From 5334e123fa47af7251093be5d751f9daa6efbb99 Mon Sep 17 00:00:00 2001 From: Anton Averchenkov <84287187+averche@users.noreply.github.com> Date: Thu, 6 Apr 2023 11:03:11 -0400 Subject: [PATCH] openapi: Add display attributes for approle (#19363) --- builtin/credential/approle/backend.go | 1 + builtin/credential/approle/path_login.go | 4 + builtin/credential/approle/path_role.go | 97 +++++++++++++++++++ .../credential/approle/path_tidy_user_id.go | 6 ++ 4 files changed, 108 insertions(+) diff --git a/builtin/credential/approle/backend.go b/builtin/credential/approle/backend.go index 60d463f085a3..4165fbbec47e 100644 --- a/builtin/credential/approle/backend.go +++ b/builtin/credential/approle/backend.go @@ -15,6 +15,7 @@ import ( ) const ( + operationPrefixAppRole = "app-role" secretIDPrefix = "secret_id/" secretIDLocalPrefix = "secret_id_local/" secretIDAccessorPrefix = "accessor/" diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go index 33df709747cd..14bd3e775add 100644 --- a/builtin/credential/approle/path_login.go +++ b/builtin/credential/approle/path_login.go @@ -19,6 +19,10 @@ import ( func pathLogin(b *backend) *framework.Path { return &framework.Path{ Pattern: "login$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationVerb: "log-in", + }, Fields: map[string]*framework.FieldSchema{ "role_id": { Type: framework.TypeString, diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go index a5dcfe659de7..f900377c29cf 100644 --- a/builtin/credential/approle/path_role.go +++ b/builtin/credential/approle/path_role.go @@ -124,6 +124,10 @@ func rolePaths(b *backend) []*framework.Path { p := &framework.Path{ Pattern: "role/" + framework.GenericNameRegex("role_name"), + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "role", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -300,6 +304,10 @@ can only be set during role creation and once set, it can't be reset later.`, p, { Pattern: "role/?", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "roles", + }, Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.pathRoleList, @@ -321,6 +329,10 @@ can only be set during role creation and once set, it can't be reset later.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/local-secret-ids$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "local-secret-ids", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -349,6 +361,10 @@ can only be set during role creation and once set, it can't be reset later.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/policies$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "policies", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -400,6 +416,10 @@ can only be set during role creation and once set, it can't be reset later.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/bound-cidr-list$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "bound-cidr-list", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -442,6 +462,10 @@ of CIDR blocks. If set, specifies the blocks of IP addresses which can perform t }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-bound-cidrs$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id-bound-cidrs", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -483,6 +507,10 @@ IP addresses which can perform the login operation.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-bound-cidrs$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "token-bound-cidrs", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -523,6 +551,10 @@ IP addresses which can perform the login operation.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/bind-secret-id$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "bind-secret-id", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -564,6 +596,10 @@ IP addresses which can perform the login operation.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-num-uses$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id-num-uses", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -604,6 +640,10 @@ IP addresses which can perform the login operation.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-ttl$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id-ttl", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -645,6 +685,10 @@ to 0, meaning no expiration.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/period$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "period", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -696,6 +740,10 @@ to 0, meaning no expiration.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-num-uses$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "token-num-uses", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -736,6 +784,10 @@ to 0, meaning no expiration.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-ttl$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "token-ttl", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -776,6 +828,10 @@ to 0, meaning no expiration.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-max-ttl$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "token-max-ttl", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -816,6 +872,10 @@ to 0, meaning no expiration.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/role-id$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "role-id", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -852,6 +912,10 @@ to 0, meaning no expiration.`, }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -917,6 +981,9 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's }, logical.ListOperation: &framework.PathOperation{ Callback: b.pathRoleSecretIDList, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "secret-ids", + }, Responses: map[int][]framework.Response{ http.StatusOK: {{ Description: "OK", @@ -935,6 +1002,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/lookup/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id", + OperationVerb: "look-up", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -1003,6 +1075,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/destroy/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id", + OperationVerb: "destroy", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -1021,6 +1098,9 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's logical.DeleteOperation: &framework.PathOperation{ Callback: b.pathRoleSecretIDDestroyUpdateDelete, Responses: responseNoContent, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "secret-id2", + }, }, }, HelpSynopsis: strings.TrimSpace(roleHelp["role-secret-id-destroy"][0]), @@ -1028,6 +1108,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-accessor/lookup/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id-by-accessor", + OperationVerb: "look-up", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -1096,6 +1181,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-accessor/destroy/?$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id-by-accessor", + OperationVerb: "destroy", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, @@ -1114,6 +1204,9 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's logical.DeleteOperation: &framework.PathOperation{ Callback: b.pathRoleSecretIDAccessorDestroyUpdateDelete, Responses: responseNoContent, + DisplayAttrs: &framework.DisplayAttributes{ + OperationSuffix: "secret-id-by-accessor2", + }, }, }, HelpSynopsis: strings.TrimSpace(roleHelp["role-secret-id-accessor"][0]), @@ -1121,6 +1214,10 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's }, { Pattern: "role/" + framework.GenericNameRegex("role_name") + "/custom-secret-id$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "custom-secret-id", + }, Fields: map[string]*framework.FieldSchema{ "role_name": { Type: framework.TypeString, diff --git a/builtin/credential/approle/path_tidy_user_id.go b/builtin/credential/approle/path_tidy_user_id.go index f677f017561e..b6c777b14961 100644 --- a/builtin/credential/approle/path_tidy_user_id.go +++ b/builtin/credential/approle/path_tidy_user_id.go @@ -20,6 +20,12 @@ func pathTidySecretID(b *backend) *framework.Path { return &framework.Path{ Pattern: "tidy/secret-id$", + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: operationPrefixAppRole, + OperationSuffix: "secret-id", + OperationVerb: "tidy", + }, + Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.pathTidySecretIDUpdate,