diff --git a/builtin/credential/github/path_config.go b/builtin/credential/github/path_config.go index 18e72f4f58..21d89b6f7a 100644 --- a/builtin/credential/github/path_config.go +++ b/builtin/credential/github/path_config.go @@ -25,17 +25,24 @@ func pathConfig(b *backend) *framework.Path { Description: `The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.`, - DisplayName: "Base URL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Base URL", + Group: "GitHub Options", + }, }, "ttl": &framework.FieldSchema{ Type: framework.TypeString, Description: `Duration after which authentication will be expired`, - DisplayName: "TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "TTL", + }, }, "max_ttl": &framework.FieldSchema{ Type: framework.TypeString, Description: `Maximum duration after which authentication will be expired`, - DisplayName: "Max TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Max TTL", + }, }, }, diff --git a/builtin/credential/ldap/path_groups.go b/builtin/credential/ldap/path_groups.go index c8a33d9d57..9222496449 100644 --- a/builtin/credential/ldap/path_groups.go +++ b/builtin/credential/ldap/path_groups.go @@ -19,6 +19,9 @@ func pathGroupsList(b *backend) *framework.Path { HelpSynopsis: pathGroupHelpSyn, HelpDescription: pathGroupHelpDesc, + DisplayAttrs: &framework.DisplayAttributes{ + Navigation: true, + }, } } diff --git a/builtin/credential/ldap/path_users.go b/builtin/credential/ldap/path_users.go index 9c454e7451..3371c44248 100644 --- a/builtin/credential/ldap/path_users.go +++ b/builtin/credential/ldap/path_users.go @@ -20,6 +20,9 @@ func pathUsersList(b *backend) *framework.Path { HelpSynopsis: pathUserHelpSyn, HelpDescription: pathUserHelpDesc, + DisplayAttrs: &framework.DisplayAttributes{ + Navigation: true, + }, } } diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index f2b4005415..da78739d07 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -30,7 +30,9 @@ func pathConfig(b *backend) *framework.Path { "org_name": &framework.FieldSchema{ Type: framework.TypeString, Description: "Name of the organization to be used in the Okta API.", - DisplayName: "Organization Name", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Organization Name", + }, }, "token": &framework.FieldSchema{ Type: framework.TypeString, @@ -40,12 +42,16 @@ func pathConfig(b *backend) *framework.Path { "api_token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Okta API key.", - DisplayName: "API Token", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "API Token", + }, }, "base_url": &framework.FieldSchema{ Type: framework.TypeString, Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`, - DisplayName: "Base URL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Base URL", + }, }, "production": &framework.FieldSchema{ Type: framework.TypeBool, @@ -55,15 +61,23 @@ func pathConfig(b *backend) *framework.Path { "ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: `Duration after which authentication will be expired`, + DisplayAttrs: &framework.DisplayAttributes{ + Name: "TTL", + }, }, "max_ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: `Maximum duration after which authentication will be expired`, + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Max TTL", + }, }, "bypass_okta_mfa": &framework.FieldSchema{ Type: framework.TypeBool, Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`, - DisplayName: "Bypass Okta MFA", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Bypass Okta MFA", + }, }, }, diff --git a/builtin/credential/radius/path_config.go b/builtin/credential/radius/path_config.go index a00f8f5b92..585cf6564d 100644 --- a/builtin/credential/radius/path_config.go +++ b/builtin/credential/radius/path_config.go @@ -15,13 +15,18 @@ func pathConfig(b *backend) *framework.Path { "host": &framework.FieldSchema{ Type: framework.TypeString, Description: "RADIUS server host", - DisplayName: "Host", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Host", + }, }, "port": &framework.FieldSchema{ Type: framework.TypeInt, Default: 1812, Description: "RADIUS server port (default: 1812)", + DisplayAttrs: &framework.DisplayAttributes{ + Value: 1812, + }, }, "secret": &framework.FieldSchema{ Type: framework.TypeString, @@ -31,29 +36,42 @@ func pathConfig(b *backend) *framework.Path { Type: framework.TypeString, Default: "", Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: empty)", - DisplayName: "Policies for unregistered users", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Policies for unregistered users", + }, }, "dial_timeout": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Default: 10, Description: "Number of seconds before connect times out (default: 10)", + DisplayAttrs: &framework.DisplayAttributes{ + Value: 10, + }, }, "read_timeout": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Default: 10, Description: "Number of seconds before response times out (default: 10)", + DisplayAttrs: &framework.DisplayAttributes{ + Value: 10, + }, }, "nas_port": &framework.FieldSchema{ Type: framework.TypeInt, Default: 10, Description: "RADIUS NAS port field (default: 10)", - DisplayName: "NAS Port", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "NAS Port", + Value: 10, + }, }, "nas_identifier": &framework.FieldSchema{ Type: framework.TypeString, Default: "", Description: "RADIUS NAS Identifier field (optional)", - DisplayName: "NAS Identifier", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "NAS Identifier", + }, }, }, diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go index 6091d93104..4792949171 100644 --- a/builtin/logical/aws/path_roles.go +++ b/builtin/logical/aws/path_roles.go @@ -41,7 +41,9 @@ func pathRoles(b *backend) *framework.Path { "name": &framework.FieldSchema{ Type: framework.TypeString, Description: "Name of the policy", - DisplayName: "Policy Name", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Policy Name", + }, }, "credential_type": &framework.FieldSchema{ @@ -52,13 +54,17 @@ func pathRoles(b *backend) *framework.Path { "role_arns": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: "ARNs of AWS roles allowed to be assumed. Only valid when credential_type is " + assumedRoleCred, - DisplayName: "Role ARNs", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Role ARNs", + }, }, "policy_arns": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: "ARNs of AWS policies to attach to IAM users. Only valid when credential_type is " + iamUserCred, - DisplayName: "Policy ARNs", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Policy ARNs", + }, }, "policy_document": &framework.FieldSchema{ @@ -73,13 +79,17 @@ GetFederationToken API call, acting as a filter on permissions available.`, "default_sts_ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred), - DisplayName: "Default TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Default TTL", + }, }, "max_sts_ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: fmt.Sprintf("Max allowed TTL for %s and %s credential types", assumedRoleCred, federationTokenCred), - DisplayName: "Max TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Max TTL", + }, }, "arn": &framework.FieldSchema{ @@ -98,8 +108,11 @@ or IAM role to assume`, "user_path": &framework.FieldSchema{ Type: framework.TypeString, Description: "Path for IAM User. Only valid when credential_type is " + iamUserCred, - DisplayName: "User Path", - Default: "/", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "User Path", + Value: "/", + }, + Default: "/", }, }, diff --git a/builtin/logical/pki/fields.go b/builtin/logical/pki/fields.go index 0f5266a77b..c67e39eaac 100644 --- a/builtin/logical/pki/fields.go +++ b/builtin/logical/pki/fields.go @@ -11,7 +11,9 @@ func addIssueAndSignCommonFields(fields map[string]*framework.FieldSchema) map[s Description: `If true, the Common Name will not be included in DNS or Email Subject Alternate Names. Defaults to false (CN is included).`, - DisplayName: "Exclude Common Name from Subject Alternative Names (SANs)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Exclude Common Name from Subject Alternative Names (SANs)", + }, } fields["format"] = &framework.FieldSchema{ @@ -22,6 +24,9 @@ or "pem_bundle". If "pem_bundle" any private key and issuing cert will be appended to the certificate pem. Defaults to "pem".`, AllowedValues: []interface{}{"pem", "der", "pem_bundle"}, + DisplayAttrs: &framework.DisplayAttributes{ + Value: "pem", + }, } fields["private_key_format"] = &framework.FieldSchema{ @@ -34,27 +39,36 @@ However, this can be set to "pkcs8" to have the returned private key contain base64-encoded pkcs8 or PEM-encoded pkcs8 instead. Defaults to "der".`, AllowedValues: []interface{}{"", "der", "pem", "pkcs8"}, + DisplayAttrs: &framework.DisplayAttributes{ + Value: "der", + }, } fields["ip_sans"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `The requested IP SANs, if any, in a comma-delimited list`, - DisplayName: "IP Subject Alternative Names (SANs)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "IP Subject Alternative Names (SANs)", + }, } fields["uri_sans"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `The requested URI SANs, if any, in a comma-delimited list.`, - DisplayName: "URI Subject Alternative Names (SANs)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "URI Subject Alternative Names (SANs)", + }, } fields["other_sans"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `Requested other SANs, in an array with the format ;UTF8: for each entry.`, - DisplayName: "Other SANs", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Other SANs", + }, } return fields @@ -85,7 +99,9 @@ in the role, this may be an email address.`, in a comma-delimited list. If email protection is enabled for the role, this may contain email addresses.`, - DisplayName: "DNS/Email Subject Alternative Names (SANs)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "DNS/Email Subject Alternative Names (SANs)", + }, } fields["serial_number"] = &framework.FieldSchema{ @@ -102,7 +118,9 @@ sets the expiration date. If not specified the role default, backend default, or system default TTL is used, in that order. Cannot be larger than the role max TTL.`, - DisplayName: "TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "TTL", + }, } return fields @@ -118,7 +136,9 @@ func addCACommonFields(fields map[string]*framework.FieldSchema) map[string]*fra Description: `The requested Subject Alternative Names, if any, in a comma-delimited list. May contain both DNS names and email addresses.`, - DisplayName: "DNS/Email Subject Alternative Names (SANs)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "DNS/Email Subject Alternative Names (SANs)", + }, } fields["common_name"] = &framework.FieldSchema{ @@ -140,14 +160,18 @@ be larger than the mount max TTL. Note: this only has an effect when generating a CA cert or signing a CA cert, not when generating a CSR for an intermediate CA.`, - DisplayName: "TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "TTL", + }, } fields["ou"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, OU (OrganizationalUnit) will be set to this value.`, - DisplayName: "OU (Organizational Unit)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "OU (Organizational Unit)", + }, } fields["organization"] = &framework.FieldSchema{ @@ -166,28 +190,36 @@ this value.`, Type: framework.TypeCommaStringSlice, Description: `If set, Locality will be set to this value.`, - DisplayName: "Locality/City", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Locality/City", + }, } fields["province"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, Province will be set to this value.`, - DisplayName: "Province/State", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Province/State", + }, } fields["street_address"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, Street Address will be set to this value.`, - DisplayName: "Street Address", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Street Address", + }, } fields["postal_code"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, Postal Code will be set to this value.`, - DisplayName: "Postal Code", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Postal Code", + }, } fields["serial_number"] = &framework.FieldSchema{ @@ -217,6 +249,9 @@ the private key!`, Description: `The number of bits to use. You will almost certainly want to change this if you adjust the key_type.`, + DisplayAttrs: &framework.DisplayAttributes{ + Value: 2048, + }, } fields["key_type"] = &framework.FieldSchema{ @@ -225,6 +260,9 @@ the key_type.`, Description: `The type of key to use; defaults to RSA. "rsa" and "ec" are the only valid values.`, AllowedValues: []interface{}{"rsa", "ec"}, + DisplayAttrs: &framework.DisplayAttributes{ + Value: "rsa", + }, } return fields } @@ -241,7 +279,9 @@ func addCAIssueFields(fields map[string]*framework.FieldSchema) map[string]*fram fields["permitted_dns_domains"] = &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).`, - DisplayName: "Permitted DNS Domains", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Permitted DNS Domains", + }, } return fields diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index 6a372b583d..f5f1f5fdcc 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -48,13 +48,17 @@ func pathRoles(b *backend) *framework.Path { requested. The lease duration controls the expiration of certificates issued by this backend. Defaults to the value of max_ttl.`, - DisplayName: "TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "TTL", + }, }, "max_ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: "The maximum allowed lease duration", - DisplayName: "Max TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Max TTL", + }, }, "allow_localhost": &framework.FieldSchema{ @@ -62,6 +66,9 @@ the value of max_ttl.`, Default: true, Description: `Whether to allow "localhost" as a valid common name in a request`, + DisplayAttrs: &framework.DisplayAttributes{ + Value: true, + }, }, "allowed_domains": &framework.FieldSchema{ @@ -108,6 +115,9 @@ information.`, Default: true, Description: `If set, only valid host names are allowed for CN and SANs. Defaults to true.`, + DisplayAttrs: &framework.DisplayAttributes{ + Value: true, + }, }, "allow_ip_sans": &framework.FieldSchema{ @@ -115,20 +125,27 @@ CN and SANs. Defaults to true.`, Default: true, Description: `If set, IP Subject Alternative Names are allowed. Any valid IP is accepted.`, - DisplayName: "Allow IP Subject Alternative Names", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Allow IP Subject Alternative Names", + Value: true, + }, }, "allowed_uri_sans": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, an array of allowed URIs to put in the URI Subject Alternative Names. Any valid URI is accepted, these values support globbing.`, - DisplayName: "Allowed URI Subject Alternative Names", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Allowed URI Subject Alternative Names", + }, }, "allowed_other_sans": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, an array of allowed other names to put in SANs. These values support globbing and must be in the format ;:. Currently only "utf8" is a valid type. All values, including globbing values, must use this syntax, with the exception being a single "*" which allows any OID and any value (but type must still be utf8).`, - DisplayName: "Allowed Other Subject Alternative Names", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Allowed Other Subject Alternative Names", + }, }, "allowed_serial_numbers": &framework.FieldSchema{ @@ -141,6 +158,9 @@ Any valid URI is accepted, these values support globbing.`, Default: true, Description: `If set, certificates are flagged for server auth use. Defaults to true.`, + DisplayAttrs: &framework.DisplayAttributes{ + Value: true, + }, }, "client_flag": &framework.FieldSchema{ @@ -148,6 +168,9 @@ Defaults to true.`, Default: true, Description: `If set, certificates are flagged for client auth use. Defaults to true.`, + DisplayAttrs: &framework.DisplayAttributes{ + Value: true, + }, }, "code_signing_flag": &framework.FieldSchema{ @@ -187,7 +210,9 @@ https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list.`, - DisplayValue: "DigitalSignature,KeyAgreement,KeyEncipherment", + DisplayAttrs: &framework.DisplayAttributes{ + Value: "DigitalSignature,KeyAgreement,KeyEncipherment", + }, }, "ext_key_usage": &framework.FieldSchema{ @@ -198,13 +223,17 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the "ExtKeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list.`, - DisplayName: "Extended Key Usage", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Extended Key Usage", + }, }, "ext_key_usage_oids": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `A comma-separated string or list of extended key usage oids.`, - DisplayName: "Extended Key Usage OIDs", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Extended Key Usage OIDs", + }, }, "use_csr_common_name": &framework.FieldSchema{ @@ -214,7 +243,10 @@ this value to an empty list.`, the common name in the CSR will be used. This does *not* include any requested Subject Alternative Names. Defaults to true.`, - DisplayName: "Use CSR Common Name", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Use CSR Common Name", + Value: true, + }, }, "use_csr_sans": &framework.FieldSchema{ @@ -223,14 +255,19 @@ Names. Defaults to true.`, Description: `If set, when used with a signing profile, the SANs in the CSR will be used. This does *not* include the Common Name (cn). Defaults to true.`, - DisplayName: "Use CSR Subject Alternative Names", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Use CSR Subject Alternative Names", + Value: true, + }, }, "ou": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, OU (OrganizationalUnit) will be set to this value in certificates issued by this role.`, - DisplayName: "Organizational Unit", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Organizational Unit", + }, }, "organization": &framework.FieldSchema{ @@ -249,14 +286,18 @@ this value in certificates issued by this role.`, Type: framework.TypeCommaStringSlice, Description: `If set, Locality will be set to this value in certificates issued by this role.`, - DisplayName: "Locality/City", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Locality/City", + }, }, "province": &framework.FieldSchema{ Type: framework.TypeCommaStringSlice, Description: `If set, Province will be set to this value in certificates issued by this role.`, - DisplayName: "Province/State", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Province/State", + }, }, "street_address": &framework.FieldSchema{ @@ -299,7 +340,9 @@ for "generate_lease".`, Type: framework.TypeBool, Default: true, Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`, - DisplayName: "Use CSR Common Name", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Require Common Name", + }, }, "policy_identifiers": &framework.FieldSchema{ @@ -310,12 +353,17 @@ for "generate_lease".`, "basic_constraints_valid_for_non_ca": &framework.FieldSchema{ Type: framework.TypeBool, Description: `Mark Basic Constraints valid when issuing non-CA certificates.`, - DisplayName: "Basic Constraints Valid for Non-CA", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Basic Constraints Valid for Non-CA", + }, }, "not_before_duration": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Default: 30, Description: `The duration before now the cert needs to be created / signed.`, + DisplayAttrs: &framework.DisplayAttributes{ + Value: 30, + }, }, }, diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go index 5bd9e58d7d..ce3fb24756 100644 --- a/builtin/logical/ssh/path_roles.go +++ b/builtin/logical/ssh/path_roles.go @@ -93,7 +93,9 @@ func pathRoles(b *backend) *framework.Path { credential is being generated for other users, Vault uses this admin username to login to remote host and install the generated credential for the other user.`, - DisplayName: "Admin Username", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Admin Username", + }, }, "default_user": &framework.FieldSchema{ Type: framework.TypeString, @@ -102,7 +104,9 @@ func pathRoles(b *backend) *framework.Path { Default username for which a credential will be generated. When the endpoint 'creds/' is used without a username, this value will be used as default username.`, - DisplayName: "Default Username", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Default Username", + }, }, "cidr_list": &framework.FieldSchema{ Type: framework.TypeString, @@ -110,7 +114,9 @@ func pathRoles(b *backend) *framework.Path { [Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type] Comma separated list of CIDR blocks for which the role is applicable for. CIDR blocks can belong to more than one role.`, - DisplayName: "CIDR List", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "CIDR List", + }, }, "exclude_cidr_list": &framework.FieldSchema{ Type: framework.TypeString, @@ -119,7 +125,9 @@ func pathRoles(b *backend) *framework.Path { Comma separated list of CIDR blocks. IP addresses belonging to these blocks are not accepted by the role. This is particularly useful when big CIDR blocks are being used by the role and certain parts of it needs to be kept out.`, - DisplayName: "Exclude CIDR List", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Exclude CIDR List", + }, }, "port": &framework.FieldSchema{ Type: framework.TypeInt, @@ -129,7 +137,9 @@ func pathRoles(b *backend) *framework.Path { play any role in creation of OTP. For 'otp' type, this is just a way to inform client about the port number to use. Port number will be returned to client by Vault server along with OTP.`, - DisplayValue: 22, + DisplayAttrs: &framework.DisplayAttributes{ + Value: 22, + }, }, "key_type": &framework.FieldSchema{ Type: framework.TypeString, @@ -138,7 +148,9 @@ func pathRoles(b *backend) *framework.Path { Type of key used to login to hosts. It can be either 'otp', 'dynamic' or 'ca'. 'otp' type requires agent to be installed in remote hosts.`, AllowedValues: []interface{}{"otp", "dynamic", "ca"}, - DisplayValue: "ca", + DisplayAttrs: &framework.DisplayAttributes{ + Value: "ca", + }, }, "key_bits": &framework.FieldSchema{ Type: framework.TypeInt, @@ -195,7 +207,9 @@ func pathRoles(b *backend) *framework.Path { requested. The lease duration controls the expiration of certificates issued by this backend. Defaults to the value of max_ttl.`, - DisplayName: "TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "TTL", + }, }, "max_ttl": &framework.FieldSchema{ Type: framework.TypeDurationSecond, @@ -203,7 +217,9 @@ func pathRoles(b *backend) *framework.Path { [Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type] The maximum allowed lease duration `, - DisplayName: "Max TTL", + DisplayAttrs: &framework.DisplayAttributes{ + Value: "Max TTL", + }, }, "allowed_critical_options": &framework.FieldSchema{ Type: framework.TypeString, @@ -281,7 +297,9 @@ func pathRoles(b *backend) *framework.Path { When false, the key ID will always be the token display name. The key ID is logged by the SSH server and can be useful for auditing. `, - DisplayName: "Allow User Key IDs", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Allow User Key IDs", + }, }, "key_id_format": &framework.FieldSchema{ Type: framework.TypeString, @@ -292,7 +310,9 @@ func pathRoles(b *backend) *framework.Path { the token used to make the request. '{{role_name}}' - The name of the role signing the request. '{{public_key_hash}}' - A SHA256 checksum of the public key that is being signed. `, - DisplayName: "Key ID Format", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Key ID Format", + }, }, "allowed_user_key_lengths": &framework.FieldSchema{ Type: framework.TypeMap, diff --git a/sdk/framework/backend.go b/sdk/framework/backend.go index 9653489b91..edf2a40760 100644 --- a/sdk/framework/backend.go +++ b/sdk/framework/backend.go @@ -529,20 +529,6 @@ type FieldSchema struct { // dynamic UI generation. AllowedValues []interface{} - // Display* members are available to provide hints for UI and documentation - // generators. They will be included in OpenAPI output if set. - - // DisplayName is the name of the field suitable as a label or documentation heading. - DisplayName string - - // DisplayValue is a sample value to display for this field. This may be used - // to indicate a default value, but it is for display only and completely separate - // from any Default member handling. - DisplayValue interface{} - - // DisplaySensitive indicates that the value should be masked by default in the UI. - DisplaySensitive bool - // DisplayAttrs provides hints for UI and documentation generators. They // will be included in OpenAPI output if set. DisplayAttrs *DisplayAttributes diff --git a/sdk/framework/openapi.go b/sdk/framework/openapi.go index 37de53fdbe..1696b20aaf 100644 --- a/sdk/framework/openapi.go +++ b/sdk/framework/openapi.go @@ -98,11 +98,13 @@ type OASLicense struct { } type OASPathItem struct { - Description string `json:"description,omitempty"` - Parameters []OASParameter `json:"parameters,omitempty"` - Sudo bool `json:"x-vault-sudo,omitempty" mapstructure:"x-vault-sudo"` - Unauthenticated bool `json:"x-vault-unauthenticated,omitempty" mapstructure:"x-vault-unauthenticated"` - CreateSupported bool `json:"x-vault-createSupported,omitempty" mapstructure:"x-vault-createSupported"` + Description string `json:"description,omitempty"` + Parameters []OASParameter `json:"parameters,omitempty"` + Sudo bool `json:"x-vault-sudo,omitempty" mapstructure:"x-vault-sudo"` + Unauthenticated bool `json:"x-vault-unauthenticated,omitempty" mapstructure:"x-vault-unauthenticated"` + CreateSupported bool `json:"x-vault-createSupported,omitempty" mapstructure:"x-vault-createSupported"` + DisplayNavigation bool `json:"x-vault-displayNavigation,omitempty" mapstructure:"x-vault-displayNavigation"` + DisplayAttrs *DisplayAttributes `json:"x-vault-displayAttrs,omitempty" mapstructure:"x-vault-displayAttrs"` Get *OASOperation `json:"get,omitempty"` Post *OASOperation `json:"post,omitempty"` @@ -156,16 +158,18 @@ type OASSchema struct { // approach than OASParameter (unfortunately), but is how JSONSchema handles 'required'. Required []string `json:"required,omitempty"` - Items *OASSchema `json:"items,omitempty"` - Format string `json:"format,omitempty"` - Pattern string `json:"pattern,omitempty"` - Enum []interface{} `json:"enum,omitempty"` - Default interface{} `json:"default,omitempty"` - Example interface{} `json:"example,omitempty"` - Deprecated bool `json:"deprecated,omitempty"` - DisplayName string `json:"x-vault-displayName,omitempty" mapstructure:"x-vault-displayName,omitempty"` - DisplayValue interface{} `json:"x-vault-displayValue,omitempty" mapstructure:"x-vault-displayValue,omitempty"` - DisplaySensitive bool `json:"x-vault-displaySensitive,omitempty" mapstructure:"x-vault-displaySensitive,omitempty"` + Items *OASSchema `json:"items,omitempty"` + Format string `json:"format,omitempty"` + Pattern string `json:"pattern,omitempty"` + Enum []interface{} `json:"enum,omitempty"` + Default interface{} `json:"default,omitempty"` + Example interface{} `json:"example,omitempty"` + Deprecated bool `json:"deprecated,omitempty"` + //DisplayName string `json:"x-vault-displayName,omitempty" mapstructure:"x-vault-displayName,omitempty"` + DisplayValue interface{} `json:"x-vault-displayValue,omitempty" mapstructure:"x-vault-displayValue,omitempty"` + DisplaySensitive bool `json:"x-vault-displaySensitive,omitempty" mapstructure:"x-vault-displaySensitive,omitempty"` + DisplayGroup string `json:"x-vault-displayGroup,omitempty" mapstructure:"x-vault-displayGroup,omitempty"` + DisplayAttrs *DisplayAttributes `json:"x-vault-displayAttrs,omitempty" mapstructure:"x-vault-displayAttrs,omitempty"` } type OASResponse struct { @@ -230,6 +234,7 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back pi.Sudo = specialPathMatch(path, sudoPaths) pi.Unauthenticated = specialPathMatch(path, unauthPaths) + pi.DisplayAttrs = p.DisplayAttrs // If the newer style Operations map isn't defined, create one from the legacy fields. operations := p.Operations @@ -263,13 +268,11 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back Description: cleanString(field.Description), In: location, Schema: &OASSchema{ - Type: t.baseType, - Pattern: t.pattern, - Enum: field.AllowedValues, - Default: field.Default, - DisplayName: field.DisplayName, - DisplayValue: field.DisplayValue, - DisplaySensitive: field.DisplaySensitive, + Type: t.baseType, + Pattern: t.pattern, + Enum: field.AllowedValues, + Default: field.Default, + DisplayAttrs: field.DisplayAttrs, }, Required: required, Deprecated: field.Deprecated, @@ -325,16 +328,14 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back } p := OASSchema{ - Type: openapiField.baseType, - Description: cleanString(field.Description), - Format: openapiField.format, - Pattern: openapiField.pattern, - Enum: field.AllowedValues, - Default: field.Default, - Deprecated: field.Deprecated, - DisplayName: field.DisplayName, - DisplayValue: field.DisplayValue, - DisplaySensitive: field.DisplaySensitive, + Type: openapiField.baseType, + Description: cleanString(field.Description), + Format: openapiField.format, + Pattern: openapiField.pattern, + Enum: field.AllowedValues, + Default: field.Default, + Deprecated: field.Deprecated, + DisplayAttrs: field.DisplayAttrs, } if openapiField.baseType == "array" { p.Items = &OASSchema{ diff --git a/sdk/framework/openapi_test.go b/sdk/framework/openapi_test.go index b9990902f6..69e91b7ec3 100644 --- a/sdk/framework/openapi_test.go +++ b/sdk/framework/openapi_test.go @@ -335,13 +335,16 @@ func TestOpenAPI_Paths(t *testing.T) { Description: "the name", }, "age": { - Type: TypeInt, - Description: "the age", - AllowedValues: []interface{}{1, 2, 3}, - Required: true, - DisplayName: "Age", - DisplayValue: 7, - DisplaySensitive: true, + Type: TypeInt, + Description: "the age", + AllowedValues: []interface{}{1, 2, 3}, + Required: true, + DisplayAttrs: &DisplayAttributes{ + Name: "Age", + Sensitive: true, + Group: "Some Group", + Value: 7, + }, }, "x-abc-token": { Type: TypeHeader, @@ -378,6 +381,9 @@ func TestOpenAPI_Paths(t *testing.T) { Unpublished: true, }, }, + DisplayAttrs: &DisplayAttributes{ + Navigation: true, + }, } sp := &logical.Paths{ diff --git a/sdk/framework/testdata/operations.json b/sdk/framework/testdata/operations.json index f889f11823..4c140f92b7 100644 --- a/sdk/framework/testdata/operations.json +++ b/sdk/framework/testdata/operations.json @@ -14,6 +14,9 @@ "description": "Synopsis", "x-vault-createSupported": true, "x-vault-sudo": true, + "x-vault-displayAttrs": { + "navigation": true + }, "parameters": [ { "name": "format", @@ -77,9 +80,12 @@ "type": "integer", "description": "the age", "enum": [1, 2, 3], - "x-vault-displayName": "Age", - "x-vault-displayValue": 7, - "x-vault-displaySensitive": true + "x-vault-displayAttrs": { + "name": "Age", + "sensitive": true, + "group": "Some Group", + "value": 7 + } }, "name": { "type": "string", diff --git a/sdk/helper/ldaputil/config.go b/sdk/helper/ldaputil/config.go index 28706949f9..6f766432fe 100644 --- a/sdk/helper/ldaputil/config.go +++ b/sdk/helper/ldaputil/config.go @@ -22,31 +22,41 @@ func ConfigFields() map[string]*framework.FieldSchema { Type: framework.TypeString, Default: "ldap://127.0.0.1", Description: "LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.", - DisplayName: "URL", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "URL", + }, }, "userdn": { Type: framework.TypeString, Description: "LDAP domain to use for users (eg: ou=People,dc=example,dc=org)", - DisplayName: "User DN", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "User DN", + }, }, "binddn": { Type: framework.TypeString, Description: "LDAP DN for searching for the user DN (optional)", - DisplayName: "Name of Object to bind (binddn)", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Name of Object to bind (binddn)", + }, }, "bindpass": { - Type: framework.TypeString, - Description: "LDAP password for searching for the user DN (optional)", - DisplaySensitive: true, + Type: framework.TypeString, + Description: "LDAP password for searching for the user DN (optional)", + DisplayAttrs: &framework.DisplayAttributes{ + Sensitive: true, + }, }, "groupdn": { Type: framework.TypeString, Description: "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)", - DisplayName: "Group DN", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Group DN", + }, }, "groupfilter": { @@ -56,6 +66,9 @@ func ConfigFields() map[string]*framework.FieldSchema { The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`, + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Group Filter", + }, }, "groupattr": { @@ -65,20 +78,28 @@ Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN} in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn`, - DisplayName: "Group Attribute", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Group Attribute", + Value: "cn", + }, }, "upndomain": { Type: framework.TypeString, Description: "Enables userPrincipalDomain login with [username]@UPNDomain (optional)", - DisplayName: "User Principal (UPN) Domain", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "User Principal (UPN) Domain", + }, }, "userattr": { Type: framework.TypeString, Default: "cn", Description: "Attribute used for users (default: cn)", - DisplayName: "User Attribute", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "User Attribute", + Value: "cn", + }, }, "certificate": { @@ -89,34 +110,44 @@ Default: cn`, "discoverdn": { Type: framework.TypeBool, Description: "Use anonymous bind to discover the bind DN of a user (optional)", - DisplayName: "Discover DN", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Discover DN", + }, }, "insecure_tls": { Type: framework.TypeBool, Description: "Skip LDAP server SSL Certificate verification - VERY insecure (optional)", - DisplayName: "Insecure TLS", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Insecure TLS", + }, }, "starttls": { Type: framework.TypeBool, Description: "Issue a StartTLS command after establishing unencrypted connection (optional)", - DisplayName: "Issue StartTLS command after establishing an unencrypted connection", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Issue StartTLS", + }, }, "tls_min_version": { - Type: framework.TypeString, - Default: "tls12", - Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'", - DisplayName: "Minimum TLS Version", + Type: framework.TypeString, + Default: "tls12", + Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Minimum TLS Version", + }, AllowedValues: []interface{}{"tls10", "tls11", "tls12"}, }, "tls_max_version": { - Type: framework.TypeString, - Default: "tls12", - Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'", - DisplayName: "Maximum TLS Version", + Type: framework.TypeString, + Default: "tls12", + Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'", + DisplayAttrs: &framework.DisplayAttributes{ + Name: "Maximum TLS Version", + }, AllowedValues: []interface{}{"tls10", "tls11", "tls12"}, },