luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

openapi: Add display attributes for PKI plugin (#19422)

This commit is contained in:
Anton Averchenkov 2023-04-06 11:10:01 -04:00 committed by GitHub
parent 7cf86c6dae
commit 543efc83e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 516 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
builtin/logical/pki/backend.go
View File

@ -25,6 +25,11 @@ import (
)
const (
operationPrefixPKI = "pki"
operationPrefixPKIIssuer = "pki-issuer"
operationPrefixPKIIssuers = "pki-issuers"
operationPrefixPKIRoot = "pki-root"
noRole = 0
roleOptional = 1
roleRequired = 2

38
builtin/logical/pki/path_config_ca.go
View File

@ -14,6 +14,13 @@ import (
func pathConfigCA(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/ca",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "configure",
OperationSuffix: "ca",
},
Fields: map[string]*framework.FieldSchema{
"pem_bundle": {
Type: framework.TypeString,
@ -73,6 +80,11 @@ For security reasons, the secret key cannot be retrieved later.
func pathConfigIssuers(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/issuers",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
},
Fields: map[string]*framework.FieldSchema{
defaultRef: {
Type: framework.TypeString,
@ -87,6 +99,9 @@ func pathConfigIssuers(b *backend) *framework.Path {
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathCAIssuersRead,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "issuers-configuration",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
@ -107,6 +122,10 @@ func pathConfigIssuers(b *backend) *framework.Path {
},
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathCAIssuersWrite,
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure",
OperationSuffix: "issuers",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
@ -136,6 +155,13 @@ func pathConfigIssuers(b *backend) *framework.Path {
func pathReplaceRoot(b *backend) *framework.Path {
return &framework.Path{
Pattern: "root/replace",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "replace",
OperationSuffix: "root",
},
Fields: map[string]*framework.FieldSchema{
"default": {
Type: framework.TypeString,
@ -273,6 +299,11 @@ value of the issuer with the name "next", if it exists.
func pathConfigKeys(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/keys",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
},
Fields: map[string]*framework.FieldSchema{
defaultRef: {
Type: framework.TypeString,
@ -283,6 +314,10 @@ func pathConfigKeys(b *backend) *framework.Path {
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathKeyDefaultWrite,
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure",
OperationSuffix: "keys",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
@ -300,6 +335,9 @@ func pathConfigKeys(b *backend) *framework.Path {
},
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathKeyDefaultRead,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "keys-configuration",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",

12
builtin/logical/pki/path_config_cluster.go
View File

@ -16,6 +16,11 @@ import (
func pathConfigCluster(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/cluster",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
},
Fields: map[string]*framework.FieldSchema{
"path": {
Type: framework.TypeString,
@ -44,6 +49,10 @@ For example: http://cdn.example.com/pr1/pki`,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure",
OperationSuffix: "cluster",
},
Callback: b.pathWriteCluster,
Responses: map[int][]framework.Response{
http.StatusOK: {{
@ -78,6 +87,9 @@ For example: http://cdn.example.com/pr1/pki`,
},
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathReadCluster,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "cluster-configuration",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",

12
builtin/logical/pki/path_config_crl.go
View File

@ -52,6 +52,11 @@ var defaultCrlConfig = crlConfig{
func pathConfigCRL(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/crl",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
},
Fields: map[string]*framework.FieldSchema{
"expiry": {
Type: framework.TypeString,
@ -113,6 +118,9 @@ existing CRL and OCSP paths will return the unified CRL instead of a response ba
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "crl-configuration",
},
Callback: b.pathCRLRead,
Responses: map[int][]framework.Response{
http.StatusOK: {{
@ -185,6 +193,10 @@ existing CRL and OCSP paths will return the unified CRL instead of a response ba
},
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathCRLWrite,
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure",
OperationSuffix: "crl",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",

12
builtin/logical/pki/path_config_urls.go
View File

@ -17,6 +17,11 @@ import (
func pathConfigURLs(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/urls",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
},
Fields: map[string]*framework.FieldSchema{
"issuing_certificates": {
Type: framework.TypeCommaStringSlice,
@ -51,6 +56,10 @@ to be set on all PR secondary clusters.`,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure",
OperationSuffix: "urls",
},
Callback: b.pathWriteURL,
Responses: map[int][]framework.Response{
http.StatusOK: {{
@ -86,6 +95,9 @@ set on all PR Secondary clusters.`,
},
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathReadURL,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "urls-configuration",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",

42
builtin/logical/pki/path_fetch.go
View File

@ -56,6 +56,11 @@ func pathFetchCA(b *backend) *framework.Path {
return &framework.Path{
Pattern: `ca(/pem)?`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "ca-der|ca-pem",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathFetchRead,
@ -73,6 +78,11 @@ func pathFetchCAChain(b *backend) *framework.Path {
return &framework.Path{
Pattern: `(cert/)?ca_chain`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "ca-chain-pem|cert-ca-chain",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathFetchRead,
@ -90,6 +100,11 @@ func pathFetchCRL(b *backend) *framework.Path {
return &framework.Path{
Pattern: `crl(/pem|/delta(/pem)?)?`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "crl-der|crl-pem|crl-delta|crl-delta-pem",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathFetchRead,
@ -107,6 +122,11 @@ func pathFetchUnifiedCRL(b *backend) *framework.Path {
return &framework.Path{
Pattern: `unified-crl(/pem|/delta(/pem)?)?`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "unified-crl-der|unified-crl-pem|unified-crl-delta|unified-crl-delta-pem",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathFetchRead,
@ -122,6 +142,12 @@ func pathFetchUnifiedCRL(b *backend) *framework.Path {
func pathFetchValidRaw(b *backend) *framework.Path {
return &framework.Path{
Pattern: `cert/(?P<serial>[0-9A-Fa-f-:]+)/raw(/pem)?`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "cert-raw-der|cert-raw-pem",
},
Fields: map[string]*framework.FieldSchema{
"serial": {
Type: framework.TypeString,
@ -147,6 +173,12 @@ hyphen-separated octal`,
func pathFetchValid(b *backend) *framework.Path {
return &framework.Path{
Pattern: `cert/(?P<serial>[0-9A-Fa-f-:]+)`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "cert",
},
Fields: map[string]*framework.FieldSchema{
"serial": {
Type: framework.TypeString,
@ -177,6 +209,11 @@ func pathFetchCRLViaCertPath(b *backend) *framework.Path {
return &framework.Path{
Pattern: pattern,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "cert-crl|cert-delta-crl|cert-unified-crl|cert-unified-delta-crl",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathFetchRead,
@ -194,6 +231,11 @@ func pathFetchListCerts(b *backend) *framework.Path {
return &framework.Path{
Pattern: "certs/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "certs",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathFetchCertList,

58
builtin/logical/pki/path_fetch_issuers.go
View File

@ -21,6 +21,11 @@ func pathListIssuers(b *backend) *framework.Path {
return &framework.Path{
Pattern: "issuers/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "issuers",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathListIssuersHandler,
@ -97,15 +102,27 @@ their identifier and their name (if set).
func pathGetIssuer(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "$"
return buildPathIssuer(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "issuer",
}
return buildPathIssuer(b, pattern, displayAttrs)
}
func pathGetUnauthedIssuer(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/(json|der|pem)$"
return buildPathGetIssuer(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "issuer-json|issuer-der|issuer-pem",
}
return buildPathGetIssuer(b, pattern, displayAttrs)
}
func buildPathIssuer(b *backend, pattern string) *framework.Path {
func buildPathIssuer(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
fields := map[string]*framework.FieldSchema{}
fields = addIssuerRefNameFields(fields)
@ -255,8 +272,9 @@ to be set on all PR secondary clusters.`,
return &framework.Path{
// Returns a JSON entry.
Pattern: pattern,
Fields: fields,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: fields,
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
@ -296,7 +314,7 @@ to be set on all PR secondary clusters.`,
}
}
func buildPathGetIssuer(b *backend, pattern string) *framework.Path {
func buildPathGetIssuer(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
fields := map[string]*framework.FieldSchema{}
fields = addIssuerRefField(fields)
@ -333,8 +351,9 @@ func buildPathGetIssuer(b *backend, pattern string) *framework.Path {
return &framework.Path{
// Returns a JSON entry.
Pattern: pattern,
Fields: fields,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: fields,
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
@ -1110,22 +1129,35 @@ the certificate.
func pathGetIssuerCRL(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/crl(/pem|/der|/delta(/pem|/der)?)?"
return buildPathGetIssuerCRL(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationSuffix: "crl|crl-pem|crl-der|crl-delta|crl-delta-pem|crl-delta-der",
}
return buildPathGetIssuerCRL(b, pattern, displayAttrs)
}
func pathGetIssuerUnifiedCRL(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/unified-crl(/pem|/der|/delta(/pem|/der)?)?"
return buildPathGetIssuerCRL(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationSuffix: "unified-crl|unified-crl-pem|unified-crl-der|unified-crl-delta|unified-crl-delta-pem|unified-crl-delta-der",
}
return buildPathGetIssuerCRL(b, pattern, displayAttrs)
}
func buildPathGetIssuerCRL(b *backend, pattern string) *framework.Path {
func buildPathGetIssuerCRL(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
fields := map[string]*framework.FieldSchema{}
fields = addIssuerRefNameFields(fields)
return &framework.Path{
// Returns raw values.
Pattern: pattern,
Fields: fields,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: fields,
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{

18
builtin/logical/pki/path_fetch_keys.go
View File

@ -18,6 +18,11 @@ func pathListKeys(b *backend) *framework.Path {
return &framework.Path{
Pattern: "keys/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "keys",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathListKeysHandler,
@ -91,12 +96,19 @@ func (b *backend) pathListKeysHandler(ctx context.Context, req *logical.Request,
func pathKey(b *backend) *framework.Path {
pattern := "key/" + framework.GenericNameRegex(keyRefParam)
return buildPathKey(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "key",
}
return buildPathKey(b, pattern, displayAttrs)
}
func buildPathKey(b *backend, pattern string) *framework.Path {
func buildPathKey(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
return &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: map[string]*framework.FieldSchema{
keyRefParam: {

16
builtin/logical/pki/path_intermediate.go
View File

@ -15,13 +15,27 @@ import (
)
func pathGenerateIntermediate(b *backend) *framework.Path {
return buildPathGenerateIntermediate(b, "intermediate/generate/"+framework.GenericNameRegex("exported"))
pattern := "intermediate/generate/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "generate",
OperationSuffix: "intermediate",
}
return buildPathGenerateIntermediate(b, pattern, displayAttrs)
}
func pathSetSignedIntermediate(b *backend) *framework.Path {
ret := &framework.Path{
Pattern: "intermediate/set-signed",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "set-signed",
OperationSuffix: "intermediate",
},
Fields: map[string]*framework.FieldSchema{
"certificate": {
Type: framework.TypeString,

71
builtin/logical/pki/path_issue_sign.go
View File

@ -23,17 +23,32 @@ import (
func pathIssue(b *backend) *framework.Path {
pattern := "issue/" + framework.GenericNameRegex("role")
return buildPathIssue(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "issue",
OperationSuffix: "with-role",
}
return buildPathIssue(b, pattern, displayAttrs)
}
func pathIssuerIssue(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/issue/" + framework.GenericNameRegex("role")
return buildPathIssue(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "issue",
OperationSuffix: "with-role",
}
return buildPathIssue(b, pattern, displayAttrs)
}
func buildPathIssue(b *backend, pattern string) *framework.Path {
func buildPathIssue(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
ret := &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
@ -93,17 +108,32 @@ func buildPathIssue(b *backend, pattern string) *framework.Path {
func pathSign(b *backend) *framework.Path {
pattern := "sign/" + framework.GenericNameRegex("role")
return buildPathSign(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "sign",
OperationSuffix: "with-role",
}
return buildPathSign(b, pattern, displayAttrs)
}
func pathIssuerSign(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign/" + framework.GenericNameRegex("role")
return buildPathSign(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "sign",
OperationSuffix: "with-role",
}
return buildPathSign(b, pattern, displayAttrs)
}
func buildPathSign(b *backend, pattern string) *framework.Path {
func buildPathSign(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
ret := &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
@ -170,18 +200,33 @@ func buildPathSign(b *backend, pattern string) *framework.Path {
func pathIssuerSignVerbatim(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-verbatim" + framework.OptionalParamRegex("role")
return buildPathIssuerSignVerbatim(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "sign",
OperationSuffix: "verbatim|verbatim-with-role",
}
return buildPathIssuerSignVerbatim(b, pattern, displayAttrs)
}
func pathSignVerbatim(b *backend) *framework.Path {
pattern := "sign-verbatim" + framework.OptionalParamRegex("role")
return buildPathIssuerSignVerbatim(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "sign",
OperationSuffix: "verbatim|verbatim-with-role",
}
return buildPathIssuerSignVerbatim(b, pattern, displayAttrs)
}
func buildPathIssuerSignVerbatim(b *backend, pattern string) *framework.Path {
func buildPathIssuerSignVerbatim(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
ret := &framework.Path{
Pattern: pattern,
Fields: map[string]*framework.FieldSchema{},
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: map[string]*framework.FieldSchema{},
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{

67
builtin/logical/pki/path_manage_issuers.go
View File

@ -19,16 +19,33 @@ import (
)
func pathIssuerGenerateRoot(b *backend) *framework.Path {
return buildPathGenerateRoot(b, "issuers/generate/root/"+framework.GenericNameRegex("exported"))
pattern := "issuers/generate/root/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuers,
OperationVerb: "generate",
OperationSuffix: "root",
}
return buildPathGenerateRoot(b, pattern, displayAttrs)
}
func pathRotateRoot(b *backend) *framework.Path {
return buildPathGenerateRoot(b, "root/rotate/"+framework.GenericNameRegex("exported"))
pattern := "root/rotate/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuers,
OperationVerb: "rotate",
OperationSuffix: "root",
}
return buildPathGenerateRoot(b, pattern, displayAttrs)
}
func buildPathGenerateRoot(b *backend, pattern string) *framework.Path {
func buildPathGenerateRoot(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
ret := &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
@ -102,17 +119,33 @@ func buildPathGenerateRoot(b *backend, pattern string) *framework.Path {
}
func pathIssuerGenerateIntermediate(b *backend) *framework.Path {
return buildPathGenerateIntermediate(b,
"issuers/generate/intermediate/"+framework.GenericNameRegex("exported"))
pattern := "issuers/generate/intermediate/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuers,
OperationVerb: "generate",
OperationSuffix: "intermediate",
}
return buildPathGenerateIntermediate(b, pattern, displayAttrs)
}
func pathCrossSignIntermediate(b *backend) *framework.Path {
return buildPathGenerateIntermediate(b, "intermediate/cross-sign")
pattern := "intermediate/cross-sign"
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "cross-sign",
OperationSuffix: "intermediate",
}
return buildPathGenerateIntermediate(b, pattern, displayAttrs)
}
func buildPathGenerateIntermediate(b *backend, pattern string) *framework.Path {
func buildPathGenerateIntermediate(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
ret := &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathGenerateIntermediate,
@ -173,6 +206,13 @@ with Active Directory Certificate Services.`,
func pathImportIssuer(b *backend) *framework.Path {
return &framework.Path{
Pattern: "issuers/import/(cert|bundle)",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuers,
OperationVerb: "import",
OperationSuffix: "cert|bundle",
},
Fields: map[string]*framework.FieldSchema{
"pem_bundle": {
Type: framework.TypeString,
@ -454,7 +494,14 @@ func pathRevokeIssuer(b *backend) *framework.Path {
return &framework.Path{
Pattern: "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/revoke",
Fields: fields,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "revoke",
OperationSuffix: "issuer",
},
Fields: fields,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{

12
builtin/logical/pki/path_manage_keys.go
View File

@ -19,6 +19,12 @@ func pathGenerateKey(b *backend) *framework.Path {
return &framework.Path{
Pattern: "keys/generate/(internal|exported|kms)",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "generate",
OperationSuffix: "internal-key|exported-key|kms-key",
},
Fields: map[string]*framework.FieldSchema{
keyNameParam: {
Type: framework.TypeString,
@ -182,6 +188,12 @@ func pathImportKey(b *backend) *framework.Path {
return &framework.Path{
Pattern: "keys/import",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "import",
OperationSuffix: "key",
},
Fields: map[string]*framework.FieldSchema{
keyNameParam: {
Type: framework.TypeString,

50
builtin/logical/pki/path_ocsp.go
View File

@ -71,16 +71,33 @@ var (
)
func buildPathOcspGet(b *backend) *framework.Path {
return buildOcspGetWithPath(b, "ocsp/"+framework.MatchAllRegex(ocspReqParam))
pattern := "ocsp/" + framework.MatchAllRegex(ocspReqParam)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "query",
OperationSuffix: "ocsp-with-get-req",
}
return buildOcspGetWithPath(b, pattern, displayAttrs)
}
func buildPathUnifiedOcspGet(b *backend) *framework.Path {
return buildOcspGetWithPath(b, "unified-ocsp/"+framework.MatchAllRegex(ocspReqParam))
pattern := "unified-ocsp/" + framework.MatchAllRegex(ocspReqParam)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "query",
OperationSuffix: "unified-ocsp-with-get-req",
}
return buildOcspGetWithPath(b, pattern, displayAttrs)
}
func buildOcspGetWithPath(b *backend, pattern string) *framework.Path {
func buildOcspGetWithPath(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
return &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: map[string]*framework.FieldSchema{
ocspReqParam: {
Type: framework.TypeString,
@ -99,16 +116,33 @@ func buildOcspGetWithPath(b *backend, pattern string) *framework.Path {
}
func buildPathOcspPost(b *backend) *framework.Path {
return buildOcspPostWithPath(b, "ocsp")
pattern := "ocsp"
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "query",
OperationSuffix: "ocsp",
}
return buildOcspPostWithPath(b, pattern, displayAttrs)
}
func buildPathUnifiedOcspPost(b *backend) *framework.Path {
return buildOcspPostWithPath(b, "unified-ocsp")
pattern := "unified-ocsp"
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "query",
OperationSuffix: "unified-ocsp",
}
return buildOcspPostWithPath(b, pattern, displayAttrs)
}
func buildOcspPostWithPath(b *backend, pattern string) *framework.Path {
func buildOcspPostWithPath(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
return &framework.Path{
Pattern: pattern,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.ocspHandler,

14
builtin/logical/pki/path_resign_crls.go
View File

@ -43,6 +43,13 @@ var (
func pathResignCrls(b *backend) *framework.Path {
return &framework.Path{
Pattern: "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/resign-crls",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "resign",
OperationSuffix: "crls",
},
Fields: map[string]*framework.FieldSchema{
issuerRefParam: {
Type: framework.TypeString,
@ -105,6 +112,13 @@ base64 encoded. Defaults to "pem".`,
func pathSignRevocationList(b *backend) *framework.Path {
return &framework.Path{
Pattern: "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-revocation-list",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "sign",
OperationSuffix: "revocation-list",
},
Fields: map[string]*framework.FieldSchema{
issuerRefParam: {
Type: framework.TypeString,

40
builtin/logical/pki/path_revoke.go
View File

@ -28,6 +28,11 @@ func pathListCertsRevoked(b *backend) *framework.Path {
return &framework.Path{
Pattern: "certs/revoked/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "revoked-certs",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathListRevokedCertsHandler,
@ -55,6 +60,11 @@ func pathListCertsRevocationQueue(b *backend) *framework.Path {
return &framework.Path{
Pattern: "certs/revocation-queue/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "certs-revocation-queue",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathListRevocationQueueHandler,
@ -69,6 +79,12 @@ func pathListCertsRevocationQueue(b *backend) *framework.Path {
func pathRevoke(b *backend) *framework.Path {
return &framework.Path{
Pattern: `revoke`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "revoke",
},
Fields: map[string]*framework.FieldSchema{
"serial_number": {
Type: framework.TypeString,
@ -122,6 +138,13 @@ signed by an issuer in this mount.`,
func pathRevokeWithKey(b *backend) *framework.Path {
return &framework.Path{
Pattern: `revoke-with-key`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "revoke",
OperationSuffix: "with-key",
},
Fields: map[string]*framework.FieldSchema{
"serial_number": {
Type: framework.TypeString,
@ -181,6 +204,12 @@ func pathRotateCRL(b *backend) *framework.Path {
return &framework.Path{
Pattern: `crl/rotate`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "rotate",
OperationSuffix: "crl",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathRotateCRLRead,
@ -212,6 +241,12 @@ func pathRotateDeltaCRL(b *backend) *framework.Path {
return &framework.Path{
Pattern: `crl/rotate-delta`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "rotate",
OperationSuffix: "delta-crl",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathRotateDeltaCRLRead,
@ -243,6 +278,11 @@ func pathListUnifiedRevoked(b *backend) *framework.Path {
return &framework.Path{
Pattern: "certs/unified-revoked/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "unified-revoked-certs",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathListUnifiedRevokedCertsHandler,

11
builtin/logical/pki/path_roles.go
View File

@ -24,6 +24,11 @@ func pathListRoles(b *backend) *framework.Path {
return &framework.Path{
Pattern: "roles/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "roles",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ListOperation: &framework.PathOperation{
Callback: b.pathRoleList,
@ -396,6 +401,12 @@ serviced by this role.`,
return &framework.Path{
Pattern: "roles/" + framework.GenericNameRegex("name"),
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "role",
},
Fields: map[string]*framework.FieldSchema{
"backend": {
Type: framework.TypeString,

16
builtin/logical/pki/path_root.go
View File

@ -30,12 +30,26 @@ import (
)
func pathGenerateRoot(b *backend) *framework.Path {
return buildPathGenerateRoot(b, "root/generate/"+framework.GenericNameRegex("exported"))
pattern := "root/generate/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "generate",
OperationSuffix: "root",
}
return buildPathGenerateRoot(b, pattern, displayAttrs)
}
func pathDeleteRoot(b *backend) *framework.Path {
ret := &framework.Path{
Pattern: "root",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationSuffix: "root",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.DeleteOperation: &framework.PathOperation{
Callback: b.pathCADeleteRoot,

50
builtin/logical/pki/path_sign_issuers.go
View File

@ -12,19 +12,34 @@ import (
func pathIssuerSignIntermediate(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-intermediate"
return buildPathIssuerSignIntermediateRaw(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "sign",
OperationSuffix: "intermediate",
}
return buildPathIssuerSignIntermediateRaw(b, pattern, displayAttrs)
}
func pathSignIntermediate(b *backend) *framework.Path {
pattern := "root/sign-intermediate"
return buildPathIssuerSignIntermediateRaw(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIRoot,
OperationVerb: "sign",
OperationSuffix: "intermediate",
}
return buildPathIssuerSignIntermediateRaw(b, pattern, displayAttrs)
}
func buildPathIssuerSignIntermediateRaw(b *backend, pattern string) *framework.Path {
func buildPathIssuerSignIntermediateRaw(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
fields := addIssuerRefField(map[string]*framework.FieldSchema{})
path := &framework.Path{
Pattern: pattern,
Fields: fields,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: fields,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathIssuerSignIntermediate,
@ -150,15 +165,29 @@ See the API documentation for more information about required parameters.
func pathIssuerSignSelfIssued(b *backend) *framework.Path {
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-self-issued"
return buildPathIssuerSignSelfIssued(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuer,
OperationVerb: "sign",
OperationSuffix: "self-issued",
}
return buildPathIssuerSignSelfIssued(b, pattern, displayAttrs)
}
func pathSignSelfIssued(b *backend) *framework.Path {
pattern := "root/sign-self-issued"
return buildPathIssuerSignSelfIssued(b, pattern)
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIRoot,
OperationVerb: "sign",
OperationSuffix: "self-issued",
}
return buildPathIssuerSignSelfIssued(b, pattern, displayAttrs)
}
func buildPathIssuerSignSelfIssued(b *backend, pattern string) *framework.Path {
func buildPathIssuerSignSelfIssued(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path {
fields := map[string]*framework.FieldSchema{
"certificate": {
Type: framework.TypeString,
@ -172,8 +201,9 @@ func buildPathIssuerSignSelfIssued(b *backend, pattern string) *framework.Path {
}
fields = addIssuerRefField(fields)
path := &framework.Path{
Pattern: pattern,
Fields: fields,
Pattern: pattern,
DisplayAttrs: displayAttrs,
Fields: fields,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathIssuerSignSelfIssued,

32
builtin/logical/pki/path_tidy.go
View File

@ -101,7 +101,13 @@ var defaultTidyConfig = tidyConfig{
func pathTidy(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy$",
Fields: addTidyFields(map[string]*framework.FieldSchema{}),
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
},
Fields: addTidyFields(map[string]*framework.FieldSchema{}),
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidyWrite,
@ -122,6 +128,13 @@ func pathTidy(b *backend) *framework.Path {
func pathTidyCancel(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy-cancel$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
OperationSuffix: "cancel",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidyCancelWrite,
@ -251,6 +264,13 @@ func pathTidyCancel(b *backend) *framework.Path {
func pathTidyStatus(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy-status$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
OperationSuffix: "status",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathTidyStatusRead,
@ -382,6 +402,9 @@ func pathTidyStatus(b *backend) *framework.Path {
func pathConfigAutoTidy(b *backend) *framework.Path {
return &framework.Path{
Pattern: "config/auto-tidy",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
},
Fields: addTidyFields(map[string]*framework.FieldSchema{
"enabled": {
Type: framework.TypeBool,
@ -396,6 +419,9 @@ func pathConfigAutoTidy(b *backend) *framework.Path {
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathConfigAutoTidyRead,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "auto-tidy-configuration",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
@ -475,6 +501,10 @@ func pathConfigAutoTidy(b *backend) *framework.Path {
},
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathConfigAutoTidyWrite,
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure",
OperationSuffix: "auto-tidy",
},
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",