From 5eb5b007825e47d0cfc79b7eaa44c8e3e5ce3fff Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Mon, 14 Mar 2016 18:56:00 -0400 Subject: [PATCH 1/3] Enable token to be supplied in the body for lookup call --- vault/token_store.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vault/token_store.go b/vault/token_store.go index c0618e693478e..41c1cea1bfbc8 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -196,7 +196,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "lookup/(?P.+)", + Pattern: "lookup(/(?P.+))?", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -206,7 +206,8 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: t.handleLookup, + logical.ReadOperation: t.handleLookup, + logical.UpdateOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), From 5556b35d0192b953b1482387e41b84fec4dc6721 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Mon, 14 Mar 2016 19:14:36 -0400 Subject: [PATCH 2/3] Accept params both as part of URL or as part of http body --- logical/framework/path.go | 6 ++++++ vault/token_store.go | 14 +++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/logical/framework/path.go b/logical/framework/path.go index 142727443d95c..f9c47c0203252 100644 --- a/logical/framework/path.go +++ b/logical/framework/path.go @@ -14,6 +14,12 @@ func GenericNameRegex(name string) string { return fmt.Sprintf("(?P<%s>\\w[\\w-.]+\\w)", name) } +// Helper which returns a regex string for optionally accepting the a field +// from the API URL +func OptionalParamRegex(name string) string { + return fmt.Sprintf("(/(?P<%s>.+))?", name) +} + // PathAppend is a helper for appending lists of paths into a single // list. func PathAppend(paths ...[]*Path) []*Path { diff --git a/vault/token_store.go b/vault/token_store.go index 41c1cea1bfbc8..aaa937da610f9 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -196,7 +196,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "lookup(/(?P.+))?", + Pattern: "lookup" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -215,7 +215,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "lookup-accessor/(?P.+)", + Pattern: "lookup-accessor" + framework.OptionalParamRegex("accessor"), Fields: map[string]*framework.FieldSchema{ "accessor": &framework.FieldSchema{ @@ -251,7 +251,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke-accessor/(?P.+)", + Pattern: "revoke-accessor" + framework.OptionalParamRegex("accessor"), Fields: map[string]*framework.FieldSchema{ "accessor": &framework.FieldSchema{ @@ -280,7 +280,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke/(?P.+)", + Pattern: "revoke" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -298,7 +298,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke-orphan/(?P.+)", + Pattern: "revoke-orphan" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ @@ -316,7 +316,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "revoke-prefix/(?P.+)", + Pattern: "revoke-prefix" + framework.OptionalParamRegex("prefix"), Fields: map[string]*framework.FieldSchema{ "prefix": &framework.FieldSchema{ @@ -357,7 +357,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) }, &framework.Path{ - Pattern: "renew/(?P.+)", + Pattern: "renew" + framework.OptionalParamRegex("token"), Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ From c98ec7a092eed795ea0aa232ec7da90d387e667a Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Mon, 14 Mar 2016 19:36:53 -0400 Subject: [PATCH 3/3] Documentation to provide optional parameters to token store API --- website/source/docs/auth/token.html.md | 114 +++++++++++++++++++++---- 1 file changed, 96 insertions(+), 18 deletions(-) diff --git a/website/source/docs/auth/token.html.md b/website/source/docs/auth/token.html.md index a650bc2777382..1bc488e4c02ea 100644 --- a/website/source/docs/auth/token.html.md +++ b/website/source/docs/auth/token.html.md @@ -179,7 +179,7 @@ of the header should be "X-Vault-Token" and the value should be the token. -### /auth/token/lookup/ +### /auth/token/lookup[/token] #### GET
@@ -218,6 +218,51 @@ of the header should be "X-Vault-Token" and the value should be the token.
+ +#### POST + +
+
Description
+
+ Returns information about the client token provided in the request body. +
+ +
Method
+
GET
+ +
URL
+
`/auth/token/lookup`
+ +
Parameters
+
+
    +
  • + token + required + Token to lookup. +
    • +
+
+ +
Returns
+
+ + ```javascript + { + "data": { + "id": "ClientToken", + "policies": ["web", "stage"], + "path": "auth/github/login", + "meta": {"user": "armon", "organization": "hashicorp"}, + "display_name": "github-armon", + "num_uses": 0, + } + } + ``` + +
+
+ ### /auth/token/renew-self #### POST @@ -265,7 +310,7 @@ of the header should be "X-Vault-Token" and the value should be the token. -### /auth/token/renew/ +### /auth/token/renew[/token] #### POST
@@ -280,9 +325,18 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/renew/`
+
`/auth/token/renew`
Parameters
+
+
    +
  • + token + required + Token to revoke. This can be part of the URL or the body. +
    • +
+
  • @@ -312,7 +366,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/revoke/ +### /auth/token/revoke[/token] #### POST
@@ -326,11 +380,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/revoke/`
+
`/auth/token/revoke`
Parameters
- None +
    +
  • + token + required + Token to revoke. This can be part of the URL or the body. +
    • +
Returns
@@ -365,7 +425,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/revoke-orphan/ +### /auth/token/revoke-orphan[/token] #### POST
@@ -381,11 +441,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/revoke-orphan/`
+
`/auth/token/revoke-orphan`
Parameters
- None +
    +
  • + token + required + Token to revoke. This can be part of the URL or the body. +
    • +
Returns
@@ -393,7 +459,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/revoke-prefix/ +### /auth/token/revoke-prefix[/prefix] #### POST
@@ -409,11 +475,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/revoke-prefix/`
+
`/auth/token/revoke-prefix`
Parameters
- None +
    +
  • + token + required + Token source prefix to revoke. This can be part of the URL or the body. +
    • +
Returns
@@ -584,7 +656,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
-### /auth/token/lookup-accessor +### /auth/token/lookup-accessor[/accessor] #### POST
@@ -599,7 +671,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
POST
URL
-
`/auth/token/lookup-accessor`
+
`/auth/token/lookup-accessor`
Parameters
@@ -607,7 +679,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
  • accessor required - Accessor of the token to lookup. + Accessor of the token to lookup. This can be part of the URL or the body.
    • @@ -639,7 +711,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
    -### /auth/token/revoke-accessor/ +### /auth/token/revoke-accessor[/accessor] #### POST
    @@ -654,11 +726,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
    POST
    URL
    -
    `/auth/token/revoke-accessor/`
    +
    `/auth/token/revoke-accessor`
    Parameters
    - None +
      +
    • + accessor + required + Accessor of the token. This can be part of the URL or the body. +
      • +
    Returns