Unifying Storage and API path in role

builtin/logical/nomad/backend_test.go

@@ -178,7 +178,7 @@ func TestBackend_renew_revoke(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	req.Path = "roles/test"
+	req.Path = "role/test"
 	req.Data = map[string]interface{}{
 		"policy": []string{"policy"},
 		"lease":  "6h",

builtin/logical/nomad/path_roles.go

@@ -10,7 +10,7 @@ import (
 
 func pathListRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/?$",
+		Pattern: "role/?$",
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ListOperation: b.pathRoleList,
@@ -20,7 +20,7 @@ func pathListRoles(b *backend) *framework.Path {
 
 func pathRoles() *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/" + framework.GenericNameRegex("name"),
+		Pattern: "role/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
@@ -62,7 +62,7 @@ Defaults to 'client'.`,
 
 func (b *backend) pathRoleList(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
-	entries, err := req.Storage.List("policy/")
+	entries, err := req.Storage.List("role/")
 	if err != nil {
 		return nil, err
 	}
@@ -74,7 +74,7 @@ func pathRolesRead(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	name := d.Get("name").(string)
 
-	entry, err := req.Storage.Get("policy/" + name)
+	entry, err := req.Storage.Get("role/" + name)
 	if err != nil {
 		return nil, err
 	}
@@ -138,7 +138,7 @@ func pathRolesWrite(
 		}
 	}
 
-	entry, err := logical.StorageEntryJSON("policy/"+name, roleConfig{
+	entry, err := logical.StorageEntryJSON("role/"+name, roleConfig{
 		Policy:    policy,
 		Lease:     lease,
 		TokenType: tokenType,
@@ -158,7 +158,7 @@ func pathRolesWrite(
 func pathRolesDelete(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	name := d.Get("name").(string)
-	if err := req.Storage.Delete("policy/" + name); err != nil {
+	if err := req.Storage.Delete("role/" + name); err != nil {
 		return nil, err
 	}
 	return nil, nil

builtin/logical/nomad/path_token.go

@@ -29,7 +29,7 @@ func (b *backend) pathTokenRead(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	name := d.Get("name").(string)
 
-	entry, err := req.Storage.Get("policy/" + name)
+	entry, err := req.Storage.Get("role/" + name)
 	if err != nil {
 		return nil, fmt.Errorf("error retrieving role: %s", err)
 	}

website/source/api/secret/nomad/index.html.md

@@ -59,7 +59,7 @@ updated attributes.
 
 | Method   | Path                         | Produces               |
 | :------- | :--------------------------- | :--------------------- |
-| `POST`   | `/nomad/roles/:name`         | `204 (empty body)`     |
+| `POST`   | `/nomad/role/:name`         | `204 (empty body)`     |
 
 ### Parameters
 
@@ -95,7 +95,7 @@ $ curl \
     --request POST \
     --header "X-Vault-Token: ..." \
     --data @payload.json \
-    https://vault.rocks/v1/nomad/roles/monitoring
+    https://vault.rocks/v1/nomad/role/monitoring
 ```
 
 ## Read Role
@@ -105,7 +105,7 @@ If no role exists with that name, a 404 is returned.
 
 | Method   | Path                         | Produces               |
 | :------- | :--------------------------- | :--------------------- |
-| `GET`    | `/nomad/roles/:name`         | `200 application/json` |
+| `GET`    | `/nomad/role/:name`         | `200 application/json` |
 
 ### Parameters
 
@@ -117,7 +117,7 @@ If no role exists with that name, a 404 is returned.
 ```
 $ curl \
     --header "X-Vault-Token: ..." \
-    https://vault.rocks/v1/nomad/roles/monitoring
+    https://vault.rocks/v1/nomad/role/monitoring
 ```
 
 ### Sample Response
@@ -147,8 +147,8 @@ This endpoint lists all existing roles in the backend.
 
 | Method   | Path                         | Produces               |
 | :------- | :--------------------------- | :--------------------- |
-| `LIST`    | `/nomad/roles`              | `200 application/json` |
+| `LIST`    | `/nomad/role`              | `200 application/json` |
-| `GET`     | `/nomad/roles?list=true`    | `200 application/json` |
+| `GET`     | `/nomad/role?list=true`    | `200 application/json` |
 
 ### Sample Request
 
@@ -156,7 +156,7 @@ This endpoint lists all existing roles in the backend.
 $ curl \
     --header "X-Vault-Token: ..." \
     --request LIST \
-    https://vault.rocks/v1/nomad/roles
+    https://vault.rocks/v1/nomad/role
 ```
 
 ### Sample Response
@@ -185,7 +185,7 @@ not exist, this endpoint will still return a successful response.
 
 | Method   | Path                         | Produces               |
 | :------- | :--------------------------- | :--------------------- |
-| `DELETE` | `/nomad/roles/:name`         | `204 (empty body)`     |
+| `DELETE` | `/nomad/role/:name`         | `204 (empty body)`     |
 
 ### Parameters
 
@@ -198,7 +198,7 @@ not exist, this endpoint will still return a successful response.
 $ curl \
     --request DELETE \
     --header "X-Vault-Token: ..." \
-    https://vault.rocks/v1/nomad/roles/example-role
+    https://vault.rocks/v1/nomad/role/example-role
 ```
 
 ## Generate Credential

website/source/docs/secrets/nomad/index.html.md

@@ -67,8 +67,8 @@ to a set of policy names used to generate those credentials. For example, lets c
 an "monitoring" role that maps to a "readonly" policy:
 
 ```
-$ vault write nomad/roles/monitoring policy=readonly
+$ vault write nomad/role/monitoring policy=readonly
-Success! Data written to: nomad/roles/monitoring
+Success! Data written to: nomad/role/monitoring
 ```
 
 The backend expects either a single or a comma separated list of policy names.