Remove most Root paths

builtin/credential/ldap/backend.go

@@ -3,11 +3,12 @@ package ldap
 import (
 	"fmt"
 
+	"strings"
+
 	"github.com/go-ldap/ldap"
 	"github.com/hashicorp/vault/helper/mfa"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
-	"strings"
 )
 
 func Factory(conf *logical.BackendConfig) (logical.Backend, error) {
@@ -20,13 +21,7 @@ func Backend() *framework.Backend {
 		Help: backendHelp,
 
 		PathsSpecial: &logical.Paths{
-			Root: append([]string{
-				"config",
-				"groups/*",
-				"users/*",
-			},
-				mfa.MFARootPaths()...,
-			),
+			Root: mfa.MFARootPaths(),
 
 			Unauthenticated: []string{
 				"login/*",
@@ -195,7 +190,7 @@ func getBindDN(cfg *ConfigEntry, c *ldap.Conn, username string) (string, error)
 	return bindDN, nil
 }
 
-func getUserDN(cfg *ConfigEntry,c *ldap.Conn, bindDN string) (string , error) {
+func getUserDN(cfg *ConfigEntry, c *ldap.Conn, bindDN string) (string, error) {
 	userDN := ""
 	if cfg.UPNDomain != "" {
 		// Find the distinguished name for the user if userPrincipalName used for login
@@ -276,7 +271,7 @@ func getLdapGroups(cfg *ConfigEntry, c *ldap.Conn, userDN string, username strin
 			}
 			for _, rdn := range dn.RDNs {
 				for _, rdnTypeAndValue := range rdn.Attributes {
-					if strings.EqualFold(rdnTypeAndValue.Type, "CN" ) {
+					if strings.EqualFold(rdnTypeAndValue.Type, "CN") {
 						ldapMap[rdnTypeAndValue.Value] = true
 					}
 				}

builtin/logical/aws/backend.go

@@ -17,12 +17,6 @@ func Backend() *framework.Backend {
 	b.Backend = &framework.Backend{
 		Help: strings.TrimSpace(backendHelp),
 
-		PathsSpecial: &logical.Paths{
-			Root: []string{
-				"config/*",
-			},
-		},
-
 		Paths: []*framework.Path{
 			pathConfigRoot(),
 			pathConfigLease(&b),

builtin/logical/consul/backend.go

@@ -12,12 +12,6 @@ func Factory(conf *logical.BackendConfig) (logical.Backend, error) {
 func Backend() *framework.Backend {
 	var b backend
 	b.Backend = &framework.Backend{
-		PathsSpecial: &logical.Paths{
-			Root: []string{
-				"config/*",
-			},
-		},
-
 		Paths: []*framework.Path{
 			pathConfigAccess(),
 			pathRoles(),

builtin/logical/mysql/backend.go

@@ -20,12 +20,6 @@ func Backend() *framework.Backend {
 	b.Backend = &framework.Backend{
 		Help: strings.TrimSpace(backendHelp),
 
-		PathsSpecial: &logical.Paths{
-			Root: []string{
-				"config/*",
-			},
-		},
-
 		Paths: []*framework.Path{
 			pathConfigConnection(&b),
 			pathConfigLease(&b),

builtin/logical/postgresql/backend.go

@@ -19,12 +19,6 @@ func Backend() *framework.Backend {
 	b.Backend = &framework.Backend{
 		Help: strings.TrimSpace(backendHelp),
 
-		PathsSpecial: &logical.Paths{
-			Root: []string{
-				"config/*",
-			},
-		},
-
 		Paths: []*framework.Path{
 			pathConfigConnection(&b),
 			pathConfigLease(&b),

builtin/logical/ssh/backend.go

@@ -35,10 +35,6 @@ func Backend(conf *logical.BackendConfig) (*framework.Backend, error) {
 		Help: strings.TrimSpace(backendHelp),
 
 		PathsSpecial: &logical.Paths{
-			Root: []string{
-				"config/*",
-				"keys/*",
-			},
 			Unauthenticated: []string{
 				"verify",
 			},

builtin/logical/ssh/backend_test.go

@@ -78,10 +78,6 @@ func createBackend(conf *logical.BackendConfig) (*backend, error) {
 		Help: strings.TrimSpace(backendHelp),
 
 		PathsSpecial: &logical.Paths{
-			Root: []string{
-				"config/*",
-				"keys/*",
-			},
 			Unauthenticated: []string{
 				"verify",
 			},