diff --git a/builtin/logical/database/path_roles.go b/builtin/logical/database/path_roles.go index 8be33c0a1..69884cb3a 100644 --- a/builtin/logical/database/path_roles.go +++ b/builtin/logical/database/path_roles.go @@ -36,31 +36,30 @@ func pathRoles(b *databaseBackend) *framework.Path { }, "creation_statements": { Type: framework.TypeString, - Description: `Statements to be executed to create a user. Must be a semicolon-separated - string, a base64-encoded semicolon-separated string, a serialized JSON string - array, or a base64-encoded serialized JSON string array. The '{{name}}', - '{{password}}', and '{{expiration}}' values will be substituted.`, + Description: `Specifies the database statements executed to + create and configure a user. See the plugin's API page for more + information on support and formatting for this parameter.`, }, "revocation_statements": { Type: framework.TypeString, - Description: `Statements to be executed to revoke a user. Must be a semicolon-separated - string, a base64-encoded semicolon-separated string, a serialized JSON string - array, or a base64-encoded serialized JSON string array. The '{{name}}' value - will be substituted.`, + Description: `Specifies the database statements to be executed + to revoke a user. See the plugin's API page for more information + on support and formatting for this parameter.`, }, "renew_statements": { Type: framework.TypeString, - Description: `Statements to be executed to renew a user. Must be a semicolon-separated - string, a base64-encoded semicolon-separated string, a serialized JSON string - array, or a base64-encoded serialized JSON string array. The '{{name}}' value - will be substituted.`, + Description: `Specifies the database statements to be executed + to renew a user. Not every plugin type will support this + functionality. See the plugin's API page for more information on + support and formatting for this parameter. `, }, "rollback_statements": { Type: framework.TypeString, - Description: `Statements to be executed to revoke a user. Must be a semicolon-separated - string, a base64-encoded semicolon-separated string, a serialized JSON string - array, or a base64-encoded serialized JSON string array. The '{{name}}' value - will be substituted.`, + Description: `Specifies the database statements to be executed + rollback a create operation in the event of an error. Not every + plugin type will support this functionality. See the plugin's + API page for more information on support and formatting for this + parameter.`, }, "default_ttl": { diff --git a/website/source/api/secret/databases/cassandra.html.md b/website/source/api/secret/databases/cassandra.html.md index 5e2b5a836..a7cf19738 100644 --- a/website/source/api/secret/databases/cassandra.html.md +++ b/website/source/api/secret/databases/cassandra.html.md @@ -94,3 +94,36 @@ $ curl \ --data @payload.json \ https://vault.rocks/v1/cassandra/config/connection ``` + +## Statements + +Statements are configured during role creation and are used by the plugin to +determine what is sent to the datatabse on user creation, renewing, and +revocation. For more information on configuring roles see the [Role +API](/api/secret/databases/index.html#create-role) in the Database Backend docs. + +### Parameters + +The following are the statements used by this plugin. If not mentioned in this +list the plugin does not support that statement type. + +- `creation_statements` `(string: "")` – Specifies the database + statements executed to create and configure a user. Must be a + semicolon-separated string, a base64-encoded semicolon-separated string, a + serialized JSON string array, or a base64-encoded serialized JSON string + array. The '{{name}}' and '{{password}}' values will be substituted. If not + provided, defaults to a generic create user statements that creates a + non-superuser. + +- `revocation_statements` `(string: "")` – Specifies the database statements to + be executed to revoke a user. Must be a semicolon-separated string, a + base64-encoded semicolon-separated string, a serialized JSON string array, or + a base64-encoded serialized JSON string array. The '{{name}}' value will be + substituted. If not provided defaults to a generic drop user statement. + +- `rollback_statements` `(string: "")` – Specifies the database statements to be + executed to rollback a create operation in the event of an error. Must be a + semicolon-separated string, a base64-encoded semicolon-separated string, a + serialized JSON string array, or a base64-encoded serialized JSON string + array. The '{{name}}' value will be substituted. If not provided, defaults to + a generic drop user statement diff --git a/website/source/api/secret/databases/index.html.md b/website/source/api/secret/databases/index.html.md index d43e49789..83d7e4f92 100644 --- a/website/source/api/secret/databases/index.html.md +++ b/website/source/api/secret/databases/index.html.md @@ -171,31 +171,23 @@ This endpoint creates or updates a role definition. number of seconds. Defaults to system/backend default TTL time. - `creation_statements` `(string: )` – Specifies the database - statements executed to create and configure a user. Must be a - semicolon-separated string, a base64-encoded semicolon-separated string, a - serialized JSON string array, or a base64-encoded serialized JSON string - array. The '{{name}}', '{{password}}' and '{{expiration}}' values will be - substituted. + statements executed to create and configure a user. See the plugin's API page + for more information on support and formatting for this parameter. - `revocation_statements` `(string: "")` – Specifies the database statements to - be executed to revoke a user. Must be a semicolon-separated string, a - base64-encoded semicolon-separated string, a serialized JSON string array, or - a base64-encoded serialized JSON string array. The '{{name}}' value will be - substituted. + be executed to revoke a user. See the plugin's API page for more information + on support and formatting for this parameter. - `rollback_statements` `(string: "")` – Specifies the database statements to be executed rollback a create operation in the event of an error. Not every - plugin type will support this functionality. Must be a semicolon-separated - string, a base64-encoded semicolon-separated string, a serialized JSON string - array, or a base64-encoded serialized JSON string array. The '{{name}}' value - will be substituted. + plugin type will support this functionality. See the plugin's API page for + more information on support and formatting for this parameter. - `renew_statements` `(string: "")` – Specifies the database statements to be executed to renew a user. Not every plugin type will support this - functionality. Must be a semicolon-separated string, a base64-encoded - semicolon-separated string, a serialized JSON string array, or a - base64-encoded serialized JSON string array. The '{{name}}' and - '{{expiration}}` values will be substituted. + functionality. See the plugin's API page for more information on support and + formatting for this parameter. + ### Sample Payload diff --git a/website/source/api/secret/databases/mssql.html.md b/website/source/api/secret/databases/mssql.html.md index d4b120e8d..4dd88282d 100644 --- a/website/source/api/secret/databases/mssql.html.md +++ b/website/source/api/secret/databases/mssql.html.md @@ -58,3 +58,26 @@ $ curl \ https://vault.rocks/v1/database/config/mssql ``` +## Statements + +Statements are configured during role creation and are used by the plugin to +determine what is sent to the datatabse on user creation, renewing, and +revocation. For more information on configuring roles see the [Role +API](/api/secret/databases/index.html#create-role) in the Database Backend docs. + +### Parameters + +The following are the statements used by this plugin. If not mentioned in this +list the plugin does not support that statement type. + +- `creation_statements` `(string: )` – Specifies the database + statements executed to create and configure a user. Must be a + semicolon-separated string, a base64-encoded semicolon-separated string, a + serialized JSON string array, or a base64-encoded serialized JSON string + array. The '{{name}}' and '{{password}}' values will be substituted. + +- `revocation_statements` `(string: "")` – Specifies the database statements to + be executed to revoke a user. Must be a semicolon-separated string, a + base64-encoded semicolon-separated string, a serialized JSON string array, or + a base64-encoded serialized JSON string array. The '{{name}}' value will be + substituted. If not provided defaults to a generic drop user statement. diff --git a/website/source/api/secret/databases/mysql-maria.html.md b/website/source/api/secret/databases/mysql-maria.html.md index b4657eaa6..7ee78fcb8 100644 --- a/website/source/api/secret/databases/mysql-maria.html.md +++ b/website/source/api/secret/databases/mysql-maria.html.md @@ -58,3 +58,26 @@ $ curl \ https://vault.rocks/v1/database/config/mysql ``` +## Statements + +Statements are configured during role creation and are used by the plugin to +determine what is sent to the datatabse on user creation, renewing, and +revocation. For more information on configuring roles see the [Role +API](/api/secret/databases/index.html#create-role) in the Database Backend docs. + +### Parameters + +The following are the statements used by this plugin. If not mentioned in this +list the plugin does not support that statement type. + +- `creation_statements` `(string: )` – Specifies the database + statements executed to create and configure a user. Must be a + semicolon-separated string, a base64-encoded semicolon-separated string, a + serialized JSON string array, or a base64-encoded serialized JSON string + array. The '{{name}}' and '{{password}}' values will be substituted. + +- `revocation_statements` `(string: "")` – Specifies the database statements to + be executed to revoke a user. Must be a semicolon-separated string, a + base64-encoded semicolon-separated string, a serialized JSON string array, or + a base64-encoded serialized JSON string array. The '{{name}}' value will be + substituted. If not provided defaults to a generic drop user statement. diff --git a/website/source/api/secret/databases/postgresql.html.md b/website/source/api/secret/databases/postgresql.html.md index a1aaeee1c..96cb90125 100644 --- a/website/source/api/secret/databases/postgresql.html.md +++ b/website/source/api/secret/databases/postgresql.html.md @@ -58,3 +58,41 @@ $ curl \ https://vault.rocks/v1/database/config/postgresql ``` +## Statements + +Statements are configured during role creation and are used by the plugin to +determine what is sent to the datatabse on user creation, renewing, and +revocation. For more information on configuring roles see the [Role +API](/api/secret/databases/index.html#create-role) in the Database Backend docs. + +### Parameters + +The following are the statements used by this plugin. If not mentioned in this +list the plugin does not support that statement type. + +- `creation_statements` `(string: )` – Specifies the database + statements executed to create and configure a user. Must be a + semicolon-separated string, a base64-encoded semicolon-separated string, a + serialized JSON string array, or a base64-encoded serialized JSON string + array. The '{{name}}', '{{password}}' and '{{expiration}}' values will be + substituted. + +- `revocation_statements` `(string: "")` – Specifies the database statements to + be executed to revoke a user. Must be a semicolon-separated string, a + base64-encoded semicolon-separated string, a serialized JSON string array, or + a base64-encoded serialized JSON string array. The '{{name}}' value will be + substituted. If not provided defaults to a generic drop user statement. + +- `rollback_statements` `(string: "")` – Specifies the database statements to be + executed rollback a create operation in the event of an error. Not every + plugin type will support this functionality. Must be a semicolon-separated + string, a base64-encoded semicolon-separated string, a serialized JSON string + array, or a base64-encoded serialized JSON string array. The '{{name}}' value + will be substituted. + +- `renew_statements` `(string: "")` – Specifies the database statements to be + executed to renew a user. Not every plugin type will support this + functionality. Must be a semicolon-separated string, a base64-encoded + semicolon-separated string, a serialized JSON string array, or a + base64-encoded serialized JSON string array. The '{{name}}' and + '{{expiration}}` values will be substituted.