@tapis/tapis-typescript-sk 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.openapi-generator/FILES +16 -6
- package/.openapi-generator/VERSION +1 -1
- package/README.md +5 -4
- package/dist/apis/AdminApi.d.ts +26 -0
- package/dist/apis/AdminApi.js +128 -0
- package/dist/apis/GeneralApi.d.ts +25 -16
- package/dist/apis/GeneralApi.js +72 -23
- package/dist/apis/RoleApi.d.ts +99 -76
- package/dist/apis/RoleApi.js +540 -340
- package/dist/apis/ShareApi.d.ts +110 -0
- package/dist/apis/ShareApi.js +469 -0
- package/dist/apis/UserApi.d.ts +84 -126
- package/dist/apis/UserApi.js +467 -538
- package/dist/apis/VaultApi.d.ts +52 -49
- package/dist/apis/VaultApi.js +413 -341
- package/dist/apis/index.d.ts +2 -0
- package/dist/apis/index.js +20 -7
- package/dist/index.d.ts +2 -2
- package/dist/index.js +17 -6
- package/dist/models/Options.d.ts +8 -3
- package/dist/models/Options.js +23 -15
- package/dist/models/ReqAddChildRole.d.ts +11 -6
- package/dist/models/ReqAddChildRole.js +33 -19
- package/dist/models/ReqAddRolePermission.d.ts +18 -6
- package/dist/models/ReqAddRolePermission.js +36 -19
- package/dist/models/ReqCreateRole.d.ts +18 -6
- package/dist/models/ReqCreateRole.js +36 -19
- package/dist/models/ReqGrantRole.d.ts +51 -0
- package/dist/models/ReqGrantRole.js +62 -0
- package/dist/models/ReqGrantRoleWithPermission.d.ts +57 -0
- package/dist/models/ReqGrantRoleWithPermission.js +66 -0
- package/dist/models/ReqGrantUserPermission.d.ts +11 -6
- package/dist/models/ReqGrantUserPermission.js +33 -19
- package/dist/models/ReqPreviewPathPrefix.d.ts +19 -7
- package/dist/models/ReqPreviewPathPrefix.js +46 -27
- package/dist/models/ReqRemoveChildRole.d.ts +11 -6
- package/dist/models/ReqRemoveChildRole.js +33 -19
- package/dist/models/ReqRemovePermissionFromAllRoles.d.ts +38 -0
- package/dist/models/ReqRemovePermissionFromAllRoles.js +55 -0
- package/dist/models/ReqRemoveRolePermission.d.ts +18 -6
- package/dist/models/ReqRemoveRolePermission.js +36 -19
- package/dist/models/ReqReplacePathPrefix.d.ts +19 -7
- package/dist/models/ReqReplacePathPrefix.js +46 -27
- package/dist/models/ReqRevokeRole.d.ts +51 -0
- package/dist/models/ReqRevokeRole.js +62 -0
- package/dist/models/ReqRevokeUserPermission.d.ts +11 -6
- package/dist/models/ReqRevokeUserPermission.js +33 -19
- package/dist/models/ReqRolePermits.d.ts +45 -0
- package/dist/models/ReqRolePermits.js +60 -0
- package/dist/models/ReqShareResource.d.ts +68 -0
- package/dist/models/ReqShareResource.js +73 -0
- package/dist/models/ReqUpdateRoleDescription.d.ts +17 -5
- package/dist/models/ReqUpdateRoleDescription.js +32 -17
- package/dist/models/ReqUpdateRoleName.d.ts +17 -5
- package/dist/models/ReqUpdateRoleName.js +32 -17
- package/dist/models/ReqUpdateRoleOwner.d.ts +17 -5
- package/dist/models/ReqUpdateRoleOwner.js +34 -19
- package/dist/models/ReqUserHasRole.d.ts +18 -6
- package/dist/models/ReqUserHasRole.js +38 -21
- package/dist/models/ReqUserHasRoleMulti.d.ts +11 -6
- package/dist/models/ReqUserHasRoleMulti.js +35 -21
- package/dist/models/ReqUserIsAdmin.d.ts +10 -5
- package/dist/models/ReqUserIsAdmin.js +29 -17
- package/dist/models/ReqUserIsPermitted.d.ts +11 -6
- package/dist/models/ReqUserIsPermitted.js +35 -21
- package/dist/models/ReqUserIsPermittedMulti.d.ts +11 -6
- package/dist/models/ReqUserIsPermittedMulti.js +35 -21
- package/dist/models/ReqValidatePwd.d.ts +44 -0
- package/dist/models/ReqValidatePwd.js +59 -0
- package/dist/models/ReqVersions.d.ts +11 -6
- package/dist/models/ReqVersions.js +33 -19
- package/dist/models/ReqWriteSecret.d.ts +12 -7
- package/dist/models/ReqWriteSecret.js +36 -22
- package/dist/models/RespAuthorized.d.ts +27 -4
- package/dist/models/RespAuthorized.js +36 -22
- package/dist/models/RespBasic.d.ts +26 -3
- package/dist/models/RespBasic.js +35 -21
- package/dist/models/RespBoolean.d.ts +69 -0
- package/dist/models/RespBoolean.js +62 -0
- package/dist/models/RespChangeCount.d.ts +27 -4
- package/dist/models/RespChangeCount.js +36 -22
- package/dist/models/RespName.d.ts +27 -4
- package/dist/models/RespName.js +36 -22
- package/dist/models/RespNameArray.d.ts +27 -4
- package/dist/models/RespNameArray.js +36 -22
- package/dist/models/RespPathPrefixes.d.ts +27 -4
- package/dist/models/RespPathPrefixes.js +36 -22
- package/dist/models/RespProbe.d.ts +27 -4
- package/dist/models/RespProbe.js +36 -22
- package/dist/models/RespResourceUrl.d.ts +27 -4
- package/dist/models/RespResourceUrl.js +36 -22
- package/dist/models/RespRole.d.ts +27 -4
- package/dist/models/RespRole.js +36 -22
- package/dist/models/RespSecret.d.ts +27 -4
- package/dist/models/RespSecret.js +36 -22
- package/dist/models/RespSecretList.d.ts +27 -4
- package/dist/models/RespSecretList.js +36 -22
- package/dist/models/RespSecretMeta.d.ts +27 -4
- package/dist/models/RespSecretMeta.js +36 -22
- package/dist/models/RespSecretVersionMetadata.d.ts +27 -4
- package/dist/models/RespSecretVersionMetadata.js +36 -22
- package/dist/models/RespShare.d.ts +69 -0
- package/dist/models/RespShare.js +62 -0
- package/dist/models/RespShareList.d.ts +69 -0
- package/dist/models/RespShareList.js +62 -0
- package/dist/models/RespVersions.d.ts +26 -3
- package/dist/models/RespVersions.js +35 -21
- package/dist/models/ResultAuthorized.d.ts +8 -3
- package/dist/models/ResultAuthorized.js +23 -15
- package/dist/models/ResultBoolean.d.ts +32 -0
- package/dist/models/ResultBoolean.js +49 -0
- package/dist/models/ResultChangeCount.d.ts +8 -3
- package/dist/models/ResultChangeCount.js +23 -15
- package/dist/models/ResultName.d.ts +8 -3
- package/dist/models/ResultName.js +23 -15
- package/dist/models/ResultNameArray.d.ts +8 -3
- package/dist/models/ResultNameArray.js +23 -15
- package/dist/models/ResultResourceUrl.d.ts +8 -3
- package/dist/models/ResultResourceUrl.js +23 -15
- package/dist/models/RoleTypeEnum.d.ts +28 -0
- package/dist/models/RoleTypeEnum.js +54 -0
- package/dist/models/SkProbe.d.ts +8 -21
- package/dist/models/SkProbe.js +23 -21
- package/dist/models/SkRole.d.ts +19 -7
- package/dist/models/SkRole.js +48 -37
- package/dist/models/SkSecret.d.ts +9 -4
- package/dist/models/SkSecret.js +26 -18
- package/dist/models/SkSecretList.d.ts +8 -3
- package/dist/models/SkSecretList.js +25 -17
- package/dist/models/SkSecretMetadata.d.ts +8 -3
- package/dist/models/SkSecretMetadata.js +29 -21
- package/dist/models/SkSecretVersion.d.ts +8 -3
- package/dist/models/SkSecretVersion.js +29 -21
- package/dist/models/SkSecretVersionMetadata.d.ts +9 -4
- package/dist/models/SkSecretVersionMetadata.js +34 -26
- package/dist/models/SkShare.d.ts +92 -0
- package/dist/models/SkShare.js +69 -0
- package/dist/models/SkShareList.d.ts +33 -0
- package/dist/models/SkShareList.js +50 -0
- package/dist/models/Transformation.d.ts +8 -3
- package/dist/models/Transformation.js +27 -19
- package/dist/models/index.d.ts +14 -6
- package/dist/models/index.js +75 -56
- package/dist/runtime.d.ts +80 -38
- package/dist/runtime.js +313 -171
- package/package.json +6 -2
- package/src/apis/AdminApi.ts +63 -0
- package/src/apis/GeneralApi.ts +48 -24
- package/src/apis/RoleApi.ts +374 -220
- package/src/apis/ShareApi.ts +418 -0
- package/src/apis/UserApi.ts +258 -383
- package/src/apis/VaultApi.ts +347 -275
- package/src/apis/index.ts +2 -0
- package/src/index.ts +2 -2
- package/src/models/Options.ts +21 -12
- package/src/models/ReqAddChildRole.ts +31 -19
- package/src/models/ReqAddRolePermission.ts +49 -19
- package/src/models/ReqCreateRole.ts +49 -19
- package/src/models/ReqGrantRole.ts +102 -0
- package/src/models/ReqGrantRoleWithPermission.ts +111 -0
- package/src/models/ReqGrantUserPermission.ts +31 -19
- package/src/models/ReqPreviewPathPrefix.ts +59 -28
- package/src/models/ReqRemoveChildRole.ts +31 -19
- package/src/models/ReqRemovePermissionFromAllRoles.ts +75 -0
- package/src/models/ReqRemoveRolePermission.ts +49 -19
- package/src/models/ReqReplacePathPrefix.ts +59 -28
- package/src/models/ReqRevokeRole.ts +102 -0
- package/src/models/ReqRevokeUserPermission.ts +31 -19
- package/src/models/ReqRolePermits.ts +94 -0
- package/src/models/ReqShareResource.ts +119 -0
- package/src/models/ReqUpdateRoleDescription.ts +45 -16
- package/src/models/ReqUpdateRoleName.ts +45 -16
- package/src/models/ReqUpdateRoleOwner.ts +47 -18
- package/src/models/ReqUserHasRole.ts +51 -21
- package/src/models/ReqUserHasRoleMulti.ts +33 -21
- package/src/models/ReqUserIsAdmin.ts +27 -16
- package/src/models/ReqUserIsPermitted.ts +33 -21
- package/src/models/ReqUserIsPermittedMulti.ts +33 -21
- package/src/models/ReqValidatePwd.ts +84 -0
- package/src/models/ReqVersions.ts +31 -19
- package/src/models/ReqWriteSecret.ts +36 -23
- package/src/models/RespAuthorized.ts +54 -20
- package/src/models/RespBasic.ts +51 -18
- package/src/models/RespBoolean.ts +121 -0
- package/src/models/RespChangeCount.ts +54 -20
- package/src/models/RespName.ts +54 -20
- package/src/models/RespNameArray.ts +54 -20
- package/src/models/RespPathPrefixes.ts +54 -20
- package/src/models/RespProbe.ts +54 -20
- package/src/models/RespResourceUrl.ts +54 -20
- package/src/models/RespRole.ts +54 -20
- package/src/models/RespSecret.ts +54 -20
- package/src/models/RespSecretList.ts +54 -20
- package/src/models/RespSecretMeta.ts +54 -20
- package/src/models/RespSecretVersionMetadata.ts +54 -20
- package/src/models/RespShare.ts +121 -0
- package/src/models/RespShareList.ts +121 -0
- package/src/models/RespVersions.ts +51 -18
- package/src/models/ResultAuthorized.ts +21 -12
- package/src/models/ResultBoolean.ts +65 -0
- package/src/models/ResultChangeCount.ts +21 -12
- package/src/models/ResultName.ts +21 -12
- package/src/models/ResultNameArray.ts +21 -12
- package/src/models/ResultResourceUrl.ts +21 -12
- package/src/models/RoleTypeEnum.ts +56 -0
- package/src/models/SkProbe.ts +21 -36
- package/src/models/SkRole.ts +65 -38
- package/src/models/SkSecret.ts +26 -16
- package/src/models/SkSecretList.ts +23 -14
- package/src/models/SkSecretMetadata.ts +27 -18
- package/src/models/SkSecretVersion.ts +27 -18
- package/src/models/SkSecretVersionMetadata.ts +34 -24
- package/src/models/SkShare.ts +145 -0
- package/src/models/SkShareList.ts +73 -0
- package/src/models/Transformation.ts +25 -16
- package/src/models/index.ts +14 -6
- package/src/runtime.ts +219 -108
- package/dist/models/ReqGrantAdminRole.d.ts +0 -33
- package/dist/models/ReqGrantAdminRole.js +0 -43
- package/dist/models/ReqGrantUserRole.d.ts +0 -39
- package/dist/models/ReqGrantUserRole.js +0 -45
- package/dist/models/ReqGrantUserRoleWithPermission.d.ts +0 -45
- package/dist/models/ReqGrantUserRoleWithPermission.js +0 -47
- package/dist/models/ReqRevokeAdminRole.d.ts +0 -33
- package/dist/models/ReqRevokeAdminRole.js +0 -43
- package/dist/models/ReqRevokeUserRole.d.ts +0 -39
- package/dist/models/ReqRevokeUserRole.js +0 -45
- package/dist/models/ReqValidateServicePwd.d.ts +0 -39
- package/dist/models/ReqValidateServicePwd.js +0 -45
- package/src/models/ReqGrantAdminRole.ts +0 -64
- package/src/models/ReqGrantUserRole.ts +0 -72
- package/src/models/ReqGrantUserRoleWithPermission.ts +0 -80
- package/src/models/ReqRevokeAdminRole.ts +0 -64
- package/src/models/ReqRevokeUserRole.ts +0 -72
- package/src/models/ReqValidateServicePwd.ts +0 -72
package/dist/apis/VaultApi.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Tapis Security API
|
|
3
|
-
* The Tapis Security API provides
|
|
3
|
+
* The Tapis Security API provides for management of Security Kernel (SK) role-based authorization and secrets resources.
|
|
4
4
|
*
|
|
5
|
-
* The version of the OpenAPI document:
|
|
5
|
+
* The version of the OpenAPI document: 1.8.2
|
|
6
6
|
* Contact: cicsupport@tacc.utexas.edu
|
|
7
7
|
*
|
|
8
8
|
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
|
|
@@ -10,12 +10,11 @@
|
|
|
10
10
|
* Do not edit the class manually.
|
|
11
11
|
*/
|
|
12
12
|
import * as runtime from '../runtime';
|
|
13
|
-
import {
|
|
13
|
+
import type { ReqValidatePwd, ReqVersions, ReqWriteSecret, RespAuthorized, RespBasic, RespSecret, RespSecretList, RespSecretMeta, RespSecretVersionMetadata, RespVersions } from '../models/index';
|
|
14
14
|
export interface DeleteSecretRequest {
|
|
15
15
|
secretType: string;
|
|
16
16
|
secretName: string;
|
|
17
17
|
reqVersions: ReqVersions;
|
|
18
|
-
pretty?: boolean;
|
|
19
18
|
sysid?: string;
|
|
20
19
|
sysuser?: string;
|
|
21
20
|
keytype?: string;
|
|
@@ -27,7 +26,6 @@ export interface DestroySecretRequest {
|
|
|
27
26
|
secretType: string;
|
|
28
27
|
secretName: string;
|
|
29
28
|
reqVersions: ReqVersions;
|
|
30
|
-
pretty?: boolean;
|
|
31
29
|
sysid?: string;
|
|
32
30
|
sysuser?: string;
|
|
33
31
|
keytype?: string;
|
|
@@ -40,7 +38,6 @@ export interface DestroySecretMetaRequest {
|
|
|
40
38
|
secretName: string;
|
|
41
39
|
tenant?: string;
|
|
42
40
|
user?: string;
|
|
43
|
-
pretty?: boolean;
|
|
44
41
|
sysid?: string;
|
|
45
42
|
sysuser?: string;
|
|
46
43
|
keytype?: string;
|
|
@@ -52,7 +49,6 @@ export interface ListSecretMetaRequest {
|
|
|
52
49
|
secretType: string;
|
|
53
50
|
tenant?: string;
|
|
54
51
|
user?: string;
|
|
55
|
-
pretty?: boolean;
|
|
56
52
|
sysid?: string;
|
|
57
53
|
sysuser?: string;
|
|
58
54
|
keytype?: string;
|
|
@@ -66,7 +62,6 @@ export interface ReadSecretRequest {
|
|
|
66
62
|
tenant?: string;
|
|
67
63
|
user?: string;
|
|
68
64
|
version?: number;
|
|
69
|
-
pretty?: boolean;
|
|
70
65
|
sysid?: string;
|
|
71
66
|
sysuser?: string;
|
|
72
67
|
keytype?: string;
|
|
@@ -79,7 +74,6 @@ export interface ReadSecretMetaRequest {
|
|
|
79
74
|
secretName: string;
|
|
80
75
|
tenant?: string;
|
|
81
76
|
user?: string;
|
|
82
|
-
pretty?: boolean;
|
|
83
77
|
sysid?: string;
|
|
84
78
|
sysuser?: string;
|
|
85
79
|
keytype?: string;
|
|
@@ -91,7 +85,6 @@ export interface UndeleteSecretRequest {
|
|
|
91
85
|
secretType: string;
|
|
92
86
|
secretName: string;
|
|
93
87
|
reqVersions: ReqVersions;
|
|
94
|
-
pretty?: boolean;
|
|
95
88
|
sysid?: string;
|
|
96
89
|
sysuser?: string;
|
|
97
90
|
keytype?: string;
|
|
@@ -101,14 +94,16 @@ export interface UndeleteSecretRequest {
|
|
|
101
94
|
}
|
|
102
95
|
export interface ValidateServicePasswordRequest {
|
|
103
96
|
secretName: string;
|
|
104
|
-
|
|
105
|
-
|
|
97
|
+
reqValidatePwd: ReqValidatePwd;
|
|
98
|
+
}
|
|
99
|
+
export interface ValidateSiteAdminPasswordRequest {
|
|
100
|
+
secretName: string;
|
|
101
|
+
reqValidatePwd: ReqValidatePwd;
|
|
106
102
|
}
|
|
107
103
|
export interface WriteSecretRequest {
|
|
108
104
|
secretType: string;
|
|
109
105
|
secretName: string;
|
|
110
106
|
reqWriteSecret: ReqWriteSecret;
|
|
111
|
-
pretty?: boolean;
|
|
112
107
|
sysid?: string;
|
|
113
108
|
sysuser?: string;
|
|
114
109
|
keytype?: string;
|
|
@@ -121,75 +116,83 @@ export interface WriteSecretRequest {
|
|
|
121
116
|
*/
|
|
122
117
|
export declare class VaultApi extends runtime.BaseAPI {
|
|
123
118
|
/**
|
|
124
|
-
* Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation. The input versions array is interpreted as follows: * [-] - empty = delete all versions * [0] - zero = delete only the latest version * [1, 3, ...] - list = delete the specified versions A valid tenant and user must also be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.
|
|
119
|
+
* Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation. The input versions array is interpreted as follows: * [-] - empty = delete all versions * [0] - zero = delete only the latest version * [1, 3, ...] - list = delete the specified versions A valid tenant and user must also be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
120
|
+
*/
|
|
121
|
+
deleteSecretRaw(requestParameters: DeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespVersions>>;
|
|
122
|
+
/**
|
|
123
|
+
* Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation. The input versions array is interpreted as follows: * [-] - empty = delete all versions * [0] - zero = delete only the latest version * [1, 3, ...] - list = delete the specified versions A valid tenant and user must also be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
124
|
+
*/
|
|
125
|
+
deleteSecret(requestParameters: DeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespVersions>;
|
|
126
|
+
/**
|
|
127
|
+
* Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret. The input versions array is interpreted as follows: * [-] - empty = destroy all versions * [0] - zero = destroy only the latest version * [1, 3, ...] - list = destroy the specified versions A valid tenant and user must be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
125
128
|
*/
|
|
126
|
-
|
|
129
|
+
destroySecretRaw(requestParameters: DestroySecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespVersions>>;
|
|
127
130
|
/**
|
|
128
|
-
*
|
|
131
|
+
* Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret. The input versions array is interpreted as follows: * [-] - empty = destroy all versions * [0] - zero = destroy only the latest version * [1, 3, ...] - list = destroy the specified versions A valid tenant and user must be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
129
132
|
*/
|
|
130
|
-
|
|
133
|
+
destroySecret(requestParameters: DestroySecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespVersions>;
|
|
131
134
|
/**
|
|
132
|
-
*
|
|
135
|
+
* Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
133
136
|
*/
|
|
134
|
-
|
|
137
|
+
destroySecretMetaRaw(requestParameters: DestroySecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespBasic>>;
|
|
135
138
|
/**
|
|
136
|
-
*
|
|
139
|
+
* Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
137
140
|
*/
|
|
138
|
-
|
|
141
|
+
destroySecretMeta(requestParameters: DestroySecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespBasic>;
|
|
139
142
|
/**
|
|
140
|
-
*
|
|
143
|
+
* List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
141
144
|
*/
|
|
142
|
-
|
|
145
|
+
listSecretMetaRaw(requestParameters: ListSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecretList>>;
|
|
143
146
|
/**
|
|
144
|
-
*
|
|
147
|
+
* List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
145
148
|
*/
|
|
146
|
-
|
|
149
|
+
listSecretMeta(requestParameters: ListSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecretList>;
|
|
147
150
|
/**
|
|
148
|
-
*
|
|
151
|
+
* Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read. The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed. The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
149
152
|
*/
|
|
150
|
-
|
|
153
|
+
readSecretRaw(requestParameters: ReadSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecret>>;
|
|
151
154
|
/**
|
|
152
|
-
*
|
|
155
|
+
* Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read. The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed. The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
153
156
|
*/
|
|
154
|
-
|
|
157
|
+
readSecret(requestParameters: ReadSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecret>;
|
|
155
158
|
/**
|
|
156
|
-
*
|
|
159
|
+
* List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
157
160
|
*/
|
|
158
|
-
|
|
161
|
+
readSecretMetaRaw(requestParameters: ReadSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecretVersionMetadata>>;
|
|
159
162
|
/**
|
|
160
|
-
*
|
|
163
|
+
* List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest. A valid tenant and user must be specified as query parameters. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
161
164
|
*/
|
|
162
|
-
|
|
165
|
+
readSecretMeta(requestParameters: ReadSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecretVersionMetadata>;
|
|
163
166
|
/**
|
|
164
|
-
*
|
|
167
|
+
* Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint. The input versions array is interpreted as follows: * [-] - empty = undelete all versions * [0] - zero = undelete only the latest version * [1, 3, ...] - list = undelete the specified versions A valid tenant and user must be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
165
168
|
*/
|
|
166
|
-
|
|
169
|
+
undeleteSecretRaw(requestParameters: UndeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespVersions>>;
|
|
167
170
|
/**
|
|
168
|
-
*
|
|
171
|
+
* Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint. The input versions array is interpreted as follows: * [-] - empty = undelete all versions * [0] - zero = undelete only the latest version * [1, 3, ...] - list = undelete the specified versions A valid tenant and user must be specified in the body. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
|
|
169
172
|
*/
|
|
170
|
-
|
|
173
|
+
undeleteSecret(requestParameters: UndeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespVersions>;
|
|
171
174
|
/**
|
|
172
|
-
*
|
|
175
|
+
* Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifie din the X-Tapis-User header. The secret name is the path under which the password was stored. A valid tenant and user must also be specified in the payload. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. Only services can make this request.
|
|
173
176
|
*/
|
|
174
|
-
|
|
177
|
+
validateServicePasswordRaw(requestParameters: ValidateServicePasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespAuthorized>>;
|
|
175
178
|
/**
|
|
176
|
-
*
|
|
179
|
+
* Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifie din the X-Tapis-User header. The secret name is the path under which the password was stored. A valid tenant and user must also be specified in the payload. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. Only services can make this request.
|
|
177
180
|
*/
|
|
178
|
-
|
|
181
|
+
validateServicePassword(requestParameters: ValidateServicePasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespAuthorized>;
|
|
179
182
|
/**
|
|
180
|
-
* Validate a
|
|
183
|
+
* Validate a Site Admin\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the site admin specified in the X-Tapis-User header. The secret name is the path under which the password was stored. A valid tenant and user must also be specified in the payload. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. Only services can make this request.
|
|
181
184
|
*/
|
|
182
|
-
|
|
185
|
+
validateSiteAdminPasswordRaw(requestParameters: ValidateSiteAdminPasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespAuthorized>>;
|
|
183
186
|
/**
|
|
184
|
-
* Validate a
|
|
187
|
+
* Validate a Site Admin\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the site admin specified in the X-Tapis-User header. The secret name is the path under which the password was stored. A valid tenant and user must also be specified in the payload. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. Only services can make this request.
|
|
185
188
|
*/
|
|
186
|
-
|
|
189
|
+
validateSiteAdminPassword(requestParameters: ValidateSiteAdminPasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespAuthorized>;
|
|
187
190
|
/**
|
|
188
|
-
* Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.
|
|
191
|
+
* Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object. It also contains the required tenant and user fields. The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets. NOTE: The *cas* option is currently ignored but documented here for future reference. The *options* object can contain a *cas* key and with an integer value that represents a secret version. CAS stands for check-and-set and will check an existing secret\'s version before updating. If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service ### Generating Secrets Passwords and public/private key pairs appropriate for Tapis use can be generated as part of this secret write call. To direct SK to create a secret, assign the special value `<generate-secret>` to a key. When SK detects this value, it generates a password or key pair depending on context, and replaces the `<generate-secret>` text with the generated secret. In the case of a key pair, both the public and private keys are saved. Key pairs are always generated for secrets of type JWTSigning, while passwords are generated for all other secret types unless the key is named *privateKey*. To generate a key pair, insert the following key/value pair into the payload\'s data map: key=\"privateKey\", value=\"<generate-secret>\" When the key pair is generated, the above key/value item is replaced by these two key/value pairs: key=\"privateKey\", value=<private key in pem format> key=\"publicKey\", value=<public key in pem format> In non-JWTSigning secret types, passwords are generated whenever the following key/value pair is encountered in the payload\'s data map: key=<name other than privateKey>, value=\"<generate-secret>\" The generated password simply replaces the item\'s value and the key name is left unchanged.
|
|
189
192
|
*/
|
|
190
|
-
writeSecretRaw(requestParameters: WriteSecretRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespSecretMeta>>;
|
|
193
|
+
writeSecretRaw(requestParameters: WriteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecretMeta>>;
|
|
191
194
|
/**
|
|
192
|
-
* Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.
|
|
195
|
+
* Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object. It also contains the required tenant and user fields. The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets. NOTE: The *cas* option is currently ignored but documented here for future reference. The *options* object can contain a *cas* key and with an integer value that represents a secret version. CAS stands for check-and-set and will check an existing secret\'s version before updating. If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter. ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders. A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details. ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted. - **system** - *sysid*: the unique system id - *sysuser*: the accessing user (except when keytype=cert) - keytype: *sshkey* | password | accesskey | token | tmskey | cert - **dbcred** - *dbhost*: the DBMS hostname, IP address or alias - *dbname*: the database name or alias - *dbservice*: service name - **jwtsigning** - *no query parameters* - **user** - *no query parameters* - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced: - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service ### Generating Secrets Passwords and public/private key pairs appropriate for Tapis use can be generated as part of this secret write call. To direct SK to create a secret, assign the special value `<generate-secret>` to a key. When SK detects this value, it generates a password or key pair depending on context, and replaces the `<generate-secret>` text with the generated secret. In the case of a key pair, both the public and private keys are saved. Key pairs are always generated for secrets of type JWTSigning, while passwords are generated for all other secret types unless the key is named *privateKey*. To generate a key pair, insert the following key/value pair into the payload\'s data map: key=\"privateKey\", value=\"<generate-secret>\" When the key pair is generated, the above key/value item is replaced by these two key/value pairs: key=\"privateKey\", value=<private key in pem format> key=\"publicKey\", value=<public key in pem format> In non-JWTSigning secret types, passwords are generated whenever the following key/value pair is encountered in the payload\'s data map: key=<name other than privateKey>, value=\"<generate-secret>\" The generated password simply replaces the item\'s value and the key name is left unchanged.
|
|
193
196
|
*/
|
|
194
|
-
writeSecret(requestParameters: WriteSecretRequest, initOverrides?: RequestInit): Promise<RespSecretMeta>;
|
|
197
|
+
writeSecret(requestParameters: WriteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecretMeta>;
|
|
195
198
|
}
|