From 9d2bd2bf29751715dd316f9f4677c4b0ed60ba7a Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Wed, 15 Apr 2015 13:56:42 -0700 Subject: [PATCH] logical: Adding a DisplayName for operators --- logical/auth.go | 8 ++++++++ logical/request.go | 10 ++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/logical/auth.go b/logical/auth.go index e2a31dc7e..7cdd3391d 100644 --- a/logical/auth.go +++ b/logical/auth.go @@ -7,6 +7,14 @@ import "fmt" type Auth struct { LeaseOptions + // DisplayName is a non-security sensitive identifier that is + // applicable to this Auth. It is used for logging and prefixing + // of dynamic secrets. For example, DisplayName may be "armon" for + // the github credential backend. If the client token is used to + // generate a SQL credential, the user may be "github-armon-uuid". + // This is to help identify the source without using audit tables. + DisplayName string + // Policies is the list of policies that the authenticated user // is associated with. Policies []string diff --git a/logical/request.go b/logical/request.go index 048d0e13f..b4492eb60 100644 --- a/logical/request.go +++ b/logical/request.go @@ -38,9 +38,15 @@ type Request struct { Connection *Connection // ClientToken is provided to the core so that the identity - // can be verified and ACLs applied. This value is not passed - // through to the logical backends. + // can be verified and ACLs applied. This value is passed + // through to the logical backends but after being salted and + // hashed. ClientToken string + + // DisplayName is provided to the logical backend to help associate + // dynamic secrets with the source entity. This is not a sensitive + // name, but is useful for operators. + DisplayName string } // Get returns a data field and guards for nil Data