some basics for VaultPass
This commit is contained in:
@@ -10,7 +10,7 @@
|
||||
<xs:include schemaLocation="./unix.xsd"/>
|
||||
<xs:include schemaLocation="../elements/linux.xsd"/>
|
||||
|
||||
<xs:simpleType name="t_aif_auto_ip6">
|
||||
<xs:simpleType name="t_aif_auto_ip6">
|
||||
<xs:union memberTypes="t_net_auto_ip6">
|
||||
<xs:simpleType>
|
||||
<xs:restriction base="xs:string">
|
||||
|
||||
@@ -89,6 +89,15 @@
|
||||
</xs:extension>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="t_net_http_basic_uri">
|
||||
<xs:simpleContent>
|
||||
<xs:restriction base="xs:anyURI">
|
||||
<xs:pattern value="https?://.+/?"/>
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_net_mac_addr">
|
||||
<xs:restriction base="xs:token">
|
||||
|
||||
@@ -9,6 +9,14 @@
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:complexType name="t_std_base64">
|
||||
<xs:simpleContent>
|
||||
<xs:restriction base="xs:token">
|
||||
<xs:pattern value="[A-Za-z0-9+/=]+"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="t_std_cmdopts">
|
||||
<xs:simpleContent>
|
||||
@@ -18,6 +26,13 @@
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_std_envvar">
|
||||
<xs:restriction base="xs:token">
|
||||
<xs:pattern value="env:[A-Za-z_]+[A-Za-z0-9_]*"/>
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
<xs:simpleType name="t_std_epoch_or_iso">
|
||||
<!-- positiveInteger is used for UNIX Epoch. -->
|
||||
<xs:union memberTypes="xs:dateTime xs:positiveInteger"/>
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
<xs:simpleType name="t_unix_filepath">
|
||||
<xs:restriction base="xs:string">
|
||||
<xs:pattern value="\s*(/[^/]+)+/?\s*"/>
|
||||
<xs:pattern value="\s*(~?/[^/]+)+/?\s*"/>
|
||||
<xs:whiteSpace value="collapse"/>
|
||||
</xs:restriction>
|
||||
</xs:simpleType>
|
||||
|
||||
94
schema/lib/types/vaultpass.xsd
Normal file
94
schema/lib/types/vaultpass.xsd
Normal file
@@ -0,0 +1,94 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="qualified"
|
||||
attributeFormDefault="unqualified">
|
||||
|
||||
<xs:include schemaLocation="./net.xsd"/>
|
||||
<xs:include schemaLocation="./std.xsd"/>
|
||||
<xs:include schemaLocation="./unix.xsd"/>
|
||||
|
||||
<xs:complexType name="t_vaultpass_auth">
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="appRole">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="role" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="secret" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<!-- We don't support Boto3 because it requires an external session object. -->
|
||||
<!-- We won't support EC2 Metadata auth unless requested because it's HELL complex. -->
|
||||
<!-- TODO -->
|
||||
<!--
|
||||
<xs:element name="aws">
|
||||
<xs:complexType>
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="iam">
|
||||
<xs:complexType>
|
||||
<xs:choice minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="iamKey">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="keyID" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="key" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="sessionToken" type="xs:token" minOccurs="0"
|
||||
maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="iamMetadata">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="urlBase" type="t_net_http_basic_uri" minOccurs="1"
|
||||
maxOccurs="1"/>
|
||||
<xs:element name="role" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
-->
|
||||
<!-- TODO: if popularly requested.
|
||||
They're pretty complex/messy and/or require extra configuration in Vault. -->
|
||||
<!--
|
||||
<xs:element name="azure"/>
|
||||
<xs:element name="gcp"/>
|
||||
<xs:element name="github"/>
|
||||
<xs:element name="kubernetes"/>
|
||||
-->
|
||||
<!-- Requires extra configuration but it's probably pretty common, so I'll enable it. -->
|
||||
<xs:element name="ldap">
|
||||
<xs:complexType>
|
||||
<xs:all>
|
||||
<xs:element name="username" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="password" type="xs:token" minOccurs="1" maxOccurs="1"/>
|
||||
<xs:element name="mountPoint" type="xs:token" minOccurs="0" maxOccurs="1" default="ldap"/>
|
||||
</xs:all>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<!-- No longer supported upstream by HashiCorp. -->
|
||||
<!--
|
||||
<xs:element name="mfa"/>
|
||||
-->
|
||||
<!-- TODO: if popularly requested. -->
|
||||
<!--
|
||||
<xs:element name="okta"/>
|
||||
-->
|
||||
<xs:element name="token">
|
||||
<xs:complexType>
|
||||
<xs:attribute name="source" type="t_vaultpass_tokensource" use="optional"/>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:simpleType name="t_vaultpass_tokensource">
|
||||
<xs:union memberTypes="t_std_envvar t_unix_filepath xs:token"/>
|
||||
</xs:simpleType>
|
||||
|
||||
</xs:schema>
|
||||
Reference in New Issue
Block a user