luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

zeroaddress documentation fix

Browse source
This commit is contained in:
vishalnayak 2016-03-01 10:12:50 -05:00
parent b5a8e5d724
commit 724823b8f7
1 changed files with 102 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
website/source/docs/secrets/ssh/index.html.md
View file

@ -206,8 +206,12 @@ $ vault write ssh/roles/dynamic_key_role \
Success! Data written to: ssh/roles/dynamic_key_role Success! Data written to: ssh/roles/dynamic_key_role
``` ```
`cidr_list` is optional and defaults to the zero address (0.0.0.0/0), e.g. all `cidr_list` is a comma separated list of CIDR blocks for which a role can generate
hosts. credentials for. If this is empty, the role can only generate credentials if it belongs
to the set of zero-address roles.
Zero-address roles, configured via `/ssh/config/zeroaddress` endpoint, takes comma separated list
of role names that can generate credentials for any IP address.
Use the `install_script` option to provide an install script if the remote Use the `install_script` option to provide an install script if the remote
hosts do not resemble a typical Linux machine. The default script is compiled hosts do not resemble a typical Linux machine. The default script is compiled
@ -388,7 +392,6 @@ username@ip:~$
(String) (String)
Comma separated list of CIDR blocks for which the role is Comma separated list of CIDR blocks for which the role is
applicable for. CIDR blocks can belong to more than one role. applicable for. CIDR blocks can belong to more than one role.
Defaults to the zero address (0.0.0.0/0).
</li> </li>
<li> <li>
<span class="param">exclude_cidr_list</span> <span class="param">exclude_cidr_list</span>
@ -559,6 +562,102 @@ username@ip:~$
<dd> <dd>
A `204` response code. A `204` response code.
</dd> </dd>
### /ssh/config/zeroaddress
#### GET
<dl class="api">
<dt>Description</dt>
<dd>
Returns the list of configured zero-address roles.
</dd>
<dt>Method</dt>
<dd>GET</dd>
<dt>URL</dt>
<dd>`/ssh/config/zeroaddress`</dd>
<dt>Parameters</dt>
<dd>None</dd>
<dt>Returns</dt>
<dd>
```json
{
"lease_id":"",
"renewable":false,
"lease_duration":0,
"data":{
"roles":[
"otp_key_role"
]
},
"warnings":null,
"auth":null
}
```
</dd>
#### POST
<dl class="api">
<dt>Description</dt>
<dd>
Configures zero-address roles.
</dd>
<dt>Method</dt>
<dd>POST</dd>
<dt>URL</dt>
<dd>`/ssh/config/zeroaddress`</dd>
<dt>Parameters</dt>
<dd>
<ul>
<li>
<span class="param">roles</span>
<span class="param-flags">required</span>
(String)
Comma separated list of role names which allows credentials to be requested
for any IP address. CIDR blocks previously registered under these roles will
be ignored.
</li>
</ul>
</dd>
<dt>Returns</dt>
<dd>
A `204` response code.
</dd>
#### DELETE
<dl class="api">
<dt>Description</dt>
<dd>
Deletes the zero-address roles configuration.
</dd>
<dt>Method</dt>
<dd>DELETE</dd>
<dt>URL</dt>
<dd>`/ssh/config/zeroaddress`</dd>
<dt>Parameters</dt>
<dd>None</dd>
<dt>Returns</dt>
<dd>
A `204` response code.
</dd>
### /ssh/creds/ ### /ssh/creds/
#### POST #### POST