openapi: Add display attributes for AWS (#19366)
This commit is contained in:
Anton Averchenkov
GitHub
parent
5370d07b6c
commit
7cf86c6dae
|
|
@ -20,7 +20,10 @@ import (
|
|||
cache "github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
const amzHeaderPrefix = "X-Amz-"
|
||||
const (
|
||||
amzHeaderPrefix = "X-Amz-"
|
||||
operationPrefixAWS = "aws"
|
||||
)
|
||||
|
||||
var defaultAllowedSTSRequestHeaders = []string{
|
||||
"X-Amz-Algorithm",
|
||||
|
|
@ -126,7 +129,9 @@ func Backend(_ *logical.BackendConfig) (*backend, error) {
|
|||
|
||||
deprecatedTerms: strings.NewReplacer(
|
||||
"accesslist", "whitelist",
|
||||
"access-list", "whitelist",
|
||||
"denylist", "blacklist",
|
||||
"deny-list", "blacklist",
|
||||
),
|
||||
}
|
||||
|
||||
|
|
@ -343,13 +348,33 @@ func (b *backend) resolveArnToRealUniqueId(ctx context.Context, s logical.Storag
|
|||
}
|
||||
}
|
||||
|
||||
// genDeprecatedPath will return a deprecated version of a framework.Path. The will include
|
||||
// using deprecated terms in the path pattern, and marking the path as deprecated.
|
||||
// genDeprecatedPath will return a deprecated version of a framework.Path. The
|
||||
// path pattern and display attributes (if any) will contain deprecated terms,
|
||||
// and the path will be marked as deprecated.
|
||||
func (b *backend) genDeprecatedPath(path *framework.Path) *framework.Path {
|
||||
pathDeprecated := *path
|
||||
pathDeprecated.Pattern = b.deprecatedTerms.Replace(path.Pattern)
|
||||
pathDeprecated.Deprecated = true
|
||||
|
||||
if path.DisplayAttrs != nil {
|
||||
deprecatedDisplayAttrs := *path.DisplayAttrs
|
||||
deprecatedDisplayAttrs.OperationPrefix = b.deprecatedTerms.Replace(path.DisplayAttrs.OperationPrefix)
|
||||
deprecatedDisplayAttrs.OperationVerb = b.deprecatedTerms.Replace(path.DisplayAttrs.OperationVerb)
|
||||
deprecatedDisplayAttrs.OperationSuffix = b.deprecatedTerms.Replace(path.DisplayAttrs.OperationSuffix)
|
||||
pathDeprecated.DisplayAttrs = &deprecatedDisplayAttrs
|
||||
}
|
||||
|
||||
for i, op := range path.Operations {
|
||||
if op.Properties().DisplayAttrs != nil {
|
||||
deprecatedDisplayAttrs := *op.Properties().DisplayAttrs
|
||||
deprecatedDisplayAttrs.OperationPrefix = b.deprecatedTerms.Replace(op.Properties().DisplayAttrs.OperationPrefix)
|
||||
deprecatedDisplayAttrs.OperationVerb = b.deprecatedTerms.Replace(op.Properties().DisplayAttrs.OperationVerb)
|
||||
deprecatedDisplayAttrs.OperationSuffix = b.deprecatedTerms.Replace(op.Properties().DisplayAttrs.OperationSuffix)
|
||||
deprecatedProperties := pathDeprecated.Operations[i].(*framework.PathOperation)
|
||||
deprecatedProperties.DisplayAttrs = &deprecatedDisplayAttrs
|
||||
}
|
||||
}
|
||||
|
||||
return &pathDeprecated
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,11 @@ func (b *backend) pathListCertificates() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "config/certificates/?",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "certificate-configurations",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ListOperation: &framework.PathOperation{
|
||||
Callback: b.pathCertificatesList,
|
||||
|
|
@ -35,6 +40,11 @@ func (b *backend) pathListCertificates() *framework.Path {
|
|||
func (b *backend) pathConfigCertificate() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/certificate/" + framework.GenericNameRegex("cert_name"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"cert_name": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -61,15 +71,29 @@ vary. Defaults to "pkcs7".`,
|
|||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.CreateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigCertificateCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "certificate",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigCertificateCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "certificate",
|
||||
},
|
||||
},
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigCertificateRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "certificate-configuration",
|
||||
},
|
||||
},
|
||||
logical.DeleteOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigCertificateDelete,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "certificate-configuration",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,11 @@ import (
|
|||
func (b *backend) pathConfigClient() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/client$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"access_key": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -80,15 +85,29 @@ func (b *backend) pathConfigClient() *framework.Path {
|
|||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.CreateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigClientCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "client",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigClientCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "client",
|
||||
},
|
||||
},
|
||||
logical.DeleteOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigClientDelete,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "client-configuration",
|
||||
},
|
||||
},
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigClientRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "client-configuration",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -57,6 +57,11 @@ var (
|
|||
func (b *backend) pathConfigIdentity() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/identity$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"iam_alias": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -75,9 +80,16 @@ func (b *backend) pathConfigIdentity() *framework.Path {
|
|||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: pathConfigIdentityRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "identity-integration-configuration",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: pathConfigIdentityUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "identity-integration",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,12 @@ func (b *backend) pathConfigRotateRoot() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "config/rotate-root",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationVerb: "rotate",
|
||||
OperationSuffix: "auth-root-credentials",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigRotateRootUpdate,
|
||||
|
|
|
|||
|
|
@ -20,6 +20,11 @@ func (b *backend) pathListSts() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "config/sts/?",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "sts-role-relationships",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ListOperation: &framework.PathOperation{
|
||||
Callback: b.pathStsList,
|
||||
|
|
@ -34,6 +39,12 @@ func (b *backend) pathListSts() *framework.Path {
|
|||
func (b *backend) pathConfigSts() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/sts/" + framework.GenericNameRegex("account_id"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "sts-role",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"account_id": {
|
||||
Type: framework.TypeString,
|
||||
|
|
|
|||
|
|
@ -18,6 +18,11 @@ const (
|
|||
func (b *backend) pathConfigTidyIdentityAccessList() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: fmt.Sprintf("%s$", "config/tidy/identity-accesslist"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"safety_buffer": {
|
||||
Type: framework.TypeDurationSecond,
|
||||
|
|
@ -37,15 +42,29 @@ expiration, before it is removed from the backend storage.`,
|
|||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.CreateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyIdentityAccessListCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "identity-access-list-tidy-operation",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyIdentityAccessListCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "identity-access-list-tidy-operation",
|
||||
},
|
||||
},
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyIdentityAccessListRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "identity-access-list-tidy-settings",
|
||||
},
|
||||
},
|
||||
logical.DeleteOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyIdentityAccessListDelete,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "identity-access-list-tidy-settings",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,11 @@ const (
|
|||
func (b *backend) pathConfigTidyRoletagDenyList() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/tidy/roletag-denylist$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"safety_buffer": {
|
||||
Type: framework.TypeDurationSecond,
|
||||
|
|
@ -38,15 +43,29 @@ Defaults to 4320h (180 days).`,
|
|||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.CreateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyRoletagDenyListCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "role-tag-deny-list-tidy-operation",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyRoletagDenyListCreateUpdate,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "role-tag-deny-list-tidy-operation",
|
||||
},
|
||||
},
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyRoletagDenyListRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "role-tag-deny-list-tidy-settings",
|
||||
},
|
||||
},
|
||||
logical.DeleteOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigTidyRoletagDenyListDelete,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "role-tag-deny-list-tidy-settings",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,12 @@ const identityAccessListStorage = "whitelist/identity/"
|
|||
func (b *backend) pathIdentityAccessList() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "identity-accesslist/" + framework.GenericNameRegex("instance_id"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "identity-access-list",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"instance_id": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -42,6 +48,11 @@ func (b *backend) pathListIdentityAccessList() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "identity-accesslist/?",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "identity-access-list",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ListOperation: &framework.PathOperation{
|
||||
Callback: b.pathAccessListIdentitiesList,
|
||||
|
|
|
|||
|
|
@ -55,6 +55,10 @@ var (
|
|||
func (b *backend) pathLogin() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "login$",
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationVerb: "log-in",
|
||||
},
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"role": {
|
||||
Type: framework.TypeString,
|
||||
|
|
|
|||
|
|
@ -23,6 +23,12 @@ var currentRoleStorageVersion = 3
|
|||
func (b *backend) pathRole() *framework.Path {
|
||||
p := &framework.Path{
|
||||
Pattern: "role/" + framework.GenericNameRegex("role"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "auth-role",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"role": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -202,6 +208,11 @@ func (b *backend) pathListRole() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "role/?",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "auth-roles",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ListOperation: &framework.PathOperation{
|
||||
Callback: b.pathRoleList,
|
||||
|
|
@ -217,6 +228,11 @@ func (b *backend) pathListRoles() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "roles/?",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "roles2",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ListOperation: &framework.PathOperation{
|
||||
Callback: b.pathRoleList,
|
||||
|
|
|
|||
|
|
@ -26,6 +26,12 @@ const roleTagVersion = "v1"
|
|||
func (b *backend) pathRoleTag() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "role/" + framework.GenericNameRegex("role") + "/tag$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "role-tag",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"role": {
|
||||
Type: framework.TypeString,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,12 @@ import (
|
|||
func (b *backend) pathRoletagDenyList() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "roletag-denylist/(?P<role_tag>.*)",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "role-tag-deny-list",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"role_tag": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -45,6 +51,11 @@ func (b *backend) pathListRoletagDenyList() *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "roletag-denylist/?",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "role-tag-deny-lists",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ListOperation: &framework.PathOperation{
|
||||
Callback: b.pathRoletagDenyListsList,
|
||||
|
|
|
|||
|
|
@ -18,6 +18,13 @@ import (
|
|||
func (b *backend) pathTidyIdentityAccessList() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "tidy/identity-accesslist$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "identity-access-list",
|
||||
OperationVerb: "tidy",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"safety_buffer": {
|
||||
Type: framework.TypeDurationSecond,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,13 @@ const (
|
|||
func (b *backend) pathTidyRoletagDenyList() *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "tidy/roletag-denylist$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "role-tag-deny-list",
|
||||
OperationVerb: "tidy",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"safety_buffer": {
|
||||
Type: framework.TypeDurationSecond,
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@ import (
|
|||
const (
|
||||
rootConfigPath = "config/root"
|
||||
minAwsUserRollbackAge = 5 * time.Minute
|
||||
operationPrefixAWS = "aws"
|
||||
operationPrefixAWSASD = "aws-config"
|
||||
)
|
||||
|
||||
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
|
||||
|
|
|
|||
|
|
@ -15,6 +15,11 @@ import (
|
|||
func pathConfigLease(b *backend) *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/lease",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"lease": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -27,9 +32,20 @@ func pathConfigLease(b *backend) *framework.Path {
|
|||
},
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ReadOperation: b.pathLeaseRead,
|
||||
logical.UpdateOperation: b.pathLeaseWrite,
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathLeaseRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "lease-configuration",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathLeaseWrite,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "lease",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
HelpSynopsis: pathConfigLeaseHelpSyn,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,11 @@ const defaultUserNameTemplate = `{{ if (eq .Type "STS") }}{{ printf "vault-%s-%s
|
|||
func pathConfigRoot(b *backend) *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/root",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"access_key": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -51,9 +56,20 @@ func pathConfigRoot(b *backend) *framework.Path {
|
|||
},
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ReadOperation: b.pathConfigRootRead,
|
||||
logical.UpdateOperation: b.pathConfigRootWrite,
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigRootRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "root-iam-credentials-configuration",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigRootWrite,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationVerb: "configure",
|
||||
OperationSuffix: "root-iam-credentials",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
HelpSynopsis: pathConfigRootHelpSyn,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,13 @@ import (
|
|||
func pathConfigRotateRoot(b *backend) *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "config/rotate-root",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "root-iam-credentials",
|
||||
OperationVerb: "rotate",
|
||||
},
|
||||
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathConfigRotateRootUpdate,
|
||||
|
|
|
|||
|
|
@ -27,6 +27,11 @@ func pathListRoles(b *backend) *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "roles/?$",
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "roles",
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ListOperation: b.pathRoleList,
|
||||
},
|
||||
|
|
@ -39,6 +44,12 @@ func pathListRoles(b *backend) *framework.Path {
|
|||
func pathRoles(b *backend) *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "roles/" + framework.GenericNameWithAtRegex("name"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationSuffix: "role",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"name": {
|
||||
Type: framework.TypeString,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,12 @@ import (
|
|||
func pathUser(b *backend) *framework.Path {
|
||||
return &framework.Path{
|
||||
Pattern: "(creds|sts)/" + framework.GenericNameWithAtRegex("name"),
|
||||
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationPrefix: operationPrefixAWS,
|
||||
OperationVerb: "generate",
|
||||
},
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"name": {
|
||||
Type: framework.TypeString,
|
||||
|
|
@ -41,9 +47,19 @@ func pathUser(b *backend) *framework.Path {
|
|||
},
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ReadOperation: b.pathCredsRead,
|
||||
logical.UpdateOperation: b.pathCredsRead,
|
||||
Operations: map[logical.Operation]framework.OperationHandler{
|
||||
logical.ReadOperation: &framework.PathOperation{
|
||||
Callback: b.pathCredsRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "credentials|sts-credentials",
|
||||
},
|
||||
},
|
||||
logical.UpdateOperation: &framework.PathOperation{
|
||||
Callback: b.pathCredsRead,
|
||||
DisplayAttrs: &framework.DisplayAttributes{
|
||||
OperationSuffix: "credentials2|sts-credentials2",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
HelpSynopsis: pathUserHelpSyn,
|
||||
|
|
|
|||
Loading…
Reference in New Issue