upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-28 04:10:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

updates display attrs for auth method configs

Browse source
This commit is contained in:
Jordan Reimer 2025-08-14 14:31:32 -06:00
parent 0f69bd6fd2
commit 5d382f7927
4 changed files with 74 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sdk/framework/path.go
View file

@ -268,6 +268,9 @@ type DisplayAttributes struct {
// EditType is the optional type of form field needed for a property
// This is only necessary for a "textarea" or "file"
EditType string `json:"editType,omitempty"`
// Identifier is the primary field rendered in the UI (e.g. name, path, url, etc.)
Identifier bool `json:"identifier,omitempty"`
}
// RequestExample is example of request data.

20
sdk/helper/automatedrotationutil/fields.go
View file

@ -102,23 +102,41 @@ func (p *AutomatedRotationParams) HasNonzeroRotationValues() bool {
// AddAutomatedRotationFields adds plugin identity token fields to the given
// field schema map.
func AddAutomatedRotationFields(m map[string]*framework.FieldSchema) {
func AddAutomatedRotationFields(m map[string]*framework.FieldSchema, group ...string) {
// Set default value
groupName := "default"
if len(group) > 0 && group[0] != "" {
groupName = group[0]
}
fields := map[string]*framework.FieldSchema{
"rotation_schedule": {
Type: framework.TypeString,
Description: "CRON-style string that will define the schedule on which rotations should occur. Mutually exclusive with rotation_period",
DisplayAttrs: &framework.DisplayAttributes{
Group: groupName,
},
},
"rotation_window": {
Type: framework.TypeDurationSecond,
Description: "Specifies the amount of time in which the rotation is allowed to occur starting from a given rotation_schedule",
DisplayAttrs: &framework.DisplayAttributes{
Group: groupName,
},
},
"rotation_period": {
Type: framework.TypeDurationSecond,
Description: "TTL for automatic credential rotation of the given username. Mutually exclusive with rotation_schedule",
DisplayAttrs: &framework.DisplayAttributes{
Group: groupName,
},
},
"disable_automated_rotation": {
Type: framework.TypeBool,
Description: "If set to true, will deregister all registered rotation jobs from the RotationManager for the plugin.",
DisplayAttrs: &framework.DisplayAttributes{
Group: groupName,
},
},
}

51
sdk/helper/ldaputil/config.go
View file

@ -35,7 +35,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
Default: false,
Description: "Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Anonymous group search",
Name: "Anonymous group search",
Group: "LDAP Options",
},
},
"url": {
@ -43,7 +44,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
Default: "ldap://127.0.0.1",
Description: "LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.",
DisplayAttrs: &framework.DisplayAttributes{
Name: "URL",
Name: "URL",
Identifier: true,
},
},
@ -51,7 +53,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
Type: framework.TypeString,
Description: "LDAP domain to use for users (eg: ou=People,dc=example,dc=org)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "User DN",
Name: "User DN",
Group: "Customize User Search",
},
},
@ -59,7 +62,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
Type: framework.TypeString,
Description: "LDAP DN for searching for the user DN (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Name of Object to bind (binddn)",
Name: "Name of Object to bind (binddn)",
Group: "Customize User Search",
},
},
@ -68,6 +72,7 @@ func ConfigFields() map[string]*framework.FieldSchema {
Description: "LDAP password for searching for the user DN (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Sensitive: true,
Group: "Customize User Search",
},
},
@ -75,7 +80,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
Type: framework.TypeString,
Description: "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Group DN",
Name: "Group DN",
Group: "Customize Group Membership Search",
},
},
@ -87,7 +93,8 @@ The template can access the following context variables: UserDN, Username
Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Group Filter",
Name: "Group Filter",
Group: "Customize Group Membership Search",
},
},
@ -101,6 +108,7 @@ Default: cn`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Group Attribute",
Value: "cn",
Group: "Customize Group Membership Search",
},
},
@ -111,7 +119,8 @@ Default: cn`,
The template can access the following context variables: UserAttr, Username
Default: ({{.UserAttr}}={{.Username}})`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "User Search Filter",
Name: "User Search Filter",
Group: "Customize User Search",
},
},
@ -119,7 +128,8 @@ Default: ({{.UserAttr}}={{.Username}})`,
Type: framework.TypeString,
Description: "Enables userPrincipalDomain login with [username]@UPNDomain (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "User Principal (UPN) Domain",
Name: "User Principal (UPN) Domain",
Group: "LDAP Options",
},
},
@ -136,6 +146,7 @@ Default: ({{.UserAttr}}={{.Username}})`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "User Attribute",
Value: "cn",
Group: "LDAP Options",
},
},
@ -145,6 +156,7 @@ Default: ({{.UserAttr}}={{.Username}})`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "CA certificate",
EditType: "file",
Group: "LDAP Options",
},
},
@ -154,6 +166,7 @@ Default: ({{.UserAttr}}={{.Username}})`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Client certificate",
EditType: "file",
Group: "LDAP Options",
},
},
@ -163,6 +176,7 @@ Default: ({{.UserAttr}}={{.Username}})`,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Client key",
EditType: "file",
Group: "LDAP Options",
},
},
@ -170,7 +184,8 @@ Default: ({{.UserAttr}}={{.Username}})`,
Type: framework.TypeBool,
Description: "Use anonymous bind to discover the bind DN of a user (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Discover DN",
Name: "Discover DN",
Group: "LDAP Options",
},
},
@ -178,7 +193,8 @@ Default: ({{.UserAttr}}={{.Username}})`,
Type: framework.TypeBool,
Description: "Skip LDAP server SSL Certificate verification - VERY insecure (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Insecure TLS",
Name: "Insecure TLS",
Group: "LDAP Options",
},
},
@ -186,7 +202,8 @@ Default: ({{.UserAttr}}={{.Username}})`,
Type: framework.TypeBool,
Description: "Issue a StartTLS command after establishing unencrypted connection (optional)",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Issue StartTLS",
Name: "Issue StartTLS",
Group: "LDAP Options",
},
},
@ -195,7 +212,8 @@ Default: ({{.UserAttr}}={{.Username}})`,
Default: "tls12",
Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Minimum TLS Version",
Name: "Minimum TLS Version",
Group: "LDAP Options",
},
AllowedValues: []interface{}{"tls10", "tls11", "tls12", "tls13"},
},
@ -205,7 +223,8 @@ Default: ({{.UserAttr}}={{.Username}})`,
Default: "tls12",
Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'",
DisplayAttrs: &framework.DisplayAttributes{
Name: "Maximum TLS Version",
Name: "Maximum TLS Version",
Group: "LDAP Options",
},
AllowedValues: []interface{}{"tls10", "tls11", "tls12", "tls13"},
},
@ -214,6 +233,9 @@ Default: ({{.UserAttr}}={{.Username}})`,
Type: framework.TypeBool,
Default: true,
Description: "Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true",
DisplayAttrs: &framework.DisplayAttributes{
Group: "LDAP Options",
},
},
"case_sensitive_names": {
@ -225,6 +247,9 @@ Default: ({{.UserAttr}}={{.Username}})`,
Type: framework.TypeBool,
Default: false,
Description: "If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.",
DisplayAttrs: &framework.DisplayAttributes{
Group: "Customize Group Membership Search",
},
},
"use_pre111_group_cn_behavior": {

15
sdk/helper/pluginidentityutil/fields.go
View file

@ -40,17 +40,30 @@ func (p *PluginIdentityTokenParams) PopulatePluginIdentityTokenData(m map[string
// AddPluginIdentityTokenFields adds plugin identity token fields to the given
// field schema map.
func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema) {
func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema, group ...string) {
// Set default value
groupName := "default"
if len(group) > 0 && group[0] != "" {
groupName = group[0]
}
fields := map[string]*framework.FieldSchema{
"identity_token_audience": {
Type: framework.TypeString,
Description: "Audience of plugin identity tokens",
Default: "",
DisplayAttrs: &framework.DisplayAttributes{
Group: groupName,
},
},
"identity_token_ttl": {
Type: framework.TypeDurationSecond,
Description: "Time-to-live of plugin identity tokens",
Default: 3600,
DisplayAttrs: &framework.DisplayAttributes{
Name: "Identity token TTL",
Group: groupName,
},
},
}