From 0c427e27e9adc94d631cca828b0ab9a47a8d7b01 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 3 Feb 2016 11:42:13 -0500 Subject: [PATCH] Add some documentation to the API revoke functions --- api/auth_token.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/api/auth_token.go b/api/auth_token.go index f65c0a7c5..dda415664 100644 --- a/api/auth_token.go +++ b/api/auth_token.go @@ -83,6 +83,8 @@ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) { return ParseSecret(resp.Body) } +// RevokeOrphan revokes a token without revoking the tree underneath it (so +// child tokens are orphaned rather than revoked) func (c *TokenAuth) RevokeOrphan(token string) error { r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-orphan/"+token) resp, err := c.c.RawRequest(r) @@ -94,6 +96,8 @@ func (c *TokenAuth) RevokeOrphan(token string) error { return nil } +// RevokePrefix revokes a token based on a prefix, which can be used to revoke +// e.g. all tokens issued by a certain credential mount func (c *TokenAuth) RevokePrefix(token string) error { r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-prefix/"+token) resp, err := c.c.RawRequest(r) @@ -105,6 +109,7 @@ func (c *TokenAuth) RevokePrefix(token string) error { return nil } +// RevokeSelf revokes the token making the call func (c *TokenAuth) RevokeSelf() error { r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self") resp, err := c.c.RawRequest(r) @@ -116,6 +121,9 @@ func (c *TokenAuth) RevokeSelf() error { return nil } +// RevokeTree is the "normal" revoke operation that revokes the given token and +// the entire tree underneath -- all of its child tokens, their child tokens, +// etc. func (c *TokenAuth) RevokeTree(token string) error { r := c.c.NewRequest("PUT", "/v1/auth/token/revoke/"+token) resp, err := c.c.RawRequest(r)