Skip to content

Commit

Permalink
Improve databases documentation
Browse files Browse the repository at this point in the history
Fixed a bunch of formatting issues and broken JSON outputs.
  • Loading branch information
multani committed Aug 18, 2021
1 parent 032aa5d commit 1aeddca
Show file tree
Hide file tree
Showing 14 changed files with 82 additions and 72 deletions.
3 changes: 3 additions & 0 deletions changelog/12344.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
Improved rendering of the api-docs/secret/databases/ documentation pages
```
23 changes: 14 additions & 9 deletions website/content/api-docs/secret/databases/cassandra.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ has a number of parameters to further configure a connection.
[the pki documentation](/docs/secrets/pki). Only one of `pem_bundle` or `pem_json` can be specified.

<details>
<summary>`pem_json` example</summary>
<summary><b><tt>pem_json</tt> example</b></summary>

```json
{
Expand All @@ -65,7 +65,9 @@ has a number of parameters to further configure a connection.
"ca_chain": ["<CA as a PEM>", "<Additional PEM for the CA chain if needed"]
}
```
If using the Vault CLI, it's probably easiest to write the JSON to a file and then reference the file:

If using the Vault CLI, it's probably easiest to write the JSON to a file and then reference the file:

```shell
vault write database/config/cassandra-example <...other fields> pem_json=@/path/to/file.json
```
Expand All @@ -82,7 +84,7 @@ vault write database/config/cassandra-example <...other fields> pem_json=@/path/

- `local_datacenter` `(string: "")` – If set, enables host selection policy
which will prioritize and use hosts which are in the local datacenter before
hosts in all other datacenters (for example "dc-01").
hosts in all other datacenters (for example `dc-01`).

- `socket_keep_alive` `(string: "0s")` – the keep-alive period for an active
network connection. If zero, keep-alives are not enabled.
Expand Down Expand Up @@ -179,32 +181,35 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{username}}' and '{{password}}' values will be substituted. If not
array. The `{{username}}` and `{{password}}` values will be substituted. If not
provided, defaults to a generic create user statements that creates a
non-superuser.

- `revocation_statements` `(list: [])` – Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
base64-encoded semicolon-separated string, a serialized JSON string array, or
a base64-encoded serialized JSON string array. The '{{username}}' value will be
a base64-encoded serialized JSON string array. The `{{username}}` value will be
substituted. If not provided defaults to a generic drop user statement.

- `rollback_statements` `(list: [])` – Specifies the database statements to be
executed to rollback a create operation in the event of an error. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{username}}' value will be substituted. If not provided, defaults to
array. The `{{username}}` value will be substituted. If not provided, defaults to
a generic drop user statement

- `root_rotation_statements` `(list: [])` - Specifies the database statements
to be executed when rotating the root user's password. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{username}}' value will be substituted. If not provided, defaults to
array. The `{{username}}` value will be substituted. If not provided, defaults to
a reasonable default alter user statement.

~> Prior to Vault 1.7.1 and 1.6.4 the default `root_rotation_statements` does not
allow for usernames with special characters in them due to missing quotes
around the username. To fix this issue in versions prior to Vault 1.7.1/1.6.4,
specify the following `root_rotation_statements`:<br/>
`ALTER USER '{{username}}' WITH PASSWORD '{{password}}';`
specify the following `root_rotation_statements`:

```sql
ALTER USER '{{username}}' WITH PASSWORD '{{password}}';
```
14 changes: 8 additions & 6 deletions website/content/api-docs/secret/databases/elasticdb.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@ has a number of parameters to further configure a connection.

### Parameters

- `url` `(string: <required>)` - The URL for Elasticsearch's API ("http://localhost:9200").
- `username` `(string: <required>)` - The username to be used in the connection URL ("vault").
- `password` `(string: <required>)` - The password to be used in the connection URL ("pa55w0rd").
- `url` `(string: <required>)` - The URL for Elasticsearch's API (`http://localhost:9200`).
- `username` `(string: <required>)` - The username to be used in the connection URL (`vault`).
- `password` `(string: <required>)` - The password to be used in the connection URL (`pa55w0rd`).
- `ca_cert` `(string: "")` - The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.
- `ca_path` `(string: "")` - The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.
- `client_cert` `(string: "")` - The path to the certificate for the Elasticsearch client to present for communication.
- `client_key` `(string: "")` - The path to the key for the Elasticsearch client to use for communication.
- `tls_server_name` `(string: "")` - This, if set, is used to set the SNI host when connecting via 1TLS.
- `insecure` `(bool: false)` - Not recommended. Default to false. Can be set to true to disable SSL verification.
- `tls_server_name` `(string: "")` - This, if set, is used to set the SNI host when connecting via TLS.
- `insecure` `(bool: false)` - Not recommended. Default to `false`. Can be set to `true` to disable certificate verification.
- `username_template` `(string)` - [Template](/docs/concepts/username-templating) describing how dynamic usernames are generated.

### Sample Payload
Expand Down Expand Up @@ -74,11 +74,13 @@ list the plugin does not support that statement type.

- `creation_statements` `(string: <required>)` – Using JSON, either defines an
`elasticsearch_role_definition` or a group of pre-existing `elasticsearch_roles`.

The object specified by the `elasticsearch_role_definition` is the JSON directly
passed through to the Elasticsearch API, so you can pass through anything shown
[here](https://www.elastic.co/guide/en/elasticsearch/reference/6.6/security-api-put-role.html).

For `elasticsearch_roles`, add the names of the roles only. They must pre-exist
in Elasticsearch. Defining roles in Vault is more secure than using pre-existing
in Elasticsearch. Defining roles in Vault is more secure than using pre-existing
roles because a privilege escalation could be performed by editing the roles used
out-of-band in Elasticsearch.

Expand Down
10 changes: 5 additions & 5 deletions website/content/api-docs/secret/databases/hanadb.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ has a number of parameters to further configure a connection.

- `connection_url` `(string: <required>)` - Specifies the HANA DSN. This field
can be templated and supports passing the username and password
parameters in the following format {{field_name}}. A templated connection URL is
parameters in the following format `{{field_name}}`. A templated connection URL is
required when using root credential rotation.

- `max_open_connections` `(int: 4)` - Specifies the maximum number of open
Expand All @@ -38,7 +38,7 @@ has a number of parameters to further configure a connection.
`max_open_connections` it will be reduced to be equal.

- `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
time a connection may be reused. If &lt;= 0s connections are reused forever.
time a connection may be reused. If &le; `0s`, connections are reused forever.

- `username` `(string: "")` - The root credential username used in the connection URL.

Expand All @@ -54,7 +54,7 @@ has a number of parameters to further configure a connection.
"max_open_connections": 5,
"max_connection_lifetime": "5s",
"username": "username",
"password": "password
"password": "password"
}
```

Expand Down Expand Up @@ -84,7 +84,7 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{name}}', '{{password}}', and '{{expiration}}' values will be
array. The `{{name}}`, `{{password}}`, and `{{expiration}}` values will be
substituted.

- The expiration time will be HANA server time plus the role's `default_ttl`.
Expand All @@ -93,6 +93,6 @@ list the plugin does not support that statement type.
- `revocation_statements` `(list: [])` – Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
base64-encoded semicolon-separated string, a serialized JSON string array, or
a base64-encoded serialized JSON string array. The '{{name}}' value will be
a base64-encoded serialized JSON string array. The `{{name}}` value will be
substituted. If not provided, defaults to dropping the user only if they have
no dependent objects.
16 changes: 8 additions & 8 deletions website/content/api-docs/secret/databases/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ list of additional parameters.
during initial configuration. Defaults to true.

- `allowed_roles` `(list: [])` - List of the roles allowed to use this connection.
Defaults to empty (no roles), if contains a "\*" any role can use this connection.
Defaults to empty (no roles), if contains a `*` any role can use this connection.

- `root_rotation_statements` `(list: [])` - Specifies the database statements to be
executed to rotate the root user's credentials. See the plugin's API page for more
Expand Down Expand Up @@ -273,12 +273,12 @@ This endpoint creates or updates a role definition.
for this role.

- `default_ttl` `(string/int: 0)` - Specifies the TTL for the leases
associated with this role. Accepts time suffixed strings ("1h") or an integer
associated with this role. Accepts time suffixed strings (`1h`) or an integer
number of seconds. Defaults to system/engine default TTL time.

- `max_ttl` `(string/int: 0)` - Specifies the maximum TTL for the leases
associated with this role. Accepts time suffixed strings ("1h") or an integer
number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).
associated with this role. Accepts time suffixed strings (`1h`) or an integer
number of seconds. Defaults to `sys/mounts`'s default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).

- `creation_statements` `(list: <required>)` – Specifies the database
statements executed to create and configure a user. See the plugin's API page
Expand Down Expand Up @@ -490,7 +490,7 @@ this in order to know the password.
{
"db_name": "mysql",
"username": "static-database-user",
"rotation_statements": ["ALTER USER "{{name}}" WITH PASSWORD '{{password}}';"],
"rotation_statements": ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
"rotation_period": "1h"
}
```
Expand Down Expand Up @@ -533,9 +533,9 @@ $ curl \
"data": {
"db_name": "mysql",
"username":"static-user",
"rotation_statements": ["ALTER USER "{{name}}" WITH PASSWORD '{{password}}';"],
"rotation_period":"1h",
},
"rotation_statements": ["ALTER USER \"{{name}}\" WITH PASSWORD '{{password}}';"],
"rotation_period":"1h"
}
}
```

Expand Down
8 changes: 4 additions & 4 deletions website/content/api-docs/secret/databases/influxdb.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -116,19 +116,19 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{username}}' and '{{password}}' values will be substituted. If not
array. The `{{username}}` and `{{password}}` values will be substituted. If not
provided, defaults to a generic create user statements that creates a
non-superuser.

- `revocation_statements` `(list: [])` – Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
base64-encoded semicolon-separated string, a serialized JSON string array, or
a base64-encoded serialized JSON string array. The '{{username}}' value will be
a base64-encoded serialized JSON string array. The `{{username}}` value will be
substituted. If not provided defaults to a generic drop user statement.

- `rollback_statements` `(list: [])` – Specifies the database statements to be
executed to rollback a create operation in the event of an error. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{username}}' value will be substituted. If not provided, defaults to
a generic drop user statement
array. The `{{username}}` value will be substituted. If not provided, defaults to
a generic drop user statement.
10 changes: 5 additions & 5 deletions website/content/api-docs/secret/databases/mongodb.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -111,17 +111,17 @@ list the plugin does not support that statement type.
- `creation_statements` `(string: <required>)` – Specifies the database
statements executed to create and configure a user. Must be a
serialized JSON object, or a base64-encoded serialized JSON object.
The object can optionally contain a "db" string for session connection,
and must contain a "roles" array. This array contains objects that holds
a "role", and an optional "db" value, and is similar to the BSON document that
The object can optionally contain a `db` string for session connection,
and must contain a `roles` array. This array contains objects that holds
a `role`, and an optional `db` value, and is similar to the BSON document that
is accepted by MongoDB's `roles` field. Vault will transform this array into
such format. For more information regarding the `roles` field, refer to
[MongoDB's documentation](https://docs.mongodb.com/manual/reference/method/db.createUser/).

- `revocation_statements` `(string: "")` – Specifies the database statements to
be executed to revoke a user. Must be a serialized JSON object, or a base64-encoded
serialized JSON object. The object can optionally contain a "db" string. If no
"db" value is provided, it defaults to the "admin" database.
serialized JSON object. The object can optionally contain a `db` string. If no
`db` value is provided, it defaults to the `admin` database.

### Sample Creation Statement

Expand Down
2 changes: 1 addition & 1 deletion website/content/api-docs/secret/databases/mongodbatlas.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ list the plugin does not support that statement type.
- `default_ttl` `(string/int): 0` - Specifies the TTL for the leases associated with this role.
Accepts time suffixed strings (`1h`) or an integer number of seconds. Defaults to system/engine default TTL time.
- `max_ttl` `(string/int): 0` - Specifies the maximum TTL for the leases associated with this role. Accepts time
suffixed strings (`1h`) or an integer number of seconds. Defaults to system/mount default TTL time; this value
suffixed strings (`1h`) or an integer number of seconds. Defaults to `sys/mounts` default TTL time; this value
is allowed to be less than the mount max TTL (or, if not set, the system max TTL),
but it is not allowed to be longer. See also [The TTL General Case](/docs/concepts/tokens#the-general-case).

Expand Down
6 changes: 3 additions & 3 deletions website/content/api-docs/secret/databases/mssql.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ has a number of parameters to further configure a connection.
`max_open_connections` it will be reduced to be equal.

- `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
time a connection may be reused. If <= 0s connections are reused forever.
time a connection may be reused. If &le; `0s` connections are reused forever.

- `username` `(string: "")` - The root credential username used in the connection URL.

Expand Down Expand Up @@ -112,10 +112,10 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{name}}' and '{{password}}' values will be substituted.
array. The `{{name}}` and `{{password}}` values will be substituted.

- `revocation_statements` `(list: [])` – Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
base64-encoded semicolon-separated string, a serialized JSON string array, or
a base64-encoded serialized JSON string array. The '{{name}}' value will be
a base64-encoded serialized JSON string array. The `{{name}}` value will be
substituted. If not provided defaults to a generic drop user statement.
8 changes: 4 additions & 4 deletions website/content/api-docs/secret/databases/mysql-maria.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ has a number of parameters to further configure a connection.

- `connection_url` `(string: <required>)` - Specifies the MySQL DSN. This field
can be templated and supports passing the username and password
parameters in the following format {{field_name}}. A templated connection URL is
parameters in the following format `{{field_name}}`. A templated connection URL is
required when using root credential rotation.

- `max_open_connections` `(int: 4)` - Specifies the maximum number of open
Expand All @@ -38,7 +38,7 @@ has a number of parameters to further configure a connection.
`max_open_connections` it will be reduced to be equal.

- `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
time a connection may be reused. If &lt;= 0s connections are reused forever.
time a connection may be reused. If &le; 0s connections are reused forever.

- `username` `(string: "")` - The root credential username used in the connection URL.

Expand Down Expand Up @@ -149,11 +149,11 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{name}}' and '{{password}}' values will be substituted. The
array. The `{{name}}` and `{{password}}` values will be substituted. The
generated password will be a random alphanumeric 20 character string.

- `revocation_statements` `(list: [])` – Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
base64-encoded semicolon-separated string, a serialized JSON string array, or
a base64-encoded serialized JSON string array. The '{{name}}' value will be
a base64-encoded serialized JSON string array. The `{{name}}` value will be
substituted. If not provided defaults to a generic drop user statement.
6 changes: 3 additions & 3 deletions website/content/api-docs/secret/databases/oracle.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ has a number of parameters to further configure a connection.
`max_open_connections` it will be reduced to be equal.

- `max_connection_lifetime` `(string: "0s")` - Specifies the maximum amount of
time a connection may be reused. If <= 0s connections are reused forever.
time a connection may be reused. If &le; `0s` connections are reused forever.

- `username` `(string: "")` - The root credential username used in the connection URL.

Expand Down Expand Up @@ -109,10 +109,10 @@ list the plugin does not support that statement type.
statements executed to create and configure a user. Must be a
semicolon-separated string, a base64-encoded semicolon-separated string, a
serialized JSON string array, or a base64-encoded serialized JSON string
array. The '{{name}}' and '{{password}}' values will be substituted.
array. The `{{name}}` and `{{password}}` values will be substituted.

- `revocation_statements` `(string: "")` – Specifies the database statements to
be executed to revoke a user. Must be a semicolon-separated string, a
base64-encoded semicolon-separated string, a serialized JSON string array, or
a base64-encoded serialized JSON string array. The '{{name}}' value will be
a base64-encoded serialized JSON string array. The `{{name}}` value will be
substituted. If not provided defaults to a generic drop user statement.
Loading

0 comments on commit 1aeddca

Please sign in to comment.