diff --git a/website/source/api/system/capabilities-accessor.html.md b/website/source/api/system/capabilities-accessor.html.md index 730a9c9f07..91881830b3 100644 --- a/website/source/api/system/capabilities-accessor.html.md +++ b/website/source/api/system/capabilities-accessor.html.md @@ -4,21 +4,23 @@ page_title: "/sys/capabilities-accessor - HTTP API" sidebar_current: "docs-http-system-capabilities-accessor" description: |- The `/sys/capabilities-accessor` endpoint is used to fetch the capabilities of - the token associated with an accessor, on the given path. + the token associated with an accessor, on the given paths. --- # `/sys/capabilities-accessor` The `/sys/capabilities-accessor` endpoint is used to fetch the capabilities of -a token associated with an accessor. The capabilities returned will be derived -from the policies that are on the token, and from the policies to which token -is entitled to through the entity and entity's group memberships. - +the token associated with the given accessor. The capabilities returned will be +derived from the policies that are on the token, and from the policies to which +the token is entitled to through the entity and entity's group memberships. ## Query Token Accessor Capabilities -This endpoint returns the capabilities of the token associated with an accessor, -for the given path. +This endpoint returns the capabilities of the token associated with the given +accessor, for the given path. Multiple paths are taken in at once and the +capabilities of the token associated with the given accessor for each path is +returned. For backwards compatibility, if a single path is supplied, a +`capabilities` field will also be returned. | Method | Path | Produces | | :------- | :--------------------------- | :--------------------- | @@ -37,7 +39,7 @@ for the given path. ```json { "accessor": "abcd1234", - "paths": ["secret/foo", "secret/bar"] + "paths": ["secret/foo"] } ``` @@ -55,8 +57,10 @@ $ curl \ ```json { - "secret/bar": [ - "sudo", + "capabilities": [ + "delete", + "list", + "read", "update" ], "secret/foo": [ diff --git a/website/source/api/system/capabilities-self.html.md b/website/source/api/system/capabilities-self.html.md index 89f1570ba9..b1fbf816d2 100644 --- a/website/source/api/system/capabilities-self.html.md +++ b/website/source/api/system/capabilities-self.html.md @@ -4,20 +4,24 @@ page_title: "/sys/capabilities-self - HTTP API" sidebar_current: "docs-http-system-capabilities-self" description: |- The `/sys/capabilities-self` endpoint is used to fetch the capabilities of - client token on a given path. + client token on the given paths. --- # `/sys/capabilities-self` -The `/sys/capabilities-self` endpoint is used to fetch the capabilities of a -the supplied token. The capabilities returned will be derived from the -policies that are on the token, and from the policies to which token is -entitled to through the entity and entity's group memberships. +The `/sys/capabilities-self` endpoint is used to fetch the capabilities of the +token used to make the API call, on the given paths. The capabilities returned +will be derived from the policies that are on the token, and from the policies +to which the token is entitled to through the entity and entity's group +memberships. ## Query Self Capabilities -This endpoint returns the capabilities of client token on the given path. The -client token is the Vault token with which this API call is made. +This endpoint returns the capabilities of client token on the given paths. The +client token is the Vault token with which this API call is made. Multiple +paths are taken in at once and the capabilities of the token for each path is +returned. For backwards compatibility, if a single path is supplied, a +`capabilities` field will also be returned. | Method | Path | Produces | | :------- | :----------------------- | :--------------------- | @@ -32,7 +36,7 @@ client token is the Vault token with which this API call is made. ```json { - "paths": ["secret/foo", "secret/bar"] + "paths": ["secret/foo"] } ``` @@ -50,8 +54,10 @@ $ curl \ ```json { - "secret/bar": [ - "sudo", + "capabilities": [ + "delete", + "list", + "read", "update" ], "secret/foo": [ diff --git a/website/source/api/system/capabilities.html.md b/website/source/api/system/capabilities.html.md index 2bf25806c6..896a04f66a 100644 --- a/website/source/api/system/capabilities.html.md +++ b/website/source/api/system/capabilities.html.md @@ -4,19 +4,22 @@ page_title: "/sys/capabilities - HTTP API" sidebar_current: "docs-http-system-capabilities/" description: |- The `/sys/capabilities` endpoint is used to fetch the capabilities of a token - on a given path. + on the given paths. --- # `/sys/capabilities` The `/sys/capabilities` endpoint is used to fetch the capabilities of a token -on a given path. The capabilities returned will be derived from the policies -that are on the token, and from the policies to which token is entitled to +on the given paths. The capabilities returned will be derived from the policies +that are on the token, and from the policies to which the token is entitled to through the entity and entity's group memberships. ## Query Token Capabilities -This endpoint returns the list of capabilities for a provided token. +This endpoint returns the list of capabilities of a given token on the given +paths. Multiple paths are taken in at once and the capabilities of the token +for each path is returned. For backwards compatibility, if a single path is +supplied, a `capabilities` field will also be returned. | Method | Path | Produces | | :------- | :------------------- | :--------------------- | @@ -34,7 +37,7 @@ This endpoint returns the list of capabilities for a provided token. ```json { "token": "abcd1234", - "paths": ["secret/foo", "secret/bar"] + "paths": ["secret/foo"] } ``` @@ -52,8 +55,10 @@ $ curl \ ```json { - "secret/bar": [ - "sudo", + "capabilities": [ + "delete", + "list", + "read", "update" ], "secret/foo": [