better auth handling for VaultPass
This commit is contained in:
parent
9bfbba30df
commit
6639053208
17
schema/lib/elements/vaultpass.xsd
Normal file
17
schema/lib/elements/vaultpass.xsd
Normal file
@ -0,0 +1,17 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="qualified"
|
||||
attributeFormDefault="unqualified">
|
||||
|
||||
<xs:include schemaLocation="../types/vaultpass.xsd"/>
|
||||
|
||||
<xs:element name="t_vaultpass_authselect" abstract="true"/>
|
||||
<xs:element name="t_vaultpass_unsealselect" abstract="true"/>
|
||||
|
||||
<xs:element name="auth" substitutionGroup="t_vaultpass_authselect" type="t_vaultpass_auth_plain"/>
|
||||
<xs:element name="authGpg" substitutionGroup="t_vaultpass_authselect" type="t_vaultpass_star_gpg"/>
|
||||
|
||||
<xs:element name="unseal" substitutionGroup="t_vaultpass_unsealselect" type="t_std_base64"/>
|
||||
<xs:element name="unsealGpg" substitutionGroup="t_vaultpass_unsealselect" type="t_vaultpass_star_gpg"/>
|
||||
|
||||
</xs:schema>
|
@ -3,11 +3,21 @@
|
||||
elementFormDefault="qualified"
|
||||
attributeFormDefault="unqualified">
|
||||
|
||||
<xs:include schemaLocation="./gpg.xsd"/>
|
||||
<xs:include schemaLocation="./net.xsd"/>
|
||||
<xs:include schemaLocation="./std.xsd"/>
|
||||
<xs:include schemaLocation="./unix.xsd"/>
|
||||
|
||||
<xs:complexType name="t_vaultpass_auth">
|
||||
<xs:complexType name="t_vaultpass_star_gpg">
|
||||
<xs:simpleContent>
|
||||
<xs:extension base="t_unix_filepath">
|
||||
<xs:attribute name="keyFPR" type="t_gpg_key_id" use="optional"/>
|
||||
<xs:attribute name="gpgHome" type="t_unix_filepath" use="optional"/>
|
||||
</xs:extension>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="t_vaultpass_auth_plain">
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="appRole">
|
||||
<xs:complexType>
|
||||
@ -88,11 +98,20 @@
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="userpass">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="username" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="password" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="mountPoint" type="xs:token" minOccurs="0" maxOccurs="1" default="userpass"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_vaultpass_tokensource">
|
||||
<xs:union memberTypes="t_std_envvar t_unix_filepath xs:token"/>
|
||||
<xs:union memberTypes="t_std_envvar t_unix_filepath"/>
|
||||
</xs:simpleType>
|
||||
|
||||
</xs:schema>
|
||||
|
@ -7,16 +7,24 @@
|
||||
attributeFormDefault="unqualified">
|
||||
|
||||
<xs:include schemaLocation="../lib/types/vaultpass.xsd"/>
|
||||
<xs:include schemaLocation="../lib/elements/vaultpass.xsd"/>
|
||||
|
||||
<!-- ROOT -->
|
||||
<xs:element name="vaultpass">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="uri" type="t_std_uri" minOccurs="0" maxOccurs="1" default="http://localhost:8000/"/>
|
||||
<xs:element name="auth" type="t_vaultpass_auth" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="server" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="uri" type="t_std_uri" minOccurs="0" maxOccurs="1"
|
||||
default="http://localhost:8000/"/>
|
||||
<xs:element name="unseal" minOccurs="0" maxOccurs="1" type="t_std_base64"/>
|
||||
</xs:all>
|
||||
<xs:attribute name="autoUnseal" type="xs:boolean" use="optional" default="false"/>
|
||||
<xs:attribute name="unsealShard" type="t_std_base64" use="optional"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element ref="t_vaultpass_authselect" minOccurs="1" maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
|
||||
</xs:schema>
|
||||
|
Loading…
Reference in New Issue
Block a user