From 543efc83e47f45d0e4f74cd376485a1ba8d31af2 Mon Sep 17 00:00:00 2001 From: Anton Averchenkov <84287187+averche@users.noreply.github.com> Date: Thu, 6 Apr 2023 11:10:01 -0400 Subject: [PATCH] openapi: Add display attributes for PKI plugin (#19422) --- builtin/logical/pki/backend.go | 5 ++ builtin/logical/pki/path_config_ca.go | 38 ++++++++++++ builtin/logical/pki/path_config_cluster.go | 12 ++++ builtin/logical/pki/path_config_crl.go | 12 ++++ builtin/logical/pki/path_config_urls.go | 12 ++++ builtin/logical/pki/path_fetch.go | 42 +++++++++++++ builtin/logical/pki/path_fetch_issuers.go | 58 ++++++++++++++---- builtin/logical/pki/path_fetch_keys.go | 18 +++++- builtin/logical/pki/path_intermediate.go | 16 ++++- builtin/logical/pki/path_issue_sign.go | 71 ++++++++++++++++++---- builtin/logical/pki/path_manage_issuers.go | 67 +++++++++++++++++--- builtin/logical/pki/path_manage_keys.go | 12 ++++ builtin/logical/pki/path_ocsp.go | 50 ++++++++++++--- builtin/logical/pki/path_resign_crls.go | 14 +++++ builtin/logical/pki/path_revoke.go | 40 ++++++++++++ builtin/logical/pki/path_roles.go | 11 ++++ builtin/logical/pki/path_root.go | 16 ++++- builtin/logical/pki/path_sign_issuers.go | 50 ++++++++++++--- builtin/logical/pki/path_tidy.go | 32 +++++++++- 19 files changed, 516 insertions(+), 60 deletions(-) diff --git a/builtin/logical/pki/backend.go b/builtin/logical/pki/backend.go index 7d2a8ea1e..f0883f5f8 100644 --- a/builtin/logical/pki/backend.go +++ b/builtin/logical/pki/backend.go @@ -25,6 +25,11 @@ import ( ) const ( + operationPrefixPKI = "pki" + operationPrefixPKIIssuer = "pki-issuer" + operationPrefixPKIIssuers = "pki-issuers" + operationPrefixPKIRoot = "pki-root" + noRole = 0 roleOptional = 1 roleRequired = 2 diff --git a/builtin/logical/pki/path_config_ca.go b/builtin/logical/pki/path_config_ca.go index 3c4927bf1..74fa3099e 100644 --- a/builtin/logical/pki/path_config_ca.go +++ b/builtin/logical/pki/path_config_ca.go @@ -14,6 +14,13 @@ import ( func pathConfigCA(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/ca", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "configure", + OperationSuffix: "ca", + }, + Fields: map[string]*framework.FieldSchema{ "pem_bundle": { Type: framework.TypeString, @@ -73,6 +80,11 @@ For security reasons, the secret key cannot be retrieved later. func pathConfigIssuers(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/issuers", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + }, + Fields: map[string]*framework.FieldSchema{ defaultRef: { Type: framework.TypeString, @@ -87,6 +99,9 @@ func pathConfigIssuers(b *backend) *framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathCAIssuersRead, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "issuers-configuration", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", @@ -107,6 +122,10 @@ func pathConfigIssuers(b *backend) *framework.Path { }, logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathCAIssuersWrite, + DisplayAttrs: &framework.DisplayAttributes{ + OperationVerb: "configure", + OperationSuffix: "issuers", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", @@ -136,6 +155,13 @@ func pathConfigIssuers(b *backend) *framework.Path { func pathReplaceRoot(b *backend) *framework.Path { return &framework.Path{ Pattern: "root/replace", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "replace", + OperationSuffix: "root", + }, + Fields: map[string]*framework.FieldSchema{ "default": { Type: framework.TypeString, @@ -273,6 +299,11 @@ value of the issuer with the name "next", if it exists. func pathConfigKeys(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/keys", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + }, + Fields: map[string]*framework.FieldSchema{ defaultRef: { Type: framework.TypeString, @@ -283,6 +314,10 @@ func pathConfigKeys(b *backend) *framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathKeyDefaultWrite, + DisplayAttrs: &framework.DisplayAttributes{ + OperationVerb: "configure", + OperationSuffix: "keys", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", @@ -300,6 +335,9 @@ func pathConfigKeys(b *backend) *framework.Path { }, logical.ReadOperation: &framework.PathOperation{ Callback: b.pathKeyDefaultRead, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "keys-configuration", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", diff --git a/builtin/logical/pki/path_config_cluster.go b/builtin/logical/pki/path_config_cluster.go index a9ea8cb78..f0a199ece 100644 --- a/builtin/logical/pki/path_config_cluster.go +++ b/builtin/logical/pki/path_config_cluster.go @@ -16,6 +16,11 @@ import ( func pathConfigCluster(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/cluster", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + }, + Fields: map[string]*framework.FieldSchema{ "path": { Type: framework.TypeString, @@ -44,6 +49,10 @@ For example: http://cdn.example.com/pr1/pki`, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ + DisplayAttrs: &framework.DisplayAttributes{ + OperationVerb: "configure", + OperationSuffix: "cluster", + }, Callback: b.pathWriteCluster, Responses: map[int][]framework.Response{ http.StatusOK: {{ @@ -78,6 +87,9 @@ For example: http://cdn.example.com/pr1/pki`, }, logical.ReadOperation: &framework.PathOperation{ Callback: b.pathReadCluster, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "cluster-configuration", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", diff --git a/builtin/logical/pki/path_config_crl.go b/builtin/logical/pki/path_config_crl.go index 14623f9e1..e787eba28 100644 --- a/builtin/logical/pki/path_config_crl.go +++ b/builtin/logical/pki/path_config_crl.go @@ -52,6 +52,11 @@ var defaultCrlConfig = crlConfig{ func pathConfigCRL(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/crl", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + }, + Fields: map[string]*framework.FieldSchema{ "expiry": { Type: framework.TypeString, @@ -113,6 +118,9 @@ existing CRL and OCSP paths will return the unified CRL instead of a response ba Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "crl-configuration", + }, Callback: b.pathCRLRead, Responses: map[int][]framework.Response{ http.StatusOK: {{ @@ -185,6 +193,10 @@ existing CRL and OCSP paths will return the unified CRL instead of a response ba }, logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathCRLWrite, + DisplayAttrs: &framework.DisplayAttributes{ + OperationVerb: "configure", + OperationSuffix: "crl", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", diff --git a/builtin/logical/pki/path_config_urls.go b/builtin/logical/pki/path_config_urls.go index f6c15c742..341f3db63 100644 --- a/builtin/logical/pki/path_config_urls.go +++ b/builtin/logical/pki/path_config_urls.go @@ -17,6 +17,11 @@ import ( func pathConfigURLs(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/urls", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + }, + Fields: map[string]*framework.FieldSchema{ "issuing_certificates": { Type: framework.TypeCommaStringSlice, @@ -51,6 +56,10 @@ to be set on all PR secondary clusters.`, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ + DisplayAttrs: &framework.DisplayAttributes{ + OperationVerb: "configure", + OperationSuffix: "urls", + }, Callback: b.pathWriteURL, Responses: map[int][]framework.Response{ http.StatusOK: {{ @@ -86,6 +95,9 @@ set on all PR Secondary clusters.`, }, logical.ReadOperation: &framework.PathOperation{ Callback: b.pathReadURL, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "urls-configuration", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", diff --git a/builtin/logical/pki/path_fetch.go b/builtin/logical/pki/path_fetch.go index 4f214ee7f..1798e705d 100644 --- a/builtin/logical/pki/path_fetch.go +++ b/builtin/logical/pki/path_fetch.go @@ -56,6 +56,11 @@ func pathFetchCA(b *backend) *framework.Path { return &framework.Path{ Pattern: `ca(/pem)?`, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "ca-der|ca-pem", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathFetchRead, @@ -73,6 +78,11 @@ func pathFetchCAChain(b *backend) *framework.Path { return &framework.Path{ Pattern: `(cert/)?ca_chain`, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "ca-chain-pem|cert-ca-chain", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathFetchRead, @@ -90,6 +100,11 @@ func pathFetchCRL(b *backend) *framework.Path { return &framework.Path{ Pattern: `crl(/pem|/delta(/pem)?)?`, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "crl-der|crl-pem|crl-delta|crl-delta-pem", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathFetchRead, @@ -107,6 +122,11 @@ func pathFetchUnifiedCRL(b *backend) *framework.Path { return &framework.Path{ Pattern: `unified-crl(/pem|/delta(/pem)?)?`, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "unified-crl-der|unified-crl-pem|unified-crl-delta|unified-crl-delta-pem", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathFetchRead, @@ -122,6 +142,12 @@ func pathFetchUnifiedCRL(b *backend) *framework.Path { func pathFetchValidRaw(b *backend) *framework.Path { return &framework.Path{ Pattern: `cert/(?P[0-9A-Fa-f-:]+)/raw(/pem)?`, + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "cert-raw-der|cert-raw-pem", + }, + Fields: map[string]*framework.FieldSchema{ "serial": { Type: framework.TypeString, @@ -147,6 +173,12 @@ hyphen-separated octal`, func pathFetchValid(b *backend) *framework.Path { return &framework.Path{ Pattern: `cert/(?P[0-9A-Fa-f-:]+)`, + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "cert", + }, + Fields: map[string]*framework.FieldSchema{ "serial": { Type: framework.TypeString, @@ -177,6 +209,11 @@ func pathFetchCRLViaCertPath(b *backend) *framework.Path { return &framework.Path{ Pattern: pattern, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "cert-crl|cert-delta-crl|cert-unified-crl|cert-unified-delta-crl", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathFetchRead, @@ -194,6 +231,11 @@ func pathFetchListCerts(b *backend) *framework.Path { return &framework.Path{ Pattern: "certs/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "certs", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathFetchCertList, diff --git a/builtin/logical/pki/path_fetch_issuers.go b/builtin/logical/pki/path_fetch_issuers.go index 21336772a..3be342fd6 100644 --- a/builtin/logical/pki/path_fetch_issuers.go +++ b/builtin/logical/pki/path_fetch_issuers.go @@ -21,6 +21,11 @@ func pathListIssuers(b *backend) *framework.Path { return &framework.Path{ Pattern: "issuers/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "issuers", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathListIssuersHandler, @@ -97,15 +102,27 @@ their identifier and their name (if set). func pathGetIssuer(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "$" - return buildPathIssuer(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "issuer", + } + + return buildPathIssuer(b, pattern, displayAttrs) } func pathGetUnauthedIssuer(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/(json|der|pem)$" - return buildPathGetIssuer(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "issuer-json|issuer-der|issuer-pem", + } + + return buildPathGetIssuer(b, pattern, displayAttrs) } -func buildPathIssuer(b *backend, pattern string) *framework.Path { +func buildPathIssuer(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { fields := map[string]*framework.FieldSchema{} fields = addIssuerRefNameFields(fields) @@ -255,8 +272,9 @@ to be set on all PR secondary clusters.`, return &framework.Path{ // Returns a JSON entry. - Pattern: pattern, - Fields: fields, + Pattern: pattern, + DisplayAttrs: displayAttrs, + Fields: fields, Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ @@ -296,7 +314,7 @@ to be set on all PR secondary clusters.`, } } -func buildPathGetIssuer(b *backend, pattern string) *framework.Path { +func buildPathGetIssuer(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { fields := map[string]*framework.FieldSchema{} fields = addIssuerRefField(fields) @@ -333,8 +351,9 @@ func buildPathGetIssuer(b *backend, pattern string) *framework.Path { return &framework.Path{ // Returns a JSON entry. - Pattern: pattern, - Fields: fields, + Pattern: pattern, + DisplayAttrs: displayAttrs, + Fields: fields, Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ @@ -1110,22 +1129,35 @@ the certificate. func pathGetIssuerCRL(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/crl(/pem|/der|/delta(/pem|/der)?)?" - return buildPathGetIssuerCRL(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationSuffix: "crl|crl-pem|crl-der|crl-delta|crl-delta-pem|crl-delta-der", + } + + return buildPathGetIssuerCRL(b, pattern, displayAttrs) } func pathGetIssuerUnifiedCRL(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/unified-crl(/pem|/der|/delta(/pem|/der)?)?" - return buildPathGetIssuerCRL(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationSuffix: "unified-crl|unified-crl-pem|unified-crl-der|unified-crl-delta|unified-crl-delta-pem|unified-crl-delta-der", + } + + return buildPathGetIssuerCRL(b, pattern, displayAttrs) } -func buildPathGetIssuerCRL(b *backend, pattern string) *framework.Path { +func buildPathGetIssuerCRL(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { fields := map[string]*framework.FieldSchema{} fields = addIssuerRefNameFields(fields) return &framework.Path{ // Returns raw values. - Pattern: pattern, - Fields: fields, + Pattern: pattern, + DisplayAttrs: displayAttrs, + Fields: fields, Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ diff --git a/builtin/logical/pki/path_fetch_keys.go b/builtin/logical/pki/path_fetch_keys.go index af88bc595..4cd5d884d 100644 --- a/builtin/logical/pki/path_fetch_keys.go +++ b/builtin/logical/pki/path_fetch_keys.go @@ -18,6 +18,11 @@ func pathListKeys(b *backend) *framework.Path { return &framework.Path{ Pattern: "keys/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "keys", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathListKeysHandler, @@ -91,12 +96,19 @@ func (b *backend) pathListKeysHandler(ctx context.Context, req *logical.Request, func pathKey(b *backend) *framework.Path { pattern := "key/" + framework.GenericNameRegex(keyRefParam) - return buildPathKey(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "key", + } + + return buildPathKey(b, pattern, displayAttrs) } -func buildPathKey(b *backend, pattern string) *framework.Path { +func buildPathKey(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { return &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Fields: map[string]*framework.FieldSchema{ keyRefParam: { diff --git a/builtin/logical/pki/path_intermediate.go b/builtin/logical/pki/path_intermediate.go index 6ba1dfe23..32b7c3290 100644 --- a/builtin/logical/pki/path_intermediate.go +++ b/builtin/logical/pki/path_intermediate.go @@ -15,13 +15,27 @@ import ( ) func pathGenerateIntermediate(b *backend) *framework.Path { - return buildPathGenerateIntermediate(b, "intermediate/generate/"+framework.GenericNameRegex("exported")) + pattern := "intermediate/generate/" + framework.GenericNameRegex("exported") + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "generate", + OperationSuffix: "intermediate", + } + + return buildPathGenerateIntermediate(b, pattern, displayAttrs) } func pathSetSignedIntermediate(b *backend) *framework.Path { ret := &framework.Path{ Pattern: "intermediate/set-signed", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "set-signed", + OperationSuffix: "intermediate", + }, + Fields: map[string]*framework.FieldSchema{ "certificate": { Type: framework.TypeString, diff --git a/builtin/logical/pki/path_issue_sign.go b/builtin/logical/pki/path_issue_sign.go index f685e9154..ed494a0ab 100644 --- a/builtin/logical/pki/path_issue_sign.go +++ b/builtin/logical/pki/path_issue_sign.go @@ -23,17 +23,32 @@ import ( func pathIssue(b *backend) *framework.Path { pattern := "issue/" + framework.GenericNameRegex("role") - return buildPathIssue(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "issue", + OperationSuffix: "with-role", + } + + return buildPathIssue(b, pattern, displayAttrs) } func pathIssuerIssue(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/issue/" + framework.GenericNameRegex("role") - return buildPathIssue(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "issue", + OperationSuffix: "with-role", + } + + return buildPathIssue(b, pattern, displayAttrs) } -func buildPathIssue(b *backend, pattern string) *framework.Path { +func buildPathIssue(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { ret := &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ @@ -93,17 +108,32 @@ func buildPathIssue(b *backend, pattern string) *framework.Path { func pathSign(b *backend) *framework.Path { pattern := "sign/" + framework.GenericNameRegex("role") - return buildPathSign(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "sign", + OperationSuffix: "with-role", + } + + return buildPathSign(b, pattern, displayAttrs) } func pathIssuerSign(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign/" + framework.GenericNameRegex("role") - return buildPathSign(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "sign", + OperationSuffix: "with-role", + } + + return buildPathSign(b, pattern, displayAttrs) } -func buildPathSign(b *backend, pattern string) *framework.Path { +func buildPathSign(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { ret := &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ @@ -170,18 +200,33 @@ func buildPathSign(b *backend, pattern string) *framework.Path { func pathIssuerSignVerbatim(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-verbatim" + framework.OptionalParamRegex("role") - return buildPathIssuerSignVerbatim(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "sign", + OperationSuffix: "verbatim|verbatim-with-role", + } + + return buildPathIssuerSignVerbatim(b, pattern, displayAttrs) } func pathSignVerbatim(b *backend) *framework.Path { pattern := "sign-verbatim" + framework.OptionalParamRegex("role") - return buildPathIssuerSignVerbatim(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "sign", + OperationSuffix: "verbatim|verbatim-with-role", + } + + return buildPathIssuerSignVerbatim(b, pattern, displayAttrs) } -func buildPathIssuerSignVerbatim(b *backend, pattern string) *framework.Path { +func buildPathIssuerSignVerbatim(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { ret := &framework.Path{ - Pattern: pattern, - Fields: map[string]*framework.FieldSchema{}, + Pattern: pattern, + DisplayAttrs: displayAttrs, + Fields: map[string]*framework.FieldSchema{}, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ diff --git a/builtin/logical/pki/path_manage_issuers.go b/builtin/logical/pki/path_manage_issuers.go index 7d778dedd..4d74393a6 100644 --- a/builtin/logical/pki/path_manage_issuers.go +++ b/builtin/logical/pki/path_manage_issuers.go @@ -19,16 +19,33 @@ import ( ) func pathIssuerGenerateRoot(b *backend) *framework.Path { - return buildPathGenerateRoot(b, "issuers/generate/root/"+framework.GenericNameRegex("exported")) + pattern := "issuers/generate/root/" + framework.GenericNameRegex("exported") + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuers, + OperationVerb: "generate", + OperationSuffix: "root", + } + + return buildPathGenerateRoot(b, pattern, displayAttrs) } func pathRotateRoot(b *backend) *framework.Path { - return buildPathGenerateRoot(b, "root/rotate/"+framework.GenericNameRegex("exported")) + pattern := "root/rotate/" + framework.GenericNameRegex("exported") + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuers, + OperationVerb: "rotate", + OperationSuffix: "root", + } + + return buildPathGenerateRoot(b, pattern, displayAttrs) } -func buildPathGenerateRoot(b *backend, pattern string) *framework.Path { +func buildPathGenerateRoot(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { ret := &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ @@ -102,17 +119,33 @@ func buildPathGenerateRoot(b *backend, pattern string) *framework.Path { } func pathIssuerGenerateIntermediate(b *backend) *framework.Path { - return buildPathGenerateIntermediate(b, - "issuers/generate/intermediate/"+framework.GenericNameRegex("exported")) + pattern := "issuers/generate/intermediate/" + framework.GenericNameRegex("exported") + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuers, + OperationVerb: "generate", + OperationSuffix: "intermediate", + } + + return buildPathGenerateIntermediate(b, pattern, displayAttrs) } func pathCrossSignIntermediate(b *backend) *framework.Path { - return buildPathGenerateIntermediate(b, "intermediate/cross-sign") + pattern := "intermediate/cross-sign" + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "cross-sign", + OperationSuffix: "intermediate", + } + + return buildPathGenerateIntermediate(b, pattern, displayAttrs) } -func buildPathGenerateIntermediate(b *backend, pattern string) *framework.Path { +func buildPathGenerateIntermediate(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { ret := &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathGenerateIntermediate, @@ -173,6 +206,13 @@ with Active Directory Certificate Services.`, func pathImportIssuer(b *backend) *framework.Path { return &framework.Path{ Pattern: "issuers/import/(cert|bundle)", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuers, + OperationVerb: "import", + OperationSuffix: "cert|bundle", + }, + Fields: map[string]*framework.FieldSchema{ "pem_bundle": { Type: framework.TypeString, @@ -454,7 +494,14 @@ func pathRevokeIssuer(b *backend) *framework.Path { return &framework.Path{ Pattern: "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/revoke", - Fields: fields, + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "revoke", + OperationSuffix: "issuer", + }, + + Fields: fields, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ diff --git a/builtin/logical/pki/path_manage_keys.go b/builtin/logical/pki/path_manage_keys.go index 4d694204a..3c10c3290 100644 --- a/builtin/logical/pki/path_manage_keys.go +++ b/builtin/logical/pki/path_manage_keys.go @@ -19,6 +19,12 @@ func pathGenerateKey(b *backend) *framework.Path { return &framework.Path{ Pattern: "keys/generate/(internal|exported|kms)", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "generate", + OperationSuffix: "internal-key|exported-key|kms-key", + }, + Fields: map[string]*framework.FieldSchema{ keyNameParam: { Type: framework.TypeString, @@ -182,6 +188,12 @@ func pathImportKey(b *backend) *framework.Path { return &framework.Path{ Pattern: "keys/import", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "import", + OperationSuffix: "key", + }, + Fields: map[string]*framework.FieldSchema{ keyNameParam: { Type: framework.TypeString, diff --git a/builtin/logical/pki/path_ocsp.go b/builtin/logical/pki/path_ocsp.go index ad181cf41..42d4cf4b9 100644 --- a/builtin/logical/pki/path_ocsp.go +++ b/builtin/logical/pki/path_ocsp.go @@ -71,16 +71,33 @@ var ( ) func buildPathOcspGet(b *backend) *framework.Path { - return buildOcspGetWithPath(b, "ocsp/"+framework.MatchAllRegex(ocspReqParam)) + pattern := "ocsp/" + framework.MatchAllRegex(ocspReqParam) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "query", + OperationSuffix: "ocsp-with-get-req", + } + + return buildOcspGetWithPath(b, pattern, displayAttrs) } func buildPathUnifiedOcspGet(b *backend) *framework.Path { - return buildOcspGetWithPath(b, "unified-ocsp/"+framework.MatchAllRegex(ocspReqParam)) + pattern := "unified-ocsp/" + framework.MatchAllRegex(ocspReqParam) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "query", + OperationSuffix: "unified-ocsp-with-get-req", + } + + return buildOcspGetWithPath(b, pattern, displayAttrs) } -func buildOcspGetWithPath(b *backend, pattern string) *framework.Path { +func buildOcspGetWithPath(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { return &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Fields: map[string]*framework.FieldSchema{ ocspReqParam: { Type: framework.TypeString, @@ -99,16 +116,33 @@ func buildOcspGetWithPath(b *backend, pattern string) *framework.Path { } func buildPathOcspPost(b *backend) *framework.Path { - return buildOcspPostWithPath(b, "ocsp") + pattern := "ocsp" + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "query", + OperationSuffix: "ocsp", + } + + return buildOcspPostWithPath(b, pattern, displayAttrs) } func buildPathUnifiedOcspPost(b *backend) *framework.Path { - return buildOcspPostWithPath(b, "unified-ocsp") + pattern := "unified-ocsp" + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "query", + OperationSuffix: "unified-ocsp", + } + + return buildOcspPostWithPath(b, pattern, displayAttrs) } -func buildOcspPostWithPath(b *backend, pattern string) *framework.Path { +func buildOcspPostWithPath(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { return &framework.Path{ - Pattern: pattern, + Pattern: pattern, + DisplayAttrs: displayAttrs, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.ocspHandler, diff --git a/builtin/logical/pki/path_resign_crls.go b/builtin/logical/pki/path_resign_crls.go index 93b083709..a82f94f32 100644 --- a/builtin/logical/pki/path_resign_crls.go +++ b/builtin/logical/pki/path_resign_crls.go @@ -43,6 +43,13 @@ var ( func pathResignCrls(b *backend) *framework.Path { return &framework.Path{ Pattern: "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/resign-crls", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "resign", + OperationSuffix: "crls", + }, + Fields: map[string]*framework.FieldSchema{ issuerRefParam: { Type: framework.TypeString, @@ -105,6 +112,13 @@ base64 encoded. Defaults to "pem".`, func pathSignRevocationList(b *backend) *framework.Path { return &framework.Path{ Pattern: "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-revocation-list", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "sign", + OperationSuffix: "revocation-list", + }, + Fields: map[string]*framework.FieldSchema{ issuerRefParam: { Type: framework.TypeString, diff --git a/builtin/logical/pki/path_revoke.go b/builtin/logical/pki/path_revoke.go index fa6f3b648..154367fcb 100644 --- a/builtin/logical/pki/path_revoke.go +++ b/builtin/logical/pki/path_revoke.go @@ -28,6 +28,11 @@ func pathListCertsRevoked(b *backend) *framework.Path { return &framework.Path{ Pattern: "certs/revoked/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "revoked-certs", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathListRevokedCertsHandler, @@ -55,6 +60,11 @@ func pathListCertsRevocationQueue(b *backend) *framework.Path { return &framework.Path{ Pattern: "certs/revocation-queue/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "certs-revocation-queue", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathListRevocationQueueHandler, @@ -69,6 +79,12 @@ func pathListCertsRevocationQueue(b *backend) *framework.Path { func pathRevoke(b *backend) *framework.Path { return &framework.Path{ Pattern: `revoke`, + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "revoke", + }, + Fields: map[string]*framework.FieldSchema{ "serial_number": { Type: framework.TypeString, @@ -122,6 +138,13 @@ signed by an issuer in this mount.`, func pathRevokeWithKey(b *backend) *framework.Path { return &framework.Path{ Pattern: `revoke-with-key`, + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "revoke", + OperationSuffix: "with-key", + }, + Fields: map[string]*framework.FieldSchema{ "serial_number": { Type: framework.TypeString, @@ -181,6 +204,12 @@ func pathRotateCRL(b *backend) *framework.Path { return &framework.Path{ Pattern: `crl/rotate`, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "rotate", + OperationSuffix: "crl", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathRotateCRLRead, @@ -212,6 +241,12 @@ func pathRotateDeltaCRL(b *backend) *framework.Path { return &framework.Path{ Pattern: `crl/rotate-delta`, + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "rotate", + OperationSuffix: "delta-crl", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathRotateDeltaCRLRead, @@ -243,6 +278,11 @@ func pathListUnifiedRevoked(b *backend) *framework.Path { return &framework.Path{ Pattern: "certs/unified-revoked/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "unified-revoked-certs", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathListUnifiedRevokedCertsHandler, diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index 1fd2cc582..bcfe66c97 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -24,6 +24,11 @@ func pathListRoles(b *backend) *framework.Path { return &framework.Path{ Pattern: "roles/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "roles", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathRoleList, @@ -396,6 +401,12 @@ serviced by this role.`, return &framework.Path{ Pattern: "roles/" + framework.GenericNameRegex("name"), + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "role", + }, + Fields: map[string]*framework.FieldSchema{ "backend": { Type: framework.TypeString, diff --git a/builtin/logical/pki/path_root.go b/builtin/logical/pki/path_root.go index abcc0672b..d46663dd6 100644 --- a/builtin/logical/pki/path_root.go +++ b/builtin/logical/pki/path_root.go @@ -30,12 +30,26 @@ import ( ) func pathGenerateRoot(b *backend) *framework.Path { - return buildPathGenerateRoot(b, "root/generate/"+framework.GenericNameRegex("exported")) + pattern := "root/generate/" + framework.GenericNameRegex("exported") + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "generate", + OperationSuffix: "root", + } + + return buildPathGenerateRoot(b, pattern, displayAttrs) } func pathDeleteRoot(b *backend) *framework.Path { ret := &framework.Path{ Pattern: "root", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationSuffix: "root", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.DeleteOperation: &framework.PathOperation{ Callback: b.pathCADeleteRoot, diff --git a/builtin/logical/pki/path_sign_issuers.go b/builtin/logical/pki/path_sign_issuers.go index 0e478834d..0b6b8334e 100644 --- a/builtin/logical/pki/path_sign_issuers.go +++ b/builtin/logical/pki/path_sign_issuers.go @@ -12,19 +12,34 @@ import ( func pathIssuerSignIntermediate(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-intermediate" - return buildPathIssuerSignIntermediateRaw(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "sign", + OperationSuffix: "intermediate", + } + + return buildPathIssuerSignIntermediateRaw(b, pattern, displayAttrs) } func pathSignIntermediate(b *backend) *framework.Path { pattern := "root/sign-intermediate" - return buildPathIssuerSignIntermediateRaw(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIRoot, + OperationVerb: "sign", + OperationSuffix: "intermediate", + } + + return buildPathIssuerSignIntermediateRaw(b, pattern, displayAttrs) } -func buildPathIssuerSignIntermediateRaw(b *backend, pattern string) *framework.Path { +func buildPathIssuerSignIntermediateRaw(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { fields := addIssuerRefField(map[string]*framework.FieldSchema{}) path := &framework.Path{ - Pattern: pattern, - Fields: fields, + Pattern: pattern, + DisplayAttrs: displayAttrs, + Fields: fields, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathIssuerSignIntermediate, @@ -150,15 +165,29 @@ See the API documentation for more information about required parameters. func pathIssuerSignSelfIssued(b *backend) *framework.Path { pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-self-issued" - return buildPathIssuerSignSelfIssued(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIIssuer, + OperationVerb: "sign", + OperationSuffix: "self-issued", + } + + return buildPathIssuerSignSelfIssued(b, pattern, displayAttrs) } func pathSignSelfIssued(b *backend) *framework.Path { pattern := "root/sign-self-issued" - return buildPathIssuerSignSelfIssued(b, pattern) + + displayAttrs := &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKIRoot, + OperationVerb: "sign", + OperationSuffix: "self-issued", + } + + return buildPathIssuerSignSelfIssued(b, pattern, displayAttrs) } -func buildPathIssuerSignSelfIssued(b *backend, pattern string) *framework.Path { +func buildPathIssuerSignSelfIssued(b *backend, pattern string, displayAttrs *framework.DisplayAttributes) *framework.Path { fields := map[string]*framework.FieldSchema{ "certificate": { Type: framework.TypeString, @@ -172,8 +201,9 @@ func buildPathIssuerSignSelfIssued(b *backend, pattern string) *framework.Path { } fields = addIssuerRefField(fields) path := &framework.Path{ - Pattern: pattern, - Fields: fields, + Pattern: pattern, + DisplayAttrs: displayAttrs, + Fields: fields, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathIssuerSignSelfIssued, diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go index 330f6ca97..d32c78a45 100644 --- a/builtin/logical/pki/path_tidy.go +++ b/builtin/logical/pki/path_tidy.go @@ -101,7 +101,13 @@ var defaultTidyConfig = tidyConfig{ func pathTidy(b *backend) *framework.Path { return &framework.Path{ Pattern: "tidy$", - Fields: addTidyFields(map[string]*framework.FieldSchema{}), + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "tidy", + }, + + Fields: addTidyFields(map[string]*framework.FieldSchema{}), Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathTidyWrite, @@ -122,6 +128,13 @@ func pathTidy(b *backend) *framework.Path { func pathTidyCancel(b *backend) *framework.Path { return &framework.Path{ Pattern: "tidy-cancel$", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "tidy", + OperationSuffix: "cancel", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathTidyCancelWrite, @@ -251,6 +264,13 @@ func pathTidyCancel(b *backend) *framework.Path { func pathTidyStatus(b *backend) *framework.Path { return &framework.Path{ Pattern: "tidy-status$", + + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + OperationVerb: "tidy", + OperationSuffix: "status", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathTidyStatusRead, @@ -382,6 +402,9 @@ func pathTidyStatus(b *backend) *framework.Path { func pathConfigAutoTidy(b *backend) *framework.Path { return &framework.Path{ Pattern: "config/auto-tidy", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixPKI, + }, Fields: addTidyFields(map[string]*framework.FieldSchema{ "enabled": { Type: framework.TypeBool, @@ -396,6 +419,9 @@ func pathConfigAutoTidy(b *backend) *framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.pathConfigAutoTidyRead, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "auto-tidy-configuration", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", @@ -475,6 +501,10 @@ func pathConfigAutoTidy(b *backend) *framework.Path { }, logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathConfigAutoTidyWrite, + DisplayAttrs: &framework.DisplayAttributes{ + OperationVerb: "configure", + OperationSuffix: "auto-tidy", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK",