add ability to specify the mounts since the default policy doesn't expose them except for via the UI.

This commit is contained in:
brent s. 2020-03-30 01:59:42 -04:00
parent 8315cec8ad
commit adda893775
Signed by: bts
GPG Key ID: 8C004C2F93481F6B
2 changed files with 47 additions and 8 deletions

View File

@ -8,14 +8,6 @@
<xs:include schemaLocation="./std.xsd"/> <xs:include schemaLocation="./std.xsd"/>
<xs:include schemaLocation="./unix.xsd"/> <xs:include schemaLocation="./unix.xsd"/>


<xs:complexType name="t_vaultpass_star_gpg">
<xs:simpleContent>
<xs:extension base="t_unix_filepath">
<xs:attribute name="gpgHome" type="t_unix_filepath" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>

<xs:complexType name="t_vaultpass_auth_plain"> <xs:complexType name="t_vaultpass_auth_plain">
<xs:choice minOccurs="1" maxOccurs="1"> <xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="appRole"> <xs:element name="appRole">
@ -109,6 +101,46 @@
</xs:choice> </xs:choice>
</xs:complexType> </xs:complexType>


<xs:simpleType name="t_vaultpass_mount_path">
<xs:restriction base="xs:token">
<!-- I can't believe Vault accepts this charset for mount names. -->
<xs:pattern value="[A-Za-z0-9!&quot;#$%&amp;&apos;()*+,./:;=&lt;&gt;\?\\@\[\]\^_`{|}~-]+"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>

<xs:complexType name="t_vaultpass_mount">
<xs:simpleContent>
<xs:extension base="t_vaultpass_mount_path">
<xs:attribute name="type" use="optional" default="kv2">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="cubbyhole"/>
<xs:enumeration value="kv"/>
<xs:enumeration value="kv2"/>
<!-- TODO: can any of the below be enabled? -->
<!-- more at .../ui/vault/settings/mount-secret-backend -->
<!--
<xs:enumeration value="pki"/>
<xs:enumeration value="ssh"/>
<xs:enumeration value="transit"/>
<xs:enumeration value="totp"/>
-->
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>

<xs:complexType name="t_vaultpass_star_gpg">
<xs:simpleContent>
<xs:extension base="t_unix_filepath">
<xs:attribute name="gpgHome" type="t_unix_filepath" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>

<xs:simpleType name="t_vaultpass_tokensource"> <xs:simpleType name="t_vaultpass_tokensource">
<xs:union memberTypes="t_std_envvar t_unix_filepath"/> <xs:union memberTypes="t_std_envvar t_unix_filepath"/>
</xs:simpleType> </xs:simpleType>

View File

@ -23,6 +23,13 @@
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element ref="t_vaultpass_authselect" minOccurs="1" maxOccurs="1"/> <xs:element ref="t_vaultpass_authselect" minOccurs="1" maxOccurs="1"/>
<xs:element name="mounts" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="mount" minOccurs="1" maxOccurs="unbounded" type="t_vaultpass_mount"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:all> </xs:all>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>