luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/system/internal-ui-mounts.mdx
Stuart Purgavie d17a32bad3
Update internal-ui-mounts.mdx (#16399) 
* Update internal-ui-mounts.mdx

For sys/internal/ui/mounts:
Make it clear that this endpoint is not only being leveraged on the Web UI, but is also leveraged in other places such as `command/kv_helpers.go` for example. Also update response to standard Vault API response JSON, not just `data` portion of response, and include options data present on KV v2 mounts.

For sys/internal/ui/mounts/:path:
Add initial version of this endpoint family.

* docs(website/content/api-docs/system/internal): backwards compatibility disclaimer

* realign MD table

* restrict response sample to data portion to be in line with other docs

* docs(website/content/api-docs/system/internal): ui/mounts calling mode notes
2022-08-12 11:10:56 -07:00

114 lines
3.2 KiB
Plaintext
Raw Blame History

---
layout: api
page_title: /sys/internal/ui/mounts - HTTP API
description: >-
The `/sys/internal/ui/mounts` endpoint is used to manage mount listing
visibility.
---
# `/sys/internal/ui/mounts`
The `/sys/internal/ui/mounts` endpoint is used to manage mount listing
visibility. The response generated by this endpoint is based on the
`listing_visibility` value on the mount, which can be set during mount time or
via mount tuning. This is currently only being used internally, for the UI and
for CLI preflight checks, and is an unauthenticated endpoint.
If called with a valid token in `X-Vault-Token` header, the response will
include additional mounts which the token has been granted path capabilities on.
Due to the nature of its intended usage, there is no guarantee on backwards
compatibility for this endpoint.
## Get Available Visible Mounts
This endpoint lists all enabled auth methods.
| Method | Path |
| :----- | :------------------------ |
| `GET` | `/sys/internal/ui/mounts` |
### Sample Request
```shell-session
$ curl \
http://127.0.0.1:8200/v1/sys/internal/ui/mounts
```
### Sample Response
```json
{
"auth": {
"github/": {
"description": "GitHub auth",
"type": "github"
}
},
"secret": {
"custom-secrets/": {
"description": "Custom secrets",
"options": {
"version": "2"
},
"type": "kv"
}
}
}
```
## Get Single Mount Details
This endpoint lists details for a specific mount path. This is an
authenticated endpoint, and is currently only being used internally.
The calling token should not be granted permissions to these API endpoints
directly, but instead rely on permissions granted to the individual mount path.
This means that if you give a token a policy with capabilities on a `:path`
(e.g. `/secret/*`), the token will be able to call
`sys/internal/ui/mounts/:path` (e.g. `sys/internal/ui/mounts/secret`) without
having to add that literal path to the policy document.
On certain mounts, it is possible to call an arbitrary path within the engine
(for example, `/sys/internal/ui/mounts/secret/path/to/secret` when the mount
path is `/secret`). If called in this manner, then this endpoint will return the
data for the mount that hosts that path. Therefore, a call to
`/sys/internal/ui/mounts/secret/path/to/secret` and a call to
`/sys/internal/ui/mounts/secret` will yield an identical response.
Due to the nature of its intended usage, there is no guarantee on backwards
compatibility for this endpoint.
| Method | Path |
| :----- | :------------------------------ |
| `GET` | `/sys/internal/ui/mounts/:path` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/internal/ui/mounts/cubbyhole
```
### Sample Response
```json
{
"accessor": "cubbyhole_50fbe8d2",
"config": {
"default_lease_ttl": 0,
"force_no_cache": false,
"max_lease_ttl": 0
},
"description": "per-token private secret storage",
"external_entropy_access": false,
"local": true,
"options": null,
"path": "cubbyhole/",
"seal_wrap": false,
"type": "cubbyhole",
"uuid": "4bb40403-d9ba-d2ee-087a-4c6d371db5f2"
}
```
Reference in a new issue View git blame Copy permalink