open-vault/builtin/credential/radius/path_config.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package radius

import (
	"context"
	"strings"

	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/helper/tokenutil"
	"github.com/hashicorp/vault/sdk/logical"
)

func pathConfig(b *backend) *framework.Path {
	p := &framework.Path{
		Pattern: "config",

		DisplayAttrs: &framework.DisplayAttributes{
			OperationPrefix: operationPrefixRadius,
			Action:          "Configure",
		},

		Fields: map[string]*framework.FieldSchema{
			"host": {
				Type:        framework.TypeString,
				Description: "RADIUS server host",
				DisplayAttrs: &framework.DisplayAttributes{
					Name: "Host",
				},
			},
			"port": {
				Type:        framework.TypeInt,
				Default:     1812,
				Description: "RADIUS server port (default: 1812)",
				DisplayAttrs: &framework.DisplayAttributes{
					Value: 1812,
				},
			},
			"secret": {
				Type:        framework.TypeString,
				Description: "Secret shared with the RADIUS server",
			},
			"unregistered_user_policies": {
				Type:        framework.TypeString,
				Default:     "",
				Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregistered user (default: empty)",
				DisplayAttrs: &framework.DisplayAttributes{
					Name:        "Policies for unregistered users",
					Description: "List of policies to grant upon successful RADIUS authentication of an unregistered user (default: empty)",
				},
			},
			"dial_timeout": {
				Type:        framework.TypeDurationSecond,
				Default:     10,
				Description: "Number of seconds before connect times out (default: 10)",
				DisplayAttrs: &framework.DisplayAttributes{
					Value: 10,
				},
			},
			"read_timeout": {
				Type:        framework.TypeDurationSecond,
				Default:     10,
				Description: "Number of seconds before response times out (default: 10)",
				DisplayAttrs: &framework.DisplayAttributes{
					Value: 10,
				},
			},
			"nas_port": {
				Type:        framework.TypeInt,
				Default:     10,
				Description: "RADIUS NAS port field (default: 10)",
				DisplayAttrs: &framework.DisplayAttributes{
					Name:  "NAS Port",
					Value: 10,
				},
			},
			"nas_identifier": {
				Type:        framework.TypeString,
				Default:     "",
				Description: "RADIUS NAS Identifier field (optional)",
				DisplayAttrs: &framework.DisplayAttributes{
					Name: "NAS Identifier",
				},
			},
		},

		ExistenceCheck: b.configExistenceCheck,

		Operations: map[logical.Operation]framework.OperationHandler{
			logical.ReadOperation: &framework.PathOperation{
				Callback: b.pathConfigRead,
				DisplayAttrs: &framework.DisplayAttributes{
					OperationSuffix: "configuration",
				},
			},
			logical.CreateOperation: &framework.PathOperation{
				Callback: b.pathConfigCreateUpdate,
				DisplayAttrs: &framework.DisplayAttributes{
					OperationVerb: "configure",
				},
			},
			logical.UpdateOperation: &framework.PathOperation{
				Callback: b.pathConfigCreateUpdate,
				DisplayAttrs: &framework.DisplayAttributes{
					OperationVerb: "configure",
				},
			},
		},

		HelpSynopsis:    pathConfigHelpSyn,
		HelpDescription: pathConfigHelpDesc,
	}

	tokenutil.AddTokenFields(p.Fields)
	p.Fields["token_policies"].Description += ". This will apply to all tokens generated by this auth method, in addition to any configured for specific users."
	return p
}

// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) configExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
	entry, err := b.Config(ctx, req)
	if err != nil {
		return false, err
	}
	return entry != nil, nil
}

/*
 * Construct ConfigEntry struct using stored configuration.
 */
func (b *backend) Config(ctx context.Context, req *logical.Request) (*ConfigEntry, error) {
	storedConfig, err := req.Storage.Get(ctx, "config")
	if err != nil {
		return nil, err
	}

	if storedConfig == nil {
		return nil, nil
	}

	var result ConfigEntry

	if err := storedConfig.DecodeJSON(&result); err != nil {
		return nil, err
	}

	return &result, nil
}

func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	cfg, err := b.Config(ctx, req)
	if err != nil {
		return nil, err
	}
	if cfg == nil {
		return nil, nil
	}

	data := map[string]interface{}{
		"host":                       cfg.Host,
		"port":                       cfg.Port,
		"unregistered_user_policies": cfg.UnregisteredUserPolicies,
		"dial_timeout":               cfg.DialTimeout,
		"read_timeout":               cfg.ReadTimeout,
		"nas_port":                   cfg.NasPort,
		"nas_identifier":             cfg.NasIdentifier,
	}
	cfg.PopulateTokenData(data)

	return &logical.Response{
		Data: data,
	}, nil
}

func (b *backend) pathConfigCreateUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Build a ConfigEntry struct out of the supplied FieldData
	cfg, err := b.Config(ctx, req)
	if err != nil {
		return nil, err
	}
	if cfg == nil {
		cfg = &ConfigEntry{}
	}

	if err := cfg.ParseTokenFields(req, d); err != nil {
		return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
	}

	host, ok := d.GetOk("host")
	if ok {
		cfg.Host = strings.ToLower(host.(string))
	} else if req.Operation == logical.CreateOperation {
		cfg.Host = strings.ToLower(d.Get("host").(string))
	}
	if cfg.Host == "" {
		return logical.ErrorResponse("config parameter `host` cannot be empty"), nil
	}

	port, ok := d.GetOk("port")
	if ok {
		cfg.Port = port.(int)
	} else if req.Operation == logical.CreateOperation {
		cfg.Port = d.Get("port").(int)
	}

	secret, ok := d.GetOk("secret")
	if ok {
		cfg.Secret = secret.(string)
	} else if req.Operation == logical.CreateOperation {
		cfg.Secret = d.Get("secret").(string)
	}
	if cfg.Secret == "" {
		return logical.ErrorResponse("config parameter `secret` cannot be empty"), nil
	}

	policies := make([]string, 0)
	unregisteredUserPoliciesRaw, ok := d.GetOk("unregistered_user_policies")
	if ok {
		unregisteredUserPoliciesStr := unregisteredUserPoliciesRaw.(string)
		if strings.TrimSpace(unregisteredUserPoliciesStr) != "" {
			policies = strings.Split(unregisteredUserPoliciesStr, ",")
			for _, policy := range policies {
				if policy == "root" {
					return logical.ErrorResponse("root policy cannot be granted by an auth method"), nil
				}
			}
		}
		cfg.UnregisteredUserPolicies = policies
	} else if req.Operation == logical.CreateOperation {
		cfg.UnregisteredUserPolicies = policies
	}

	dialTimeout, ok := d.GetOk("dial_timeout")
	if ok {
		cfg.DialTimeout = dialTimeout.(int)
	} else if req.Operation == logical.CreateOperation {
		cfg.DialTimeout = d.Get("dial_timeout").(int)
	}

	readTimeout, ok := d.GetOk("read_timeout")
	if ok {
		cfg.ReadTimeout = readTimeout.(int)
	} else if req.Operation == logical.CreateOperation {
		cfg.ReadTimeout = d.Get("read_timeout").(int)
	}

	nasPort, ok := d.GetOk("nas_port")
	if ok {
		cfg.NasPort = nasPort.(int)
	} else if req.Operation == logical.CreateOperation {
		cfg.NasPort = d.Get("nas_port").(int)
	}

	nasIdentifier, ok := d.GetOk("nas_identifier")
	if ok {
		cfg.NasIdentifier = nasIdentifier.(string)
	} else if req.Operation == logical.CreateOperation {
		cfg.NasIdentifier = d.Get("nas_identifier").(string)
	}

	entry, err := logical.StorageEntryJSON("config", cfg)
	if err != nil {
		return nil, err
	}
	if err := req.Storage.Put(ctx, entry); err != nil {
		return nil, err
	}

	return nil, nil
}

type ConfigEntry struct {
	tokenutil.TokenParams

	Host                     string   `json:"host" structs:"host" mapstructure:"host"`
	Port                     int      `json:"port" structs:"port" mapstructure:"port"`
	Secret                   string   `json:"secret" structs:"secret" mapstructure:"secret"`
	UnregisteredUserPolicies []string `json:"unregistered_user_policies" structs:"unregistered_user_policies" mapstructure:"unregistered_user_policies"`
	DialTimeout              int      `json:"dial_timeout" structs:"dial_timeout" mapstructure:"dial_timeout"`
	ReadTimeout              int      `json:"read_timeout" structs:"read_timeout" mapstructure:"read_timeout"`
	NasPort                  int      `json:"nas_port" structs:"nas_port" mapstructure:"nas_port"`
	NasIdentifier            string   `json:"nas_identifier" structs:"nas_identifier" mapstructure:"nas_identifier"`
}

const pathConfigHelpSyn = `
Configure the RADIUS server to connect to, along with its options.
`

const pathConfigHelpDesc = `
This endpoint allows you to configure the RADIUS server to connect to and its
configuration options.
`
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`package radius`

			`import (`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`"context"`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`"strings"`

Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/framework"`
Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00			`"github.com/hashicorp/vault/sdk/helper/tokenutil"`
Switch to go modules (#6585) * Switch to go modules * Make fmt 2019-04-13 07:44:06 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`)`

			`func pathConfig(b backend) framework.Path {`
Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00			`p := &framework.Path{`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Pattern: "config",`
openapi: Add display attributes for Radius auth (#19392) 2023-04-07 17:14:44 +00:00
			`DisplayAttrs: &framework.DisplayAttributes{`
			`OperationPrefix: operationPrefixRadius,`
			`Action: "Configure",`
			`},`

RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Fields: map[string]*framework.FieldSchema{`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"host": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeString,`
			`Description: "RADIUS server host",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Name: "Host",`
			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"port": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeInt,`
			`Default: 1812,`
			`Description: "RADIUS server port (default: 1812)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Value: 1812,`
			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"secret": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeString,`
			`Description: "Secret shared with the RADIUS server",`
			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"unregistered_user_policies": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeString,`
			`Default: "",`
UI: remove references to comma separation for string array edit types (#20163) * remove intercepting helpText * add subtext directly to StringList input component * update tests and add coverage for new openapi-attrs util * update test * add warning validation to input * lol is this right i dont know go * literally no idea what im doing * add Description to display attrs struct * update struct comment * add descriptions to remaining go fields * add missing comma * remaining commas..." * add description to display attrs * update tests * update tests * add changelog; * Update ui/app/utils/openapi-to-attrs.js * update tests following backend changes * clearly name variable * format files * no longer need to test for modified tooltip since coming from backend now 2023-04-19 16:16:30 +00:00			`Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregistered user (default: empty)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
UI: remove references to comma separation for string array edit types (#20163) * remove intercepting helpText * add subtext directly to StringList input component * update tests and add coverage for new openapi-attrs util * update test * add warning validation to input * lol is this right i dont know go * literally no idea what im doing * add Description to display attrs struct * update struct comment * add descriptions to remaining go fields * add missing comma * remaining commas..." * add description to display attrs * update tests * update tests * add changelog; * Update ui/app/utils/openapi-to-attrs.js * update tests following backend changes * clearly name variable * format files * no longer need to test for modified tooltip since coming from backend now 2023-04-19 16:16:30 +00:00			`Name: "Policies for unregistered users",`
			`Description: "List of policies to grant upon successful RADIUS authentication of an unregistered user (default: empty)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"dial_timeout": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeDurationSecond,`
			`Default: 10,`
Update some help text for RADIUS 2017-02-07 21:06:27 +00:00			`Description: "Number of seconds before connect times out (default: 10)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Value: 10,`
			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"read_timeout": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeDurationSecond,`
			`Default: 10,`
Re-add some functionality lost during last dep update (#3636) 2017-12-01 15:18:26 +00:00			`Description: "Number of seconds before response times out (default: 10)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Value: 10,`
			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"nas_port": {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`Type: framework.TypeInt,`
			`Default: 10,`
			`Description: "RADIUS NAS port field (default: 10)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Name: "NAS Port",`
			`Value: 10,`
			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"nas_identifier": {`
ability to add NAS Identifier header to radius request (#5465) 2018-10-18 17:41:14 +00:00			`Type: framework.TypeString,`
			`Default: "",`
			`Description: "RADIUS NAS Identifier field (optional)",`
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Name: "NAS Identifier",`
			`},`
fmt 2018-10-21 01:09:51 +00:00			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`

			`ExistenceCheck: b.configExistenceCheck,`

openapi: Add display attributes for Radius auth (#19392) 2023-04-07 17:14:44 +00:00			`Operations: map[logical.Operation]framework.OperationHandler{`
			`logical.ReadOperation: &framework.PathOperation{`
			`Callback: b.pathConfigRead,`
			`DisplayAttrs: &framework.DisplayAttributes{`
			`OperationSuffix: "configuration",`
			`},`
			`},`
			`logical.CreateOperation: &framework.PathOperation{`
			`Callback: b.pathConfigCreateUpdate,`
			`DisplayAttrs: &framework.DisplayAttributes{`
			`OperationVerb: "configure",`
			`},`
			`},`
			`logical.UpdateOperation: &framework.PathOperation{`
			`Callback: b.pathConfigCreateUpdate,`
			`DisplayAttrs: &framework.DisplayAttributes{`
			`OperationVerb: "configure",`
			`},`
			`},`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`},`

			`HelpSynopsis: pathConfigHelpSyn,`
			`HelpDescription: pathConfigHelpDesc,`
			`}`
Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00
			`tokenutil.AddTokenFields(p.Fields)`
			`p.Fields["token_policies"].Description += ". This will apply to all tokens generated by this auth method, in addition to any configured for specific users."`
			`return p`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`}`

			`// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.`
			`// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`func (b backend) configExistenceCheck(ctx context.Context, req logical.Request, data *framework.FieldData) (bool, error) {`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`entry, err := b.Config(ctx, req)`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`if err != nil {`
			`return false, err`
			`}`
			`return entry != nil, nil`
			`}`

			`/*`
			`* Construct ConfigEntry struct using stored configuration.`
			`*/`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (b backend) Config(ctx context.Context, req logical.Request) (*ConfigEntry, error) {`
			`storedConfig, err := req.Storage.Get(ctx, "config")`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`if storedConfig == nil {`
			`return nil, nil`
			`}`

			`var result ConfigEntry`

			`if err := storedConfig.DecodeJSON(&result); err != nil {`
			`return nil, err`
			`}`

			`return &result, nil`
			`}`

Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`func (b backend) pathConfigRead(ctx context.Context, req logical.Request, d framework.FieldData) (logical.Response, error) {`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`cfg, err := b.Config(ctx, req)`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`if cfg == nil {`
			`return nil, nil`
			`}`

Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00			`data := map[string]interface{}{`
			`"host": cfg.Host,`
			`"port": cfg.Port,`
			`"unregistered_user_policies": cfg.UnregisteredUserPolicies,`
			`"dial_timeout": cfg.DialTimeout,`
			`"read_timeout": cfg.ReadTimeout,`
			`"nas_port": cfg.NasPort,`
			`"nas_identifier": cfg.NasIdentifier,`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`}`
Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00			`cfg.PopulateTokenData(data)`

			`return &logical.Response{`
			`Data: data,`
			`}, nil`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`}`

Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`func (b backend) pathConfigCreateUpdate(ctx context.Context, req logical.Request, d framework.FieldData) (logical.Response, error) {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`// Build a ConfigEntry struct out of the supplied FieldData`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`cfg, err := b.Config(ctx, req)`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`if cfg == nil {`
			`cfg = &ConfigEntry{}`
			`}`

Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00			`if err := cfg.ParseTokenFields(req, d); err != nil {`
			`return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest`
			`}`

RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`host, ok := d.GetOk("host")`
			`if ok {`
			`cfg.Host = strings.ToLower(host.(string))`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.Host = strings.ToLower(d.Get("host").(string))`
			`}`
			`if cfg.Host == "" {`
			return logical.ErrorResponse("config parameter `host` cannot be empty"), nil
			`}`

			`port, ok := d.GetOk("port")`
			`if ok {`
			`cfg.Port = port.(int)`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.Port = d.Get("port").(int)`
			`}`

			`secret, ok := d.GetOk("secret")`
			`if ok {`
			`cfg.Secret = secret.(string)`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.Secret = d.Get("secret").(string)`
			`}`
			`if cfg.Secret == "" {`
			return logical.ErrorResponse("config parameter `secret` cannot be empty"), nil
			`}`

			`policies := make([]string, 0)`
			`unregisteredUserPoliciesRaw, ok := d.GetOk("unregistered_user_policies")`
			`if ok {`
			`unregisteredUserPoliciesStr := unregisteredUserPoliciesRaw.(string)`
			`if strings.TrimSpace(unregisteredUserPoliciesStr) != "" {`
			`policies = strings.Split(unregisteredUserPoliciesStr, ",")`
			`for _, policy := range policies {`
			`if policy == "root" {`
Standardize on "auth method" This removes all references I could find to: - credential provider - authentication backend - authentication provider - auth provider - auth backend in favor of the unified: - auth method 2017-09-13 01:48:52 +00:00			`return logical.ErrorResponse("root policy cannot be granted by an auth method"), nil`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`}`
			`}`
			`}`
			`cfg.UnregisteredUserPolicies = policies`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.UnregisteredUserPolicies = policies`
			`}`

			`dialTimeout, ok := d.GetOk("dial_timeout")`
			`if ok {`
			`cfg.DialTimeout = dialTimeout.(int)`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.DialTimeout = d.Get("dial_timeout").(int)`
			`}`

			`readTimeout, ok := d.GetOk("read_timeout")`
			`if ok {`
			`cfg.ReadTimeout = readTimeout.(int)`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.ReadTimeout = d.Get("read_timeout").(int)`
			`}`

			`nasPort, ok := d.GetOk("nas_port")`
			`if ok {`
			`cfg.NasPort = nasPort.(int)`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.NasPort = d.Get("nas_port").(int)`
			`}`

ability to add NAS Identifier header to radius request (#5465) 2018-10-18 17:41:14 +00:00			`nasIdentifier, ok := d.GetOk("nas_identifier")`
			`if ok {`
			`cfg.NasIdentifier = nasIdentifier.(string)`
			`} else if req.Operation == logical.CreateOperation {`
			`cfg.NasIdentifier = d.Get("nas_identifier").(string)`
			`}`

RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`entry, err := logical.StorageEntryJSON("config", cfg)`
			`if err != nil {`
			`return nil, err`
			`}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`if err := req.Storage.Put(ctx, entry); err != nil {`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`return nil, err`
			`}`

			`return nil, nil`
			`}`

			`type ConfigEntry struct {`
Tokenutilize radius (#7034) 2019-07-01 20:30:39 +00:00			`tokenutil.TokenParams`

RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			Host string `json:"host" structs:"host" mapstructure:"host"`
			Port int `json:"port" structs:"port" mapstructure:"port"`
			Secret string `json:"secret" structs:"secret" mapstructure:"secret"`
			UnregisteredUserPolicies []string `json:"unregistered_user_policies" structs:"unregistered_user_policies" mapstructure:"unregistered_user_policies"`
			DialTimeout int `json:"dial_timeout" structs:"dial_timeout" mapstructure:"dial_timeout"`
			ReadTimeout int `json:"read_timeout" structs:"read_timeout" mapstructure:"read_timeout"`
			NasPort int `json:"nas_port" structs:"nas_port" mapstructure:"nas_port"`
ability to add NAS Identifier header to radius request (#5465) 2018-10-18 17:41:14 +00:00			NasIdentifier string `json:"nas_identifier" structs:"nas_identifier" mapstructure:"nas_identifier"`
RADIUS Authentication Backend (#2268) 2017-02-07 21:04:27 +00:00			`}`

			const pathConfigHelpSyn = `
			`Configure the RADIUS server to connect to, along with its options.`
			`

			const pathConfigHelpDesc = `
			`This endpoint allows you to configure the RADIUS server to connect to and its`
			`configuration options.`
			`