luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add some documentation to the API revoke functions

This commit is contained in:
Jeff Mitchell 2016-02-03 11:42:13 -05:00
parent 93cf4ba2c4
commit 0c427e27e9
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/auth_token.go
View File

@ -83,6 +83,8 @@ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) {
return ParseSecret(resp.Body) return ParseSecret(resp.Body)
} }
// RevokeOrphan revokes a token without revoking the tree underneath it (so
// child tokens are orphaned rather than revoked)
func (c *TokenAuth) RevokeOrphan(token string) error { func (c *TokenAuth) RevokeOrphan(token string) error {
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-orphan/"+token) r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-orphan/"+token)
resp, err := c.c.RawRequest(r) resp, err := c.c.RawRequest(r)
@ -94,6 +96,8 @@ func (c *TokenAuth) RevokeOrphan(token string) error {
return nil return nil
} }
// RevokePrefix revokes a token based on a prefix, which can be used to revoke
// e.g. all tokens issued by a certain credential mount
func (c *TokenAuth) RevokePrefix(token string) error { func (c *TokenAuth) RevokePrefix(token string) error {
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-prefix/"+token) r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-prefix/"+token)
resp, err := c.c.RawRequest(r) resp, err := c.c.RawRequest(r)
@ -105,6 +109,7 @@ func (c *TokenAuth) RevokePrefix(token string) error {
return nil return nil
} }
// RevokeSelf revokes the token making the call
func (c *TokenAuth) RevokeSelf() error { func (c *TokenAuth) RevokeSelf() error {
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self") r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self")
resp, err := c.c.RawRequest(r) resp, err := c.c.RawRequest(r)
@ -116,6 +121,9 @@ func (c *TokenAuth) RevokeSelf() error {
return nil return nil
} }
// RevokeTree is the "normal" revoke operation that revokes the given token and
// the entire tree underneath -- all of its child tokens, their child tokens,
// etc.
func (c *TokenAuth) RevokeTree(token string) error { func (c *TokenAuth) RevokeTree(token string) error {
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke/"+token) r := c.c.NewRequest("PUT", "/v1/auth/token/revoke/"+token)
resp, err := c.c.RawRequest(r) resp, err := c.c.RawRequest(r)