some basics for VaultPass
This commit is contained in:
parent
4a4f5871b1
commit
34b2c35c11
@ -10,7 +10,7 @@
|
||||
<xs:include schemaLocation="./unix.xsd"/>
|
||||
<xs:include schemaLocation="../elements/linux.xsd"/>
|
||||
|
||||
<xs:simpleType name="t_aif_auto_ip6">
|
||||
<xs:simpleType name="t_aif_auto_ip6">
|
||||
<xs:union memberTypes="t_net_auto_ip6">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:string">
|
||||
|
@ -90,6 +90,15 @@
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="t_net_http_basic_uri">
|
||||
<xs:simpleContent>
|
||||
<xs:restriction base="xs:anyURI">
|
||||
<xs:pattern value="https?://.+/?"/>
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_net_mac_addr">
|
||||
<xs:restriction base="xs:token">
|
||||
<!-- EUI48[RFC7043§3] (previously MAC48[RFC7042§2.1]) -->
|
||||
|
@ -10,6 +10,14 @@
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:complexType name="t_std_base64">
|
||||
<xs:simpleContent>
|
||||
<xs:restriction base="xs:token">
|
||||
<xs:pattern value="[A-Za-z0-9+/=]+"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="t_std_cmdopts">
|
||||
<xs:simpleContent>
|
||||
<xs:extension base="xs:string">
|
||||
@ -18,6 +26,13 @@
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_std_envvar">
|
||||
<xs:restriction base="xs:token">
|
||||
<xs:pattern value="env:[A-Za-z_]+[A-Za-z0-9_]*"/>
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:simpleType name="t_std_epoch_or_iso">
|
||||
<!-- positiveInteger is used for UNIX Epoch. -->
|
||||
<xs:union memberTypes="xs:dateTime xs:positiveInteger"/>
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
<xs:simpleType name="t_unix_filepath">
|
||||
<xs:restriction base="xs:string">
|
||||
<xs:pattern value="\s*(/[^/]+)+/?\s*"/>
|
||||
<xs:pattern value="\s*(~?/[^/]+)+/?\s*"/>
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
94
schema/lib/types/vaultpass.xsd
Normal file
94
schema/lib/types/vaultpass.xsd
Normal file
@ -0,0 +1,94 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="qualified"
|
||||
attributeFormDefault="unqualified">
|
||||
|
||||
<xs:include schemaLocation="./net.xsd"/>
|
||||
<xs:include schemaLocation="./std.xsd"/>
|
||||
<xs:include schemaLocation="./unix.xsd"/>
|
||||
|
||||
<xs:complexType name="t_vaultpass_auth">
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="appRole">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="role" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="secret" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<!-- We don't support Boto3 because it requires an external session object. -->
|
||||
<!-- We won't support EC2 Metadata auth unless requested because it's HELL complex. -->
|
||||
<!-- TODO -->
|
||||
<!--
|
||||
<xs:element name="aws">
|
||||
<xs:complexType>
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="iam">
|
||||
<xs:complexType>
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="iamKey">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="keyID" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="key" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="sessionToken" type="xs:token" minOccurs="0"
|
||||
maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="iamMetadata">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="urlBase" type="t_net_http_basic_uri" minOccurs="1"
|
||||
maxOccurs="1"/>
|
||||
<xs:element name="role" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
-->
|
||||
<!-- TODO: if popularly requested.
|
||||
They're pretty complex/messy and/or require extra configuration in Vault. -->
|
||||
<!--
|
||||
<xs:element name="azure"/>
|
||||
<xs:element name="gcp"/>
|
||||
<xs:element name="github"/>
|
||||
<xs:element name="kubernetes"/>
|
||||
-->
|
||||
<!-- Requires extra configuration but it's probably pretty common, so I'll enable it. -->
|
||||
<xs:element name="ldap">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="username" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="password" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="mountPoint" type="xs:token" minOccurs="0" maxOccurs="1" default="ldap"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<!-- No longer supported upstream by HashiCorp. -->
|
||||
<!--
|
||||
<xs:element name="mfa"/>
|
||||
-->
|
||||
<!-- TODO: if popularly requested. -->
|
||||
<!--
|
||||
<xs:element name="okta"/>
|
||||
-->
|
||||
<xs:element name="token">
|
||||
<xs:complexType>
|
||||
<xs:attribute name="source" type="t_vaultpass_tokensource" use="optional"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_vaultpass_tokensource">
|
||||
<xs:union memberTypes="t_std_envvar t_unix_filepath xs:token"/>
|
||||
</xs:simpleType>
|
||||
|
||||
</xs:schema>
|
@ -270,7 +270,7 @@
|
||||
<xs:complexType>
|
||||
<xs:attribute name="type" type="t_aif_bootloaders" use="required"/>
|
||||
<xs:attribute name="target" type="t_std_nonempty" use="required"/>
|
||||
<xs:attribute name="efi" type="xs:boolean" use="optional" default="1"/>
|
||||
<xs:attribute name="efi" type="xs:boolean" use="optional" default="true"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<!-- END BOOTLOADER -->
|
||||
|
22
schema/projects/vaultpass.xsd
Normal file
22
schema/projects/vaultpass.xsd
Normal file
@ -0,0 +1,22 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<xs:schema targetNamespace="https://git.square-r00t.net/VaultPass/"
|
||||
xmlns="https://git.square-r00t.net/VaultPass/"
|
||||
xmlns:vaultpass="https://git.square-r00t.net/VaultPass/"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="qualified"
|
||||
attributeFormDefault="unqualified">
|
||||
|
||||
<xs:include schemaLocation="../lib/types/vaultpass.xsd"/>
|
||||
|
||||
<!-- ROOT -->
|
||||
<xs:element name="vaultpass">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="uri" type="t_std_uri" minOccurs="0" maxOccurs="1" default="http://localhost:8000/"/>
|
||||
<xs:element name="auth" type="t_vaultpass_auth"/>
|
||||
</xs:all>
|
||||
<xs:attribute name="autoUnseal" type="xs:boolean" use="optional" default="false"/>
|
||||
<xs:attribute name="unsealShard" type="t_std_base64" use="optional"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:schema>
|
Loading…
Reference in New Issue
Block a user