luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/system/namespaces.mdx
Chris Capurso 707fcad006
Add custom metadata to namespace API and CLI docs (#16633) 
* add custom_metadata to ns api docs

* update ns CLI docs to add custom-metadata flag
2022-08-09 14:10:41 -04:00

266 lines
5.4 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/namespaces - HTTP API
description: The `/sys/namespaces` endpoint is used manage namespaces in Vault.
---
# `/sys/namespaces`
The `/sys/namespaces` endpoint is used manage namespaces in Vault.
## List Namespaces
This endpoints lists all the namespaces.
| Method | Path |
| :----- | :---------------- |
| `LIST` | `/sys/namespaces` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
-X LIST \
http://127.0.0.1:8200/v1/sys/namespaces
```
### Sample Response
```json
["ns1/", "ns2/"]
```
## Create Namespace
This endpoint creates a namespace at the given path.
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/sys/namespaces/:path` |
### Parameters
- `path` `(string: <required>)`  Specifies the path where the namespace
will be created.
- `custom_metadata` `(map<string|string>: nil)` - A map of arbitrary string to string valued user-provided metadata meant
to describe the namespace.
### Sample Payload
```json
{
"custom_metadata": {
"foo": "abc",
"bar": "123"
}
}
```
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
## Patch Namespace
This endpoint patches an existing namespace at the specified path.
| Method | Path |
| :------- | :---------------------- |
| `PATCH` | `/sys/namespaces/:path` |
### Parameters
- `path` `(string: <required>)`  Specifies the path of the existing namespace.
- `custom_metadata` `(map<string|string>: nil)` - A map of arbitrary string to string valued user-provided metadata meant
to describe the namespace.
### Sample Payload
```json
{
"custom_metadata": {
"foo": "abc",
"bar": "123"
}
}
```
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--header "Content-Type: application/merge-patch+json"
--request PATCH \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
## Delete Namespace
This endpoint deletes a namespace at the specified path.
| Method | Path |
| :------- | :---------------------- |
| `DELETE` | `/sys/namespaces/:path` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
## Read Namespace Information
This endpoint gets the metadata for the given namespace path.
| Method | Path |
| :----- | :---------------------- |
| `GET` | `/sys/namespaces/:path` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
### Sample Response
```json
{
"id": "gsudj",
"path": "ns1/",
"custom_metadata": {
"foo": "abc",
"bar": "123"
}
}
```
## Lock Namespace
This endpoint locks the API for the current namespace path or optional subpath.
The behavior when interacting with Vault from a locked namespace is described in
[API Locked Response](/docs/concepts/namespace-api-lock#api-locked-response).
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/sys/namespaces/api-lock/lock/:subpath` |
### Sample Request - Current Namespace
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/lock
```
### Sample Response - Current Namespace
```json
{
"unlock_key": "<unlock key for current/ns/path>"
}
```
### Sample Request - X-Vault-Namespace
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--header "X-Vault-Namespace: some/path
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/lock
```
### Sample Response - X-Vault-Namespace
```json
{
"unlock_key": "<unlock key for some/path>"
}
```
### Sample Request - Descendant of Current Namespace
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/lock/some/descendant/subpath
```
### Sample Response - Descendant of Current Namespace
```json
{
"unlock_key": "<unlock key for current/ns/path/some/descendant/subpath>"
}
```
## Unlock Namespace
This endpoint unlocks the api for the current namespace path or optional subpath.
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/sys/namespaces/api-lock/unlock/:subpath` |
### Sample Payload - Current Namespace Non-Root
```json
{
"unlock_key": "<unlock key for current/ns/path>"
}
```
### Sample Request - Current Namespace Non-Root
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/unlock
```
### Sample Request - Current Namespace Root
```shell-session
$ curl \
--header "X-Vault-Token: <some root token>" \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/unlock
```
### Sample Payload - Descendant Namespace Non-Root
```json
{
"unlock_key": "<unlock key for current/ns/path/some/descendant/subpath>"
}
```
### Sample Request - Descendant Namespace Non-Root
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/unlock/some/descendant/path
```
Reference in a new issue View git blame Copy permalink