mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 12:07:02 +02:00
Code Issues Projects Releases Wiki Activity
43ae739971
vault/website/content/api-docs/secret/identity
History
Max Bowsher 43ae739971
Refactor identity/mfa/method/* endpoints to fix bad OpenAPI (#20879) 
* Refactor `identity/mfa/method/*` endpoints to fix bad OpenAPI

There is a problem with how the `identity/mfa/method/*` endpoints are
defined, resulting in incorrect OpenAPI generation.

I raised hashicorp/vault-client-go#180 to track a consequence, and
opened #20873 which explains the problem and adds a log message to
detect it.

This PR is now the fix.

It's actually quite an interesting problem, that has come about through
some particular implementation choices, in Vault's first/only case where
REST API objects are created by writing to the collection URL, and have
their ID allocated by the server, instead of the client.

The triggering cause of the malfunction was trying to have a single
framework.Path struct instance which optionally includes or excludes the
method_id path parameter, and also another framework.Path struct
instance handling list operations.

The fix is to simplify the path regexes, and have one framework.Path
which handles the method_id being present, and one that handles it being
absent.

The diff is somewhat large, because the affected code had been
copy/pasted four times (TOTP, Okta, Duo, PingID) - so I took the
opportunity to fix the duplication, creating appropriate helper methods
so that the quadruplicated code could be re-unified.

* Revise documentation

This update refactors how the documentation presents these endpoints to
users, both for clarity, and to align with the new structure of the
code.

From a user perspective, it clears up some unclear presentation of when
the `method_id` parameter should and should not be present, adds
a missing description of the response to create requests, and changes
the `method_id` parameter name to be used consistently (rather than `id`
in some cases, unlike the actual code/OpenAPI).

* Fix incorrect acronym (review fix)

* Accept suggestion of tweaked grammar in documentation

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Add changelog

---------

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-06-23 13:32:41 -04:00
..
mfa Refactor identity/mfa/method/* endpoints to fix bad OpenAPI (#20879) 2023-06-23 13:32:41 -04:00
entity-alias.mdx Change headings to h2 (#19402) 2023-03-07 15:48:51 -08:00
entity.mdx docs: Migrate link formats (#18696) 2023-01-25 16:12:15 -08:00
group-alias.mdx feat(website): migrates nav data format and updates docs pages (#11242) 2021-04-06 13:49:04 -04:00
group.mdx Add notes re dangers of identity write endpoints. (#12365) 2021-08-30 10:23:33 -04:00
index.mdx docs: Migrate link formats (#18696) 2023-01-25 16:12:15 -08:00
lookup.mdx change verbiage for lookup group and entity (#19406) 2023-02-28 12:40:38 -08:00
oidc-provider.mdx docs: Migrate link formats (#18696) 2023-01-25 16:12:15 -08:00
tokens.mdx docs: Migrate link formats (#18696) 2023-01-25 16:12:15 -08:00