diff --git a/logical/framework/path.go b/logical/framework/path.go index 142727443d95c..f9c47c0203252 100644 --- a/logical/framework/path.go +++ b/logical/framework/path.go @@ -14,6 +14,12 @@ func GenericNameRegex(name string) string { return fmt.Sprintf("(?P<%s>\\w[\\w-.]+\\w)", name) } +// Helper which returns a regex string for optionally accepting the a field +// from the API URL +func OptionalParamRegex(name string) string { + return fmt.Sprintf("(/(?P<%s>.+))?", name) +} + // PathAppend is a helper for appending lists of paths into a single // list. func PathAppend(paths ...[]*Path) []*Path { diff --git a/vault/token_store.go b/vault/token_store.go index c0618e693478e..aaa937da610f9 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -196,7 +196,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "lookup/(?P.+)", + Pattern: "lookup" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -206,7 +206,8 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: t.handleLookup, + logical.ReadOperation: t.handleLookup, + logical.UpdateOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), @@ -214,7 +215,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "lookup-accessor/(?P.+)", + Pattern: "lookup-accessor" + framework.OptionalParamRegex("accessor"), Fields: map[string]*framework.FieldSchema{ "accessor": &framework.FieldSchema{ @@ -250,7 +251,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke-accessor/(?P.+)", + Pattern: "revoke-accessor" + framework.OptionalParamRegex("accessor"), Fields: map[string]*framework.FieldSchema{ "accessor": &framework.FieldSchema{ @@ -279,7 +280,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke/(?P.+)", + Pattern: "revoke" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -297,7 +298,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke-orphan/(?P.+)", + Pattern: "revoke-orphan" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -315,7 +316,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke-prefix/(?P.+)", + Pattern: "revoke-prefix" + framework.OptionalParamRegex("prefix"), Fields: map[string]*framework.FieldSchema{ "prefix": &framework.FieldSchema{ @@ -356,7 +357,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "renew/(?P.+)", + Pattern: "renew" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ diff --git a/website/source/docs/auth/token.html.md b/website/source/docs/auth/token.html.md index a650bc2777382..1bc488e4c02ea 100644 --- a/website/source/docs/auth/token.html.md +++ b/website/source/docs/auth/token.html.md @@ -179,7 +179,7 @@ of the header should be "X-Vault-Token" and the value should be the token. -### /auth/token/lookup/ +### /auth/token/lookup[/token] #### GET
@@ -218,6 +218,51 @@ of the header should be "X-Vault-Token" and the value should be the token.
+ +#### POST + +
+
Description
+
+ Returns information about the client token provided in the request body. +
+ +
Method
+
GET
+ +
URL
+
`/auth/token/lookup`
+ +
Parameters
+
+
    +
  • + token + required + Token to lookup. +
    • +
+
+ +
Returns
+
+ + ```javascript + { + "data": { + "id": "ClientToken", + "policies": ["web", "stage"], + "path": "auth/github/login", + "meta": {"user": "armon", "organization": "hashicorp"}, + "display_name": "github-armon", + "num_uses": 0, + } + } + ``` + +
+
+ ### /auth/token/renew-self #### POST @@ -265,7 +310,7 @@ of the header should be "X-Vault-Token" and the value should be the token. -### /auth/token/renew/ +### /auth/token/renew[/token] #### POST
@@ -280,9 +325,18 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/renew/`
+
`/auth/token/renew`
Parameters
+
+
    +
  • + token + required + Token to revoke. This can be part of the URL or the body. +
    • +
+
  • @@ -312,7 +366,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/revoke/ +### /auth/token/revoke[/token] #### POST
@@ -326,11 +380,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/revoke/`
+
`/auth/token/revoke`
Parameters
- None +
    +
  • + token + required + Token to revoke. This can be part of the URL or the body. +
    • +
Returns
@@ -365,7 +425,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/revoke-orphan/ +### /auth/token/revoke-orphan[/token] #### POST
@@ -381,11 +441,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/revoke-orphan/`
+
`/auth/token/revoke-orphan`
Parameters
- None +
    +
  • + token + required + Token to revoke. This can be part of the URL or the body. +
    • +
Returns
@@ -393,7 +459,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/revoke-prefix/ +### /auth/token/revoke-prefix[/prefix] #### POST
@@ -409,11 +475,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/revoke-prefix/`
+
`/auth/token/revoke-prefix`
Parameters
- None +
    +
  • + token + required + Token source prefix to revoke. This can be part of the URL or the body. +
    • +
Returns
@@ -584,7 +656,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/lookup-accessor +### /auth/token/lookup-accessor[/accessor] #### POST
@@ -599,7 +671,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/lookup-accessor`
+
`/auth/token/lookup-accessor`
Parameters
@@ -607,7 +679,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
  • accessor required - Accessor of the token to lookup. + Accessor of the token to lookup. This can be part of the URL or the body.
    • @@ -639,7 +711,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
    -### /auth/token/revoke-accessor/ +### /auth/token/revoke-accessor[/accessor] #### POST
    @@ -654,11 +726,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
    POST
    URL
    -
    `/auth/token/revoke-accessor/`
    +
    `/auth/token/revoke-accessor`
    Parameters
    - None +
      +
    • + accessor + required + Accessor of the token. This can be part of the URL or the body. +
      • +
    Returns