luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/system/namespaces.mdx
swayne275 0604c12f27
Namespace API Lock docs (#13064) 
* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-09 15:43:17 -07:00

212 lines
4.3 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/namespaces - HTTP API
description: The `/sys/namespaces` endpoint is used manage namespaces in Vault.
---
# `/sys/namespaces`
The `/sys/namespaces` endpoint is used manage namespaces in Vault.
## List Namespaces
This endpoints lists all the namespaces.
| Method | Path |
| :----- | :---------------- |
| `LIST` | `/sys/namespaces` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
-X LIST \
http://127.0.0.1:8200/v1/sys/namespaces
```
### Sample Response
```json
["ns1/", "ns2/"]
```
## Create Namespace
This endpoint creates a namespace at the given path.
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/sys/namespaces/:path` |
### Parameters
- `path` `(string: <required>)`  Specifies the path where the namespace
will be created.
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
## Delete Namespace
This endpoint deletes a namespace at the specified path.
| Method | Path |
| :------- | :---------------------- |
| `DELETE` | `/sys/namespaces/:path` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
## Read Namespace Information
This endpoint gets the metadata for the given namespace path.
| Method | Path |
| :----- | :---------------------- |
| `GET` | `/sys/namespaces/:path` |
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/namespaces/ns1
```
### Sample Response
```json
{
"id": "gsudj",
"path": "ns1/"
}
```
## Lock Namespace
This endpoint locks the API for the current namespace path or optional subpath.
The behavior when interacting with Vault from a locked namespace is described in
[API Locked Response](/docs/concepts/namespace-api-lock#api-locked-response).
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/sys/namespaces/api-lock/lock/:subpath` |
### Sample Request - Current Namespace
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/lock
```
### Sample Response - Current Namespace
```json
{
"unlock_key": "<unlock key for current/ns/path>"
}
```
### Sample Request - X-Vault-Namespace
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--header "X-Vault-Namespace: some/path
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/lock
```
### Sample Response - X-Vault-Namespace
```json
{
"unlock_key": "<unlock key for some/path>"
}
```
### Sample Request - Descendant of Current Namespace
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/lock/some/descendant/subpath
```
### Sample Response - Descendant of Current Namespace
```json
{
"unlock_key": "<unlock key for current/ns/path/some/descendant/subpath>"
}
```
## Unlock Namespace
This endpoint unlocks the api for the current namespace path or optional subpath.
| Method | Path |
| :----- | :---------------------- |
| `POST` | `/sys/namespaces/api-lock/unlock/:subpath` |
### Sample Payload - Current Namespace Non-Root
```json
{
"unlock_key": "<unlock key for current/ns/path>"
}
```
### Sample Request - Current Namespace Non-Root
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/unlock
```
### Sample Request - Current Namespace Root
```shell-session
$ curl \
--header "X-Vault-Token: <some root token>" \
--request POST \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/unlock
```
### Sample Payload - Descendant Namespace Non-Root
```json
{
"unlock_key": "<unlock key for current/ns/path/some/descendant/subpath>"
}
```
### Sample Request - Descendant Namespace Non-Root
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/namespaces/api-lock/unlock/some/descendant/path
```
Reference in a new issue View git blame Copy permalink