2023-03-15 16:00:52 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2018-09-18 03:03:00 +00:00
package vault
import (
2023-01-20 16:09:33 +00:00
"net/http"
2018-09-18 03:03:00 +00:00
"strings"
2019-04-12 21:54:35 +00:00
"github.com/hashicorp/vault/sdk/framework"
2019-04-13 07:44:06 +00:00
"github.com/hashicorp/vault/sdk/logical"
2018-09-18 03:03:00 +00:00
)
func ( b * SystemBackend ) configPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "config/cors$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "cors" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"enable" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Description : "Enables or disables CORS headers on requests." ,
} ,
2021-04-08 16:43:39 +00:00
"allowed_origins" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "A comma-separated string or array of strings indicating origins that may make cross-origin requests." ,
} ,
2021-04-08 16:43:39 +00:00
"allowed_headers" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "A comma-separated string or array of strings indicating headers that are allowed on cross-origin requests." ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Callback : b . handleCORSRead ,
DisplayAttrs : & framework . DisplayAttributes {
OperationSuffix : "configuration" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Return the current CORS settings." ,
Description : "" ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"enabled" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"allowed_origins" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"allowed_headers" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Callback : b . handleCORSUpdate ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "configure" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Configure the CORS settings." ,
Description : "" ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleCORSDelete ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "delete" ,
OperationSuffix : "configuration" ,
} ,
Summary : "Remove any CORS settings." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpDescription : strings . TrimSpace ( sysHelp [ "config/cors" ] [ 0 ] ) ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "config/cors" ] [ 1 ] ) ,
} ,
2019-10-08 17:57:15 +00:00
{
Pattern : "config/state/sanitized$" ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Callback : b . handleConfigStateSanitized ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "sanitized-configuration-state" ,
} ,
2019-10-08 17:57:15 +00:00
Summary : "Return a sanitized version of the Vault server configuration." ,
Description : "The sanitized output strips configuration values in the storage, HA storage, and seals stanzas, which may contain sensitive values such as API tokens. It also removes any token or secret fields in other stanzas, such as the circonus_api_token from telemetry." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// response has dynamic keys
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
2019-10-08 17:57:15 +00:00
} ,
} ,
} ,
2021-06-03 17:30:30 +00:00
{
Pattern : "config/reload/(?P<subsystem>.+)" ,
Fields : map [ string ] * framework . FieldSchema {
"subsystem" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "config/reload" ] [ 0 ] ) ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Callback : b . handleConfigReload ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "reload" ,
OperationSuffix : "subsystem" ,
} ,
2021-06-03 17:30:30 +00:00
Summary : "Reload the given subsystem" ,
Description : "" ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2021-06-03 17:30:30 +00:00
} ,
} ,
} ,
2018-09-18 03:03:00 +00:00
{
Pattern : "config/ui/headers/" + framework . GenericNameRegex ( "header" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "ui-headers" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"header" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "The name of the header." ,
} ,
2021-04-08 16:43:39 +00:00
"values" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeStringSlice ,
Description : "The values to set the header." ,
} ,
2021-04-08 16:43:39 +00:00
"multivalue" : {
2020-12-15 14:58:03 +00:00
Type : framework . TypeBool ,
Description : "Returns multiple values if true" ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleConfigUIHeadersRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "configuration" ,
} ,
Summary : "Return the given UI header's configuration" ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"value" : {
Type : framework . TypeString ,
Required : false ,
Description : "returns the first header value when `multivalue` request parameter is false" ,
} ,
"values" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
Description : "returns all header values when `multivalue` request parameter is true" ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleConfigUIHeadersUpdate ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "configure" ,
} ,
Summary : "Configure the values to be returned for the UI header." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
// returns 200 with null `data`
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleConfigUIHeadersDelete ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "delete" ,
OperationSuffix : "configuration" ,
} ,
Summary : "Remove a UI header." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpDescription : strings . TrimSpace ( sysHelp [ "config/ui/headers" ] [ 0 ] ) ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "config/ui/headers" ] [ 1 ] ) ,
} ,
{
2023-07-06 20:01:33 +00:00
Pattern : "config/ui/headers/?$" ,
2018-09-18 03:03:00 +00:00
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ListOperation : & framework . PathOperation {
Callback : b . handleConfigUIHeadersList ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "ui-headers" ,
OperationVerb : "list" ,
} ,
Summary : "Return a list of configured UI headers." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeCommaStringSlice ,
Description : "Lists of configured UI headers. Omitted if list is empty" ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpDescription : strings . TrimSpace ( sysHelp [ "config/ui/headers" ] [ 0 ] ) ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "config/ui/headers" ] [ 1 ] ) ,
} ,
{
2018-11-06 18:09:06 +00:00
Pattern : "generate-root(/attempt)?$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "root-token-generation" ,
} ,
2018-11-06 18:09:06 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"pgp_key" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
Description : "Specifies a base64-encoded PGP public key." ,
} ,
} ,
2023-04-13 15:32:26 +00:00
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "progress2|progress" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Read the configuration and progress of the current root generation attempt." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"started" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"required" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"complete" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"encoded_token" : {
Type : framework . TypeString ,
Required : true ,
} ,
"encoded_root_token" : {
Type : framework . TypeString ,
Required : true ,
} ,
"pgp_fingerprint" : {
Type : framework . TypeString ,
Required : true ,
} ,
"otp" : {
Type : framework . TypeString ,
Required : true ,
} ,
"otp_length" : {
Type : framework . TypeInt ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Summary : "Initializes a new root generation attempt." ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "initialize" ,
OperationSuffix : "2|" ,
} ,
2018-11-06 18:09:06 +00:00
Description : "Only a single root generation attempt can take place at a time. One (and only one) of otp or pgp_key are required." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"started" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"required" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"complete" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"encoded_token" : {
Type : framework . TypeString ,
Required : true ,
} ,
"encoded_root_token" : {
Type : framework . TypeString ,
Required : true ,
} ,
"pgp_fingerprint" : {
Type : framework . TypeString ,
Required : true ,
} ,
"otp" : {
Type : framework . TypeString ,
Required : true ,
} ,
"otp_length" : {
Type : framework . TypeInt ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "cancel" ,
OperationSuffix : "2|" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Cancels any in-progress root generation attempt." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "generate-root" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "generate-root" ] [ 1 ] ) ,
} ,
{
Pattern : "generate-root/update$" ,
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"key" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
2021-12-07 01:12:20 +00:00
Description : "Specifies a single unseal key share." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"nonce" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
Description : "Specifies the nonce of the attempt." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "root-token-generation" ,
OperationVerb : "update" ,
} ,
2021-12-07 01:12:20 +00:00
Summary : "Enter a single unseal key share to progress the root generation attempt." ,
Description : "If the threshold number of unseal key shares is reached, Vault will complete the root generation and issue the new token. Otherwise, this API must be called multiple times until that threshold is met. The attempt nonce must be provided with each call." ,
2023-02-16 20:06:26 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"started" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"required" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"complete" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"encoded_token" : {
Type : framework . TypeString ,
Required : true ,
} ,
"encoded_root_token" : {
Type : framework . TypeString ,
Required : true ,
} ,
"pgp_fingerprint" : {
Type : framework . TypeString ,
Required : true ,
} ,
"otp" : {
Type : framework . TypeString ,
Required : true ,
} ,
"otp_length" : {
Type : framework . TypeInt ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
} ,
2018-09-18 03:03:00 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "generate-root" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "generate-root" ] [ 1 ] ) ,
} ,
2023-05-18 19:18:19 +00:00
{
Pattern : "decode-token$" ,
Fields : map [ string ] * framework . FieldSchema {
"encoded_token" : {
Type : framework . TypeString ,
Description : "Specifies the encoded token (result from generate-root)." ,
} ,
"otp" : {
Type : framework . TypeString ,
Description : "Specifies the otp code for decode." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleGenerateRootDecodeTokenUpdate ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "decode" ,
} ,
Summary : "Decodes the encoded token with the otp." ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { { Description : "OK" } } ,
} ,
} ,
} ,
} ,
2018-11-06 18:09:06 +00:00
{
Pattern : "health$" ,
2019-09-26 20:16:21 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"standbyok" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeBool ,
Description : "Specifies if being a standby should still return the active status code." ,
} ,
2021-04-08 16:43:39 +00:00
"perfstandbyok" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeBool ,
Description : "Specifies if being a performance standby should still return the active status code." ,
} ,
2021-04-08 16:43:39 +00:00
"activecode" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeInt ,
Description : "Specifies the status code for an active node." ,
} ,
2021-04-08 16:43:39 +00:00
"standbycode" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeInt ,
Description : "Specifies the status code for a standby node." ,
} ,
2021-04-08 16:43:39 +00:00
"drsecondarycode" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeInt ,
Description : "Specifies the status code for a DR secondary node." ,
} ,
2021-04-08 16:43:39 +00:00
"performancestandbycode" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeInt ,
Description : "Specifies the status code for a performance standby node." ,
} ,
2021-04-08 16:43:39 +00:00
"sealedcode" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeInt ,
Description : "Specifies the status code for a sealed node." ,
} ,
2021-04-08 16:43:39 +00:00
"uninitcode" : {
2019-09-26 20:16:21 +00:00
Type : framework . TypeInt ,
Description : "Specifies the status code for an uninitialized node." ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "health-status" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Returns the health status of Vault." ,
Responses : map [ int ] [ ] framework . Response {
200 : { { Description : "initialized, unsealed, and active" } } ,
429 : { { Description : "unsealed and standby" } } ,
472 : { { Description : "data recovery mode replication secondary and active" } } ,
501 : { { Description : "not initialized" } } ,
503 : { { Description : "sealed" } } ,
} ,
} ,
} ,
2019-09-26 20:16:21 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "health" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "health" ] [ 1 ] ) ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
{
2018-11-06 18:09:06 +00:00
Pattern : "init$" ,
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"pgp_keys" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `secret_shares`." ,
} ,
2021-04-08 16:43:39 +00:00
"root_token_pgp_key" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
Description : "Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation." ,
} ,
2021-04-08 16:43:39 +00:00
"secret_shares" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
2021-12-07 01:12:20 +00:00
Description : "Specifies the number of shares to split the unseal key into." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"secret_threshold" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
2021-12-07 01:12:20 +00:00
Description : "Specifies the number of shares required to reconstruct the unseal key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as `secret_shares`." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"stored_shares" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
Description : "Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as `secret_shares`." ,
} ,
2021-04-08 16:43:39 +00:00
"recovery_shares" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
Description : "Specifies the number of shares to split the recovery key into." ,
} ,
2021-04-08 16:43:39 +00:00
"recovery_threshold" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
Description : " Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to `recovery_shares`." ,
} ,
2021-04-08 16:43:39 +00:00
"recovery_pgp_keys" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as `recovery_shares`." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "initialization-status" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Returns the initialization status of Vault." ,
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "initialize" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Initialize a new Vault." ,
Description : "The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only available when using Vault HSM." ,
} ,
} ,
2018-09-18 03:03:00 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "init" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "init" ] [ 1 ] ) ,
} ,
2018-11-06 18:09:06 +00:00
{
Pattern : "step-down$" ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "step-down" ,
OperationSuffix : "leader" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Cause the node to give up active status." ,
Description : "This endpoint forces the node to give up active status. If the node does not have active status, this endpoint does nothing. Note that the node will sleep for ten seconds before attempting to grab the active lock again, but if no standby nodes grab the active lock in the interim, the same node may become the active node again." ,
Responses : map [ int ] [ ] framework . Response {
204 : { { Description : "empty body" } } ,
} ,
} ,
} ,
} ,
2022-06-27 15:39:53 +00:00
{
Pattern : "loggers$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "loggers" ,
} ,
2022-06-27 15:39:53 +00:00
Fields : map [ string ] * framework . FieldSchema {
"level" : {
Type : framework . TypeString ,
Description : "Log verbosity level. Supported values (in order of detail) are " +
"\"trace\", \"debug\", \"info\", \"warn\", and \"error\"." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
2022-11-28 16:18:36 +00:00
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleLoggersRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "verbosity-level" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
Summary : "Read the log level for all existing loggers." ,
2022-11-28 16:18:36 +00:00
} ,
2022-06-27 15:39:53 +00:00
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleLoggersWrite ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "update" ,
OperationSuffix : "verbosity-level" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Modify the log level for all existing loggers." ,
2022-06-27 15:39:53 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleLoggersDelete ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "revert" ,
OperationSuffix : "verbosity-level" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Revert the all loggers to use log level provided in config." ,
2022-06-27 15:39:53 +00:00
} ,
} ,
} ,
{
Pattern : "loggers/" + framework . MatchAllRegex ( "name" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "loggers" ,
} ,
2022-06-27 15:39:53 +00:00
Fields : map [ string ] * framework . FieldSchema {
"name" : {
Type : framework . TypeString ,
Description : "The name of the logger to be modified." ,
} ,
"level" : {
Type : framework . TypeString ,
Description : "Log verbosity level. Supported values (in order of detail) are " +
"\"trace\", \"debug\", \"info\", \"warn\", and \"error\"." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
2022-11-28 16:18:36 +00:00
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleLoggersByNameRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "verbosity-level-for" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
Summary : "Read the log level for a single logger." ,
2022-11-28 16:18:36 +00:00
} ,
2022-06-27 15:39:53 +00:00
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleLoggersByNameWrite ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "update" ,
OperationSuffix : "verbosity-level-for" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Modify the log level of a single logger." ,
2022-06-27 15:39:53 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleLoggersByNameDelete ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "revert" ,
OperationSuffix : "verbosity-level-for" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Revert a single logger to use log level provided in config." ,
2022-06-27 15:39:53 +00:00
} ,
} ,
} ,
2018-09-18 03:03:00 +00:00
}
}
func ( b * SystemBackend ) rekeyPaths ( ) [ ] * framework . Path {
2023-02-15 20:02:21 +00:00
respFields := map [ string ] * framework . FieldSchema {
"nounce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"started" : {
Type : framework . TypeString ,
Required : true ,
} ,
"t" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"n" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"required" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"verification_required" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"verification_nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"backup" : {
Type : framework . TypeBool ,
} ,
"pgp_fingerprints" : {
Type : framework . TypeCommaStringSlice ,
} ,
}
2018-09-18 03:03:00 +00:00
return [ ] * framework . Path {
2018-11-06 18:09:06 +00:00
{
Pattern : "rekey/init" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "rekey-attempt" ,
} ,
2018-11-06 18:09:06 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"secret_shares" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
2021-12-07 01:12:20 +00:00
Description : "Specifies the number of shares to split the unseal key into." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"secret_threshold" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeInt ,
2021-12-07 01:12:20 +00:00
Description : "Specifies the number of shares required to reconstruct the unseal key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as secret_shares." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"pgp_keys" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "Specifies an array of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secret_shares." ,
} ,
2021-04-08 16:43:39 +00:00
"backup" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeBool ,
Description : "Specifies if using PGP-encrypted keys, whether Vault should also store a plaintext backup of the PGP-encrypted keys." ,
} ,
2021-04-08 16:43:39 +00:00
"require_verification" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeBool ,
Description : "Turns on verification functionality" ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "progress" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : respFields ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Reads the configuration and progress of the current rekey attempt." ,
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "initialize" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : respFields ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Initializes a new rekey attempt." ,
Description : "Only a single rekey attempt can take place at a time, and changing the parameters of a rekey requires canceling and starting a new rekey, which will also provide a new nonce." ,
} ,
logical . DeleteOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "cancel" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Cancels any in-progress rekey." ,
Description : "This clears the rekey settings as well as any progress made. This must be called to change the parameters of the rekey. Note: verification is still a part of a rekey. If rekeying is canceled during the verification flow, the current unseal keys remain valid." ,
} ,
} ,
} ,
2018-09-18 03:03:00 +00:00
{
Pattern : "rekey/backup$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "rekey" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema { } ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleRekeyRetrieveBarrier ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "backup-key" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"keys" : {
Type : framework . TypeMap ,
Required : true ,
} ,
"keys_base64" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
Summary : "Return the backup copy of PGP-encrypted unseal keys." ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleRekeyDeleteBarrier ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "delete" ,
OperationSuffix : "backup-key" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Delete the backup copy of PGP-encrypted unseal keys." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "rekey_backup" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "rekey_backup" ] [ 0 ] ) ,
} ,
{
Pattern : "rekey/recovery-key-backup$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "rekey" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema { } ,
2023-02-15 20:02:21 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleRekeyRetrieveRecovery ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "backup-recovery-key" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"keys" : {
Type : framework . TypeMap ,
Required : true ,
} ,
"keys_base64" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleRekeyDeleteRecovery ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "delete" ,
OperationSuffix : "backup-recovery-key" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "rekey_backup" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "rekey_backup" ] [ 0 ] ) ,
} ,
2018-11-06 18:09:06 +00:00
{
Pattern : "rekey/update" ,
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"key" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
2021-12-07 01:12:20 +00:00
Description : "Specifies a single unseal key share." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"nonce" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
Description : "Specifies the nonce of the rekey attempt." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "rekey-attempt" ,
OperationVerb : "update" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nounce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"complete" : {
Type : framework . TypeBool ,
} ,
"started" : {
Type : framework . TypeString ,
} ,
"t" : {
Type : framework . TypeInt ,
} ,
"n" : {
Type : framework . TypeInt ,
} ,
"progress" : {
Type : framework . TypeInt ,
} ,
"required" : {
Type : framework . TypeInt ,
} ,
"keys" : {
Type : framework . TypeCommaStringSlice ,
} ,
"keys_base64" : {
Type : framework . TypeCommaStringSlice ,
} ,
"verification_required" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"verification_nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"backup" : {
Type : framework . TypeBool ,
} ,
"pgp_fingerprints" : {
Type : framework . TypeCommaStringSlice ,
} ,
} ,
} } ,
} ,
2021-12-07 01:12:20 +00:00
Summary : "Enter a single unseal key share to progress the rekey of the Vault." ,
2018-11-06 18:09:06 +00:00
} ,
} ,
} ,
{
Pattern : "rekey/verify" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "rekey-verification" ,
} ,
2018-11-06 18:09:06 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"key" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
2021-12-07 01:12:20 +00:00
Description : "Specifies a single unseal share key from the new set of shares." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"nonce" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
Description : "Specifies the nonce of the rekey verification operation." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "progress" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nounce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"started" : {
Type : framework . TypeString ,
Required : true ,
} ,
"t" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"n" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Read the configuration and progress of the current rekey verification attempt." ,
} ,
logical . DeleteOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "cancel" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nounce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"started" : {
Type : framework . TypeString ,
Required : true ,
} ,
"t" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"n" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Cancel any in-progress rekey verification operation." ,
Description : "This clears any progress made and resets the nonce. Unlike a `DELETE` against `sys/rekey/init`, this only resets the current verification operation, not the entire rekey atttempt." ,
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "update" ,
} ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nounce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"complete" : {
Type : framework . TypeBool ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Enter a single new key share to progress the rekey verification operation." ,
} ,
} ,
} ,
2018-09-18 03:03:00 +00:00
{
2018-11-06 18:09:06 +00:00
Pattern : "seal$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "seal" ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Summary : "Seal the Vault." ,
2023-03-28 19:39:08 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
} ,
2018-09-18 03:03:00 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "seal" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "seal" ] [ 1 ] ) ,
} ,
{
2018-11-06 18:09:06 +00:00
Pattern : "unseal$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "unseal" ,
} ,
2018-11-06 18:09:06 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"key" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeString ,
2021-12-07 01:12:20 +00:00
Description : "Specifies a single unseal key share. This is required unless reset is true." ,
2018-11-06 18:09:06 +00:00
} ,
2021-04-08 16:43:39 +00:00
"reset" : {
2018-11-06 18:09:06 +00:00
Type : framework . TypeBool ,
Description : "Specifies if previously-provided unseal keys are discarded and the unseal process is reset." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Summary : "Unseal the Vault." ,
2023-03-28 19:39:08 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
// unseal returns `vault.SealStatusResponse` struct
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Required : true ,
} ,
"initialized" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"sealed" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"t" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"n" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"build_date" : {
Type : framework . TypeString ,
Required : true ,
} ,
"migration" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"cluster_name" : {
Type : framework . TypeString ,
Required : false ,
} ,
"cluster_id" : {
Type : framework . TypeString ,
Required : false ,
} ,
"recovery_seal" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"storage_type" : {
Type : framework . TypeString ,
Required : false ,
} ,
"hcp_link_status" : {
Type : framework . TypeString ,
Required : false ,
} ,
"hcp_link_resource_ID" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
} ,
2018-09-18 03:03:00 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "unseal" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "unseal" ] [ 1 ] ) ,
} ,
}
}
2021-01-20 20:04:24 +00:00
func ( b * SystemBackend ) statusPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "leader$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leader" ,
OperationVerb : "status" ,
} ,
2021-01-20 20:04:24 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleLeaderStatus ,
Summary : "Returns the high availability status and current leader instance of Vault." ,
2023-03-28 19:38:35 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// returns `vault.LeaderResponse` struct
Fields : map [ string ] * framework . FieldSchema {
"ha_enabled" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"is_self" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"active_time" : {
Type : framework . TypeTime ,
// active_time has 'omitempty' tag, but its not a pointer so never "empty"
Required : true ,
} ,
"leader_address" : {
Type : framework . TypeString ,
Required : true ,
} ,
"leader_cluster_address" : {
Type : framework . TypeString ,
Required : true ,
} ,
"performance_standby" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"performance_standby_last_remote_wal" : {
Type : framework . TypeInt64 ,
Required : true ,
} ,
"last_wal" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
"raft_committed_index" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
"raft_applied_index" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
} ,
} } ,
} ,
2021-01-20 20:04:24 +00:00
} ,
} ,
HelpSynopsis : "Check the high availability status and current leader of Vault" ,
} ,
{
Pattern : "seal-status$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "seal" ,
OperationVerb : "status" ,
} ,
2021-01-20 20:04:24 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleSealStatus ,
Summary : "Check the seal status of a Vault." ,
2023-03-28 19:39:08 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
// unseal returns `vault.SealStatusResponse` struct
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Required : true ,
} ,
"initialized" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"sealed" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"t" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"n" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"progress" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"nonce" : {
Type : framework . TypeString ,
Required : true ,
} ,
"version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"build_date" : {
Type : framework . TypeString ,
Required : true ,
} ,
"migration" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"cluster_name" : {
Type : framework . TypeString ,
Required : false ,
} ,
"cluster_id" : {
Type : framework . TypeString ,
Required : false ,
} ,
"recovery_seal" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"storage_type" : {
Type : framework . TypeString ,
Required : false ,
} ,
"hcp_link_status" : {
Type : framework . TypeString ,
Required : false ,
} ,
"hcp_link_resource_ID" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
2021-01-20 20:04:24 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "seal-status" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "seal-status" ] [ 1 ] ) ,
} ,
2021-11-30 19:49:58 +00:00
{
Pattern : "ha-status$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "ha" ,
OperationVerb : "status" ,
} ,
2021-11-30 19:49:58 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleHAStatus ,
Summary : "Check the HA status of a Vault cluster" ,
2023-03-28 19:38:35 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"nodes" : {
Type : framework . TypeSlice ,
Required : true ,
} ,
} ,
} } ,
} ,
2021-11-30 19:49:58 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "ha-status" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "ha-status" ] [ 1 ] ) ,
} ,
2022-02-14 20:26:57 +00:00
{
2023-07-06 20:01:33 +00:00
Pattern : "version-history/?$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "version-history" ,
} ,
2022-02-14 20:26:57 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ListOperation : & framework . PathOperation {
Callback : b . handleVersionHistoryList ,
Summary : "Returns map of historical version change entries" ,
2023-03-28 19:38:35 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeCommaStringSlice ,
Required : true ,
} ,
"key_info" : {
Type : framework . TypeKVPairs ,
Required : true ,
} ,
} ,
} } ,
} ,
2022-02-14 20:26:57 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "version-history" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "version-history" ] [ 1 ] ) ,
} ,
2021-01-20 20:04:24 +00:00
}
}
2023-07-06 10:05:43 +00:00
func ( b * SystemBackend ) auditHashPath ( ) * framework . Path {
return & framework . Path {
Pattern : "audit-hash/(?P<path>.+)" ,
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auditing" ,
OperationVerb : "calculate" ,
OperationSuffix : "hash" ,
} ,
2018-09-18 03:03:00 +00:00
2023-07-06 10:05:43 +00:00
Fields : map [ string ] * framework . FieldSchema {
"path" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "audit_path" ] [ 0 ] ) ,
2023-04-13 15:32:26 +00:00
} ,
2023-07-06 10:05:43 +00:00
"input" : {
Type : framework . TypeString ,
2018-09-18 03:03:00 +00:00
} ,
2023-07-06 10:05:43 +00:00
} ,
2023-04-13 15:32:26 +00:00
2023-07-06 10:05:43 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleAuditHash ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"hash" : {
Type : framework . TypeString ,
Required : true ,
2023-01-20 16:09:33 +00:00
} ,
2023-07-06 10:05:43 +00:00
} ,
} } ,
2023-01-20 16:09:33 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
} ,
2023-07-06 10:05:43 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "audit-hash" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "audit-hash" ] [ 1 ] ) ,
}
}
func ( b * SystemBackend ) auditPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
b . auditHashPath ( ) ,
2018-09-18 03:03:00 +00:00
{
Pattern : "audit$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auditing" ,
OperationVerb : "list" ,
OperationSuffix : "enabled-devices" ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleAuditTable ,
Summary : "List the enabled audit devices." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
// this response has dynamic keys
Description : "OK" ,
Fields : nil ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "audit-table" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "audit-table" ] [ 1 ] ) ,
} ,
{
Pattern : "audit/(?P<path>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auditing" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "audit_path" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"type" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "audit_type" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"description" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "audit_desc" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"options" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "audit_opts" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"local" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "mount_local" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleEnableAudit ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "enable" ,
OperationSuffix : "device" ,
} ,
Summary : "Enable a new audit device at the supplied path." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleDisableAudit ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "disable" ,
OperationSuffix : "device" ,
} ,
Summary : "Disable the audit device at the given path." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "audit" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "audit" ] [ 1 ] ) ,
} ,
{
Pattern : "config/auditing/request-headers/(?P<header>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auditing" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"header" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
} ,
2021-04-08 16:43:39 +00:00
"hmac" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleAuditedHeaderUpdate ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "enable" ,
OperationSuffix : "request-header" ,
} ,
Summary : "Enable auditing of a header." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleAuditedHeaderDelete ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "disable" ,
OperationSuffix : "request-header" ,
} ,
Summary : "Disable auditing of the given request header." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleAuditedHeaderRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "request-header-information" ,
} ,
Summary : "List the information for the given request header." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// the response keys are dynamic
Fields : nil ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "audited-headers-name" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "audited-headers-name" ] [ 1 ] ) ,
} ,
{
Pattern : "config/auditing/request-headers$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auditing" ,
OperationVerb : "list" ,
OperationSuffix : "request-headers" ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleAuditedHeadersRead ,
Summary : "List the request headers that are configured to be audited." ,
2023-01-20 16:09:33 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"headers" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "audited-headers" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "audited-headers" ] [ 1 ] ) ,
} ,
}
}
func ( b * SystemBackend ) sealPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "key-status$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "encryption-key" ,
OperationVerb : "status" ,
} ,
2018-09-18 03:03:00 +00:00
Callbacks : map [ logical . Operation ] framework . OperationFunc {
logical . ReadOperation : b . handleKeyStatus ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "key-status" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "key-status" ] [ 1 ] ) ,
} ,
2021-02-25 20:27:25 +00:00
{
Pattern : "rotate/config$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "encryption-key" ,
} ,
2021-02-25 20:27:25 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"enabled" : {
2021-02-25 20:27:25 +00:00
Type : framework . TypeBool ,
Description : strings . TrimSpace ( sysHelp [ "rotation-enabled" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"max_operations" : {
2021-05-05 19:39:04 +00:00
Type : framework . TypeInt64 ,
2021-02-25 20:27:25 +00:00
Description : strings . TrimSpace ( sysHelp [ "rotation-max-operations" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"interval" : {
2021-02-25 20:27:25 +00:00
Type : framework . TypeDurationSecond ,
Description : strings . TrimSpace ( sysHelp [ "rotation-interval" ] [ 0 ] ) ,
} ,
} ,
2021-03-18 20:08:47 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleKeyRotationConfigRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "rotation-configuration" ,
} ,
2023-03-28 19:40:48 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"max_operations" : {
Type : framework . TypeInt64 ,
Required : true ,
} ,
"enabled" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"interval" : {
Type : framework . TypeDurationSecond ,
Required : true ,
} ,
} ,
} } ,
} ,
2021-03-18 20:08:47 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-03-28 19:40:48 +00:00
Callback : b . handleKeyRotationConfigUpdate ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "configure" ,
OperationSuffix : "rotation" ,
} ,
2023-03-28 19:40:48 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2021-03-18 20:08:47 +00:00
ForwardPerformanceSecondary : true ,
ForwardPerformanceStandby : true ,
} ,
2021-02-25 20:27:25 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "rotate-config" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "rotate-config" ] [ 1 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
{
Pattern : "rotate$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "encryption-key" ,
OperationVerb : "rotate" ,
} ,
Callbacks : map [ logical . Operation ] framework . OperationFunc {
logical . UpdateOperation : b . handleRotate ,
} ,
2023-03-28 19:40:48 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleRotate ,
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "rotate" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "rotate" ] [ 1 ] ) ,
} ,
}
}
2018-11-07 17:38:48 +00:00
func ( b * SystemBackend ) pluginsCatalogCRUDPath ( ) * framework . Path {
return & framework . Path {
Pattern : "plugins/catalog(/(?P<type>auth|database|secret))?/(?P<name>.+)" ,
2018-09-18 03:03:00 +00:00
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "plugins-catalog" ,
} ,
2018-11-07 17:38:48 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"name" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_name" ] [ 0 ] ) ,
2018-09-18 03:03:00 +00:00
} ,
2021-04-08 16:43:39 +00:00
"type" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_type" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"sha256" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_sha-256" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"sha_256" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_sha-256" ] [ 0 ] ) ,
2018-09-20 17:50:29 +00:00
} ,
2021-04-08 16:43:39 +00:00
"command" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_command" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"args" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_args" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"env" : {
2018-11-07 17:38:48 +00:00
Type : framework . TypeStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_env" ] [ 0 ] ) ,
} ,
2022-08-25 20:31:42 +00:00
"version" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
} ,
2018-11-07 17:38:48 +00:00
} ,
2018-11-07 01:21:24 +00:00
2018-11-07 17:38:48 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handlePluginCatalogUpdate ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "register" ,
OperationSuffix : "plugin|plugin-with-type|plugin-with-type-and-name" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
Summary : "Register a new plugin, or updates an existing one with the supplied name." ,
2018-11-07 17:38:48 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handlePluginCatalogDelete ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "remove" ,
OperationSuffix : "plugin|plugin-with-type|plugin-with-type-and-name" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Remove the plugin with the given name." ,
2018-11-07 17:38:48 +00:00
} ,
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePluginCatalogRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "plugin-configuration|plugin-configuration-with-type|plugin-configuration-with-type-and-name" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"name" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_name" ] [ 0 ] ) ,
Required : true ,
} ,
"sha256" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_sha-256" ] [ 0 ] ) ,
Required : true ,
} ,
"command" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_command" ] [ 0 ] ) ,
Required : true ,
} ,
"args" : {
Type : framework . TypeStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_args" ] [ 0 ] ) ,
Required : true ,
} ,
"version" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
Required : true ,
} ,
"builtin" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"deprecation_status" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
Summary : "Return the configuration data for the plugin with the given name." ,
2018-11-07 17:38:48 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-07 17:38:48 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "plugin-catalog" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "plugin-catalog" ] [ 1 ] ) ,
}
}
func ( b * SystemBackend ) pluginsCatalogListPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
2018-11-07 01:21:24 +00:00
{
2018-11-07 17:38:48 +00:00
Pattern : "plugins/catalog/(?P<type>auth|database|secret)/?$" ,
2018-09-18 03:03:00 +00:00
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "plugins-catalog" ,
OperationVerb : "list" ,
OperationSuffix : "plugins-with-type" ,
} ,
2018-11-07 01:21:24 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"type" : {
2018-11-07 01:21:24 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_type" ] [ 0 ] ) ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-11-07 01:21:24 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
2018-11-07 17:38:48 +00:00
logical . ListOperation : & framework . PathOperation {
Callback : b . handlePluginCatalogTypedList ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeStringSlice ,
Description : "List of plugin names in the catalog" ,
Required : true ,
} ,
} ,
} } ,
} ,
Summary : "List the plugins in the catalog." ,
2018-11-07 01:21:24 +00:00
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-11-07 01:21:24 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "plugin-catalog" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "plugin-catalog" ] [ 1 ] ) ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-07 01:21:24 +00:00
{
Pattern : "plugins/catalog/?$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "plugins-catalog" ,
OperationVerb : "list" ,
OperationSuffix : "plugins" ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePluginCatalogUntypedList ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"detailed" : {
Type : framework . TypeMap ,
Required : false ,
} ,
} ,
} } ,
} ,
} ,
2018-11-07 01:21:24 +00:00
} ,
2018-09-18 03:03:00 +00:00
2018-11-07 01:21:24 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "plugin-catalog-list-all" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "plugin-catalog-list-all" ] [ 1 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
}
}
func ( b * SystemBackend ) pluginsReloadPath ( ) * framework . Path {
return & framework . Path {
Pattern : "plugins/reload/backend$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "plugins" ,
OperationVerb : "reload" ,
OperationSuffix : "backends" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"plugin" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-backend-reload-plugin" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"mounts" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "plugin-backend-reload-mounts" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"scope" : {
2020-06-30 15:26:52 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-backend-reload-scope" ] [ 0 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
2023-02-15 20:00:06 +00:00
Callback : b . handlePluginReloadUpdate ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"reload_id" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
http . StatusAccepted : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"reload_id" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Reload mounted plugin backends." ,
2020-06-30 15:26:52 +00:00
Description : "Either the plugin name (`plugin`) or the desired plugin backend mounts (`mounts`) must be provided, but not both. In the case that the plugin name is provided, all mounted paths that use that plugin backend will be reloaded. If (`scope`) is provided and is (`global`), the plugin(s) are reloaded globally." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "plugin-reload" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "plugin-reload" ] [ 1 ] ) ,
}
}
2020-06-29 21:58:51 +00:00
2018-09-18 03:03:00 +00:00
func ( b * SystemBackend ) toolsPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "tools/hash" + framework . OptionalParamRegex ( "urlalgorithm" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "generate" ,
OperationSuffix : "hash|hash-with-algorithm" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"input" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "The base64-encoded input data" ,
} ,
2021-04-08 16:43:39 +00:00
"algorithm" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Default : "sha2-256" ,
Description : ` Algorithm to use ( POST body parameter ) . Valid values are :
* sha2 - 224
* sha2 - 256
* sha2 - 384
* sha2 - 512
Defaults to "sha2-256" . ` ,
} ,
2021-04-08 16:43:39 +00:00
"urlalgorithm" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : ` Algorithm to use (POST URL parameter) ` ,
} ,
2021-04-08 16:43:39 +00:00
"format" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Default : "hex" ,
Description : ` Encoding format to use. Can be "hex" or "base64". Defaults to "hex". ` ,
} ,
} ,
2023-03-24 23:11:39 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . pathHashWrite ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"sum" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "hash" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "hash" ] [ 1 ] ) ,
} ,
{
2022-05-02 19:42:07 +00:00
Pattern : "tools/random(/" + framework . GenericNameRegex ( "source" ) + ")?" + framework . OptionalParamRegex ( "urlbytes" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "generate" ,
OperationSuffix : "random|random-with-source|random-with-bytes|random-with-source-and-bytes" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"urlbytes" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "The number of bytes to generate (POST URL parameter)" ,
} ,
2021-04-08 16:43:39 +00:00
"bytes" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeInt ,
Default : 32 ,
Description : "The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits)." ,
} ,
2021-04-08 16:43:39 +00:00
"format" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Default : "base64" ,
Description : ` Encoding format to use. Can be "hex" or "base64". Defaults to "base64". ` ,
} ,
2022-05-02 19:42:07 +00:00
"source" : {
Type : framework . TypeString ,
Default : "platform" ,
Description : ` Which system to source random data from, ether "platform", "seal", or "all". ` ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2023-03-24 23:11:39 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . pathRandomWrite ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"random_bytes" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "random" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "random" ] [ 1 ] ) ,
} ,
}
}
2018-11-05 20:24:39 +00:00
func ( b * SystemBackend ) internalPaths ( ) [ ] * framework . Path {
2018-09-18 03:03:00 +00:00
return [ ] * framework . Path {
2018-11-05 20:24:39 +00:00
{
Pattern : "internal/specs/openapi" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal" ,
OperationVerb : "generate" ,
} ,
2018-12-12 21:59:23 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"context" : {
2018-12-12 21:59:23 +00:00
Type : framework . TypeString ,
Description : "Context string appended to every operationId" ,
} ,
2023-01-10 16:16:59 +00:00
"generic_mount_paths" : {
Type : framework . TypeBool ,
Description : "Use generic mount paths" ,
Query : true ,
Default : false ,
} ,
2018-12-12 21:59:23 +00:00
} ,
2023-04-13 15:32:26 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . pathInternalOpenAPI ,
DisplayAttrs : & framework . DisplayAttributes {
OperationSuffix : "open-api-document" ,
} ,
} ,
logical . UpdateOperation : & framework . PathOperation {
Callback : b . pathInternalOpenAPI ,
DisplayAttrs : & framework . DisplayAttributes {
2023-05-11 21:20:11 +00:00
OperationSuffix : "open-api-document-with-parameters" ,
2023-04-13 15:32:26 +00:00
} ,
} ,
2018-11-05 20:24:39 +00:00
} ,
2023-04-13 15:32:26 +00:00
2023-01-05 03:48:40 +00:00
HelpSynopsis : "Generate an OpenAPI 3 document of all mounted paths." ,
2018-11-06 18:09:06 +00:00
} ,
2021-01-06 22:05:00 +00:00
{
Pattern : "internal/ui/feature-flags" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal-ui" ,
OperationVerb : "list" ,
OperationSuffix : "enabled-feature-flags" ,
} ,
2021-01-06 22:05:00 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
// callback is absent because this is an unauthenticated method
Summary : "Lists enabled feature flags." ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"feature_flags" : {
Type : framework . TypeCommaStringSlice ,
Required : true ,
} ,
} ,
} } ,
} ,
2021-01-06 22:05:00 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-ui-feature-flags" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-ui-feature-flags" ] [ 1 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
{
Pattern : "internal/ui/mounts" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal-ui" ,
OperationVerb : "list" ,
OperationSuffix : "enabled-visible-mounts" ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . pathInternalUIMountsRead ,
Summary : "Lists all enabled and visible auth and secrets mounts." ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"secret" : {
Description : "secret mounts" ,
Type : framework . TypeMap ,
Required : true ,
} ,
"auth" : {
Description : "auth mounts" ,
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-ui-mounts" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-ui-mounts" ] [ 1 ] ) ,
} ,
{
Pattern : "internal/ui/mounts/(?P<path>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal-ui" ,
OperationVerb : "read" ,
OperationSuffix : "mount-information" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "The path of the mount." ,
} ,
} ,
2023-04-13 15:32:26 +00:00
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . pathInternalUIMountRead ,
Summary : "Return information about the given mount." ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Required : true ,
} ,
"description" : {
Type : framework . TypeString ,
Required : true ,
} ,
"accessor" : {
Type : framework . TypeString ,
Required : true ,
} ,
"local" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"seal_wrap" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"external_entropy_access" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"options" : {
Type : framework . TypeMap ,
Required : true ,
} ,
"uuid" : {
Type : framework . TypeString ,
Required : true ,
} ,
"plugin_version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"running_plugin_version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"running_sha256" : {
Type : framework . TypeString ,
Required : true ,
} ,
"path" : {
Type : framework . TypeString ,
Required : true ,
} ,
"config" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-ui-mounts" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-ui-mounts" ] [ 1 ] ) ,
} ,
{
Pattern : "internal/ui/namespaces" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal-ui" ,
OperationVerb : "list" ,
OperationSuffix : "namespaces" ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2021-11-30 19:49:58 +00:00
Callback : pathInternalUINamespacesRead ( b ) ,
Summary : "Backwards compatibility is not guaranteed for this API" ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeCommaStringSlice ,
Description : "field is only returned if there are one or more namespaces" ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-ui-namespaces" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-ui-namespaces" ] [ 1 ] ) ,
} ,
{
Pattern : "internal/ui/resultant-acl" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal-ui" ,
OperationVerb : "read" ,
OperationSuffix : "resultant-acl" ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2021-11-30 19:49:58 +00:00
Callback : b . pathInternalUIResultantACL ,
Summary : "Backwards compatibility is not guaranteed for this API" ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "empty response returned if no client token" ,
Fields : nil ,
} } ,
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"root" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"exact_paths" : {
Type : framework . TypeMap ,
Required : false ,
} ,
"glob_paths" : {
Type : framework . TypeMap ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-ui-resultant-acl" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-ui-resultant-acl" ] [ 1 ] ) ,
} ,
2019-03-05 19:55:07 +00:00
{
Pattern : "internal/counters/requests" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal" ,
OperationVerb : "count" ,
OperationSuffix : "requests" ,
} ,
2019-03-05 19:55:07 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-03-28 19:31:20 +00:00
Callback : b . pathInternalCountersRequests ,
Deprecated : true ,
Summary : "Backwards compatibility is not guaranteed for this API" ,
2019-03-05 19:55:07 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-counters-requests" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-counters-requests" ] [ 1 ] ) ,
} ,
2019-10-08 17:58:19 +00:00
{
Pattern : "internal/counters/tokens" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal" ,
OperationVerb : "count" ,
OperationSuffix : "tokens" ,
} ,
2019-10-08 17:58:19 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2021-11-30 19:49:58 +00:00
Callback : b . pathInternalCountersTokens ,
Summary : "Backwards compatibility is not guaranteed for this API" ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"counters" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
2019-10-08 17:58:19 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-counters-tokens" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-counters-tokens" ] [ 1 ] ) ,
} ,
{
Pattern : "internal/counters/entities" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal" ,
OperationVerb : "count" ,
OperationSuffix : "entities" ,
} ,
2019-10-08 17:58:19 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2021-11-30 19:49:58 +00:00
Callback : b . pathInternalCountersEntities ,
Summary : "Backwards compatibility is not guaranteed for this API" ,
2023-02-24 20:03:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"counters" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
2019-10-08 17:58:19 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-counters-entities" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-counters-entities" ] [ 1 ] ) ,
} ,
2022-12-15 20:19:19 +00:00
}
}
func ( b * SystemBackend ) introspectionPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
2022-11-04 16:39:09 +00:00
{
Pattern : "internal/inspect/router/" + framework . GenericNameRegex ( "tag" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "internal" ,
OperationVerb : "inspect" ,
OperationSuffix : "router" ,
} ,
2022-11-04 16:39:09 +00:00
Fields : map [ string ] * framework . FieldSchema {
"tag" : {
Type : framework . TypeString ,
Description : "Name of subtree being observed" ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . pathInternalInspectRouter ,
Summary : "Expose the route entry and mount entry tables present in the router" ,
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "internal-inspect-router" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "internal-inspect-router" ] [ 1 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
}
}
func ( b * SystemBackend ) capabilitiesPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "capabilities-accessor$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "query" ,
OperationSuffix : "token-accessor-capabilities" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"accessor" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "Accessor of the token for which capabilities are being queried." ,
} ,
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
2019-06-27 18:52:52 +00:00
Description : "Use 'paths' instead." ,
2018-11-06 18:09:06 +00:00
Deprecated : true ,
2018-09-18 03:03:00 +00:00
} ,
2021-04-08 16:43:39 +00:00
"paths" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "Paths on which capabilities are being queried." ,
} ,
} ,
2023-02-16 20:04:37 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleCapabilitiesAccessor ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// response keys are dynamic
Fields : nil ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "capabilities_accessor" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "capabilities_accessor" ] [ 1 ] ) ,
} ,
{
Pattern : "capabilities$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "query" ,
OperationSuffix : "token-capabilities" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"token" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "Token for which capabilities are being queried." ,
} ,
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
2019-06-27 18:52:52 +00:00
Description : "Use 'paths' instead." ,
2018-11-06 18:09:06 +00:00
Deprecated : true ,
2018-09-18 03:03:00 +00:00
} ,
2021-04-08 16:43:39 +00:00
"paths" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "Paths on which capabilities are being queried." ,
} ,
} ,
2023-02-16 20:04:37 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleCapabilities ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// response keys are dynamic
Fields : nil ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "capabilities" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "capabilities" ] [ 1 ] ) ,
} ,
{
Pattern : "capabilities-self$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "query" ,
OperationSuffix : "token-self-capabilities" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"token" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : "Token for which capabilities are being queried." ,
} ,
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
2019-06-27 18:52:52 +00:00
Description : "Use 'paths' instead." ,
2018-11-06 18:09:06 +00:00
Deprecated : true ,
2018-09-18 03:03:00 +00:00
} ,
2021-04-08 16:43:39 +00:00
"paths" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : "Paths on which capabilities are being queried." ,
} ,
} ,
2023-02-16 20:04:37 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleCapabilities ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// response keys are dynamic
Fields : nil ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "capabilities_self" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "capabilities_self" ] [ 1 ] ) ,
} ,
}
}
func ( b * SystemBackend ) leasePaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "leases/lookup/(?P<prefix>.+?)?" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "look-up" ,
OperationSuffix : "|with-prefix" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"prefix" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "leases-list-prefix" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ListOperation : & framework . PathOperation {
Callback : b . handleLeaseLookupList ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeCommaStringSlice ,
Description : "A list of lease ids" ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "leases" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "leases" ] [ 1 ] ) ,
} ,
{
Pattern : "leases/lookup" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "read" ,
OperationSuffix : "lease" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"lease_id" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "lease_id" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleLeaseLookup ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"id" : {
Type : framework . TypeString ,
Description : "Lease id" ,
Required : true ,
} ,
"issue_time" : {
Type : framework . TypeTime ,
Description : "Timestamp for the lease's issue time" ,
Required : true ,
} ,
"renewable" : {
Type : framework . TypeBool ,
Description : "True if the lease is able to be renewed" ,
Required : true ,
} ,
"expire_time" : {
Type : framework . TypeTime ,
Description : "Optional lease expiry time " ,
Required : true ,
} ,
"last_renewal" : {
Type : framework . TypeTime ,
Description : "Optional Timestamp of the last time the lease was renewed" ,
Required : true ,
} ,
"ttl" : {
Type : framework . TypeInt ,
Description : "Time to Live set for the lease, returns 0 if unset" ,
Required : true ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "leases" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "leases" ] [ 1 ] ) ,
} ,
{
Pattern : "(leases/)?renew" + framework . OptionalParamRegex ( "url_lease_id" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "renew" ,
OperationSuffix : "lease2|lease|lease-with-id2|lease-with-id" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"url_lease_id" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "lease_id" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"lease_id" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "lease_id" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"increment" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeDurationSecond ,
Description : strings . TrimSpace ( sysHelp [ "increment" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleRenew ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Renews a lease, requesting to extend the lease." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "renew" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "renew" ] [ 1 ] ) ,
} ,
{
Pattern : "(leases/)?revoke" + framework . OptionalParamRegex ( "url_lease_id" ) ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "revoke" ,
OperationSuffix : "lease2|lease|lease-with-id2|lease-with-id" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"url_lease_id" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "lease_id" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"lease_id" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "lease_id" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"sync" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : true ,
Description : strings . TrimSpace ( sysHelp [ "revoke-sync" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleRevoke ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Revokes a lease immediately." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "revoke" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "revoke" ] [ 1 ] ) ,
} ,
{
Pattern : "(leases/)?revoke-force/(?P<prefix>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "force-revoke" ,
OperationSuffix : "lease-with-prefix2|lease-with-prefix" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"prefix" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "revoke-force-path" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
2023-02-15 20:00:06 +00:00
Callback : b . handleRevokeForce ,
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Revokes all secrets or tokens generated under a given prefix immediately" ,
Description : "Unlike `/sys/leases/revoke-prefix`, this path ignores backend errors encountered during revocation. This is potentially very dangerous and should only be used in specific emergency situations where errors in the backend or the connected backend service prevent normal revocation.\n\nBy ignoring these errors, Vault abdicates responsibility for ensuring that the issued credentials or secrets are properly revoked and/or cleaned up. Access to this endpoint should be tightly controlled." ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "revoke-force" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "revoke-force" ] [ 1 ] ) ,
} ,
{
Pattern : "(leases/)?revoke-prefix/(?P<prefix>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "revoke" ,
OperationSuffix : "lease-with-prefix2|lease-with-prefix" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"prefix" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "revoke-prefix-path" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"sync" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : true ,
Description : strings . TrimSpace ( sysHelp [ "revoke-sync" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleRevokePrefix ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Revokes all secrets (via a lease ID prefix) or tokens (via the tokens' path property) generated under a given prefix immediately." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "revoke-prefix" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "revoke-prefix" ] [ 1 ] ) ,
} ,
{
Pattern : "leases/tidy$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "tidy" ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleTidyLeases ,
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "tidy_leases" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "tidy_leases" ] [ 1 ] ) ,
} ,
2021-06-02 16:11:30 +00:00
{
Pattern : "leases/count$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "count" ,
} ,
2021-06-02 16:11:30 +00:00
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Required : true ,
Description : "Type of leases to get counts for (currently only supporting irrevocable)." ,
} ,
"include_child_namespaces" : {
Type : framework . TypeBool ,
Default : false ,
Description : "Set true if you want counts for this namespace and its children." ,
} ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
// currently only works for irrevocable leases with param: type=irrevocable
Callback : b . handleLeaseCount ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"lease_count" : {
Type : framework . TypeInt ,
Description : "Number of matching leases" ,
Required : true ,
} ,
"counts" : {
Type : framework . TypeInt ,
Description : "Number of matching leases per mount" ,
Required : true ,
} ,
} ,
} } ,
} ,
} ,
2021-06-02 16:11:30 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "count-leases" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "count-leases" ] [ 1 ] ) ,
} ,
{
2021-06-30 19:02:26 +00:00
Pattern : "leases$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "leases" ,
OperationVerb : "list" ,
} ,
2021-06-02 16:11:30 +00:00
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Required : true ,
Description : "Type of leases to retrieve (currently only supporting irrevocable)." ,
} ,
"include_child_namespaces" : {
Type : framework . TypeBool ,
Default : false ,
Description : "Set true if you want leases for this namespace and its children." ,
} ,
"limit" : {
Type : framework . TypeString ,
Default : "" ,
Description : "Set to a positive integer of the maximum number of entries to return. If you want all results, set to 'none'. If not set, you will get a maximum of 10,000 results returned." ,
} ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
// currently only works for irrevocable leases with param: type=irrevocable
Callback : b . handleLeaseList ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"lease_count" : {
Type : framework . TypeInt ,
Description : "Number of matching leases" ,
Required : true ,
} ,
"counts" : {
Type : framework . TypeInt ,
Description : "Number of matching leases per mount" ,
Required : true ,
} ,
} ,
} } ,
} ,
} ,
2021-06-02 16:11:30 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "list-leases" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "list-leases" ] [ 1 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
}
}
2022-02-17 20:17:59 +00:00
func ( b * SystemBackend ) remountPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "remount" ,
2018-09-18 03:03:00 +00:00
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "remount" ,
} ,
2022-02-17 20:17:59 +00:00
Fields : map [ string ] * framework . FieldSchema {
"from" : {
Type : framework . TypeString ,
Description : "The previous mount point." ,
} ,
"to" : {
Type : framework . TypeString ,
Description : "The new mount point." ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2022-02-17 20:17:59 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleRemount ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"migration_id" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
} ,
Summary : "Initiate a mount migration" ,
2022-02-17 20:17:59 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
2022-02-17 20:17:59 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "remount" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "remount" ] [ 1 ] ) ,
2018-09-18 03:03:00 +00:00
} ,
2022-02-17 20:17:59 +00:00
{
Pattern : "remount/status/(?P<migration_id>.+?)$" ,
2018-09-18 03:03:00 +00:00
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "remount" ,
OperationVerb : "status" ,
} ,
2022-02-17 20:17:59 +00:00
Fields : map [ string ] * framework . FieldSchema {
"migration_id" : {
Type : framework . TypeString ,
Description : "The ID of the migration operation" ,
} ,
} ,
2022-02-17 16:10:56 +00:00
2022-02-17 20:17:59 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleRemountStatusCheck ,
2023-02-15 20:02:21 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"migration_id" : {
Type : framework . TypeString ,
Required : true ,
} ,
"migration_info" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
Summary : "Check status of a mount migration" ,
2022-02-17 20:17:59 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "remount-status" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "remount-status" ] [ 1 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
}
}
2019-02-14 20:46:59 +00:00
func ( b * SystemBackend ) metricsPath ( ) * framework . Path {
return & framework . Path {
Pattern : "metrics" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "metrics" ,
} ,
2019-02-14 20:46:59 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"format" : {
2019-02-14 20:46:59 +00:00
Type : framework . TypeString ,
2019-03-28 21:40:56 +00:00
Description : "Format to export metrics into. Currently accepts only \"prometheus\"." ,
Query : true ,
2019-02-14 20:46:59 +00:00
} ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleMetrics ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
} ,
2019-02-14 20:46:59 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "metrics" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "metrics" ] [ 1 ] ) ,
}
}
2020-05-21 20:07:50 +00:00
func ( b * SystemBackend ) monitorPath ( ) * framework . Path {
return & framework . Path {
Pattern : "monitor" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "monitor" ,
} ,
2020-05-21 20:07:50 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"log_level" : {
2020-05-21 20:07:50 +00:00
Type : framework . TypeString ,
Description : "Log level to view system logs at. Currently supported values are \"trace\", \"debug\", \"info\", \"warn\", \"error\"." ,
Query : true ,
} ,
2022-05-24 17:10:53 +00:00
"log_format" : {
Type : framework . TypeString ,
Description : "Output format of logs. Supported values are \"standard\" and \"json\". The default is \"standard\"." ,
Query : true ,
Default : "standard" ,
} ,
2020-05-21 20:07:50 +00:00
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleMonitor ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
} ,
2020-05-21 20:07:50 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "monitor" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "monitor" ] [ 1 ] ) ,
}
}
2021-12-08 22:34:42 +00:00
func ( b * SystemBackend ) inFlightRequestPath ( ) * framework . Path {
return & framework . Path {
Pattern : "in-flight-req" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "collect" ,
OperationSuffix : "in-flight-request-information" ,
} ,
2022-01-27 18:06:34 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
2021-12-08 22:34:42 +00:00
logical . ReadOperation : & framework . PathOperation {
2022-01-27 18:06:34 +00:00
Callback : b . handleInFlightRequestData ,
Summary : strings . TrimSpace ( sysHelp [ "in-flight-req" ] [ 0 ] ) ,
2021-12-08 22:34:42 +00:00
Description : strings . TrimSpace ( sysHelp [ "in-flight-req" ] [ 1 ] ) ,
2023-03-28 19:38:35 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : nil , // dynamic fields
} } ,
} ,
2021-12-08 22:34:42 +00:00
} ,
} ,
}
}
2019-10-03 16:43:52 +00:00
func ( b * SystemBackend ) hostInfoPath ( ) * framework . Path {
return & framework . Path {
Pattern : "host-info/?" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "collect" ,
OperationSuffix : "host-information" ,
} ,
2019-10-03 16:43:52 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleHostInfo ,
Summary : strings . TrimSpace ( sysHelp [ "host-info" ] [ 0 ] ) ,
Description : strings . TrimSpace ( sysHelp [ "host-info" ] [ 1 ] ) ,
2023-03-28 19:38:35 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"timestamp" : {
Type : framework . TypeTime ,
Required : true ,
} ,
"cpu" : {
Type : framework . TypeSlice ,
Required : false ,
} ,
"cpu_times" : {
Type : framework . TypeSlice ,
Required : false ,
} ,
"disk" : {
Type : framework . TypeSlice ,
Required : false ,
} ,
"host" : {
Type : framework . TypeMap ,
Required : false ,
} ,
"memory" : {
Type : framework . TypeMap ,
Required : false ,
} ,
} ,
} } ,
} ,
2019-10-03 16:43:52 +00:00
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "host-info" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "host-info" ] [ 1 ] ) ,
}
}
2018-09-18 03:03:00 +00:00
func ( b * SystemBackend ) authPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "auth$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auth" ,
OperationVerb : "list" ,
OperationSuffix : "enabled-methods" ,
} ,
2023-02-16 20:03:19 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleAuthTable ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// response keys are dynamic
Fields : nil ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "auth-table" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "auth-table" ] [ 1 ] ) ,
} ,
{
Pattern : "auth/(?P<path>.+?)/tune$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auth" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_tune" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"default_lease_ttl" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "tune_default_lease_ttl" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"max_lease_ttl" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "tune_max_lease_ttl" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"description" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_desc" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"audit_non_hmac_request_keys" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "tune_audit_non_hmac_request_keys" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"audit_non_hmac_response_keys" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "tune_audit_non_hmac_response_keys" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"options" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "tune_mount_options" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"listing_visibility" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "listing_visibility" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"passthrough_request_headers" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "passthrough_request_headers" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"allowed_response_headers" : {
2019-02-05 21:02:15 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "allowed_response_headers" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"token_type" : {
2018-11-14 19:22:08 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "token_type" ] [ 0 ] ) ,
} ,
2022-11-01 18:02:07 +00:00
"user_lockout_config" : {
Type : framework . TypeMap ,
Description : strings . TrimSpace ( sysHelp [ "tune_user_lockout_config" ] [ 0 ] ) ,
} ,
2022-09-22 12:53:52 +00:00
"plugin_version" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Callback : b . handleAuthTuneRead ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "tuning-information" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Reads the given auth path's configuration." ,
Description : "This endpoint requires sudo capability on the final path, but the same functionality can be achieved without sudo via `sys/mounts/auth/[auth-path]/tune`." ,
2023-02-16 20:03:19 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"description" : {
Type : framework . TypeString ,
Required : true ,
} ,
"default_lease_ttl" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"max_lease_ttl" : {
Type : framework . TypeInt ,
Required : true ,
} ,
"force_no_cache" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"external_entropy_access" : {
Type : framework . TypeBool ,
Required : false ,
} ,
"token_type" : {
Type : framework . TypeString ,
Required : false ,
} ,
"audit_non_hmac_request_keys" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"audit_non_hmac_response_keys" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"listing_visibility" : {
Type : framework . TypeString ,
Required : false ,
} ,
"passthrough_request_headers" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"allowed_response_headers" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"allowed_managed_keys" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"user_lockout_counter_reset_duration" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
"user_lockout_threshold" : {
Type : framework . TypeInt64 , // uint64
Required : false ,
} ,
"user_lockout_duration" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
"user_lockout_disable" : {
Type : framework . TypeBool ,
Required : false ,
} ,
"options" : {
Type : framework . TypeMap ,
Required : false ,
} ,
"plugin_version" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
2023-04-13 15:32:26 +00:00
Callback : b . handleAuthTuneWrite ,
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "tune" ,
OperationSuffix : "configuration-parameters" ,
} ,
2018-11-06 18:09:06 +00:00
Summary : "Tune configuration parameters for a given auth path." ,
Description : "This endpoint requires sudo capability on the final path, but the same functionality can be achieved without sudo via `sys/mounts/auth/[auth-path]/tune`." ,
2023-02-16 20:03:19 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "auth_tune" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "auth_tune" ] [ 1 ] ) ,
} ,
{
Pattern : "auth/(?P<path>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "auth" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_path" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"type" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_type" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"description" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_desc" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"config" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeMap ,
Description : strings . TrimSpace ( sysHelp [ "auth_config" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"local" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "mount_local" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"seal_wrap" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "seal_wrap" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"external_entropy_access" : {
2019-10-17 17:33:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "external_entropy_access" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"plugin_name" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_plugin" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"options" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "auth_options" ] [ 0 ] ) ,
} ,
2022-09-20 11:35:50 +00:00
"plugin_version" : {
2022-08-31 18:23:05 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
2022-01-25 19:56:40 +00:00
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleReadAuth ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "configuration" ,
} ,
Summary : "Read the configuration of the auth engine at the given path." ,
2023-02-16 20:03:19 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Required : true ,
} ,
"description" : {
Type : framework . TypeString ,
Required : true ,
} ,
"accessor" : {
Type : framework . TypeString ,
Required : true ,
} ,
"local" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"seal_wrap" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"external_entropy_access" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"options" : {
Type : framework . TypeMap ,
Required : true ,
} ,
"uuid" : {
Type : framework . TypeString ,
Required : true ,
} ,
"plugin_version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"running_plugin_version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"running_sha256" : {
Type : framework . TypeString ,
Required : true ,
} ,
"deprecation_status" : {
Type : framework . TypeString ,
Required : false ,
} ,
"config" : {
Type : framework . TypeMap ,
Required : true ,
} ,
} ,
} } ,
} ,
2022-01-25 19:56:40 +00:00
} ,
2018-11-06 18:09:06 +00:00
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleEnableAuth ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "enable" ,
OperationSuffix : "method" ,
} ,
Summary : "Enables a new auth method." ,
2018-11-06 18:09:06 +00:00
Description : ` After enabling , the auth method can be accessed and configured via the auth path specified as part of the URL . This auth path will be nested under the auth prefix .
For example , enable the "foo" auth method will make it accessible at / auth / foo . ` ,
2023-02-16 20:03:19 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleDisableAuth ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "disable" ,
OperationSuffix : "method" ,
} ,
Summary : "Disable the auth method at the given auth path" ,
2023-02-16 20:03:19 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "auth" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "auth" ] [ 1 ] ) ,
} ,
}
}
func ( b * SystemBackend ) policyPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "policy/?$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationVerb : "list" ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePoliciesList ( PolicyTypeACL ) ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeStringSlice ,
Required : true ,
} ,
"policies" : {
Type : framework . TypeStringSlice ,
} ,
} ,
} } ,
} ,
} ,
logical . ListOperation : & framework . PathOperation {
Callback : b . handlePoliciesList ( PolicyTypeACL ) ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeStringSlice ,
Required : true ,
} ,
"policies" : {
Type : framework . TypeStringSlice ,
} ,
} ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "policy-list" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "policy-list" ] [ 1 ] ) ,
} ,
{
Pattern : "policy/(?P<name>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationSuffix : "acl-policy2" , // this endpoint duplicates /sys/policies/acl
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"name" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "policy-name" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"rules" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "policy-rules" ] [ 0 ] ) ,
2018-11-06 18:09:06 +00:00
Deprecated : true ,
2018-09-18 03:03:00 +00:00
} ,
2021-04-08 16:43:39 +00:00
"policy" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "policy-rules" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePoliciesRead ( PolicyTypeACL ) ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"name" : {
Type : framework . TypeString ,
Required : true ,
} ,
"rules" : {
Type : framework . TypeString ,
Required : true ,
} ,
"policy" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
Summary : "Retrieve the policy body for the named policy." ,
2018-11-06 18:09:06 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handlePoliciesSet ( PolicyTypeACL ) ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Add a new or update an existing policy." ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handlePoliciesDelete ( PolicyTypeACL ) ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Delete the policy with the given name." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "policy" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "policy" ] [ 1 ] ) ,
} ,
{
Pattern : "policies/acl/?$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationSuffix : "acl-policies" ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ListOperation : & framework . PathOperation {
Callback : b . handlePoliciesList ( PolicyTypeACL ) ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeStringSlice ,
Required : true ,
} ,
"policies" : {
Type : framework . TypeStringSlice ,
} ,
} ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "policy-list" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "policy-list" ] [ 1 ] ) ,
} ,
{
Pattern : "policies/acl/(?P<name>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationSuffix : "acl-policy" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"name" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "policy-name" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"policy" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "policy-rules" ] [ 0 ] ) ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePoliciesRead ( PolicyTypeACL ) ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"name" : {
Type : framework . TypeString ,
Required : false ,
} ,
"rules" : {
Type : framework . TypeString ,
Required : false ,
} ,
"policy" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
Summary : "Retrieve information about the named ACL policy." ,
2018-11-06 18:09:06 +00:00
} ,
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handlePoliciesSet ( PolicyTypeACL ) ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Add a new or update an existing ACL policy." ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handlePoliciesDelete ( PolicyTypeACL ) ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Delete the ACL policy with the given name." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "policy" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "policy" ] [ 1 ] ) ,
} ,
2020-05-27 18:28:00 +00:00
2022-01-24 21:42:14 +00:00
{
Pattern : "policies/password/?$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationSuffix : "password-policies" ,
} ,
2022-01-24 21:42:14 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ListOperation : & framework . PathOperation {
Callback : b . handlePoliciesPasswordList ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"keys" : {
Type : framework . TypeStringSlice ,
Required : false ,
} ,
} ,
} } ,
} ,
Summary : "List the existing password policies." ,
2022-01-24 21:42:14 +00:00
} ,
} ,
} ,
2020-05-27 18:28:00 +00:00
{
Pattern : "policies/password/(?P<name>.+)/generate$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationVerb : "generate" ,
OperationSuffix : "password-from-password-policy" ,
} ,
2020-05-27 18:28:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"name" : {
2020-05-27 18:28:00 +00:00
Type : framework . TypeString ,
Description : "The name of the password policy." ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePoliciesPasswordGenerate ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"password" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
} ,
Summary : "Generate a password from an existing password policy." ,
2020-05-27 18:28:00 +00:00
} ,
} ,
HelpSynopsis : "Generate a password from an existing password policy." ,
HelpDescription : "Generate a password from an existing password policy." ,
} ,
{
Pattern : "policies/password/(?P<name>.+)$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "policies" ,
OperationSuffix : "password-policy" ,
} ,
2020-05-27 18:28:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"name" : {
2020-05-27 18:28:00 +00:00
Type : framework . TypeString ,
Description : "The name of the password policy." ,
} ,
2021-04-08 16:43:39 +00:00
"policy" : {
2020-05-27 18:28:00 +00:00
Type : framework . TypeString ,
Description : "The password policy" ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handlePoliciesPasswordSet ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Add a new or update an existing password policy." ,
2020-05-27 18:28:00 +00:00
} ,
logical . ReadOperation : & framework . PathOperation {
Callback : b . handlePoliciesPasswordGet ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"policy" : {
Type : framework . TypeString ,
Required : true ,
} ,
} ,
} } ,
} ,
Summary : "Retrieve an existing password policy." ,
2020-05-27 18:28:00 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handlePoliciesPasswordDelete ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
Summary : "Delete a password policy." ,
2020-05-27 18:28:00 +00:00
} ,
} ,
HelpSynopsis : "Read, Modify, or Delete a password policy." ,
HelpDescription : "Read the rules of an existing password policy, create or update " +
"the rules of a password policy, or delete a password policy." ,
} ,
2018-09-18 03:03:00 +00:00
}
}
func ( b * SystemBackend ) wrappingPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "wrapping/wrap$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "wrap" ,
} ,
Callbacks : map [ logical . Operation ] framework . OperationFunc {
logical . UpdateOperation : b . handleWrappingWrap ,
} ,
2023-03-28 15:12:34 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleWrappingWrap ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// dynamic fields
Fields : nil ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "wrap" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "wrap" ] [ 1 ] ) ,
2022-08-23 12:51:23 +00:00
TakesArbitraryInput : true ,
2018-09-18 03:03:00 +00:00
} ,
{
Pattern : "wrapping/unwrap$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "unwrap" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"token" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
} ,
} ,
2023-03-28 15:12:34 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleWrappingUnwrap ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// dynamic fields
Fields : nil ,
} } ,
http . StatusNoContent : { {
Description : "No content" ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "unwrap" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "unwrap" ] [ 1 ] ) ,
} ,
{
Pattern : "wrapping/lookup$" ,
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"token" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
} ,
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleWrappingLookup ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "wrapping-properties" ,
} ,
Summary : "Look up wrapping properties for the given token." ,
2023-03-28 15:12:34 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"creation_ttl" : {
Type : framework . TypeDurationSecond ,
Required : false ,
} ,
"creation_time" : {
Type : framework . TypeTime ,
Required : false ,
} ,
"creation_path" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleWrappingLookup ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "wrapping-properties2" ,
} ,
Summary : "Look up wrapping properties for the requester's token." ,
2023-03-28 15:12:34 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"creation_ttl" : {
Type : framework . TypeDurationSecond ,
Required : false ,
} ,
"creation_time" : {
Type : framework . TypeTime ,
Required : false ,
} ,
"creation_path" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "wraplookup" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "wraplookup" ] [ 1 ] ) ,
} ,
{
Pattern : "wrapping/rewrap$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "rewrap" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"token" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
} ,
} ,
2023-03-28 15:12:34 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleWrappingRewrap ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
// dynamic fields
Fields : nil ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "rewrap" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "rewrap" ] [ 1 ] ) ,
} ,
}
}
func ( b * SystemBackend ) mountPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "mounts/(?P<path>.+?)/tune$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "mounts" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_path" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"default_lease_ttl" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "tune_default_lease_ttl" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"max_lease_ttl" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "tune_max_lease_ttl" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"description" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_desc" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"audit_non_hmac_request_keys" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "tune_audit_non_hmac_request_keys" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"audit_non_hmac_response_keys" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "tune_audit_non_hmac_response_keys" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"options" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "tune_mount_options" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"listing_visibility" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "listing_visibility" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"passthrough_request_headers" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "passthrough_request_headers" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"allowed_response_headers" : {
2019-02-05 21:02:15 +00:00
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "allowed_response_headers" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"token_type" : {
2018-10-15 16:56:24 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "token_type" ] [ 0 ] ) ,
} ,
2021-11-22 01:08:38 +00:00
"allowed_managed_keys" : {
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "tune_allowed_managed_keys" ] [ 0 ] ) ,
} ,
2022-09-22 12:53:52 +00:00
"plugin_version" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
} ,
2022-11-01 18:02:07 +00:00
"user_lockout_config" : {
Type : framework . TypeMap ,
Description : strings . TrimSpace ( sysHelp [ "tune_user_lockout_config" ] [ 0 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleMountTuneRead ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "tuning-information" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"max_lease_ttl" : {
Type : framework . TypeInt ,
Description : strings . TrimSpace ( sysHelp [ "tune_max_lease_ttl" ] [ 0 ] ) ,
Required : true ,
} ,
"description" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "auth_desc" ] [ 0 ] ) ,
Required : true ,
} ,
"default_lease_ttl" : {
Type : framework . TypeInt ,
Description : strings . TrimSpace ( sysHelp [ "tune_default_lease_ttl" ] [ 0 ] ) ,
Required : true ,
} ,
"force_no_cache" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"token_type" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "token_type" ] [ 0 ] ) ,
Required : false ,
} ,
"allowed_managed_keys" : {
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "tune_allowed_managed_keys" ] [ 0 ] ) ,
Required : false ,
} ,
"allowed_response_headers" : {
Type : framework . TypeCommaStringSlice ,
Description : strings . TrimSpace ( sysHelp [ "allowed_response_headers" ] [ 0 ] ) ,
Required : false ,
} ,
"options" : {
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "tune_mount_options" ] [ 0 ] ) ,
Required : false ,
} ,
"plugin_version" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
Required : false ,
} ,
"external_entropy_access" : {
Type : framework . TypeBool ,
Required : false ,
} ,
"audit_non_hmac_request_keys" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"audit_non_hmac_response_keys" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"listing_visibility" : {
Type : framework . TypeString ,
Required : false ,
} ,
"passthrough_request_headers" : {
Type : framework . TypeCommaStringSlice ,
Required : false ,
} ,
"user_lockout_counter_reset_duration" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
"user_lockout_threshold" : {
Type : framework . TypeInt64 , // TODO this is actuall a Uint64 do we need a new type?
Required : false ,
} ,
"user_lockout_duration" : {
Type : framework . TypeInt64 ,
Required : false ,
} ,
"user_lockout_disable" : {
Type : framework . TypeBool ,
Required : false ,
} ,
} ,
} } ,
} ,
} ,
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleMountTuneWrite ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "tune" ,
OperationSuffix : "configuration-parameters" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "mount_tune" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "mount_tune" ] [ 1 ] ) ,
} ,
{
Pattern : "mounts/(?P<path>.+?)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "mounts" ,
} ,
2018-09-18 03:03:00 +00:00
Fields : map [ string ] * framework . FieldSchema {
2021-04-08 16:43:39 +00:00
"path" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_path" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"type" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_type" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"description" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_desc" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"config" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeMap ,
Description : strings . TrimSpace ( sysHelp [ "mount_config" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"local" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "mount_local" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"seal_wrap" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "seal_wrap" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"external_entropy_access" : {
2019-10-17 17:33:00 +00:00
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "external_entropy_access" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"plugin_name" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_plugin_name" ] [ 0 ] ) ,
} ,
2021-04-08 16:43:39 +00:00
"options" : {
2018-09-18 03:03:00 +00:00
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "mount_options" ] [ 0 ] ) ,
} ,
2022-09-20 11:35:50 +00:00
"plugin_version" : {
2022-08-31 18:23:05 +00:00
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
} ,
2018-09-18 03:03:00 +00:00
} ,
2018-11-06 18:09:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
2021-11-08 18:32:01 +00:00
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleReadMount ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "read" ,
OperationSuffix : "configuration" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema {
"type" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_type" ] [ 0 ] ) ,
Required : true ,
} ,
"description" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_desc" ] [ 0 ] ) ,
Required : true ,
} ,
"accessor" : {
Type : framework . TypeString ,
Required : true ,
} ,
"local" : {
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "mount_local" ] [ 0 ] ) ,
Required : true ,
} ,
"seal_wrap" : {
Type : framework . TypeBool ,
Default : false ,
Description : strings . TrimSpace ( sysHelp [ "seal_wrap" ] [ 0 ] ) ,
Required : true ,
} ,
"external_entropy_access" : {
Type : framework . TypeBool ,
Required : true ,
} ,
"options" : {
Type : framework . TypeKVPairs ,
Description : strings . TrimSpace ( sysHelp [ "mount_options" ] [ 0 ] ) ,
Required : true ,
} ,
"plugin_version" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "plugin-catalog_version" ] [ 0 ] ) ,
Required : true ,
} ,
"uuid" : {
Type : framework . TypeString ,
Required : true ,
} ,
"running_plugin_version" : {
Type : framework . TypeString ,
Required : true ,
} ,
"running_sha256" : {
Type : framework . TypeString ,
Required : true ,
} ,
"config" : {
Type : framework . TypeMap ,
Description : strings . TrimSpace ( sysHelp [ "mount_config" ] [ 0 ] ) ,
Required : true ,
} ,
"deprecation_status" : {
Type : framework . TypeString ,
Required : false ,
} ,
} ,
} } ,
} ,
Summary : "Read the configuration of the secret engine at the given path." ,
2021-11-08 18:32:01 +00:00
} ,
2018-11-06 18:09:06 +00:00
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleMount ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "enable" ,
OperationSuffix : "secrets-engine" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusNoContent : { {
Description : "OK" ,
} } ,
} ,
Summary : "Enable a new secrets engine at the given path." ,
2018-11-06 18:09:06 +00:00
} ,
logical . DeleteOperation : & framework . PathOperation {
Callback : b . handleUnmount ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "disable" ,
OperationSuffix : "secrets-engine" ,
} ,
2023-02-15 20:00:06 +00:00
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
} } ,
} ,
Summary : "Disable the mount point specified at the given path." ,
2018-11-06 18:09:06 +00:00
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "mount" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "mount" ] [ 1 ] ) ,
} ,
{
Pattern : "mounts$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "mounts" ,
OperationVerb : "list" ,
OperationSuffix : "secrets-engines" ,
} ,
2023-02-15 20:00:06 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleMountTable ,
Responses : map [ int ] [ ] framework . Response {
http . StatusOK : { {
Description : "OK" ,
Fields : map [ string ] * framework . FieldSchema { } ,
} } ,
} ,
} ,
2018-09-18 03:03:00 +00:00
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "mounts" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "mounts" ] [ 1 ] ) ,
} ,
}
}
2022-12-19 22:24:42 +00:00
2023-01-16 16:07:18 +00:00
func ( b * SystemBackend ) experimentPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
Pattern : "experiments$" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationVerb : "list" ,
OperationSuffix : "experimental-features" ,
} ,
2023-01-16 16:07:18 +00:00
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleReadExperiments ,
Summary : "Returns the available and enabled experiments" ,
} ,
} ,
2023-04-13 15:32:26 +00:00
2023-01-16 16:07:18 +00:00
HelpSynopsis : strings . TrimSpace ( sysHelp [ "experiments" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "experiments" ] [ 1 ] ) ,
} ,
}
}
2022-12-19 22:24:42 +00:00
func ( b * SystemBackend ) lockedUserPaths ( ) [ ] * framework . Path {
return [ ] * framework . Path {
{
2023-01-17 22:25:56 +00:00
Pattern : "locked-users/(?P<mount_accessor>.+?)/unlock/(?P<alias_identifier>.+)" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "locked-users" ,
OperationVerb : "unlock" ,
} ,
2022-12-19 22:24:42 +00:00
Fields : map [ string ] * framework . FieldSchema {
"mount_accessor" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_accessor" ] [ 0 ] ) ,
} ,
"alias_identifier" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "alias_identifier" ] [ 0 ] ) ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . UpdateOperation : & framework . PathOperation {
Callback : b . handleUnlockUser ,
Summary : "Unlocks the user with given mount_accessor and alias_identifier" ,
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "unlock_user" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "unlock_user" ] [ 1 ] ) ,
} ,
2023-01-17 22:25:56 +00:00
{
Pattern : "locked-users" ,
2023-04-13 15:32:26 +00:00
DisplayAttrs : & framework . DisplayAttributes {
OperationPrefix : "locked-users" ,
OperationVerb : "list" ,
} ,
2023-01-17 22:25:56 +00:00
Fields : map [ string ] * framework . FieldSchema {
"mount_accessor" : {
Type : framework . TypeString ,
Description : strings . TrimSpace ( sysHelp [ "mount_accessor" ] [ 0 ] ) ,
} ,
} ,
Operations : map [ logical . Operation ] framework . OperationHandler {
logical . ReadOperation : & framework . PathOperation {
Callback : b . handleLockedUsersMetricQuery ,
Summary : "Report the locked user count metrics, for this namespace and all child namespaces." ,
} ,
} ,
HelpSynopsis : strings . TrimSpace ( sysHelp [ "locked_users" ] [ 0 ] ) ,
HelpDescription : strings . TrimSpace ( sysHelp [ "locked_users" ] [ 1 ] ) ,
} ,
2022-12-19 22:24:42 +00:00
}
}