mirror of
https://github.com/openbao/openbao.git
synced 2026-02-07 00:45:54 +01:00
Remove "managed-keys" feature references (#2225)
* removed managed keys feature references Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> * revert changes in /sdk and /api packages Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com> --------- Signed-off-by: Wojciech Slabosz <wojciech.slabosz@sap.com>
This commit is contained in:
Wojciech Slabosz
@@ -94,8 +94,6 @@ const (
|
||||
flagNameAllowedResponseHeaders = "allowed-response-headers"
|
||||
// flagNameTokenType is the flag name used to force a specific token type
|
||||
flagNameTokenType = "token-type"
|
||||
// flagNameAllowedManagedKeys is the flag name used for auth/secrets enable
|
||||
flagNameAllowedManagedKeys = "allowed-managed-keys"
|
||||
// flagNamePluginVersion selects what version of a plugin should be used.
|
||||
flagNamePluginVersion = "plugin-version"
|
||||
// flagNameUserLockoutThreshold is the flag name used for tuning the auth mount lockout threshold parameter
|
||||
|
||||
@@ -40,7 +40,6 @@ type SecretsEnableCommand struct {
|
||||
flagSealWrap bool
|
||||
flagExternalEntropyAccess bool
|
||||
flagVersion int
|
||||
flagAllowedManagedKeys []string
|
||||
}
|
||||
|
||||
func (c *SecretsEnableCommand) Synopsis() string {
|
||||
@@ -220,14 +219,6 @@ func (c *SecretsEnableCommand) Flags() *FlagSets {
|
||||
Usage: "Select the version of the engine to run. Not supported by all engines.",
|
||||
})
|
||||
|
||||
f.StringSliceVar(&StringSliceVar{
|
||||
Name: flagNameAllowedManagedKeys,
|
||||
Target: &c.flagAllowedManagedKeys,
|
||||
Usage: "Managed key name(s) that the mount in question is allowed to access. " +
|
||||
"Note that multiple keys may be specified by providing this option multiple times, " +
|
||||
"each time with 1 key.",
|
||||
})
|
||||
|
||||
return set
|
||||
}
|
||||
|
||||
@@ -327,10 +318,6 @@ func (c *SecretsEnableCommand) Run(args []string) int {
|
||||
mountInput.Config.AllowedResponseHeaders = c.flagAllowedResponseHeaders
|
||||
}
|
||||
|
||||
if fl.Name == flagNameAllowedManagedKeys {
|
||||
mountInput.Config.AllowedManagedKeys = c.flagAllowedManagedKeys
|
||||
}
|
||||
|
||||
if fl.Name == flagNamePluginVersion {
|
||||
mountInput.Config.PluginVersion = c.flagPluginVersion
|
||||
}
|
||||
|
||||
@@ -118,7 +118,6 @@ func TestSecretsEnableCommand_Run(t *testing.T) {
|
||||
"-passthrough-request-headers", "authorization,authentication",
|
||||
"-passthrough-request-headers", "www-authentication",
|
||||
"-allowed-response-headers", "authorization",
|
||||
"-allowed-managed-keys", "key1,key2",
|
||||
"-force-no-cache",
|
||||
"pki",
|
||||
})
|
||||
@@ -168,9 +167,6 @@ func TestSecretsEnableCommand_Run(t *testing.T) {
|
||||
if diff := deep.Equal([]string{"foo,bar"}, mountInfo.Config.AuditNonHMACResponseKeys); len(diff) > 0 {
|
||||
t.Errorf("Failed to find expected values in AuditNonHMACResponseKeys. Difference is: %v", diff)
|
||||
}
|
||||
if diff := deep.Equal([]string{"key1,key2"}, mountInfo.Config.AllowedManagedKeys); len(diff) > 0 {
|
||||
t.Errorf("Failed to find expected values in AllowedManagedKeys. Difference is: %v", diff)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("communication_failure", func(t *testing.T) {
|
||||
|
||||
@@ -34,7 +34,6 @@ type SecretsTuneCommand struct {
|
||||
flagOptions map[string]string
|
||||
flagVersion int
|
||||
flagPluginVersion string
|
||||
flagAllowedManagedKeys []string
|
||||
}
|
||||
|
||||
func (c *SecretsTuneCommand) Synopsis() string {
|
||||
@@ -142,14 +141,6 @@ func (c *SecretsTuneCommand) Flags() *FlagSets {
|
||||
Usage: "Select the version of the engine to run. Not supported by all engines.",
|
||||
})
|
||||
|
||||
f.StringSliceVar(&StringSliceVar{
|
||||
Name: flagNameAllowedManagedKeys,
|
||||
Target: &c.flagAllowedManagedKeys,
|
||||
Usage: "Managed key name(s) that the mount in question is allowed to access. " +
|
||||
"Note that multiple keys may be specified by providing this option multiple times, " +
|
||||
"each time with 1 key.",
|
||||
})
|
||||
|
||||
f.StringVar(&StringVar{
|
||||
Name: flagNamePluginVersion,
|
||||
Target: &c.flagPluginVersion,
|
||||
@@ -235,10 +226,6 @@ func (c *SecretsTuneCommand) Run(args []string) int {
|
||||
mountConfigInput.AllowedResponseHeaders = c.flagAllowedResponseHeaders
|
||||
}
|
||||
|
||||
if fl.Name == flagNameAllowedManagedKeys {
|
||||
mountConfigInput.AllowedManagedKeys = c.flagAllowedManagedKeys
|
||||
}
|
||||
|
||||
if fl.Name == flagNamePluginVersion {
|
||||
mountConfigInput.PluginVersion = c.flagPluginVersion
|
||||
}
|
||||
|
||||
@@ -192,7 +192,6 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
|
||||
"-passthrough-request-headers", "authorization",
|
||||
"-passthrough-request-headers", "www-authentication",
|
||||
"-allowed-response-headers", "authorization,www-authentication",
|
||||
"-allowed-managed-keys", "key1,key2",
|
||||
"-listing-visibility", "unauth",
|
||||
"-plugin-version", version,
|
||||
"mount_tune_integration/",
|
||||
@@ -243,9 +242,6 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
|
||||
if diff := deep.Equal([]string{"foo,bar"}, mountInfo.Config.AuditNonHMACResponseKeys); len(diff) > 0 {
|
||||
t.Errorf("Failed to find expected values in AuditNonHMACResponseKeys. Difference is: %v", diff)
|
||||
}
|
||||
if diff := deep.Equal([]string{"key1,key2"}, mountInfo.Config.AllowedManagedKeys); len(diff) > 0 {
|
||||
t.Errorf("Failed to find expected values in AllowedManagedKeys. Difference is: %v", diff)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("flags_description", func(t *testing.T) {
|
||||
|
||||
@@ -1826,86 +1826,3 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) {
|
||||
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSysTuneMount_allowedManagedKeys(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
|
||||
// Mount-tune the allowed_managed_keys
|
||||
resp := testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{
|
||||
"allowed_managed_keys": "test_key",
|
||||
})
|
||||
testResponseStatus(t, resp, 204)
|
||||
|
||||
// Check results
|
||||
resp = testHttpGet(t, token, addr+"/v1/sys/mounts/secret/tune")
|
||||
testResponseStatus(t, resp, 200)
|
||||
|
||||
actual := map[string]interface{}{}
|
||||
expected := map[string]interface{}{
|
||||
"lease_id": "",
|
||||
"renewable": false,
|
||||
"lease_duration": json.Number("0"),
|
||||
"wrap_info": nil,
|
||||
"warnings": nil,
|
||||
"auth": nil,
|
||||
"data": map[string]interface{}{
|
||||
"description": "key/value secret storage",
|
||||
"default_lease_ttl": json.Number("2764800"),
|
||||
"max_lease_ttl": json.Number("2764800"),
|
||||
"options": map[string]interface{}{"version": "1"},
|
||||
"force_no_cache": false,
|
||||
"allowed_managed_keys": []interface{}{"test_key"},
|
||||
},
|
||||
"description": "key/value secret storage",
|
||||
"default_lease_ttl": json.Number("2764800"),
|
||||
"max_lease_ttl": json.Number("2764800"),
|
||||
"options": map[string]interface{}{"version": "1"},
|
||||
"force_no_cache": false,
|
||||
"allowed_managed_keys": []interface{}{"test_key"},
|
||||
}
|
||||
testResponseBody(t, resp, &actual)
|
||||
expected["request_id"] = actual["request_id"]
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||||
}
|
||||
|
||||
// Unset the mount tune value
|
||||
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{
|
||||
"allowed_managed_keys": "",
|
||||
})
|
||||
testResponseStatus(t, resp, 204)
|
||||
|
||||
// Check results
|
||||
resp = testHttpGet(t, token, addr+"/v1/sys/mounts/secret/tune")
|
||||
testResponseStatus(t, resp, 200)
|
||||
|
||||
actual = map[string]interface{}{}
|
||||
expected = map[string]interface{}{
|
||||
"lease_id": "",
|
||||
"renewable": false,
|
||||
"lease_duration": json.Number("0"),
|
||||
"wrap_info": nil,
|
||||
"warnings": nil,
|
||||
"auth": nil,
|
||||
"data": map[string]interface{}{
|
||||
"description": "key/value secret storage",
|
||||
"default_lease_ttl": json.Number("2764800"),
|
||||
"max_lease_ttl": json.Number("2764800"),
|
||||
"force_no_cache": false,
|
||||
"options": map[string]interface{}{"version": "1"},
|
||||
},
|
||||
"description": "key/value secret storage",
|
||||
"default_lease_ttl": json.Number("2764800"),
|
||||
"max_lease_ttl": json.Number("2764800"),
|
||||
"force_no_cache": false,
|
||||
"options": map[string]interface{}{"version": "1"},
|
||||
}
|
||||
testResponseBody(t, resp, &actual)
|
||||
expected["request_id"] = actual["request_id"]
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,9 +62,4 @@ export default class MountConfigModel extends Model {
|
||||
noDefault: true,
|
||||
})
|
||||
tokenType;
|
||||
|
||||
@attr({
|
||||
editType: 'stringArray',
|
||||
})
|
||||
allowedManagedKeys;
|
||||
}
|
||||
|
||||
@@ -159,7 +159,6 @@ export default class SecretEngineModel extends Model {
|
||||
fields.push('config.defaultLeaseTtl', 'config.maxLeaseTtl');
|
||||
}
|
||||
fields.push(
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -194,7 +193,6 @@ export default class SecretEngineModel extends Model {
|
||||
...CORE_OPTIONS,
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
...STANDARD_CONFIG,
|
||||
];
|
||||
break;
|
||||
@@ -204,32 +202,25 @@ export default class SecretEngineModel extends Model {
|
||||
...CORE_OPTIONS,
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
...STANDARD_CONFIG,
|
||||
];
|
||||
break;
|
||||
case 'database':
|
||||
// Highlight TTLs in default
|
||||
defaultFields = ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl'];
|
||||
optionFields = [...CORE_OPTIONS, 'config.allowedManagedKeys', ...STANDARD_CONFIG];
|
||||
optionFields = [...CORE_OPTIONS, ...STANDARD_CONFIG];
|
||||
break;
|
||||
case 'pki':
|
||||
defaultFields = ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl', 'config.allowedManagedKeys'];
|
||||
defaultFields = ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl'];
|
||||
optionFields = [...CORE_OPTIONS, ...STANDARD_CONFIG];
|
||||
break;
|
||||
case 'keymgmt':
|
||||
// no ttl options for keymgmt
|
||||
optionFields = [...CORE_OPTIONS, 'config.allowedManagedKeys', ...STANDARD_CONFIG];
|
||||
optionFields = [...CORE_OPTIONS, ...STANDARD_CONFIG];
|
||||
break;
|
||||
default:
|
||||
defaultFields = ['path'];
|
||||
optionFields = [
|
||||
...CORE_OPTIONS,
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
...STANDARD_CONFIG,
|
||||
];
|
||||
optionFields = [...CORE_OPTIONS, 'config.defaultLeaseTtl', 'config.maxLeaseTtl', ...STANDARD_CONFIG];
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
@@ -115,7 +115,6 @@
|
||||
<InfoTableRow @label="Seal wrap" @value={{@mountConfig.sealWrap}} />
|
||||
<InfoTableRow @label="Default lease TTL" @value={{@mountConfig.config.defaultLeaseTtl}} />
|
||||
<InfoTableRow @label="Max lease TTL" @value={{@mountConfig.config.maxLeaseTtl}} />
|
||||
<InfoTableRow @label="Allowed managed keys" @value={{or @mountConfig.config.allowedManagedKeys "None"}} />
|
||||
<div class="has-top-margin-l"></div>
|
||||
|
||||
{{#if this.showDeleteAllIssuers}}
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
{{else if (eq @model.type "kms")}}
|
||||
This certificate type is kms, meaning managed keys will be used. Below, you will name the key and tell OpenBao
|
||||
where to find it in your KMS or HSM.
|
||||
{{! TODO Add a link to a page for 'managed-keys' }}
|
||||
{{else if (eq @model.type "exported")}}
|
||||
This certificate type is exported. This means the private key will be returned in the response. Below, you will
|
||||
name the key and define its type and key bits.
|
||||
|
||||
@@ -56,7 +56,6 @@ module('Integration | Component | Page::PkiConfigurationDetails', function (hook
|
||||
config: this.store.createRecord('mount-config', {
|
||||
defaultLease: '12h',
|
||||
maxLeaseTtl: '400h',
|
||||
allowedManagedKeys: true,
|
||||
}),
|
||||
};
|
||||
});
|
||||
|
||||
@@ -64,7 +64,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'accessor',
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -85,7 +84,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'accessor',
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -108,7 +106,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'accessor',
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -131,7 +128,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'path',
|
||||
'description',
|
||||
'accessor',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -155,7 +151,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'config.listingVisibility',
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -179,7 +174,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'config.listingVisibility',
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -204,7 +198,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'config.listingVisibility',
|
||||
'config.defaultLeaseTtl',
|
||||
'config.maxLeaseTtl',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -226,7 +219,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'Method Options': [
|
||||
'description',
|
||||
'config.listingVisibility',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
@@ -243,7 +235,7 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
});
|
||||
|
||||
assert.deepEqual(model.get('formFieldGroups'), [
|
||||
{ default: ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl', 'config.allowedManagedKeys'] },
|
||||
{ default: ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl'] },
|
||||
{
|
||||
'Method Options': [
|
||||
'description',
|
||||
@@ -269,7 +261,6 @@ module('Unit | Model | secret-engine', function (hooks) {
|
||||
'Method Options': [
|
||||
'description',
|
||||
'config.listingVisibility',
|
||||
'config.allowedManagedKeys',
|
||||
'config.auditNonHmacRequestKeys',
|
||||
'config.auditNonHmacResponseKeys',
|
||||
'config.passthroughRequestHeaders',
|
||||
|
||||
@@ -900,9 +900,6 @@ func (b *SystemBackend) mountInfo(ctx context.Context, entry *MountEntry) map[st
|
||||
if rawVal, ok := entry.synthesizedConfigCache.Load("allowed_response_headers"); ok {
|
||||
entryConfig["allowed_response_headers"] = rawVal.([]string)
|
||||
}
|
||||
if rawVal, ok := entry.synthesizedConfigCache.Load("allowed_managed_keys"); ok {
|
||||
entryConfig["allowed_managed_keys"] = rawVal.([]string)
|
||||
}
|
||||
if entry.Table == credentialTableType {
|
||||
entryConfig["token_type"] = entry.Config.TokenType.String()
|
||||
}
|
||||
@@ -1097,9 +1094,6 @@ func (b *SystemBackend) handleMount(ctx context.Context, req *logical.Request, d
|
||||
if len(apiConfig.AllowedResponseHeaders) > 0 {
|
||||
config.AllowedResponseHeaders = apiConfig.AllowedResponseHeaders
|
||||
}
|
||||
if len(apiConfig.AllowedManagedKeys) > 0 {
|
||||
config.AllowedManagedKeys = apiConfig.AllowedManagedKeys
|
||||
}
|
||||
|
||||
// Create the mount entry
|
||||
me := &MountEntry{
|
||||
@@ -1509,10 +1503,6 @@ func (b *SystemBackend) handleTuneReadCommon(ctx context.Context, path string) (
|
||||
resp.Data["allowed_response_headers"] = rawVal.([]string)
|
||||
}
|
||||
|
||||
if rawVal, ok := mountEntry.synthesizedConfigCache.Load("allowed_managed_keys"); ok {
|
||||
resp.Data["allowed_managed_keys"] = rawVal.([]string)
|
||||
}
|
||||
|
||||
if mountEntry.Config.UserLockoutConfig != nil {
|
||||
resp.Data["user_lockout_counter_reset_duration"] = int64(mountEntry.Config.UserLockoutConfig.LockoutCounterReset.Seconds())
|
||||
resp.Data["user_lockout_threshold"] = mountEntry.Config.UserLockoutConfig.LockoutThreshold
|
||||
@@ -1810,10 +1800,6 @@ func (b *SystemBackend) handleTuneWriteCommon(ctx context.Context, path string,
|
||||
defer rollback(&mountEntry.Config.AllowedResponseHeaders, rawVal.([]string), &success)()
|
||||
}
|
||||
|
||||
if rawVal, ok := data.GetOk("allowed_managed_keys"); ok {
|
||||
defer rollback(&mountEntry.Config.AllowedManagedKeys, rawVal.([]string), &success)()
|
||||
}
|
||||
|
||||
var kvUpgrade bool
|
||||
var meVersion, optVersion int64
|
||||
if optionsRaw, ok := data.GetOk("options"); ok {
|
||||
@@ -1837,8 +1823,7 @@ func (b *SystemBackend) handleTuneWriteCommon(ctx context.Context, path string,
|
||||
|
||||
// Only accept valid versions
|
||||
switch optVersion {
|
||||
case 1:
|
||||
case 2:
|
||||
case 1, 2:
|
||||
default:
|
||||
return logical.ErrorResponse("invalid version provided: %d", optVersion), logical.ErrInvalidRequest
|
||||
}
|
||||
@@ -2165,7 +2150,6 @@ func expandStringValsWithCommas(configMap map[string]interface{}) error {
|
||||
"audit_non_hmac_response_keys",
|
||||
"passthrough_request_headers",
|
||||
"allowed_response_headers",
|
||||
"allowed_managed_keys",
|
||||
}
|
||||
for _, paramName := range configParamNameSlice {
|
||||
if raw, ok := configMap[paramName]; ok {
|
||||
@@ -2314,9 +2298,6 @@ func (b *SystemBackend) handleEnableAuth(ctx context.Context, req *logical.Reque
|
||||
if len(apiConfig.AllowedResponseHeaders) > 0 {
|
||||
config.AllowedResponseHeaders = apiConfig.AllowedResponseHeaders
|
||||
}
|
||||
if len(apiConfig.AllowedManagedKeys) > 0 {
|
||||
config.AllowedManagedKeys = apiConfig.AllowedManagedKeys
|
||||
}
|
||||
|
||||
// Create the mount entry
|
||||
me := &MountEntry{
|
||||
|
||||
@@ -3340,10 +3340,6 @@ func (b *SystemBackend) authPaths() []*framework.Path {
|
||||
Type: framework.TypeCommaStringSlice,
|
||||
Required: false,
|
||||
},
|
||||
"allowed_managed_keys": {
|
||||
Type: framework.TypeCommaStringSlice,
|
||||
Required: false,
|
||||
},
|
||||
"user_lockout_counter_reset_duration": {
|
||||
Type: framework.TypeInt64,
|
||||
Required: false,
|
||||
@@ -4258,10 +4254,6 @@ func (b *SystemBackend) mountPaths() []*framework.Path {
|
||||
Type: framework.TypeString,
|
||||
Description: strings.TrimSpace(sysHelp["token_type"][0]),
|
||||
},
|
||||
"allowed_managed_keys": {
|
||||
Type: framework.TypeCommaStringSlice,
|
||||
Description: strings.TrimSpace(sysHelp["tune_allowed_managed_keys"][0]),
|
||||
},
|
||||
"plugin_version": {
|
||||
Type: framework.TypeString,
|
||||
Description: strings.TrimSpace(sysHelp["plugin-catalog_version"][0]),
|
||||
@@ -4307,11 +4299,6 @@ func (b *SystemBackend) mountPaths() []*framework.Path {
|
||||
Description: strings.TrimSpace(sysHelp["token_type"][0]),
|
||||
Required: false,
|
||||
},
|
||||
"allowed_managed_keys": {
|
||||
Type: framework.TypeCommaStringSlice,
|
||||
Description: strings.TrimSpace(sysHelp["tune_allowed_managed_keys"][0]),
|
||||
Required: false,
|
||||
},
|
||||
"allowed_response_headers": {
|
||||
Type: framework.TypeCommaStringSlice,
|
||||
Description: strings.TrimSpace(sysHelp["allowed_response_headers"][0]),
|
||||
|
||||
@@ -420,7 +420,6 @@ type MountConfig struct {
|
||||
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
|
||||
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
|
||||
TokenType logical.TokenType `json:"token_type,omitempty" mapstructure:"token_type"`
|
||||
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
|
||||
UserLockoutConfig *UserLockoutConfig `json:"user_lockout_config,omitempty" mapstructure:"user_lockout_config"`
|
||||
|
||||
// PluginName is the name of the plugin registered in the catalog.
|
||||
@@ -454,7 +453,6 @@ type APIMountConfig struct {
|
||||
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
|
||||
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
|
||||
TokenType string `json:"token_type" mapstructure:"token_type"`
|
||||
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
|
||||
UserLockoutConfig *UserLockoutConfig `json:"user_lockout_config,omitempty" mapstructure:"user_lockout_config"`
|
||||
PluginVersion string `json:"plugin_version,omitempty" mapstructure:"plugin_version"`
|
||||
|
||||
@@ -552,12 +550,6 @@ func (e *MountEntry) SyncCache() {
|
||||
} else {
|
||||
e.synthesizedConfigCache.Store("allowed_response_headers", e.Config.AllowedResponseHeaders)
|
||||
}
|
||||
|
||||
if len(e.Config.AllowedManagedKeys) == 0 {
|
||||
e.synthesizedConfigCache.Delete("allowed_managed_keys")
|
||||
} else {
|
||||
e.synthesizedConfigCache.Store("allowed_managed_keys", e.Config.AllowedManagedKeys)
|
||||
}
|
||||
}
|
||||
|
||||
func (entry *MountEntry) Deserialize() map[string]interface{} {
|
||||
|
||||
@@ -95,7 +95,6 @@ func init() {
|
||||
"internal/inspect/router",
|
||||
"key-status",
|
||||
"loggers",
|
||||
"managed-keys",
|
||||
"metrics",
|
||||
"mfa/method",
|
||||
"monitor",
|
||||
|
||||
@@ -29,7 +29,6 @@ API path | Root | Child
|
||||
`sys/internal/inspect/router` | YES | NO
|
||||
`sys/key-status` | YES | NO
|
||||
`sys/loggers` | YES | NO
|
||||
`sys/managed-keys` | YES | NO
|
||||
`sys/metrics` | YES | NO
|
||||
`sys/mfa/method` | YES | NO
|
||||
`sys/monitor` | YES | NO
|
||||
|
||||
Reference in New Issue
Block a user