scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Fix restricted endpoint info (#23333) (#23343)

Browse Source 
* Update restricted API list and alert tags
* add cli commands w/o public endpoints
This commit is contained in:
Sarah Chavis
2023-09-27 13:52:20 -07:00
committed by GitHub
parent 1c124209ea
commit c2b6ddfa24
2 changed files with 72 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
website/content/api-docs/system/internal-counters.mdx
View File

@@ -7,8 +7,6 @@ description: >-
# `/sys/internal/counters`
@include 'alerts/restricted-root.mdx'
The `/sys/internal/counters` endpoints are used to return data about the number of Tokens and Entities in Vault. They return information for the entire cluster.
## Entities
@@ -337,6 +335,8 @@ is unknown.
This endpoint was added in Vault 1.6.
@include 'alerts/restricted-root.mdx'
| Method | Path |
| :----- | :-------------------------------- |
| `GET` | `/sys/internal/counters/activity` |
@@ -741,6 +741,8 @@ loading of client data has completed.
This endpoint was added in Vault 1.7.
@include 'alerts/restricted-root.mdx'
| Method | Path |
| :----- | :---------------------------------------- |
| `GET` | `/sys/internal/counters/activity/monthly` |
@@ -871,7 +873,7 @@ $ curl \
## Update the client count configuration
@include 'alerts/restricted-admin.mdx'
@include 'alerts/restricted-root.mdx'
The `/sys/internal/counters/config` endpoint is used to configure logging of active clients.
@@ -971,6 +973,8 @@ it may be up to 20 minutes delayed.
This endpoint was added in Vault 1.11.
@include 'alerts/restricted-root.mdx'
| Method | Path |
| :----- | :---------------------------------------- |
| `GET` | `/sys/internal/counters/activity/export` |

109
website/content/partials/api/restricted-endpoints.mdx
View File

@@ -1,46 +1,67 @@
<a id="#privileged-endpoints" />
API path | Root | Admin
------------------------------------- | -------- | -----
`sys/audit` | YES | NO
`sys/audit-hash` | YES | YES
`sys/config/auditing/*` | YES | NO
`sys/config/cors` | YES | NO
`sys/config/group-policy-application` | YES | NO
`sys/config/reload` | YES | NO
`sys/config/state` | YES | NO
`sys/config/ui` | YES | NO
`sys/decode-token` | YES | NO
`sys/experiments` | YES | NO
`sys/generate-recovery-token` | YES | NO
`sys/generate-root` | YES | NO
`sys/health` | YES | NO
`sys/host-info` | YES | NO
`sys/in-flight-req` | YES | NO
`sys/init` | YES | NO
`sys/internal/counters/*` | YES | NO
`sys/internal/inspect/router/*` | YES | NO
`sys/key-status` | YES | NO
`sys/loggers` | YES | NO
`sys/managed-keys/*` | YES | NO
`sys/metrics` | YES | NO
`sys/mfa/method/*` | YES | NO
`sys/monitor` | YES | YES
`sys/pprof` | YES | NO
`sys/pprof/*` | YES | NO
`sys/quotas/config` | YES | NO
`sys/quotas/lease-count` | YES | NO
`sys/quotas/rate-limit` | YES | NO
`sys/raw` | YES | NO
`sys/rekey/*` | YES | NO
`sys/rekey-recovery-key` | YES | NO
`sys/replication/recover` | YES | NO
`sys/replication/reindex` | YES | NO
`sys/replication/status` | YES | NO
`sys/rotate` | YES | NO
`sys/rotate/config` | YES | NO
`sys/seal` | YES | NO
`sys/sealwrap/rewrap` | YES | NO
`sys/step-down` | YES | NO
`sys/storage/*` | YES | NO
`sys/unseal` | YES | NO
<Note>
The CLI commands associated with restricted API paths are also restricted.
</Note>
API path | Root | Admin
----------------------------------------- | ---- | -----
`sys/audit` | YES | NO
`sys/audit-hash/` | YES | YES
`sys/config/auditing/*` | YES | NO
`sys/config/cors` | YES | NO
`sys/config/group-policy-application` | YES | NO
`sys/config/reload` | YES | NO
`sys/config/state` | YES | NO
`sys/config/ui` | YES | NO
`sys/decode-token` | YES | NO
`sys/experiments` | YES | NO
`sys/generate-recovery-token` | YES | NO
`sys/generate-root` | YES | NO
`sys/health` | YES | NO
`sys/host-info` | YES | NO
`sys/in-flight-req` | YES | NO
`sys/init` | YES | NO
`sys/internal/inspect/router` | YES | NO
`sys/key-status` | YES | NO
`sys/loggers` | YES | NO
`sys/metrics` | YES | NO
`sys/monitor` | YES | YES
`sys/pprof` | YES | NO
`sys/pprof/allocs` | YES | NO
`sys/pprof/block` | YES | NO
`sys/pprof/cmdline` | YES | NO
`sys/pprof/goroutine` | YES | NO
`sys/pprof/heap` | YES | NO
`sys/pprof/mutex` | YES | NO
`sys/pprof/profile` | YES | NO
`sys/pprof/symbol` | YES | NO
`sys/pprof/threadcreate` | YES | NO
`sys/pprof/trace` | YES | NO
`sys/quotas/config` | YES | NO
`sys/quotas/lease-count` | YES | NO
`sys/quotas/rate-limit` | YES | NO
`sys/raw` | YES | NO
`sys/rekey/*` | YES | NO
`sys/rekey-recovery-key` | YES | NO
`sys/replication` | YES | NO
`sys/rotate` | YES | NO
`sys/rotate/config` | YES | NO
`sys/seal` | YES | NO
`sys/sealwrap/rewrap` | YES | NO
`sys/managed-keys/*` | YES | NO
`sys/step-down` | YES | NO
`sys/storage` | YES | NO
`sys/unseal` | YES | NO
`sys/internal/counters/activity` | YES | NO
`sys/internal/counters/activity/monthly` | YES | NO
`sys/internal/counters/config` | YES | NO
`sys/internal/counters/activity/export` | YES | NO
`sys/internal/inspect/router/*` | YES | NO
`sys/mfa/method/*` | YES | NO
Privileged CLI commands without public API endpoints:
CLI command | Root | Admin
----------------------- | ---- | -----
`vault plugin runtime` | YES | NO