99 lines
4.7 KiB
XML
99 lines
4.7 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
|
elementFormDefault="qualified"
|
|
attributeFormDefault="unqualified">
|
|
|
|
<xs:include schemaLocation="./net.xsd"/>
|
|
<xs:include schemaLocation="./std.xsd"/>
|
|
<xs:include schemaLocation="./unix.xsd"/>
|
|
|
|
<xs:complexType name="t_vaultpass_auth">
|
|
<xs:choice minOccurs="1" maxOccurs="1">
|
|
<xs:element name="appRole">
|
|
<xs:complexType>
|
|
<xs:all>
|
|
<xs:element name="role" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element name="secret" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
</xs:all>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<!-- We don't support Boto3 because it requires an external session object. -->
|
|
<!-- We won't support EC2 Metadata auth unless requested because it's HELL complex. -->
|
|
<!-- TODO -->
|
|
<!--
|
|
<xs:element name="aws">
|
|
<xs:complexType>
|
|
<xs:choice minOccurs="1" maxOccurs="1">
|
|
<xs:element name="iam">
|
|
<xs:complexType>
|
|
<xs:choice minOccurs="1" maxOccurs="1">
|
|
<xs:element name="iamKey">
|
|
<xs:complexType>
|
|
<xs:all>
|
|
<xs:element name="keyID" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element name="key" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element name="sessionToken" type="xs:token" minOccurs="0"
|
|
maxOccurs="1"/>
|
|
</xs:all>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="iamMetadata">
|
|
<xs:complexType>
|
|
<xs:all>
|
|
<xs:element name="urlBase" type="t_net_http_basic_uri" minOccurs="1"
|
|
maxOccurs="1"/>
|
|
<xs:element name="role" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
</xs:all>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
-->
|
|
<!-- TODO: if popularly requested.
|
|
They're pretty complex/messy and/or require extra configuration in Vault. -->
|
|
<!--
|
|
<xs:element name="azure"/>
|
|
<xs:element name="gcp"/>
|
|
<xs:element name="github"/>
|
|
<xs:element name="kubernetes"/>
|
|
-->
|
|
<!-- Requires extra configuration but it's probably pretty common, so I'll enable it. -->
|
|
<xs:element name="ldap">
|
|
<xs:complexType>
|
|
<xs:all>
|
|
<xs:element name="username" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element name="password" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element name="mountPoint" type="xs:token" minOccurs="0" maxOccurs="1" default="ldap"/>
|
|
</xs:all>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<!-- No longer supported upstream by HashiCorp. -->
|
|
<!--
|
|
<xs:element name="mfa"/>
|
|
-->
|
|
<!-- TODO: if popularly requested. -->
|
|
<!--
|
|
<xs:element name="okta"/>
|
|
-->
|
|
<xs:element name="token">
|
|
<xs:complexType>
|
|
<xs:simpleContent>
|
|
<xs:extension base="xs:token">
|
|
<xs:attribute name="source" type="t_vaultpass_tokensource" use="optional"/>
|
|
</xs:extension>
|
|
</xs:simpleContent>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="t_vaultpass_tokensource">
|
|
<xs:union memberTypes="t_std_envvar t_unix_filepath xs:token"/>
|
|
</xs:simpleType>
|
|
|
|
</xs:schema>
|