luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

openapi: Add display attributes for LDAP auth (#19389)

This commit is contained in:
Anton Averchenkov 2023-04-07 13:16:17 -04:00 committed by GitHub
parent 2ec2d050c0
commit c915dea526
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 60 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
builtin/credential/ldap/backend.go
View File

@ -14,7 +14,10 @@ import (
"github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/logical"
) )
const errUserBindFailed = `ldap operation failed: failed to bind as user` const (
operationPrefixLDAP = "ldap"
errUserBindFailed = "ldap operation failed: failed to bind as user"
)
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) { func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
b := Backend() b := Backend()

25
builtin/credential/ldap/path_config.go
View File

@ -19,18 +19,31 @@ const userFilterWarning = "userfilter configured does not consider userattr and
func pathConfig(b *backend) *framework.Path { func pathConfig(b *backend) *framework.Path {
p := &framework.Path{ p := &framework.Path{
Pattern: `config`, Pattern: `config`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixLDAP,
Action: "Configure",
},
Fields: ldaputil.ConfigFields(), Fields: ldaputil.ConfigFields(),
Callbacks: map[logical.Operation]framework.OperationFunc{ Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: b.pathConfigRead, logical.ReadOperation: &framework.PathOperation{
logical.UpdateOperation: b.pathConfigWrite, Callback: b.pathConfigRead,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "auth-configuration",
},
},
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathConfigWrite,
DisplayAttrs: &framework.DisplayAttributes{
OperationVerb: "configure-auth",
},
},
}, },
HelpSynopsis: pathConfigHelpSyn, HelpSynopsis: pathConfigHelpSyn,
HelpDescription: pathConfigHelpDesc, HelpDescription: pathConfigHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Action: "Configure",
},
} }
tokenutil.AddTokenFields(p.Fields) tokenutil.AddTokenFields(p.Fields)

23
builtin/credential/ldap/path_groups.go
View File

@ -16,22 +16,33 @@ func pathGroupsList(b *backend) *framework.Path {
return &framework.Path{ return &framework.Path{
Pattern: "groups/?$", Pattern: "groups/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixLDAP,
OperationSuffix: "groups",
Navigation: true,
ItemType: "Group",
},
Callbacks: map[logical.Operation]framework.OperationFunc{ Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ListOperation: b.pathGroupList, logical.ListOperation: b.pathGroupList,
}, },
HelpSynopsis: pathGroupHelpSyn, HelpSynopsis: pathGroupHelpSyn,
HelpDescription: pathGroupHelpDesc, HelpDescription: pathGroupHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Navigation: true,
ItemType: "Group",
},
} }
} }
func pathGroups(b *backend) *framework.Path { func pathGroups(b *backend) *framework.Path {
return &framework.Path{ return &framework.Path{
Pattern: `groups/(?P<name>.+)`, Pattern: `groups/(?P<name>.+)`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixLDAP,
OperationSuffix: "group",
Action: "Create",
ItemType: "Group",
},
Fields: map[string]*framework.FieldSchema{ Fields: map[string]*framework.FieldSchema{
"name": { "name": {
Type: framework.TypeString, Type: framework.TypeString,
@ -52,10 +63,6 @@ func pathGroups(b *backend) *framework.Path {
HelpSynopsis: pathGroupHelpSyn, HelpSynopsis: pathGroupHelpSyn,
HelpDescription: pathGroupHelpDesc, HelpDescription: pathGroupHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Action: "Create",
ItemType: "Group",
},
} }
} }

6
builtin/credential/ldap/path_login.go
View File

@ -16,6 +16,12 @@ import (
func pathLogin(b *backend) *framework.Path { func pathLogin(b *backend) *framework.Path {
return &framework.Path{ return &framework.Path{
Pattern: `login/(?P<username>.+)`, Pattern: `login/(?P<username>.+)`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixLDAP,
OperationVerb: "log-in",
},
Fields: map[string]*framework.FieldSchema{ Fields: map[string]*framework.FieldSchema{
"username": { "username": {
Type: framework.TypeString, Type: framework.TypeString,

23
builtin/credential/ldap/path_users.go
View File

@ -17,22 +17,33 @@ func pathUsersList(b *backend) *framework.Path {
return &framework.Path{ return &framework.Path{
Pattern: "users/?$", Pattern: "users/?$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixLDAP,
OperationSuffix: "users",
Navigation: true,
ItemType: "User",
},
Callbacks: map[logical.Operation]framework.OperationFunc{ Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ListOperation: b.pathUserList, logical.ListOperation: b.pathUserList,
}, },
HelpSynopsis: pathUserHelpSyn, HelpSynopsis: pathUserHelpSyn,
HelpDescription: pathUserHelpDesc, HelpDescription: pathUserHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Navigation: true,
ItemType: "User",
},
} }
} }
func pathUsers(b *backend) *framework.Path { func pathUsers(b *backend) *framework.Path {
return &framework.Path{ return &framework.Path{
Pattern: `users/(?P<name>.+)`, Pattern: `users/(?P<name>.+)`,
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixLDAP,
OperationSuffix: "user",
Action: "Create",
ItemType: "User",
},
Fields: map[string]*framework.FieldSchema{ Fields: map[string]*framework.FieldSchema{
"name": { "name": {
Type: framework.TypeString, Type: framework.TypeString,
@ -58,10 +69,6 @@ func pathUsers(b *backend) *framework.Path {
HelpSynopsis: pathUserHelpSyn, HelpSynopsis: pathUserHelpSyn,
HelpDescription: pathUserHelpDesc, HelpDescription: pathUserHelpDesc,
DisplayAttrs: &framework.DisplayAttributes{
Action: "Create",
ItemType: "User",
},
} }
} }