open-vault/website/content/api-docs/system/lease-count-quotas.mdx
Violet Hynes adb65bd0f2
VAULT-6615 Update docs for 1.12 quota changes (#16381)
* VAULT-6615 Update docs for 1.12 quota changes

* VAULT-6615 Add info about globbing

* VAULT-6615 some small updates for role param

* Update website/content/docs/enterprise/lease-count-quotas.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-02 15:37:56 -04:00

152 lines
4.3 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/quotas/lease-count - HTTP API
description: The `/sys/quotas/lease-count` endpoint is used to create, edit and delete lease count quotas.
---
# `/sys/quotas/lease-count`
~> **Enterprise Only**  These endpoints require Vault Enterprise Platform.
The `/sys/quotas/lease-count` endpoint is used to create, edit and delete lease count quotas.
## Create or Update a Lease Count Quota
This endpoint is used to create a lease count quota with an identifier, `name`.
A lease count quota must include a `max_leases` value with an optional `path`
that can either be a namespace or mount, and can optionally include a path suffix following
the mount to restrict more specific API paths.
| Method | Path |
| :----- | :------------------------------ |
| `POST` | `/sys/quotas/lease-count/:name` |
### Parameters
- `name` `(string: "")` - The name of the quota.
- `path` `(string: "")` - Path of the mount or namespace to apply the quota.
A blank path configures a global lease count quota. For example `namespace1/`
adds a quota to a full namespace, `namespace1/auth/userpass` adds a quota to
`userpass` in `namespace1`, and `namespace1/kv-v2/data/foo/bar` adds a quota to
a specific secret on a K/V v2 mount in `namespace1`. A trailing glob (`*`) can also
be added as part of the path after the mount to match paths that share the same prefix
prior to the glob. `namespace1/kv-v2/data/foo/*` would match both `namespace1/kv-v2/data/foo/bar`
and `namespace1/kv-v2/data/foo/baz`. Updating this field on an existing
quota can have "moving" effects. For example, updating `namespace1` to
`namespace1/auth/userpass` moves this quota from being a namespace quota to a
namespace-specific mount quota. Non-global quotas are not inherited by child
namespaces.
- `max_leases` `(int: 0)` - Maximum number of leases allowed by the quota rule.
- `role` `(string: "")` - If set on a quota where `path` is set to an auth mount with a
concept of roles (such as `/auth/approle/`), this will make the quota restrict login
requests to that mount that are made with the specified role. The request will fail if
the auth mount does not have a concept of roles, or `path` is not an auth mount.
### Sample Payload
```json
{
"path": "",
"max_leases": 1000
}
```
### Sample Request
```shell-session
$ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/quotas/lease-count/global-lease-count-quota
```
## Delete a Lease Count Quota
A lease count quota can be deleted by `name`.
| Method | Path |
| :------- | :------------------------------ |
| `DELETE` | `/sys/quotas/lease-count/:name` |
### Sample Request
```shell-session
$ curl \
--request DELETE \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/quotas/lease-count/global-lease-count-quota
```
## Get a Lease Count Quota
A lease count quota can be retrieved by `name`.
| Method | Path |
| :----- | :------------------------------ |
| `GET` | `/sys/quotas/lease-count/:name` |
### Sample Request
```shell-session
$ curl \
--request GET \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/quotas/lease-count/global-lease-count-quota
```
### Sample Response
```json
{
"request_id": "21514bc6-2c19-42b9-a8a7-cab27aff5815",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"max_leases": 1000,
"name": "global-lease-count-quota",
"path": "",
"role": "",
"type": "lease-count"
},
"warnings": null
}
```
## List Lease Count Quotas
This endpoint returns a list of all the lease count quotas. A 404 response will
be returned if no lease count quota has been created.
| Method | Path |
| :----- | :------------------------ |
| `LIST` | `/sys/quotas/lease-count` |
### Sample Request
```shell-session
$ curl \
--request LIST \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/quotas/lease-count
```
### Sample Response
```json
{
"auth": null,
"data": {
"keys": ["global-lease-count-quota"]
},
"lease_duration": 0,
"lease_id": "",
"renewable": false,
"request_id": "ab633ee1-a692-ba03-083b-f1bd91c51c28",
"warnings": null,
"wrap_info": null
}
```