1package framework 2 3import ( 4 "context" 5 "fmt" 6 "sort" 7 "strings" 8 9 "github.com/hashicorp/errwrap" 10 "github.com/hashicorp/vault/sdk/helper/license" 11 "github.com/hashicorp/vault/sdk/logical" 12) 13 14// Helper which returns a generic regex string for creating endpoint patterns 15// that are identified by the given name in the backends 16func GenericNameRegex(name string) string { 17 return fmt.Sprintf("(?P<%s>\\w(([\\w-.]+)?\\w)?)", name) 18} 19 20// GenericNameWithAtRegex returns a generic regex that allows alphanumeric 21// characters along with -, . and @. 22func GenericNameWithAtRegex(name string) string { 23 return fmt.Sprintf("(?P<%s>\\w(([\\w-.@]+)?\\w)?)", name) 24} 25 26// Helper which returns a regex string for optionally accepting the a field 27// from the API URL 28func OptionalParamRegex(name string) string { 29 return fmt.Sprintf("(/(?P<%s>.+))?", name) 30} 31 32// Helper which returns a regex string for capturing an entire endpoint path 33// as the given name. 34func MatchAllRegex(name string) string { 35 return fmt.Sprintf(`(?P<%s>.*)`, name) 36} 37 38// PathAppend is a helper for appending lists of paths into a single 39// list. 40func PathAppend(paths ...[]*Path) []*Path { 41 result := make([]*Path, 0, 10) 42 for _, ps := range paths { 43 result = append(result, ps...) 44 } 45 46 return result 47} 48 49// Path is a single path that the backend responds to. 50type Path struct { 51 // Pattern is the pattern of the URL that matches this path. 52 // 53 // This should be a valid regular expression. Named captures will be 54 // exposed as fields that should map to a schema in Fields. If a named 55 // capture is not a field in the Fields map, then it will be ignored. 56 Pattern string 57 58 // Fields is the mapping of data fields to a schema describing that 59 // field. Named captures in the Pattern also map to fields. If a named 60 // capture name matches a PUT body name, the named capture takes 61 // priority. 62 // 63 // Note that only named capture fields are available in every operation, 64 // whereas all fields are available in the Write operation. 65 Fields map[string]*FieldSchema 66 67 // Operations is the set of operations supported and the associated OperationsHandler. 68 // 69 // If both Create and Update operations are present, documentation and examples from 70 // the Update definition will be used. Similarly if both Read and List are present, 71 // Read will be used for documentation. 72 Operations map[logical.Operation]OperationHandler 73 74 // Callbacks are the set of callbacks that are called for a given 75 // operation. If a callback for a specific operation is not present, 76 // then logical.ErrUnsupportedOperation is automatically generated. 77 // 78 // The help operation is the only operation that the Path will 79 // automatically handle if the Help field is set. If both the Help 80 // field is set and there is a callback registered here, then the 81 // callback will be called. 82 // 83 // Deprecated: Operations should be used instead and will take priority if present. 84 Callbacks map[logical.Operation]OperationFunc 85 86 // ExistenceCheck, if implemented, is used to query whether a given 87 // resource exists or not. This is used for ACL purposes: if an Update 88 // action is specified, and the existence check returns false, the action 89 // is not allowed since the resource must first be created. The reverse is 90 // also true. If not specified, the Update action is forced and the user 91 // must have UpdateCapability on the path. 92 ExistenceCheck ExistenceFunc 93 94 // FeatureRequired, if implemented, will validate if the given feature is 95 // enabled for the set of paths 96 FeatureRequired license.Features 97 98 // Deprecated denotes that this path is considered deprecated. This may 99 // be reflected in help and documentation. 100 Deprecated bool 101 102 // Help is text describing how to use this path. This will be used 103 // to auto-generate the help operation. The Path will automatically 104 // generate a parameter listing and URL structure based on the 105 // regular expression, so the help text should just contain a description 106 // of what happens. 107 // 108 // HelpSynopsis is a one-sentence description of the path. This will 109 // be automatically line-wrapped at 80 characters. 110 // 111 // HelpDescription is a long-form description of the path. This will 112 // be automatically line-wrapped at 80 characters. 113 HelpSynopsis string 114 HelpDescription string 115 116 // DisplayAttrs provides hints for UI and documentation generators. They 117 // will be included in OpenAPI output if set. 118 DisplayAttrs *DisplayAttributes 119} 120 121// OperationHandler defines and describes a specific operation handler. 122type OperationHandler interface { 123 Handler() OperationFunc 124 Properties() OperationProperties 125} 126 127// OperationProperties describes an operation for documentation, help text, 128// and other clients. A Summary should always be provided, whereas other 129// fields can be populated as needed. 130type OperationProperties struct { 131 // Summary is a brief (usually one line) description of the operation. 132 Summary string 133 134 // Description is extended documentation of the operation and may contain 135 // Markdown-formatted text markup. 136 Description string 137 138 // Examples provides samples of the expected request data. The most 139 // relevant example should be first in the list, as it will be shown in 140 // documentation that supports only a single example. 141 Examples []RequestExample 142 143 // Responses provides a list of response description for a given response 144 // code. The most relevant response should be first in the list, as it will 145 // be shown in documentation that only allows a single example. 146 Responses map[int][]Response 147 148 // Unpublished indicates that this operation should not appear in public 149 // documentation or help text. The operation may still have documentation 150 // attached that can be used internally. 151 Unpublished bool 152 153 // Deprecated indicates that this operation should be avoided. 154 Deprecated bool 155 156 // DisplayAttrs provides hints for UI and documentation generators. They 157 // will be included in OpenAPI output if set. 158 DisplayAttrs *DisplayAttributes 159} 160 161type DisplayAttributes struct { 162 // Name is the name of the field suitable as a label or documentation heading. 163 Name string `json:"name,omitempty"` 164 165 // Value is a sample value to display for this field. This may be used 166 // to indicate a default value, but it is for display only and completely separate 167 // from any Default member handling. 168 Value interface{} `json:"value,omitempty"` 169 170 // Sensitive indicates that the value should be masked by default in the UI. 171 Sensitive bool `json:"sensitive,omitempty"` 172 173 // Navigation indicates that the path should be available as a navigation tab 174 Navigation bool `json:"navigation,omitempty"` 175 176 // Group is the suggested UI group to place this field in. 177 Group string `json:"group,omitempty"` 178 179 // Action is the verb to use for the operation. 180 Action string `json:"action,omitempty"` 181} 182 183// RequestExample is example of request data. 184type RequestExample struct { 185 Description string // optional description of the request 186 Data map[string]interface{} // map version of sample JSON request data 187 188 // Optional example response to the sample request. This approach is considered 189 // provisional for now, and this field may be changed or removed. 190 Response *Response 191} 192 193// Response describes and optional demonstrations an operation response. 194type Response struct { 195 Description string // summary of the the response and should always be provided 196 MediaType string // media type of the response, defaulting to "application/json" if empty 197 Example *logical.Response // example response data 198} 199 200// PathOperation is a concrete implementation of OperationHandler. 201type PathOperation struct { 202 Callback OperationFunc 203 Summary string 204 Description string 205 Examples []RequestExample 206 Responses map[int][]Response 207 Unpublished bool 208 Deprecated bool 209} 210 211func (p *PathOperation) Handler() OperationFunc { 212 return p.Callback 213} 214 215func (p *PathOperation) Properties() OperationProperties { 216 return OperationProperties{ 217 Summary: strings.TrimSpace(p.Summary), 218 Description: strings.TrimSpace(p.Description), 219 Responses: p.Responses, 220 Examples: p.Examples, 221 Unpublished: p.Unpublished, 222 Deprecated: p.Deprecated, 223 } 224} 225 226func (p *Path) helpCallback(b *Backend) OperationFunc { 227 return func(ctx context.Context, req *logical.Request, data *FieldData) (*logical.Response, error) { 228 var tplData pathTemplateData 229 tplData.Request = req.Path 230 tplData.RoutePattern = p.Pattern 231 tplData.Synopsis = strings.TrimSpace(p.HelpSynopsis) 232 if tplData.Synopsis == "" { 233 tplData.Synopsis = "<no synopsis>" 234 } 235 tplData.Description = strings.TrimSpace(p.HelpDescription) 236 if tplData.Description == "" { 237 tplData.Description = "<no description>" 238 } 239 240 // Alphabetize the fields 241 fieldKeys := make([]string, 0, len(p.Fields)) 242 for k, _ := range p.Fields { 243 fieldKeys = append(fieldKeys, k) 244 } 245 sort.Strings(fieldKeys) 246 247 // Build the field help 248 tplData.Fields = make([]pathTemplateFieldData, len(fieldKeys)) 249 for i, k := range fieldKeys { 250 schema := p.Fields[k] 251 description := strings.TrimSpace(schema.Description) 252 if description == "" { 253 description = "<no description>" 254 } 255 256 tplData.Fields[i] = pathTemplateFieldData{ 257 Key: k, 258 Type: schema.Type.String(), 259 Description: description, 260 Deprecated: schema.Deprecated, 261 } 262 } 263 264 help, err := executeTemplate(pathHelpTemplate, &tplData) 265 if err != nil { 266 return nil, errwrap.Wrapf("error executing template: {{err}}", err) 267 } 268 269 // Build OpenAPI response for this path 270 doc := NewOASDocument() 271 if err := documentPath(p, b.SpecialPaths(), b.BackendType, doc); err != nil { 272 b.Logger().Warn("error generating OpenAPI", "error", err) 273 } 274 275 return logical.HelpResponse(help, nil, doc), nil 276 } 277} 278 279type pathTemplateData struct { 280 Request string 281 RoutePattern string 282 Synopsis string 283 Description string 284 Fields []pathTemplateFieldData 285} 286 287type pathTemplateFieldData struct { 288 Key string 289 Type string 290 Deprecated bool 291 Description string 292 URL bool 293} 294 295const pathHelpTemplate = ` 296Request: {{.Request}} 297Matching Route: {{.RoutePattern}} 298 299{{.Synopsis}} 300 301{{ if .Fields -}} 302## PARAMETERS 303{{range .Fields}} 304{{indent 4 .Key}} ({{.Type}}) 305{{if .Deprecated}} 306{{printf "(DEPRECATED) %s" .Description | indent 8}} 307{{else}} 308{{indent 8 .Description}} 309{{end}}{{end}}{{end}} 310## DESCRIPTION 311 312{{.Description}} 313` 314