Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally accept tokens and prefixes from HTTP body #1211

Merged
merged 3 commits into from Mar 14, 2016
Merged

Optionally accept tokens and prefixes from HTTP body #1211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5eb5b00
Enable token to be supplied in the body for lookup call
vishalnayak Mar 14, 2016
5556b35
Accept params both as part of URL or as part of http body
vishalnayak Mar 14, 2016
c98ec7a
Documentation to provide optional parameters to token store API
vishalnayak Mar 14, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 6 additions & 0 deletions logical/framework/path.go
View file
Open in desktop
Expand Up @@ -14,6 +14,12 @@ func GenericNameRegex(name string) string {
return fmt.Sprintf("(?P<%s>\\w[\\w-.]+\\w)", name)
}

// Helper which returns a regex string for optionally accepting the a field
// from the API URL
func OptionalParamRegex(name string) string {
return fmt.Sprintf("(/(?P<%s>.+))?", name)
}

// PathAppend is a helper for appending lists of paths into a single
// list.
func PathAppend(paths ...[]*Path) []*Path {
Expand Down
17 changes: 9 additions & 8 deletions vault/token_store.go
View file
Open in desktop
Expand Up @@ -196,7 +196,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

&framework.Path{
Pattern: "lookup/(?P<token>.+)",
Pattern: "lookup" + framework.OptionalParamRegex("token"),

Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Expand All @@ -206,15 +206,16 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: t.handleLookup,
logical.ReadOperation: t.handleLookup,
logical.UpdateOperation: t.handleLookup,
},

HelpSynopsis: strings.TrimSpace(tokenLookupHelp),
HelpDescription: strings.TrimSpace(tokenLookupHelp),
},

&framework.Path{
Pattern: "lookup-accessor/(?P<accessor>.+)",
Pattern: "lookup-accessor" + framework.OptionalParamRegex("accessor"),

Fields: map[string]*framework.FieldSchema{
"accessor": &framework.FieldSchema{
Expand Down Expand Up @@ -250,7 +251,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

&framework.Path{
Pattern: "revoke-accessor/(?P<accessor>.+)",
Pattern: "revoke-accessor" + framework.OptionalParamRegex("accessor"),

Fields: map[string]*framework.FieldSchema{
"accessor": &framework.FieldSchema{
Expand Down Expand Up @@ -279,7 +280,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

&framework.Path{
Pattern: "revoke/(?P<token>.+)",
Pattern: "revoke" + framework.OptionalParamRegex("token"),

Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Expand All @@ -297,7 +298,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

&framework.Path{
Pattern: "revoke-orphan/(?P<token>.+)",
Pattern: "revoke-orphan" + framework.OptionalParamRegex("token"),

Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Expand All @@ -315,7 +316,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

&framework.Path{
Pattern: "revoke-prefix/(?P<prefix>.+)",
Pattern: "revoke-prefix" + framework.OptionalParamRegex("prefix"),

Fields: map[string]*framework.FieldSchema{
"prefix": &framework.FieldSchema{
Expand Down Expand Up @@ -356,7 +357,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},

&framework.Path{
Pattern: "renew/(?P<token>.+)",
Pattern: "renew" + framework.OptionalParamRegex("token"),

Fields: map[string]*framework.FieldSchema{
"token": &framework.FieldSchema{
Expand Down
114 changes: 96 additions & 18 deletions website/source/docs/auth/token.html.md
View file
Open in desktop
Expand Up @@ -179,7 +179,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>

### /auth/token/lookup/
### /auth/token/lookup[/token]
#### GET

<dl class="api">
Expand Down Expand Up @@ -218,6 +218,51 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>


#### POST

<dl class="api">
<dt>Description</dt>
<dd>
Returns information about the client token provided in the request body.
</dd>

<dt>Method</dt>
<dd>GET</dd>

<dt>URL</dt>
<dd>`/auth/token/lookup`</dd>

<dt>Parameters</dt>
<dd>
<ul>
<li>
<span class="param">token</span>
<span class="param-flags">required</span>
Token to lookup.
</li>
</ul>
</dd>

<dt>Returns</dt>
<dd>

```javascript
{
"data": {
"id": "ClientToken",
"policies": ["web", "stage"],
"path": "auth/github/login",
"meta": {"user": "armon", "organization": "hashicorp"},
"display_name": "github-armon",
"num_uses": 0,
}
}
```

</dd>
</dl>

### /auth/token/renew-self
#### POST

Expand Down Expand Up @@ -265,7 +310,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>

### /auth/token/renew/
### /auth/token/renew[/token]
#### POST

<dl class="api">
Expand All @@ -280,9 +325,18 @@ of the header should be "X-Vault-Token" and the value should be the token.
<dd>POST</dd>

<dt>URL</dt>
<dd>`/auth/token/renew/<token>`</dd>
<dd>`/auth/token/renew</token>`</dd>

<dt>Parameters</dt>
<dd>
<ul>
<li>
<span class="param">token</span>
<span class="param-flags">required</span>
Token to revoke. This can be part of the URL or the body.
</li>
</ul>
</dd>
<dd>
<ul>
<li>
Expand Down Expand Up @@ -312,7 +366,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>

### /auth/token/revoke/
### /auth/token/revoke[/token]
#### POST

<dl class="api">
Expand All @@ -326,11 +380,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
<dd>POST</dd>

<dt>URL</dt>
<dd>`/auth/token/revoke/<token>`</dd>
<dd>`/auth/token/revoke</token>`</dd>

<dt>Parameters</dt>
<dd>
None
<ul>
<li>
<span class="param">token</span>
<span class="param-flags">required</span>
Token to revoke. This can be part of the URL or the body.
</li>
</ul>
</dd>

<dt>Returns</dt>
Expand Down Expand Up @@ -365,7 +425,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>

### /auth/token/revoke-orphan/
### /auth/token/revoke-orphan[/token]
#### POST

<dl class="api">
Expand All @@ -381,19 +441,25 @@ of the header should be "X-Vault-Token" and the value should be the token.
<dd>POST</dd>

<dt>URL</dt>
<dd>`/auth/token/revoke-orphan/<token>`</dd>
<dd>`/auth/token/revoke-orphan</token>`</dd>

<dt>Parameters</dt>
<dd>
None
<ul>
<li>
<span class="param">token</span>
<span class="param-flags">required</span>
Token to revoke. This can be part of the URL or the body.
</li>
</ul>
</dd>

<dt>Returns</dt>
<dd>`204` response code.
</dd>
</dl>

### /auth/token/revoke-prefix/
### /auth/token/revoke-prefix[/prefix]
#### POST

<dl class="api">
Expand All @@ -409,11 +475,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
<dd>POST</dd>

<dt>URL</dt>
<dd>`/auth/token/revoke-prefix/<prefix>`</dd>
<dd>`/auth/token/revoke-prefix</prefix>`</dd>

<dt>Parameters</dt>
<dd>
None
<ul>
<li>
<span class="param">token</span>
<span class="param-flags">required</span>
Token source prefix to revoke. This can be part of the URL or the body.
</li>
</ul>
</dd>

<dt>Returns</dt>
Expand Down Expand Up @@ -584,7 +656,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>

### /auth/token/lookup-accessor
### /auth/token/lookup-accessor[/accessor]
#### POST

<dl class="api">
Expand All @@ -599,15 +671,15 @@ of the header should be "X-Vault-Token" and the value should be the token.
<dd>POST</dd>

<dt>URL</dt>
<dd>`/auth/token/lookup-accessor`</dd>
<dd>`/auth/token/lookup-accessor</accessor>`</dd>

<dt>Parameters</dt>
<dd>
<ul>
<li>
<span class="param">accessor</span>
<span class="param-flags">required</span>
Accessor of the token to lookup.
Accessor of the token to lookup. This can be part of the URL or the body.
</li>
</ul>
</dd>
Expand Down Expand Up @@ -639,7 +711,7 @@ of the header should be "X-Vault-Token" and the value should be the token.
</dd>
</dl>

### /auth/token/revoke-accessor/
### /auth/token/revoke-accessor[/accessor]
#### POST

<dl class="api">
Expand All @@ -654,11 +726,17 @@ of the header should be "X-Vault-Token" and the value should be the token.
<dd>POST</dd>

<dt>URL</dt>
<dd>`/auth/token/revoke-accessor/<accessor>`</dd>
<dd>`/auth/token/revoke-accessor</accessor>`</dd>

<dt>Parameters</dt>
<dd>
None
<ul>
<li>
<span class="param">accessor</span>
<span class="param-flags">required</span>
Accessor of the token. This can be part of the URL or the body.
</li>
</ul>
</dd>

<dt>Returns</dt>
Expand Down