grab go files from openapi-models

CHANGELOG.md

@@ -1,4 +1,4 @@
-## Next
+## 1.0.3 (February 12th, 2019)
 
 CHANGES:
 
@@ -9,6 +9,11 @@ CHANGES:
    entity either by name or by id [GH-6105]
  * The Vault UI's navigation and onboarding wizard now only displays items that
    are permitted in a users' policy [GH-5980, GH-6094]
+ * An issue was fixed that caused recovery keys to not work on secondary 
+   clusters when using a different unseal mechanism/key than the primary. This 
+   would be hit if the cluster was rekeyed or initialized after 1.0. We recommend
+   rekeying the recovery keys on the primary cluster if you meet the above 
+   requirements.
 
 FEATURES:
 
@@ -47,6 +52,8 @@ BUG FIXES:
    a performance standby very quickly, before an associated entity has been
    replicated. If the entity is not found in this scenario, the request will
    forward to the active node.
+ * replication: Fix issue where recovery keys would not work on secondary 
+   clusters if using a different unseal mechanism than the primary.
  * replication: Fix a "failed to register lease" error when using performance
    standbys
  * storage/postgresql: The `Get` method will now return an Entry object with

builtin/credential/github/path_config.go

@@ -25,14 +25,17 @@ func pathConfig(b *backend) *framework.Path {
 				Description: `The API endpoint to use. Useful if you
 are running GitHub Enterprise or an
 API-compatible authentication server.`,
+				DisplayName: "Base URL",
 			},
 			"ttl": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `Duration after which authentication will be expired`,
+				DisplayName: "TTL",
 			},
 			"max_ttl": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `Maximum duration after which authentication will be expired`,
+				DisplayName: "Max TTL",
 			},
 		},
 

builtin/credential/okta/path_config.go

@@ -25,26 +25,32 @@ func pathConfig(b *backend) *framework.Path {
 			"organization": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "(DEPRECATED) Okta organization to authenticate against. Use org_name instead.",
+				Deprecated:  true,
 			},
 			"org_name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the organization to be used in the Okta API.",
+				DisplayName: "Organization Name",
 			},
 			"token": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "(DEPRECATED) Okta admin API token.  Use api_token instead.",
+				Deprecated:  true,
 			},
 			"api_token": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Okta API key.",
+				DisplayName: "API Token",
 			},
 			"base_url": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`,
+				DisplayName: "Base URL",
 			},
 			"production": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `(DEPRECATED) Use base_url.`,
+				Deprecated:  true,
 			},
 			"ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
@@ -57,6 +63,7 @@ func pathConfig(b *backend) *framework.Path {
 			"bypass_okta_mfa": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
+				DisplayName: "Bypass Okta MFA",
 			},
 		},
 

builtin/credential/radius/path_config.go

@@ -15,6 +15,7 @@ func pathConfig(b *backend) *framework.Path {
 			"host": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "RADIUS server host",
+				DisplayName: "Host",
 			},
 
 			"port": &framework.FieldSchema{
@@ -30,6 +31,7 @@ func pathConfig(b *backend) *framework.Path {
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: emtpy)",
+				DisplayName: "Policies for unregistered users",
 			},
 			"dial_timeout": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
@@ -45,11 +47,13 @@ func pathConfig(b *backend) *framework.Path {
 				Type:        framework.TypeInt,
 				Default:     10,
 				Description: "RADIUS NAS port field (default: 10)",
+				DisplayName: "NAS Port",
 			},
 			"nas_identifier": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "RADIUS NAS Identifier field (optional)",
+				DisplayName: "NAS Identifier",
 			},
 		},
 

builtin/logical/aws/path_roles.go

@@ -36,6 +36,7 @@ func pathRoles(b *backend) *framework.Path {
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the policy",
+				DisplayName: "Policy Name",
 			},
 
 			"credential_type": &framework.FieldSchema{
@@ -46,11 +47,13 @@ func pathRoles(b *backend) *framework.Path {
 			"role_arns": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS roles allowed to be assumed. Only valid when credential_type is " + assumedRoleCred,
+				DisplayName: "Role ARNs",
 			},
 
 			"policy_arns": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS policies to attach to IAM users. Only valid when credential_type is " + iamUserCred,
+				DisplayName: "Policy ARNs",
 			},
 
 			"policy_document": &framework.FieldSchema{
@@ -65,22 +68,26 @@ GetFederationToken API call, acting as a filter on permissions available.`,
 			"default_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred),
+				DisplayName: "Default TTL",
 			},
 
 			"max_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Max allowed TTL for %s and %s credential types", assumedRoleCred, federationTokenCred),
+				DisplayName: "Max TTL",
 			},
 
 			"arn": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `Deprecated; use role_arns or policy_arns instead. ARN Reference to a managed policy
 or IAM role to assume`,
+				Deprecated: true,
 			},
 
 			"policy": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Deprecated; use policy_document instead. IAM policy document",
+				Deprecated: true,
 			},
 		},
 

builtin/logical/pki/fields.go

@@ -11,6 +11,7 @@ func addIssueAndSignCommonFields(fields map[string]*framework.FieldSchema) map[s
 		Description: `If true, the Common Name will not be
 included in DNS or Email Subject Alternate Names.
 Defaults to false (CN is included).`,
+		DisplayName: "Exclude Common Name from Subject Alternative Names (SANs)",
 	}
 
 	fields["format"] = &framework.FieldSchema{
@@ -20,6 +21,7 @@ Defaults to false (CN is included).`,
 or "pem_bundle". If "pem_bundle" any private
 key and issuing cert will be appended to the
 certificate pem. Defaults to "pem".`,
+		AllowedValues: []interface{}{"pem", "der", "pem_bundle"},
 	}
 
 	fields["private_key_format"] = &framework.FieldSchema{
@@ -31,24 +33,28 @@ parameter as either base64-encoded DER or PEM-encoded DER.
 However, this can be set to "pkcs8" to have the returned
 private key contain base64-encoded pkcs8 or PEM-encoded
 pkcs8 instead. Defaults to "der".`,
+		AllowedValues: []interface{}{"", "der", "pem", "pkcs8"},
 	}
 
 	fields["ip_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `The requested IP SANs, if any, in a
 comma-delimited list`,
+		DisplayName: "IP Subject Alternative Names (SANs)",
 	}
 
 	fields["uri_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `The requested URI SANs, if any, in a
 comma-delimited list.`,
+		DisplayName: "URI Subject Alternative Names (SANs)",
 	}
 
 	fields["other_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `Requested other SANs, in an array with the format
 <oid>;UTF8:<utf8 string value> for each entry.`,
+		DisplayName: "Other SANs",
 	}
 
 	return fields
@@ -79,6 +85,7 @@ in the role, this may be an email address.`,
 in a comma-delimited list. If email protection
 is enabled for the role, this may contain
 email addresses.`,
+		DisplayName: "DNS/Email Subject Alternative Names (SANs)",
 	}
 
 	fields["serial_number"] = &framework.FieldSchema{
@@ -95,6 +102,7 @@ sets the expiration date. If not specified
 the role default, backend default, or system
 default TTL is used, in that order. Cannot
 be larger than the role max TTL.`,
+		DisplayName: "TTL",
 	}
 
 	return fields
@@ -110,6 +118,7 @@ func addCACommonFields(fields map[string]*framework.FieldSchema) map[string]*fra
 		Description: `The requested Subject Alternative Names, if any,
 in a comma-delimited list. May contain both
 DNS names and email addresses.`,
+		DisplayName: "DNS/Email Subject Alternative Names (SANs)",
 	}
 
 	fields["common_name"] = &framework.FieldSchema{
@@ -131,12 +140,14 @@ be larger than the mount max TTL. Note:
 this only has an effect when generating
 a CA cert or signing a CA cert, not when
 generating a CSR for an intermediate CA.`,
+		DisplayName: "TTL",
 	}
 
 	fields["ou"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, OU (OrganizationalUnit) will be set to
 this value.`,
+		DisplayName: "OU (Organizational Unit)",
 	}
 
 	fields["organization"] = &framework.FieldSchema{
@@ -155,24 +166,28 @@ this value.`,
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Locality will be set to
 this value.`,
+		DisplayName: "Locality/City",
 	}
 
 	fields["province"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Province will be set to
 this value.`,
+		DisplayName: "Province/State",
 	}
 
 	fields["street_address"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Street Address will be set to
 this value.`,
+		DisplayName: "Street Address",
 	}
 
 	fields["postal_code"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Postal Code will be set to
 this value.`,
+		DisplayName: "Postal Code",
 	}
 
 	fields["serial_number"] = &framework.FieldSchema{
@@ -209,8 +224,8 @@ the key_type.`,
 		Default: "rsa",
 		Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
+		AllowedValues: []interface{}{"rsa", "ec"},
 	}
-
 	return fields
 }
 
@@ -226,6 +241,7 @@ func addCAIssueFields(fields map[string]*framework.FieldSchema) map[string]*fram
 	fields["permitted_dns_domains"] = &framework.FieldSchema{
 		Type:        framework.TypeCommaStringSlice,
 		Description: `Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).`,
+		DisplayName: "Permitted DNS Domains",
 	}
 
 	return fields