luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Unifying Storage and API path in role

This commit is contained in:
Nicolas Corrarello 2017-10-31 20:56:56 +00:00
parent 0fc65cabc7
commit d540985926
5 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
builtin/logical/nomad/backend_test.go
View File

@ -178,7 +178,7 @@ func TestBackend_renew_revoke(t *testing.T) {
t.Fatal(err)
}
req.Path = "roles/test"
req.Path = "role/test"
req.Data = map[string]interface{}{
"policy": []string{"policy"},
"lease": "6h",

12
builtin/logical/nomad/path_roles.go
View File

@ -10,7 +10,7 @@ import (
func pathListRoles(b *backend) *framework.Path {
return &framework.Path{
Pattern: "roles/?$",
Pattern: "role/?$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ListOperation: b.pathRoleList,
@ -20,7 +20,7 @@ func pathListRoles(b *backend) *framework.Path {
func pathRoles() *framework.Path {
return &framework.Path{
Pattern: "roles/" + framework.GenericNameRegex("name"),
Pattern: "role/" + framework.GenericNameRegex("name"),
Fields: map[string]*framework.FieldSchema{
"name": &framework.FieldSchema{
Type: framework.TypeString,
@ -62,7 +62,7 @@ Defaults to 'client'.`,
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("policy/")
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
}
@ -74,7 +74,7 @@ func pathRolesRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
entry, err := req.Storage.Get("policy/" + name)
entry, err := req.Storage.Get("role/" + name)
if err != nil {
return nil, err
}
@ -138,7 +138,7 @@ func pathRolesWrite(
}
}
entry, err := logical.StorageEntryJSON("policy/"+name, roleConfig{
entry, err := logical.StorageEntryJSON("role/"+name, roleConfig{
Policy: policy,
Lease: lease,
TokenType: tokenType,
@ -158,7 +158,7 @@ func pathRolesWrite(
func pathRolesDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if err := req.Storage.Delete("policy/" + name); err != nil {
if err := req.Storage.Delete("role/" + name); err != nil {
return nil, err
}
return nil, nil

2
builtin/logical/nomad/path_token.go
View File

@ -29,7 +29,7 @@ func (b *backend) pathTokenRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
entry, err := req.Storage.Get("policy/" + name)
entry, err := req.Storage.Get("role/" + name)
if err != nil {
return nil, fmt.Errorf("error retrieving role: %s", err)
}

18
website/source/api/secret/nomad/index.html.md
View File

@ -59,7 +59,7 @@ updated attributes.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/nomad/roles/:name` | `204 (empty body)` |
| `POST` | `/nomad/role/:name` | `204 (empty body)` |
### Parameters
@ -95,7 +95,7 @@ $ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
https://vault.rocks/v1/nomad/roles/monitoring
https://vault.rocks/v1/nomad/role/monitoring
```
## Read Role
@ -105,7 +105,7 @@ If no role exists with that name, a 404 is returned.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/nomad/roles/:name` | `200 application/json` |
| `GET` | `/nomad/role/:name` | `200 application/json` |
### Parameters
@ -117,7 +117,7 @@ If no role exists with that name, a 404 is returned.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/roles/monitoring
https://vault.rocks/v1/nomad/role/monitoring
```
### Sample Response
@ -147,8 +147,8 @@ This endpoint lists all existing roles in the backend.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `LIST` | `/nomad/roles` | `200 application/json` |
| `GET` | `/nomad/roles?list=true` | `200 application/json` |
| `LIST` | `/nomad/role` | `200 application/json` |
| `GET` | `/nomad/role?list=true` | `200 application/json` |
### Sample Request
@ -156,7 +156,7 @@ This endpoint lists all existing roles in the backend.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/nomad/roles
https://vault.rocks/v1/nomad/role
```
### Sample Response
@ -185,7 +185,7 @@ not exist, this endpoint will still return a successful response.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/nomad/roles/:name` | `204 (empty body)` |
| `DELETE` | `/nomad/role/:name` | `204 (empty body)` |
### Parameters
@ -198,7 +198,7 @@ not exist, this endpoint will still return a successful response.
$ curl \
--request DELETE \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/roles/example-role
https://vault.rocks/v1/nomad/role/example-role
```
## Generate Credential

4
website/source/docs/secrets/nomad/index.html.md
View File

@ -67,8 +67,8 @@ to a set of policy names used to generate those credentials. For example, lets c
an "monitoring" role that maps to a "readonly" policy:
```
$ vault write nomad/roles/monitoring policy=readonly
Success! Data written to: nomad/roles/monitoring
$ vault write nomad/role/monitoring policy=readonly
Success! Data written to: nomad/role/monitoring
```
The backend expects either a single or a comma separated list of policy names.