hashicorp · madalynrose · Feb 14, 2019 · Feb 11, 2019 · Feb 11, 2019 · Feb 11, 2019
diff --git a/builtin/credential/cert/path_config.go b/builtin/credential/cert/path_config.go
@@ -13,9 +13,11 @@ func pathConfig(b *backend) *framework.Path {
 		Pattern: "config",
 		Fields: map[string]*framework.FieldSchema{
 			"disable_binding": &framework.FieldSchema{
-				Type:        framework.TypeBool,
-				Default:     false,
-				Description: `If set, during renewal, skips the matching of presented client identity with the client identity used during login. Defaults to false.`,
+				Type:         framework.TypeBool,
+				Default:      false,
+				Description:  `If set, during renewal, skips the matching of presented client identity with the client identity used during login. Defaults to false.`,
+				DisplayName:  "Disable Binding",
+				DisplayValue: false,
 			},
 		},
 

diff --git a/builtin/credential/github/path_config.go b/builtin/credential/github/path_config.go
@@ -18,21 +18,25 @@ func pathConfig(b *backend) *framework.Path {
 			"organization": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "The organization users must be part of",
+				DisplayName: "Organization",
 			},
 
 			"base_url": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The API endpoint to use. Useful if you
 are running GitHub Enterprise or an
 API-compatible authentication server.`,
+				DisplayName: "Base URL",
 			},
 			"ttl": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `Duration after which authentication will be expired`,
+				DisplayName: "TTL",
 			},
 			"max_ttl": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `Maximum duration after which authentication will be expired`,
+				DisplayName: "Max TTL",
 			},
 		},
 

diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go
@@ -25,26 +25,32 @@ func pathConfig(b *backend) *framework.Path {
 			"organization": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "(DEPRECATED) Okta organization to authenticate against. Use org_name instead.",
+				Deprecated:  true,
 			},
 			"org_name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the organization to be used in the Okta API.",
+				DisplayName: "Organization Name",
 			},
 			"token": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "(DEPRECATED) Okta admin API token.  Use api_token instead.",
+				Deprecated:  true,
 			},
 			"api_token": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Okta API key.",
+				DisplayName: "API Token",
 			},
 			"base_url": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`,
+				DisplayName: "Base URL",
 			},
 			"production": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `(DEPRECATED) Use base_url.`,
+				Deprecated:  true,
 			},
 			"ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
@@ -55,8 +61,10 @@ func pathConfig(b *backend) *framework.Path {
 				Description: `Maximum duration after which authentication will be expired`,
 			},
 			"bypass_okta_mfa": &framework.FieldSchema{
-				Type:        framework.TypeBool,
-				Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
+				Type:         framework.TypeBool,
+				Description:  `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
+				DisplayName:  "Bypass Okta MFA",
+				DisplayValue: false,
 			},
 		},
 

diff --git a/builtin/credential/radius/path_config.go b/builtin/credential/radius/path_config.go
@@ -15,41 +15,53 @@ func pathConfig(b *backend) *framework.Path {
 			"host": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "RADIUS server host",
+				DisplayName: "Host",
 			},
 
 			"port": &framework.FieldSchema{
-				Type:        framework.TypeInt,
-				Default:     1812,
-				Description: "RADIUS server port (default: 1812)",
+				Type:         framework.TypeInt,
+				Default:      1812,
+				Description:  "RADIUS server port (default: 1812)",
+				DisplayName:  "Port",
+				DisplayValue: 1812,
 			},
 			"secret": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Secret shared with the RADIUS server",
+				DisplayName: "Secret",
 			},
 			"unregistered_user_policies": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: emtpy)",
+				DisplayName: "Policies for unregistered users",
 			},
 			"dial_timeout": &framework.FieldSchema{
-				Type:        framework.TypeDurationSecond,
-				Default:     10,
-				Description: "Number of seconds before connect times out (default: 10)",
+				Type:         framework.TypeDurationSecond,
+				Default:      10,
+				Description:  "Number of seconds before connect times out (default: 10)",
+				DisplayName:  "Dial Timeout",
+				DisplayValue: 10,
 			},
 			"read_timeout": &framework.FieldSchema{
-				Type:        framework.TypeDurationSecond,
-				Default:     10,
-				Description: "Number of seconds before response times out (default: 10)",
+				Type:         framework.TypeDurationSecond,
+				Default:      10,
+				Description:  "Number of seconds before response times out (default: 10)",
+				DisplayName:  "Read Timeout",
+				DisplayValue: 10,
 			},
 			"nas_port": &framework.FieldSchema{
-				Type:        framework.TypeInt,
-				Default:     10,
-				Description: "RADIUS NAS port field (default: 10)",
+				Type:         framework.TypeInt,
+				Default:      10,
+				Description:  "RADIUS NAS port field (default: 10)",
+				DisplayName:  "NAS Port",
+				DisplayValue: 10,
 			},
 			"nas_identifier": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "RADIUS NAS Identifier field (optional)",
+				DisplayName: "NAS Identifier",
 			},
 		},
 

diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go
@@ -36,21 +36,25 @@ func pathRoles(b *backend) *framework.Path {
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the policy",
+				DisplayName: "Policy Name",
 			},
 
 			"credential_type": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: fmt.Sprintf("Type of credential to retrieve. Must be one of %s, %s, or %s", assumedRoleCred, iamUserCred, federationTokenCred),
+				DisplayName: "Credential Type",
 			},
 
 			"role_arns": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS roles allowed to be assumed. Only valid when credential_type is " + assumedRoleCred,
+				DisplayName: "Role ARNs",
 			},
 
 			"policy_arns": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS policies to attach to IAM users. Only valid when credential_type is " + iamUserCred,
+				DisplayName: "Policy ARNs",
 			},
 
 			"policy_document": &framework.FieldSchema{
@@ -60,27 +64,32 @@ iam_user, then it will attach the contents of the policy_document to the IAM
 user generated. When credential_type is assumed_role or federation_token, this
 will be passed in as the Policy parameter to the AssumeRole or
 GetFederationToken API call, acting as a filter on permissions available.`,
+				DisplayName: "Policy Document",
 			},
 
 			"default_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred),
+				DisplayName: "Default TTL",
 			},
 
 			"max_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Max allowed TTL for %s and %s credential types", assumedRoleCred, federationTokenCred),
+				DisplayName: "Max TTL",
 			},
 
 			"arn": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `Deprecated; use role_arns or policy_arns instead. ARN Reference to a managed policy
 or IAM role to assume`,
+				Deprecated: true,
 			},
 
 			"policy": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Deprecated; use policy_document instead. IAM policy document",
+				Deprecated: true,
 			},
 		},
 

diff --git a/builtin/logical/pki/fields.go b/builtin/logical/pki/fields.go
@@ -11,6 +11,7 @@ func addIssueAndSignCommonFields(fields map[string]*framework.FieldSchema) map[s
 		Description: `If true, the Common Name will not be
 included in DNS or Email Subject Alternate Names.
 Defaults to false (CN is included).`,
+		DisplayName: "Exclude Common Name from Subject Alternative Names (SANs)",
 	}
 
 	fields["format"] = &framework.FieldSchema{
@@ -20,6 +21,9 @@ Defaults to false (CN is included).`,
 or "pem_bundle". If "pem_bundle" any private
 key and issuing cert will be appended to the
 certificate pem. Defaults to "pem".`,
+		DisplayName: "Format",
+		AllowedValues: []interface{}{"pem", "der", "pem_bundle"},
+		DisplayValue: "pem",
 	}
 
 	fields["private_key_format"] = &framework.FieldSchema{
@@ -31,24 +35,30 @@ parameter as either base64-encoded DER or PEM-encoded DER.
 However, this can be set to "pkcs8" to have the returned
 private key contain base64-encoded pkcs8 or PEM-encoded
 pkcs8 instead. Defaults to "der".`,
+		DisplayName: "Private Key Format",
+		AllowedValues: []interface{}{"", "der", "pem", "pkcs8"},
+		DisplayValue: "",
 	}
 
 	fields["ip_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `The requested IP SANs, if any, in a
 comma-delimited list`,
+		DisplayName: "IP Subject Alternative Names (SANs)",
 	}
 
 	fields["uri_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `The requested URI SANs, if any, in a
 comma-delimited list.`,
+		DisplayName: "URI Subject Alternative Names (SANs)",
 	}
 
 	fields["other_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `Requested other SANs, in an array with the format
 <oid>;UTF8:<utf8 string value> for each entry.`,
+		DisplayName: "Other SANs",
 	}
 
 	return fields
@@ -71,6 +81,7 @@ request`,
 one, specify the alternative names in the
 alt_names map. If email protection is enabled
 in the role, this may be an email address.`,
+		DisplayName: "Common Name",
 	}
 
 	fields["alt_names"] = &framework.FieldSchema{
@@ -79,13 +90,15 @@ in the role, this may be an email address.`,
 in a comma-delimited list. If email protection
 is enabled for the role, this may contain
 email addresses.`,
+		DisplayName: "DNS/Email Subject Alternative Names (SANs)",
 	}
 
 	fields["serial_number"] = &framework.FieldSchema{
 		Type: framework.TypeString,
 		Description: `The requested serial number, if any. If you want
 more than one, specify alternative names in
 the alt_names map using OID 2.5.4.5.`,
+		DisplayName: "Serial Number",
 	}
 
 	fields["ttl"] = &framework.FieldSchema{
@@ -95,6 +108,7 @@ sets the expiration date. If not specified
 the role default, backend default, or system
 default TTL is used, in that order. Cannot
 be larger than the role max TTL.`,
+		DisplayName: "TTL",
 	}
 
 	return fields
@@ -110,6 +124,7 @@ func addCACommonFields(fields map[string]*framework.FieldSchema) map[string]*fra
 		Description: `The requested Subject Alternative Names, if any,
 in a comma-delimited list. May contain both
 DNS names and email addresses.`,
+		DisplayName: "DNS/Email Subject Alternative Names (SANs)",
 	}
 
 	fields["common_name"] = &framework.FieldSchema{
@@ -119,6 +134,7 @@ one, specify the alternative names in the alt_names
 map. If not specified when signing, the common
 name will be taken from the CSR; other names
 must still be specified in alt_names or ip_sans.`,
+		DisplayName: "Common Name",
 	}
 
 	fields["ttl"] = &framework.FieldSchema{
@@ -131,12 +147,15 @@ be larger than the mount max TTL. Note:
 this only has an effect when generating
 a CA cert or signing a CA cert, not when
 generating a CSR for an intermediate CA.`,
+		DisplayName: "TTL",
 	}
 
 	fields["ou"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, OU (OrganizationalUnit) will be set to
 this value.`,
+	DisplayName: "Common Name",
+
 	}
 
 	fields["organization"] = &framework.FieldSchema{
@@ -155,31 +174,36 @@ this value.`,
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Locality will be set to
 this value.`,
+		DisplayName: "Locality/City",
 	}
 
 	fields["province"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Province will be set to
 this value.`,
+		DisplayName: "Province/State",
 	}
 
 	fields["street_address"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Street Address will be set to
 this value.`,
+		DisplayName: "Street Address",
 	}
 
 	fields["postal_code"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Postal Code will be set to
 this value.`,
+		DisplayName: "Postal Code",
 	}
 
 	fields["serial_number"] = &framework.FieldSchema{
 		Type: framework.TypeString,
 		Description: `The requested serial number, if any. If you want
 more than one, specify alternative names in
 the alt_names map using OID 2.5.4.5.`,
+		DisplayName: "Serial Number",
 	}
 
 	return fields
@@ -202,13 +226,17 @@ the private key!`,
 		Description: `The number of bits to use. You will almost
 certainly want to change this if you adjust
 the key_type.`,
+		DisplayName: "Key Bits",
 	}
 
 	fields["key_type"] = &framework.FieldSchema{
 		Type:    framework.TypeString,
 		Default: "rsa",
 		Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
+		DisplayName: "Key Type",
+		AllowedValues: []interface{}{"rsa", "ec"},
+		DisplayValue: "rsa",
 	}
 
 	return fields
@@ -221,11 +249,14 @@ func addCAIssueFields(fields map[string]*framework.FieldSchema) map[string]*fram
 		Type:        framework.TypeInt,
 		Default:     -1,
 		Description: "The maximum allowable path length",
+		DisplayName: "Max Path Length",
+		DisplayValue: -1,
 	}
 
 	fields["permitted_dns_domains"] = &framework.FieldSchema{
 		Type:        framework.TypeCommaStringSlice,
 		Description: `Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).`,
+		DisplayName: "Permitted DNS Domains",
 	}
 
 	return fields