From 03c09341a46107afab5ec93055c234dc88c3d812 Mon Sep 17 00:00:00 2001
From: Seth Vargo <sethvargo@gmail.com>
Date: Wed, 13 Apr 2016 22:15:54 +0100
Subject: [PATCH] Add missing path-helps and clarify subpaths in tables

---
 vault/logical_system.go | 170 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 149 insertions(+), 21 deletions(-)

diff --git a/vault/logical_system.go b/vault/logical_system.go
index b97d0b3d9..85db8d949 100644
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@@ -83,6 +83,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				HelpSynopsis:    strings.TrimSpace(sysHelp["capabilities"][0]),
 				HelpDescription: strings.TrimSpace(sysHelp["capabilities"][1]),
 			},
+
 			&framework.Path{
 				Pattern: "capabilities-self$",
 
@@ -105,6 +106,18 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				HelpDescription: strings.TrimSpace(sysHelp["capabilities_self"][1]),
 			},
 
+			&framework.Path{
+				Pattern:         "generate-root(/attempt)?$",
+				HelpSynopsis:    strings.TrimSpace(sysHelp["generate-root"][0]),
+				HelpDescription: strings.TrimSpace(sysHelp["generate-root"][1]),
+			},
+
+			&framework.Path{
+				Pattern:         "init$",
+				HelpSynopsis:    strings.TrimSpace(sysHelp["init"][0]),
+				HelpDescription: strings.TrimSpace(sysHelp["init"][1]),
+			},
+
 			&framework.Path{
 				Pattern: "rekey/backup$",
 
@@ -208,11 +221,11 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				Fields: map[string]*framework.FieldSchema{
 					"from": &framework.FieldSchema{
 						Type:        framework.TypeString,
-						Description: strings.TrimSpace(sysHelp["remount_from"][0]),
+						Description: "The previous mount point.",
 					},
 					"to": &framework.FieldSchema{
 						Type:        framework.TypeString,
-						Description: strings.TrimSpace(sysHelp["remount_to"][0]),
+						Description: "The new mount point.",
 					},
 				},
 
@@ -374,6 +387,24 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				HelpDescription: strings.TrimSpace(sysHelp["policy"][1]),
 			},
 
+			&framework.Path{
+				Pattern:         "seal-status$",
+				HelpSynopsis:    strings.TrimSpace(sysHelp["seal-status"][0]),
+				HelpDescription: strings.TrimSpace(sysHelp["seal-status"][1]),
+			},
+
+			&framework.Path{
+				Pattern:         "seal$",
+				HelpSynopsis:    strings.TrimSpace(sysHelp["seal"][0]),
+				HelpDescription: strings.TrimSpace(sysHelp["seal"][1]),
+			},
+
+			&framework.Path{
+				Pattern:         "unseal$",
+				HelpSynopsis:    strings.TrimSpace(sysHelp["unseal"][0]),
+				HelpDescription: strings.TrimSpace(sysHelp["unseal"][1]),
+			},
+
 			&framework.Path{
 				Pattern: "audit-hash/(?P<path>.+)",
 
@@ -1292,11 +1323,86 @@ as well as perform core operations.
 
 // sysHelp is all the help text for the sys backend.
 var sysHelp = map[string][2]string{
+	"init": {
+		"Initializes or returns the initialization status of the Vault.",
+		`
+This path responds to the following HTTP methods.
+
+    GET /
+        Returns the initialization status of the Vault.
+
+    POST /
+        Initializes a new vault.
+		`,
+	},
+	"generate-root": {
+		"Reads, generates, or deletes a root token regeneration process.",
+		`
+This path responds to multiple HTTP methods which change the behavior. Those
+HTTP methods are listed below.
+
+    GET /attempt
+        Reads the configuration and progress of the current root generation
+        attempt.
+
+    POST /attempt
+        Initializes a new root generation attempt. Only a single root generation
+        attempt can take place at a time. One (and only one) of otp or pgp_key
+        are required.
+
+    DELETE /attempt
+        Cancels any in-progress root generation attempt. This clears any
+        progress made. This must be called to change the OTP or PGP key being
+        used.
+		`,
+	},
+	"seal-status": {
+		"Returns the seal status of the Vault.",
+		`
+This path responds to the following HTTP methods.
+
+    GET /
+        Returns the seal status of the Vault. This is an unauthenticated
+        endpoint.
+		`,
+	},
+	"seal": {
+		"Seals the Vault.",
+		`
+This path responds to the following HTTP methods.
+
+    PUT /
+        Seals the Vault.
+		`,
+	},
+	"unseal": {
+		"Unseals the Vault.",
+		`
+This path responds to the following HTTP methods.
+
+    PUT /
+        Unseals the Vault.
+		`,
+	},
 	"mounts": {
 		"List the currently mounted backends.",
 		`
-List the currently mounted backends: the mount path, the type of the backend,
-and a user friendly description of the purpose for the mount.
+This path responds to the following HTTP methods.
+
+    GET /
+        Lists all the mounted secret backends.
+
+    GET /<mount point>
+        Get information about the mount at the specified path.
+
+    POST /<mount point>
+        Mount a new secret backend to the mount point in the URL.
+
+    POST /<mount point>/tune
+        Tune configuration parameters for the given mount point.
+
+    DELETE /<mount point>
+        Unmount the specified mount point.
 		`,
 	},
 
@@ -1341,20 +1447,13 @@ and max_lease_ttl.`,
 	"remount": {
 		"Move the mount point of an already-mounted backend.",
 		`
-Change the mount point of an already-mounted backend.
+This path responds to the following HTTP methods.
+
+    POST /sys/remount
+        Changes the mount point of an already-mounted backend.
 		`,
 	},
 
-	"remount_from": {
-		"",
-		"",
-	},
-
-	"remount_to": {
-		"",
-		"",
-	},
-
 	"mount_tune": {
 		"Tune backend configuration parameters for this mount.",
 	},
@@ -1426,8 +1525,18 @@ of external secrets. Access to this prefix should be tightly controlled.
 	"auth-table": {
 		"List the currently enabled credential backends.",
 		`
-List the currently enabled credential backends: the name, the type of the backend,
-and a user friendly description of the purpose for the credential backend.
+This path responds to the following HTTP methods.
+
+    GET /
+        List the currently enabled credential backends: the name, the type of
+        the backend, and a user friendly description of the purpose for the
+        credential backend.
+
+    POST /<mount point>
+        Enable a new auth backend.
+
+    DELETE /<mount point>
+        Disable the auth backend at the given mount point.
 		`,
 	},
 
@@ -1458,8 +1567,19 @@ Example: you might have an OAuth backend for GitHub, and one for Google Apps.
 	"policy-list": {
 		`List the configured access control policies.`,
 		`
-List the names of the configured access control policies. Policies are associated
-with client tokens to limit access to keys in the Vault.
+This path responds to the following HTTP methods.
+
+    GET /
+        List the names of the configured access control policies.
+
+    GET /<name>
+        Retrieve the rules for the named policy.
+
+    PUT /<name>
+        Add or update a policy.
+
+    DELETE /<name>
+        Delete the policy with the given name.
 		`,
 	},
 
@@ -1489,8 +1609,16 @@ or delete a policy.
 	"audit-table": {
 		"List the currently enabled audit backends.",
 		`
-List the currently enabled audit backends: the name, the type of the backend,
-a user friendly description of the audit backend, and it's configuration options.
+This path responds to the following HTTP methods.
+
+    GET /
+        List the currently enabled audit backends.
+
+    PUT /<path>
+        Enable an audit backend at the given path.
+
+    DELETE /<path>
+        Disable the given audit backend.
 		`,
 	},