func (b *backend) pathRandom() *framework.Path { return &framework.Path{ Pattern: "random" + framework.OptionalParamRegex("urlbytes"), Fields: map[string]*framework.FieldSchema{ "urlbytes": &framework.FieldSchema{ Type: framework.TypeString, Description: "The number of bytes to generate (POST URL parameter)", }, "bytes": &framework.FieldSchema{ Type: framework.TypeInt, Default: 32, Description: "The number of bytes to generate (POST body parameter). Defaults to 32 (256 bits).", }, "format": &framework.FieldSchema{ Type: framework.TypeString, Default: "base64", Description: `Encoding format to use. Can be "hex" or "base64". Defaults to "base64".`, }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.pathRandomWrite, }, HelpSynopsis: pathRandomHelpSyn, HelpDescription: pathRandomHelpDesc, } }
func (b *backend) pathVerify() *framework.Path { return &framework.Path{ Pattern: "verify/" + framework.GenericNameRegex("name") + framework.OptionalParamRegex("urlalgorithm"), Fields: map[string]*framework.FieldSchema{ "name": &framework.FieldSchema{ Type: framework.TypeString, Description: "The key to use", }, "signature": &framework.FieldSchema{ Type: framework.TypeString, Description: "The signature, including vault header/key version", }, "hmac": &framework.FieldSchema{ Type: framework.TypeString, Description: "The HMAC, including vault header/key version", }, "input": &framework.FieldSchema{ Type: framework.TypeString, Description: "The base64-encoded input data to verify", }, "urlalgorithm": &framework.FieldSchema{ Type: framework.TypeString, Description: `Hash algorithm to use (POST URL parameter)`, }, "algorithm": &framework.FieldSchema{ Type: framework.TypeString, Default: "sha2-256", Description: `Hash algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to "sha2-256".`, }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.pathVerifyWrite, }, HelpSynopsis: pathVerifyHelpSyn, HelpDescription: pathVerifyHelpDesc, } }
func (b *backend) pathHash() *framework.Path { return &framework.Path{ Pattern: "hash" + framework.OptionalParamRegex("urlalgorithm"), Fields: map[string]*framework.FieldSchema{ "input": &framework.FieldSchema{ Type: framework.TypeString, Description: "The base64-encoded input data", }, "algorithm": &framework.FieldSchema{ Type: framework.TypeString, Default: "sha2-256", Description: `Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to "sha2-256".`, }, "urlalgorithm": &framework.FieldSchema{ Type: framework.TypeString, Description: `Algorithm to use (POST URL parameter)`, }, "format": &framework.FieldSchema{ Type: framework.TypeString, Default: "hex", Description: `Encoding format to use. Can be "hex" or "base64". Defaults to "hex".`, }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.pathHashWrite, }, HelpSynopsis: pathHashHelpSyn, HelpDescription: pathHashHelpDesc, } }
func (b *backend) pathHMAC() *framework.Path { return &framework.Path{ Pattern: "hmac/" + framework.GenericNameRegex("name") + framework.OptionalParamRegex("urlalgorithm"), Fields: map[string]*framework.FieldSchema{ "name": &framework.FieldSchema{ Type: framework.TypeString, Description: "The key to use for the HMAC function", }, "input": &framework.FieldSchema{ Type: framework.TypeString, Description: "The base64-encoded input data", }, "algorithm": &framework.FieldSchema{ Type: framework.TypeString, Default: "sha2-256", Description: `Algorithm to use (POST body parameter). Valid values are: * sha2-224 * sha2-256 * sha2-384 * sha2-512 Defaults to "sha2-256".`, }, "urlalgorithm": &framework.FieldSchema{ Type: framework.TypeString, Description: `Algorithm to use (POST URL parameter)`, }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.pathHMACWrite, }, HelpSynopsis: pathHMACHelpSyn, HelpDescription: pathHMACHelpDesc, } }
func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend { b := &SystemBackend{ Core: core, } b.Backend = &framework.Backend{ Help: strings.TrimSpace(sysHelpRoot), PathsSpecial: &logical.Paths{ Root: []string{ "auth/*", "remount", "revoke-prefix/*", "audit", "audit/*", "raw/*", "rotate", }, }, Paths: []*framework.Path{ &framework.Path{ Pattern: "capabilities-accessor$", Fields: map[string]*framework.FieldSchema{ "accessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor of the token for which capabilities are being queried.", }, "path": &framework.FieldSchema{ Type: framework.TypeString, Description: "Path on which capabilities are being queried.", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleCapabilitiesAccessor, }, HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_accessor"][0]), HelpDescription: strings.TrimSpace(sysHelp["capabilities_accessor"][1]), }, &framework.Path{ Pattern: "capabilities$", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token for which capabilities are being queried.", }, "path": &framework.FieldSchema{ Type: framework.TypeString, Description: "Path on which capabilities are being queried.", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleCapabilities, }, HelpSynopsis: strings.TrimSpace(sysHelp["capabilities"][0]), HelpDescription: strings.TrimSpace(sysHelp["capabilities"][1]), }, &framework.Path{ Pattern: "capabilities-self$", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token for which capabilities are being queried.", }, "path": &framework.FieldSchema{ Type: framework.TypeString, Description: "Path on which capabilities are being queried.", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleCapabilities, }, HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_self"][0]), HelpDescription: strings.TrimSpace(sysHelp["capabilities_self"][1]), }, &framework.Path{ Pattern: "generate-root(/attempt)?$", HelpSynopsis: strings.TrimSpace(sysHelp["generate-root"][0]), HelpDescription: strings.TrimSpace(sysHelp["generate-root"][1]), }, &framework.Path{ Pattern: "init$", HelpSynopsis: strings.TrimSpace(sysHelp["init"][0]), HelpDescription: strings.TrimSpace(sysHelp["init"][1]), }, &framework.Path{ Pattern: "rekey/backup$", Fields: map[string]*framework.FieldSchema{}, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleRekeyRetrieveBarrier, logical.DeleteOperation: b.handleRekeyDeleteBarrier, }, HelpSynopsis: strings.TrimSpace(sysHelp["rekey_backup"][0]), HelpDescription: strings.TrimSpace(sysHelp["rekey_backup"][0]), }, &framework.Path{ Pattern: "rekey/recovery-key-backup$", Fields: map[string]*framework.FieldSchema{}, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleRekeyRetrieveRecovery, logical.DeleteOperation: b.handleRekeyDeleteRecovery, }, HelpSynopsis: strings.TrimSpace(sysHelp["rekey_backup"][0]), HelpDescription: strings.TrimSpace(sysHelp["rekey_backup"][0]), }, &framework.Path{ Pattern: "auth/(?P<path>.+?)/tune$", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["auth_tune"][0]), }, "default_lease_ttl": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["tune_default_lease_ttl"][0]), }, "max_lease_ttl": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["tune_max_lease_ttl"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleAuthTuneRead, logical.UpdateOperation: b.handleAuthTuneWrite, }, HelpSynopsis: strings.TrimSpace(sysHelp["auth_tune"][0]), HelpDescription: strings.TrimSpace(sysHelp["auth_tune"][1]), }, &framework.Path{ Pattern: "mounts/(?P<path>.+?)/tune$", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["mount_path"][0]), }, "default_lease_ttl": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["tune_default_lease_ttl"][0]), }, "max_lease_ttl": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["tune_max_lease_ttl"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleMountTuneRead, logical.UpdateOperation: b.handleMountTuneWrite, }, HelpSynopsis: strings.TrimSpace(sysHelp["mount_tune"][0]), HelpDescription: strings.TrimSpace(sysHelp["mount_tune"][1]), }, &framework.Path{ Pattern: "mounts/(?P<path>.+?)", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["mount_path"][0]), }, "type": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["mount_type"][0]), }, "description": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["mount_desc"][0]), }, "config": &framework.FieldSchema{ Type: framework.TypeMap, Description: strings.TrimSpace(sysHelp["mount_config"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleMount, logical.DeleteOperation: b.handleUnmount, }, HelpSynopsis: strings.TrimSpace(sysHelp["mount"][0]), HelpDescription: strings.TrimSpace(sysHelp["mount"][1]), }, &framework.Path{ Pattern: "mounts$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleMountTable, }, HelpSynopsis: strings.TrimSpace(sysHelp["mounts"][0]), HelpDescription: strings.TrimSpace(sysHelp["mounts"][1]), }, &framework.Path{ Pattern: "remount", Fields: map[string]*framework.FieldSchema{ "from": &framework.FieldSchema{ Type: framework.TypeString, Description: "The previous mount point.", }, "to": &framework.FieldSchema{ Type: framework.TypeString, Description: "The new mount point.", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleRemount, }, HelpSynopsis: strings.TrimSpace(sysHelp["remount"][0]), HelpDescription: strings.TrimSpace(sysHelp["remount"][1]), }, &framework.Path{ Pattern: "renew" + framework.OptionalParamRegex("url_lease_id"), Fields: map[string]*framework.FieldSchema{ "url_lease_id": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["lease_id"][0]), }, "lease_id": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["lease_id"][0]), }, "increment": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: strings.TrimSpace(sysHelp["increment"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleRenew, }, HelpSynopsis: strings.TrimSpace(sysHelp["renew"][0]), HelpDescription: strings.TrimSpace(sysHelp["renew"][1]), }, &framework.Path{ Pattern: "revoke/(?P<lease_id>.+)", Fields: map[string]*framework.FieldSchema{ "lease_id": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["lease_id"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleRevoke, }, HelpSynopsis: strings.TrimSpace(sysHelp["revoke"][0]), HelpDescription: strings.TrimSpace(sysHelp["revoke"][1]), }, &framework.Path{ Pattern: "revoke-force/(?P<prefix>.+)", Fields: map[string]*framework.FieldSchema{ "prefix": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["revoke-force-path"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleRevokeForce, }, HelpSynopsis: strings.TrimSpace(sysHelp["revoke-force"][0]), HelpDescription: strings.TrimSpace(sysHelp["revoke-force"][1]), }, &framework.Path{ Pattern: "revoke-prefix/(?P<prefix>.+)", Fields: map[string]*framework.FieldSchema{ "prefix": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["revoke-prefix-path"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleRevokePrefix, }, HelpSynopsis: strings.TrimSpace(sysHelp["revoke-prefix"][0]), HelpDescription: strings.TrimSpace(sysHelp["revoke-prefix"][1]), }, &framework.Path{ Pattern: "auth$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleAuthTable, }, HelpSynopsis: strings.TrimSpace(sysHelp["auth-table"][0]), HelpDescription: strings.TrimSpace(sysHelp["auth-table"][1]), }, &framework.Path{ Pattern: "auth/(?P<path>.+)", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["auth_path"][0]), }, "type": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["auth_type"][0]), }, "description": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["auth_desc"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleEnableAuth, logical.DeleteOperation: b.handleDisableAuth, }, HelpSynopsis: strings.TrimSpace(sysHelp["auth"][0]), HelpDescription: strings.TrimSpace(sysHelp["auth"][1]), }, &framework.Path{ Pattern: "policy$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handlePolicyList, logical.ListOperation: b.handlePolicyList, }, HelpSynopsis: strings.TrimSpace(sysHelp["policy-list"][0]), HelpDescription: strings.TrimSpace(sysHelp["policy-list"][1]), }, &framework.Path{ Pattern: "policy/(?P<name>.+)", Fields: map[string]*framework.FieldSchema{ "name": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["policy-name"][0]), }, "rules": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["policy-rules"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handlePolicyRead, logical.UpdateOperation: b.handlePolicySet, logical.DeleteOperation: b.handlePolicyDelete, }, HelpSynopsis: strings.TrimSpace(sysHelp["policy"][0]), HelpDescription: strings.TrimSpace(sysHelp["policy"][1]), }, &framework.Path{ Pattern: "seal-status$", HelpSynopsis: strings.TrimSpace(sysHelp["seal-status"][0]), HelpDescription: strings.TrimSpace(sysHelp["seal-status"][1]), }, &framework.Path{ Pattern: "seal$", HelpSynopsis: strings.TrimSpace(sysHelp["seal"][0]), HelpDescription: strings.TrimSpace(sysHelp["seal"][1]), }, &framework.Path{ Pattern: "unseal$", HelpSynopsis: strings.TrimSpace(sysHelp["unseal"][0]), HelpDescription: strings.TrimSpace(sysHelp["unseal"][1]), }, &framework.Path{ Pattern: "audit-hash/(?P<path>.+)", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["audit_path"][0]), }, "input": &framework.FieldSchema{ Type: framework.TypeString, }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleAuditHash, }, HelpSynopsis: strings.TrimSpace(sysHelp["audit-hash"][0]), HelpDescription: strings.TrimSpace(sysHelp["audit-hash"][1]), }, &framework.Path{ Pattern: "audit$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleAuditTable, }, HelpSynopsis: strings.TrimSpace(sysHelp["audit-table"][0]), HelpDescription: strings.TrimSpace(sysHelp["audit-table"][1]), }, &framework.Path{ Pattern: "audit/(?P<path>.+)", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["audit_path"][0]), }, "type": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["audit_type"][0]), }, "description": &framework.FieldSchema{ Type: framework.TypeString, Description: strings.TrimSpace(sysHelp["audit_desc"][0]), }, "options": &framework.FieldSchema{ Type: framework.TypeMap, Description: strings.TrimSpace(sysHelp["audit_opts"][0]), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleEnableAudit, logical.DeleteOperation: b.handleDisableAudit, }, HelpSynopsis: strings.TrimSpace(sysHelp["audit"][0]), HelpDescription: strings.TrimSpace(sysHelp["audit"][1]), }, &framework.Path{ Pattern: "raw/(?P<path>.+)", Fields: map[string]*framework.FieldSchema{ "path": &framework.FieldSchema{ Type: framework.TypeString, }, "value": &framework.FieldSchema{ Type: framework.TypeString, }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleRawRead, logical.UpdateOperation: b.handleRawWrite, logical.DeleteOperation: b.handleRawDelete, }, }, &framework.Path{ Pattern: "key-status$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: b.handleKeyStatus, }, HelpSynopsis: strings.TrimSpace(sysHelp["key-status"][0]), HelpDescription: strings.TrimSpace(sysHelp["key-status"][1]), }, &framework.Path{ Pattern: "rotate$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: b.handleRotate, }, HelpSynopsis: strings.TrimSpace(sysHelp["rotate"][0]), HelpDescription: strings.TrimSpace(sysHelp["rotate"][1]), }, }, } b.Backend.Setup(config) return b.Backend }
// NewTokenStore is used to construct a token store that is // backed by the given barrier view. func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) { // Create a sub-view view := c.systemBarrierView.SubView(tokenSubPath) // Initialize the store t := &TokenStore{ view: view, } if c.policyStore != nil { t.policyLookupFunc = c.policyStore.GetPolicy } // Setup the salt salt, err := salt.NewSalt(view, &salt.Config{ HashFunc: salt.SHA1Hash, }) if err != nil { return nil, err } t.salt = salt // Setup the framework endpoints t.Backend = &framework.Backend{ AuthRenew: t.authRenew, PathsSpecial: &logical.Paths{ Root: []string{ "revoke-orphan/*", }, }, Paths: []*framework.Path{ &framework.Path{ Pattern: "roles/?$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ListOperation: t.tokenStoreRoleList, }, HelpSynopsis: tokenListRolesHelp, HelpDescription: tokenListRolesHelp, }, &framework.Path{ Pattern: "roles/" + framework.GenericNameRegex("role_name"), Fields: map[string]*framework.FieldSchema{ "role_name": &framework.FieldSchema{ Type: framework.TypeString, Description: "Name of the role", }, "allowed_policies": &framework.FieldSchema{ Type: framework.TypeString, Default: "", Description: tokenAllowedPoliciesHelp, }, "orphan": &framework.FieldSchema{ Type: framework.TypeBool, Default: false, Description: tokenOrphanHelp, }, "period": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Default: 0, Description: tokenPeriodHelp, }, "path_suffix": &framework.FieldSchema{ Type: framework.TypeString, Default: "", Description: tokenPathSuffixHelp + pathSuffixSanitize.String(), }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.tokenStoreRoleRead, logical.CreateOperation: t.tokenStoreRoleCreateUpdate, logical.UpdateOperation: t.tokenStoreRoleCreateUpdate, logical.DeleteOperation: t.tokenStoreRoleDelete, }, ExistenceCheck: t.tokenStoreRoleExistenceCheck, HelpSynopsis: tokenPathRolesHelp, HelpDescription: tokenPathRolesHelp, }, &framework.Path{ Pattern: "create-orphan$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleCreateOrphan, }, HelpSynopsis: strings.TrimSpace(tokenCreateOrphanHelp), HelpDescription: strings.TrimSpace(tokenCreateOrphanHelp), }, &framework.Path{ Pattern: "create/" + framework.GenericNameRegex("role_name"), Fields: map[string]*framework.FieldSchema{ "role_name": &framework.FieldSchema{ Type: framework.TypeString, Description: "Name of the role", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleCreateAgainstRole, }, HelpSynopsis: strings.TrimSpace(tokenCreateRoleHelp), HelpDescription: strings.TrimSpace(tokenCreateRoleHelp), }, &framework.Path{ Pattern: "create$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleCreate, }, HelpSynopsis: strings.TrimSpace(tokenCreateHelp), HelpDescription: strings.TrimSpace(tokenCreateHelp), }, &framework.Path{ Pattern: "lookup" + framework.OptionalParamRegex("urltoken"), Fields: map[string]*framework.FieldSchema{ "urltoken": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to lookup (GET/POST URL parameter)", }, "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to lookup (POST request body)", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.handleLookup, logical.UpdateOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), HelpDescription: strings.TrimSpace(tokenLookupHelp), }, &framework.Path{ Pattern: "lookup-accessor" + framework.OptionalParamRegex("urlaccessor"), Fields: map[string]*framework.FieldSchema{ "urlaccessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor of the token to look up (URL parameter)", }, "accessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor of the token to look up (request body)", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleUpdateLookupAccessor, }, HelpSynopsis: strings.TrimSpace(tokenLookupAccessorHelp), HelpDescription: strings.TrimSpace(tokenLookupAccessorHelp), }, &framework.Path{ Pattern: "lookup-self$", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to look up (unused)", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.handleLookupSelf, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), HelpDescription: strings.TrimSpace(tokenLookupHelp), }, &framework.Path{ Pattern: "revoke-accessor" + framework.OptionalParamRegex("urlaccessor"), Fields: map[string]*framework.FieldSchema{ "urlaccessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor of the token (in URL)", }, "accessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor of the token (request body)", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleUpdateRevokeAccessor, }, HelpSynopsis: strings.TrimSpace(tokenRevokeAccessorHelp), HelpDescription: strings.TrimSpace(tokenRevokeAccessorHelp), }, &framework.Path{ Pattern: "revoke-self$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleRevokeSelf, }, HelpSynopsis: strings.TrimSpace(tokenRevokeSelfHelp), HelpDescription: strings.TrimSpace(tokenRevokeSelfHelp), }, &framework.Path{ Pattern: "revoke" + framework.OptionalParamRegex("urltoken"), Fields: map[string]*framework.FieldSchema{ "urltoken": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke (in URL)", }, "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke (request body)", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleRevokeTree, }, HelpSynopsis: strings.TrimSpace(tokenRevokeHelp), HelpDescription: strings.TrimSpace(tokenRevokeHelp), }, &framework.Path{ Pattern: "revoke-orphan" + framework.OptionalParamRegex("urltoken"), Fields: map[string]*framework.FieldSchema{ "urltoken": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke (in URL)", }, "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke (request body)", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleRevokeOrphan, }, HelpSynopsis: strings.TrimSpace(tokenRevokeOrphanHelp), HelpDescription: strings.TrimSpace(tokenRevokeOrphanHelp), }, &framework.Path{ Pattern: "renew-self$", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to renew (unused)", }, "increment": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Default: 0, Description: "The desired increment in seconds to the token expiration", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleRenewSelf, }, HelpSynopsis: strings.TrimSpace(tokenRenewSelfHelp), HelpDescription: strings.TrimSpace(tokenRenewSelfHelp), }, &framework.Path{ Pattern: "renew" + framework.OptionalParamRegex("urltoken"), Fields: map[string]*framework.FieldSchema{ "urltoken": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to renew (in URL)", }, "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to renew (request body)", }, "increment": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Default: 0, Description: "The desired increment in seconds to the token expiration", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.UpdateOperation: t.handleRenew, }, HelpSynopsis: strings.TrimSpace(tokenRenewHelp), HelpDescription: strings.TrimSpace(tokenRenewHelp), }, }, } t.Backend.Setup(config) return t, nil }