints_valid_for_non_ca": &framework.FieldSchema{
Type: framework.TypeBool,
Description: `Mark Basic Constraints valid when issuing non-CA certificates.`,
DisplayName: "Basic Constraints Valid for Non-CA",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Basic Constraints Valid for Non-CA",
},
},
"not_before_duration": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Default: 30,
Description: `The duration before now the cert needs to be created / signed.`,
DisplayAttrs: &framework.DisplayAttributes{
Value: 30,
},
},
},

40
builtin/logical/ssh/path_roles.go
View File

@@ -93,7 +93,9 @@ func pathRoles(b *backend) *framework.Path {
credential is being generated for other users, Vault uses this admin
username to login to remote host and install the generated credential
for the other user.`,
DisplayName: "Admin Username",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Admin Username",
},
},
"default_user": &framework.FieldSchema{
Type: framework.TypeString,
@@ -102,7 +104,9 @@ func pathRoles(b *backend) *framework.Path {
Default username for which a credential will be generated.
When the endpoint 'creds/' is used without a username, this
value will be used as default username.`,
DisplayName: "Default Username",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Default Username",
},
},
"cidr_list": &framework.FieldSchema{
Type: framework.TypeString,
@@ -110,7 +114,9 @@ func pathRoles(b *backend) *framework.Path {
[Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type]
Comma separated list of CIDR blocks for which the role is applicable for.
CIDR blocks can belong to more than one role.`,
DisplayName: "CIDR List",
DisplayAttrs: &framework.DisplayAttributes{
Name: "CIDR List",
},
},
"exclude_cidr_list": &framework.FieldSchema{
Type: framework.TypeString,
@@ -119,7 +125,9 @@ func pathRoles(b *backend) *framework.Path {
Comma separated list of CIDR blocks. IP addresses belonging to these blocks are not
accepted by the role. This is particularly useful when big CIDR blocks are being used
by the role and certain parts of it needs to be kept out.`,
DisplayName: "Exclude CIDR List",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Exclude CIDR List",
},
},
"port": &framework.FieldSchema{
Type: framework.TypeInt,
@@ -129,7 +137,9 @@ func pathRoles(b *backend) *framework.Path {
play any role in creation of OTP. For 'otp' type, this is just a way
to inform client about the port number to use. Port number will be
returned to client by Vault server along with OTP.`,
DisplayValue: 22,
DisplayAttrs: &framework.DisplayAttributes{
Value: 22,
},
},
"key_type": &framework.FieldSchema{
Type: framework.TypeString,
@@ -138,7 +148,9 @@ func pathRoles(b *backend) *framework.Path {
Type of key used to login to hosts. It can be either 'otp', 'dynamic' or 'ca'.
'otp' type requires agent to be installed in remote hosts.`,
AllowedValues: []interface{}{"otp", "dynamic", "ca"},
DisplayValue: "ca",
DisplayAttrs: &framework.DisplayAttributes{
Value: "ca",
},
},
"key_bits": &framework.FieldSchema{
Type: framework.TypeInt,
@@ -195,7 +207,9 @@ func pathRoles(b *backend) *framework.Path {
requested. The lease duration controls the expiration
of certificates issued by this backend. Defaults to
the value of max_ttl.`,
DisplayName: "TTL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "TTL",
},
},
"max_ttl": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
@@ -203,7 +217,9 @@ func pathRoles(b *backend) *framework.Path {
[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
The maximum allowed lease duration
`,
DisplayName: "Max TTL",
DisplayAttrs: &framework.DisplayAttributes{
Value: "Max TTL",
},
},
"allowed_critical_options": &framework.FieldSchema{
Type: framework.TypeString,
@@ -281,7 +297,9 @@ func pathRoles(b *backend) *framework.Path {
When false, the key ID will always be the token display name.
The key ID is logged by the SSH server and can be useful for auditing.
`,
DisplayName: "Allow User Key IDs",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Allow User Key IDs",
},
},
"key_id_format": &framework.FieldSchema{
Type: framework.TypeString,
@@ -292,7 +310,9 @@ func pathRoles(b *backend) *framework.Path {
the token used to make the request. '{{role_name}}' - The name of the role signing the request.
'{{public_key_hash}}' - A SHA256 checksum of the public key that is being signed.
`,
DisplayName: "Key ID Format",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Key ID Format",
},
},
"allowed_user_key_lengths": &framework.FieldSchema{
Type: framework.TypeMap,

14
sdk/framework/backend.go
View File

@@ -529,20 +529,6 @@ type FieldSchema struct {
// dynamic UI generation.
AllowedValues []interface{}
// Display* members are available to provide hints for UI and documentation
// generators. They will be included in OpenAPI output if set.
// DisplayName is the name of the field suitable as a label or documentation heading.
DisplayName string
// DisplayValue is a sample value to display for this field. This may be used
// to indicate a default value, but it is for display only and completely separate
// from any Default member handling.
DisplayValue interface{}
// DisplaySensitive indicates that the value should be masked by default in the UI.
DisplaySensitive bool
// DisplayAttrs provides hints for UI and documentation generators. They
// will be included in OpenAPI output if set.
DisplayAttrs *DisplayAttributes

65
sdk/framework/openapi.go
View File

@@ -98,11 +98,13 @@ type OASLicense struct {
}
type OASPathItem struct {
Description string `json:"description,omitempty"`
Parameters []OASParameter `json:"parameters,omitempty"`
Sudo bool `json:"x-vault-sudo,omitempty" mapstructure:"x-vault-sudo"`
Unauthenticated bool `json:"x-vault-unauthenticated,omitempty" mapstructure:"x-vault-unauthenticated"`
CreateSupported bool `json:"x-vault-createSupported,omitempty" mapstructure:"x-vault-createSupported"`
Description string `json:"description,omitempty"`
Parameters []OASParameter `json:"parameters,omitempty"`
Sudo bool `json:"x-vault-sudo,omitempty" mapstructure:"x-vault-sudo"`
Unauthenticated bool `json:"x-vault-unauthenticated,omitempty" mapstructure:"x-vault-unauthenticated"`
CreateSupported bool `json:"x-vault-createSupported,omitempty" mapstructure:"x-vault-createSupported"`
DisplayNavigation bool `json:"x-vault-displayNavigation,omitempty" mapstructure:"x-vault-displayNavigation"`
DisplayAttrs *DisplayAttributes `json:"x-vault-displayAttrs,omitempty" mapstructure:"x-vault-displayAttrs"`
Get *OASOperation `json:"get,omitempty"`
Post *OASOperation `json:"post,omitempty"`
@@ -156,16 +158,18 @@ type OASSchema struct {
// approach than OASParameter (unfortunately), but is how JSONSchema handles 'required'.
Required []string `json:"required,omitempty"`
Items *OASSchema `json:"items,omitempty"`
Format string `json:"format,omitempty"`
Pattern string `json:"pattern,omitempty"`
Enum []interface{} `json:"enum,omitempty"`
Default interface{} `json:"default,omitempty"`
Example interface{} `json:"example,omitempty"`
Deprecated bool `json:"deprecated,omitempty"`
DisplayName string `json:"x-vault-displayName,omitempty" mapstructure:"x-vault-displayName,omitempty"`
DisplayValue interface{} `json:"x-vault-displayValue,omitempty" mapstructure:"x-vault-displayValue,omitempty"`
DisplaySensitive bool `json:"x-vault-displaySensitive,omitempty" mapstructure:"x-vault-displaySensitive,omitempty"`
Items *OASSchema `json:"items,omitempty"`
Format string `json:"format,omitempty"`
Pattern string `json:"pattern,omitempty"`
Enum []interface{} `json:"enum,omitempty"`
Default interface{} `json:"default,omitempty"`
Example interface{} `json:"example,omitempty"`
Deprecated bool `json:"deprecated,omitempty"`
//DisplayName string `json:"x-vault-displayName,omitempty" mapstructure:"x-vault-displayName,omitempty"`
DisplayValue interface{} `json:"x-vault-displayValue,omitempty" mapstructure:"x-vault-displayValue,omitempty"`
DisplaySensitive bool `json:"x-vault-displaySensitive,omitempty" mapstructure:"x-vault-displaySensitive,omitempty"`
DisplayGroup string `json:"x-vault-displayGroup,omitempty" mapstructure:"x-vault-displayGroup,omitempty"`
DisplayAttrs *DisplayAttributes `json:"x-vault-displayAttrs,omitempty" mapstructure:"x-vault-displayAttrs,omitempty"`
}
type OASResponse struct {
@@ -230,6 +234,7 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back
pi.Sudo = specialPathMatch(path, sudoPaths)
pi.Unauthenticated = specialPathMatch(path, unauthPaths)
pi.DisplayAttrs = p.DisplayAttrs
// If the newer style Operations map isn't defined, create one from the legacy fields.
operations := p.Operations
@@ -263,13 +268,11 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back
Description: cleanString(field.Description),
In: location,
Schema: &OASSchema{
Type: t.baseType,
Pattern: t.pattern,
Enum: field.AllowedValues,
Default: field.Default,
DisplayName: field.DisplayName,
DisplayValue: field.DisplayValue,
DisplaySensitive: field.DisplaySensitive,
Type: t.baseType,
Pattern: t.pattern,
Enum: field.AllowedValues,
Default: field.Default,
DisplayAttrs: field.DisplayAttrs,
},
Required: required,
Deprecated: field.Deprecated,
@@ -325,16 +328,14 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back
}
p := OASSchema{
Type: openapiField.baseType,
Description: cleanString(field.Description),
Format: openapiField.format,
Pattern: openapiField.pattern,
Enum: field.AllowedValues,
Default: field.Default,
Deprecated: field.Deprecated,
DisplayName: field.DisplayName,
DisplayValue: field.DisplayValue,
DisplaySensitive: field.DisplaySensitive,
Type: openapiField.baseType,
Description: cleanString(field.Description),
Format: openapiField.format,
Pattern: openapiField.pattern,
Enum: field.AllowedValues,
Default: field.Default,
Deprecated: field.Deprecated,
DisplayAttrs: field.DisplayAttrs,
}
if openapiField.baseType == "array" {
p.Items = &OASSchema{

20
sdk/framework/openapi_test.go
View File

@@ -335,13 +335,16 @@ func TestOpenAPI_Paths(t *testing.T) {
Description: "the name",
},
"age": {
Type: TypeInt,
Description: "the age",
AllowedValues: []interface{}{1, 2, 3},
Required: true,
DisplayName: "Age",
DisplayValue: 7,
DisplaySensitive: true,
Type: TypeInt,
Description: "the age",
AllowedValues: []interface{}{1, 2, 3},
Required: true,
DisplayAttrs: &DisplayAttributes{
Name: "Age",
Sensitive: true,
Group: "Some Group",
Value: 7,
},
},
"x-abc-token": {
Type: TypeHeader,
@@ -378,6 +381,9 @@ func TestOpenAPI_Paths(t *testing.T) {
Unpublished: true,
},
},
DisplayAttrs: &DisplayAttributes{
Navigation: true,
},
}
sp := &logical.Paths{

12
sdk/framework/testdata/operations.json vendored
View File

@@ -14,6 +14,9 @@
"description": "Synopsis",
"x-vault-createSupported": true,
"x-vault-sudo": true,
"x-vault-displayAttrs": {
"navigation": true
},
"parameters": [
{
"name": "format",
@@ -77,9 +80,12 @@
"type": "integer",
"description": "the age",
"enum": [1, 2, 3],
"x-vault-displayName": "Age",
"x-vault-displayValue": 7,
"x-vault-displaySensitive": true
"x-vault-displayAttrs": {
"name": "Age",
"sensitive": true,
"group": "Some Group",
"value": 7
}
},
"name": {
"type": "string",

73
sdk/helper/ldaputil/config.go
View File

@@ -22,31 +22,41 @@ func ConfigFields() map[string]*framework.FieldSchema {
Type: framework.TypeString,
Default: "ldap://127.0.0.1",
Description: "LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.",
DisplayName: "URL",
DisplayAttrs: &framework.DisplayAttributes{
Name: "URL",
},
},
"userdn": {
Type: framework.TypeString,
Description: "LDAP domain to use for users (eg: ou=People,dc=example,dc=org)",
DisplayName: "User DN",
DisplayAttrs: &framework.DisplayAttributes{
Name: "User DN",
},
},
"binddn": {
Type: framework.TypeString,
Description: "LDAP DN for searching for the user DN (optional)",
DisplayName: "Name of Object to bind (binddn)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Name of Object to bind (binddn)",
},
},
"bindpass": {
Type: framework.TypeString,
Description: "LDAP password for searching for the user DN (optional)",
DisplaySensitive: true,
Type: framework.TypeString,
Description: "LDAP password for searching for the user DN (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Sensitive: true,
},
},
"groupdn": {
Type: framework.TypeString,
Description: "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)",
DisplayName: "Group DN",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Group DN",
},
},
"groupfilter": {
@@ -56,6 +66,9 @@ func ConfigFields() map[string]*framework.FieldSchema {
The template can access the following context variables: UserDN, Username
Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Group Filter",
},
},
"groupattr": {
@@ -65,20 +78,28 @@ Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}
in order to enumerate user group membership.
Examples: "cn" or "memberOf", etc.
Default: cn`,
DisplayName: "Group Attribute",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Group Attribute",
Value: "cn",
},
},
"upndomain": {
Type: framework.TypeString,
Description: "Enables userPrincipalDomain login with [username]@UPNDomain (optional)",
DisplayName: "User Principal (UPN) Domain",
DisplayAttrs: &framework.DisplayAttributes{
Name: "User Principal (UPN) Domain",
},
},
"userattr": {
Type: framework.TypeString,
Default: "cn",
Description: "Attribute used for users (default: cn)",
DisplayName: "User Attribute",
DisplayAttrs: &framework.DisplayAttributes{
Name: "User Attribute",
Value: "cn",
},
},
"certificate": {
@@ -89,34 +110,44 @@ Default: cn`,
"discoverdn": {
Type: framework.TypeBool,
Description: "Use anonymous bind to discover the bind DN of a user (optional)",
DisplayName: "Discover DN",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Discover DN",
},
},
"insecure_tls": {
Type: framework.TypeBool,
Description: "Skip LDAP server SSL Certificate verification - VERY insecure (optional)",
DisplayName: "Insecure TLS",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Insecure TLS",
},
},
"starttls": {
Type: framework.TypeBool,
Description: "Issue a StartTLS command after establishing unencrypted connection (optional)",
DisplayName: "Issue StartTLS command after establishing an unencrypted connection",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Issue StartTLS",
},
},
"tls_min_version": {
Type: framework.TypeString,
Default: "tls12",
Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
DisplayName: "Minimum TLS Version",
Type: framework.TypeString,
Default: "tls12",
Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Minimum TLS Version",
},
AllowedValues: []interface{}{"tls10", "tls11", "tls12"},
},
"tls_max_version": {
Type: framework.TypeString,
Default: "tls12",
Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
DisplayName: "Maximum TLS Version",
Type: framework.TypeString,
Default: "tls12",
Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Maximum TLS Version",
},
AllowedValues: []interface{}{"tls10", "tls11", "tls12"},
},