Merge pull request #1211 from hashicorp/token-http-body

Optionally accept tokens and prefixes from HTTP body
hashicorp · Mar 14, 2016 · 1d51c60 · 1d51c60
2 parents 01d7c9b + c98ec7a
commit 1d51c60
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 26 deletions.
diff --git a/logical/framework/path.go b/logical/framework/path.go
@@ -14,6 +14,12 @@ func GenericNameRegex(name string) string {
 	return fmt.Sprintf("(?P<%s>\\w[\\w-.]+\\w)", name)
 }
 
+// Helper which returns a regex string for optionally accepting the a field
+// from the API URL
+func OptionalParamRegex(name string) string {
+	return fmt.Sprintf("(/(?P<%s>.+))?", name)
+}
+
 // PathAppend is a helper for appending lists of paths into a single
 // list.
 func PathAppend(paths ...[]*Path) []*Path {

diff --git a/vault/token_store.go b/vault/token_store.go
@@ -196,7 +196,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 			},
 
 			&framework.Path{
-				Pattern: "lookup/(?P<token>.+)",
+				Pattern: "lookup" + framework.OptionalParamRegex("token"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"token": &framework.FieldSchema{
@@ -206,15 +206,16 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.ReadOperation: t.handleLookup,
+					logical.ReadOperation:   t.handleLookup,
+					logical.UpdateOperation: t.handleLookup,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenLookupHelp),
 				HelpDescription: strings.TrimSpace(tokenLookupHelp),
 			},
 
 			&framework.Path{
-				Pattern: "lookup-accessor/(?P<accessor>.+)",
+				Pattern: "lookup-accessor" + framework.OptionalParamRegex("accessor"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"accessor": &framework.FieldSchema{
@@ -250,7 +251,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 			},
 
 			&framework.Path{
-				Pattern: "revoke-accessor/(?P<accessor>.+)",
+				Pattern: "revoke-accessor" + framework.OptionalParamRegex("accessor"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"accessor": &framework.FieldSchema{
@@ -279,7 +280,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 			},
 
 			&framework.Path{
-				Pattern: "revoke/(?P<token>.+)",
+				Pattern: "revoke" + framework.OptionalParamRegex("token"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"token": &framework.FieldSchema{
@@ -297,7 +298,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 			},
 
 			&framework.Path{
-				Pattern: "revoke-orphan/(?P<token>.+)",
+				Pattern: "revoke-orphan" + framework.OptionalParamRegex("token"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"token": &framework.FieldSchema{
@@ -315,7 +316,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 			},
 
 			&framework.Path{
-				Pattern: "revoke-prefix/(?P<prefix>.+)",
+				Pattern: "revoke-prefix" + framework.OptionalParamRegex("prefix"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"prefix": &framework.FieldSchema{
@@ -356,7 +357,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 			},
 
 			&framework.Path{
-				Pattern: "renew/(?P<token>.+)",
+				Pattern: "renew" + framework.OptionalParamRegex("token"),
 
 				Fields: map[string]*framework.FieldSchema{
 					"token": &framework.FieldSchema{

diff --git a/website/source/docs/auth/token.html.md b/website/source/docs/auth/token.html.md
@@ -179,7 +179,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
-### /auth/token/lookup/
+### /auth/token/lookup[/token]
 #### GET
 
 <dl class="api">
@@ -218,6 +218,51 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
+
+#### POST
+
+<dl class="api">
+  <dt>Description</dt>
+  <dd>
+    Returns information about the client token provided in the request body.
+  </dd>
+
+  <dt>Method</dt>
+  <dd>GET</dd>
+
+  <dt>URL</dt>
+  <dd>`/auth/token/lookup`</dd>
+
+  <dt>Parameters</dt>
+  <dd>
+    <ul>
+      <li>
+        <span class="param">token</span>
+        <span class="param-flags">required</span>
+            Token to lookup.
+      </li>
+    </ul>
+  </dd>
+
+  <dt>Returns</dt>
+  <dd>
+
+    ```javascript
+    {
+      "data": {
+        "id": "ClientToken",
+        "policies": ["web", "stage"],
+        "path": "auth/github/login",
+        "meta": {"user": "armon", "organization": "hashicorp"},
+        "display_name": "github-armon",
+        "num_uses": 0,
+      }
+    }
+    ```
+
+  </dd>
+</dl>
+
 ### /auth/token/renew-self
 #### POST
 
@@ -265,7 +310,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
-### /auth/token/renew/
+### /auth/token/renew[/token]
 #### POST
 
 <dl class="api">
@@ -280,9 +325,18 @@ of the header should be "X-Vault-Token" and the value should be the token.
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/token/renew/<token>`</dd>
+  <dd>`/auth/token/renew</token>`</dd>
 
   <dt>Parameters</dt>
+  <dd>
+    <ul>
+      <li>
+        <span class="param">token</span>
+        <span class="param-flags">required</span>
+            Token to revoke. This can be part of the URL or the body.
+      </li>
+    </ul>
+  </dd>
   <dd>
     <ul>
       <li>
@@ -312,7 +366,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
-### /auth/token/revoke/
+### /auth/token/revoke[/token]
 #### POST
 
 <dl class="api">
@@ -326,11 +380,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/token/revoke/<token>`</dd>
+  <dd>`/auth/token/revoke</token>`</dd>
 
   <dt>Parameters</dt>
   <dd>
-    None
+    <ul>
+      <li>
+        <span class="param">token</span>
+        <span class="param-flags">required</span>
+            Token to revoke. This can be part of the URL or the body.
+      </li>
+    </ul>
   </dd>
 
   <dt>Returns</dt>
@@ -365,7 +425,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
-### /auth/token/revoke-orphan/
+### /auth/token/revoke-orphan[/token]
 #### POST
 
 <dl class="api">
@@ -381,19 +441,25 @@ of the header should be "X-Vault-Token" and the value should be the token.
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/token/revoke-orphan/<token>`</dd>
+  <dd>`/auth/token/revoke-orphan</token>`</dd>
 
   <dt>Parameters</dt>
   <dd>
-    None
+    <ul>
+      <li>
+        <span class="param">token</span>
+        <span class="param-flags">required</span>
+            Token to revoke. This can be part of the URL or the body.
+      </li>
+    </ul>
   </dd>
 
   <dt>Returns</dt>
   <dd>`204` response code.
   </dd>
 </dl>
 
-### /auth/token/revoke-prefix/
+### /auth/token/revoke-prefix[/prefix]
 #### POST
 
 <dl class="api">
@@ -409,11 +475,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/token/revoke-prefix/<prefix>`</dd>
+  <dd>`/auth/token/revoke-prefix</prefix>`</dd>
 
   <dt>Parameters</dt>
   <dd>
-    None
+    <ul>
+      <li>
+        <span class="param">token</span>
+        <span class="param-flags">required</span>
+            Token source prefix to revoke. This can be part of the URL or the body.
+      </li>
+    </ul>
   </dd>
 
   <dt>Returns</dt>
@@ -584,7 +656,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
-### /auth/token/lookup-accessor
+### /auth/token/lookup-accessor[/accessor]
 #### POST
 
 <dl class="api">
@@ -599,15 +671,15 @@ of the header should be "X-Vault-Token" and the value should be the token.
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/token/lookup-accessor`</dd>
+  <dd>`/auth/token/lookup-accessor</accessor>`</dd>
 
   <dt>Parameters</dt>
   <dd>
     <ul>
       <li>
         <span class="param">accessor</span>
         <span class="param-flags">required</span>
-            Accessor of the token to lookup.
+            Accessor of the token to lookup. This can be part of the URL or the body.
       </li>
     </ul>
   </dd>
@@ -639,7 +711,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
   </dd>
 </dl>
 
-### /auth/token/revoke-accessor/
+### /auth/token/revoke-accessor[/accessor]
 #### POST
 
 <dl class="api">
@@ -654,11 +726,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
   <dd>POST</dd>
 
   <dt>URL</dt>
-  <dd>`/auth/token/revoke-accessor/<accessor>`</dd>
+  <dd>`/auth/token/revoke-accessor</accessor>`</dd>
 
   <dt>Parameters</dt>
   <dd>
-      None
+    <ul>
+      <li>
+        <span class="param">accessor</span>
+        <span class="param-flags">required</span>
+            Accessor of the token. This can be part of the URL or the body.
+      </li>
+    </ul>
   </dd>
 
   <dt>Returns</dt>