Browse code
Add API documentation for plugable secret backends
Documents the API changes introduced in
0304c98d85404fe75a1b4a35d3c111931e062f41 and
08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2017/07/19 19:27:24Showing 3 changed files
| ... | ... |
@@ -2822,6 +2822,27 @@ definitions: |
| 2822 | 2822 |
type: "array" |
| 2823 | 2823 |
items: |
| 2824 | 2824 |
$ref: "#/definitions/Mount" |
| 2825 |
+ |
|
| 2826 |
+ Driver: |
|
| 2827 |
+ description: "Driver represents a driver (network, logging, secrets)." |
|
| 2828 |
+ type: "object" |
|
| 2829 |
+ required: [Name] |
|
| 2830 |
+ properties: |
|
| 2831 |
+ Name: |
|
| 2832 |
+ description: "Name of the driver." |
|
| 2833 |
+ type: "string" |
|
| 2834 |
+ x-nullable: false |
|
| 2835 |
+ example: "some-driver" |
|
| 2836 |
+ Options: |
|
| 2837 |
+ description: "Key/value map of driver-specific options." |
|
| 2838 |
+ type: "object" |
|
| 2839 |
+ x-nullable: false |
|
| 2840 |
+ additionalProperties: |
|
| 2841 |
+ type: "string" |
|
| 2842 |
+ example: |
|
| 2843 |
+ OptionA: "value for driver-specific option A" |
|
| 2844 |
+ OptionB: "value for driver-specific option B" |
|
| 2845 |
+ |
|
| 2825 | 2846 |
SecretSpec: |
| 2826 | 2847 |
type: "object" |
| 2827 | 2848 |
properties: |
| ... | ... |
@@ -2833,24 +2854,38 @@ definitions: |
| 2833 | 2833 |
type: "object" |
| 2834 | 2834 |
additionalProperties: |
| 2835 | 2835 |
type: "string" |
| 2836 |
+ example: |
|
| 2837 |
+ com.example.some-label: "some-value" |
|
| 2838 |
+ com.example.some-other-label: "some-other-value" |
|
| 2836 | 2839 |
Data: |
| 2837 |
- description: "Base64-url-safe-encoded secret data" |
|
| 2838 |
- type: "array" |
|
| 2839 |
- items: |
|
| 2840 |
- type: "string" |
|
| 2840 |
+ description: | |
|
| 2841 |
+ Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2)) |
|
| 2842 |
+ data to store as secret. |
|
| 2843 |
+ |
|
| 2844 |
+ This field is only used to _create_ a secret, and is not returned by |
|
| 2845 |
+ other endpoints. |
|
| 2846 |
+ type: "string" |
|
| 2847 |
+ example: "" |
|
| 2848 |
+ Driver: |
|
| 2849 |
+ description: "Name of the secrets driver used to fetch the secret's value from an external secret store" |
|
| 2850 |
+ $ref: "#/definitions/Driver" |
|
| 2851 |
+ |
|
| 2841 | 2852 |
Secret: |
| 2842 | 2853 |
type: "object" |
| 2843 | 2854 |
properties: |
| 2844 | 2855 |
ID: |
| 2845 | 2856 |
type: "string" |
| 2857 |
+ example: "blt1owaxmitz71s9v5zh81zun" |
|
| 2846 | 2858 |
Version: |
| 2847 | 2859 |
$ref: "#/definitions/ObjectVersion" |
| 2848 | 2860 |
CreatedAt: |
| 2849 | 2861 |
type: "string" |
| 2850 | 2862 |
format: "dateTime" |
| 2863 |
+ example: "2017-07-20T13:55:28.678958722Z" |
|
| 2851 | 2864 |
UpdatedAt: |
| 2852 | 2865 |
type: "string" |
| 2853 | 2866 |
format: "dateTime" |
| 2867 |
+ example: "2017-07-20T13:55:28.678958722Z" |
|
| 2854 | 2868 |
Spec: |
| 2855 | 2869 |
$ref: "#/definitions/SecretSpec" |
| 2856 | 2870 |
ConfigSpec: |
| ... | ... |
@@ -2865,10 +2900,10 @@ definitions: |
| 2865 | 2865 |
additionalProperties: |
| 2866 | 2866 |
type: "string" |
| 2867 | 2867 |
Data: |
| 2868 |
- description: "Base64-url-safe-encoded config data" |
|
| 2869 |
- type: "array" |
|
| 2870 |
- items: |
|
| 2871 |
- type: "string" |
|
| 2868 |
+ description: | |
|
| 2869 |
+ Base64-url-safe-encoded ([RFC 4648](https://tools.ietf.org/html/rfc4648#section-3.2)) |
|
| 2870 |
+ config data. |
|
| 2871 |
+ type: "string" |
|
| 2872 | 2872 |
Config: |
| 2873 | 2873 |
type: "object" |
| 2874 | 2874 |
properties: |
| ... | ... |
@@ -8460,6 +8495,20 @@ paths: |
| 8460 | 8460 |
items: |
| 8461 | 8461 |
$ref: "#/definitions/Secret" |
| 8462 | 8462 |
example: |
| 8463 |
+ - ID: "blt1owaxmitz71s9v5zh81zun" |
|
| 8464 |
+ Version: |
|
| 8465 |
+ Index: 85 |
|
| 8466 |
+ CreatedAt: "2017-07-20T13:55:28.678958722Z" |
|
| 8467 |
+ UpdatedAt: "2017-07-20T13:55:28.678958722Z" |
|
| 8468 |
+ Spec: |
|
| 8469 |
+ Name: "mysql-passwd" |
|
| 8470 |
+ Labels: |
|
| 8471 |
+ some.label: "some.value" |
|
| 8472 |
+ Driver: |
|
| 8473 |
+ Name: "secret-bucket" |
|
| 8474 |
+ Options: |
|
| 8475 |
+ OptionA: "value for driver option A" |
|
| 8476 |
+ OptionB: "value for driver option B" |
|
| 8463 | 8477 |
- ID: "ktnbjxoalbkvbvedmg1urrz8h" |
| 8464 | 8478 |
Version: |
| 8465 | 8479 |
Index: 11 |
| ... | ... |
@@ -8467,6 +8516,8 @@ paths: |
| 8467 | 8467 |
UpdatedAt: "2016-11-05T01:20:17.327670065Z" |
| 8468 | 8468 |
Spec: |
| 8469 | 8469 |
Name: "app-dev.crt" |
| 8470 |
+ Labels: |
|
| 8471 |
+ foo: "bar" |
|
| 8470 | 8472 |
500: |
| 8471 | 8473 |
description: "server error" |
| 8472 | 8474 |
schema: |
| ... | ... |
@@ -8530,6 +8581,11 @@ paths: |
| 8530 | 8530 |
Labels: |
| 8531 | 8531 |
foo: "bar" |
| 8532 | 8532 |
Data: "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg==" |
| 8533 |
+ Driver: |
|
| 8534 |
+ Name: "secret-bucket" |
|
| 8535 |
+ Options: |
|
| 8536 |
+ OptionA: "value for driver option A" |
|
| 8537 |
+ OptionB: "value for driver option B" |
|
| 8533 | 8538 |
tags: ["Secret"] |
| 8534 | 8539 |
/secrets/{id}:
|
| 8535 | 8540 |
get: |
| ... | ... |
@@ -8551,6 +8607,14 @@ paths: |
| 8551 | 8551 |
UpdatedAt: "2016-11-05T01:20:17.327670065Z" |
| 8552 | 8552 |
Spec: |
| 8553 | 8553 |
Name: "app-dev.crt" |
| 8554 |
+ Labels: |
|
| 8555 |
+ foo: "bar" |
|
| 8556 |
+ Driver: |
|
| 8557 |
+ Name: "secret-bucket" |
|
| 8558 |
+ Options: |
|
| 8559 |
+ OptionA: "value for driver option A" |
|
| 8560 |
+ OptionB: "value for driver option B" |
|
| 8561 |
+ |
|
| 8554 | 8562 |
404: |
| 8555 | 8563 |
description: "secret not found" |
| 8556 | 8564 |
schema: |
| ... | ... |
@@ -20,7 +20,7 @@ type Annotations struct {
|
| 20 | 20 |
Labels map[string]string `json:"Labels"` |
| 21 | 21 |
} |
| 22 | 22 |
|
| 23 |
-// Driver represents a driver (network, logging). |
|
| 23 |
+// Driver represents a driver (network, logging, secrets backend). |
|
| 24 | 24 |
type Driver struct {
|
| 25 | 25 |
Name string `json:",omitempty"` |
| 26 | 26 |
Options map[string]string `json:",omitempty"` |
| ... | ... |
@@ -19,6 +19,14 @@ keywords: "API, Docker, rcli, REST, documentation" |
| 19 | 19 |
|
| 20 | 20 |
* `DELETE /secrets/(name)` now returns status code 404 instead of 500 when the secret does not exist. |
| 21 | 21 |
* `POST /secrets/create` now returns status code 409 instead of 500 when creating an already existing secret. |
| 22 |
+* `POST /secrets/create` now accepts a `Driver` struct, allowing the |
|
| 23 |
+ `Name` and driver-specific `Options` to be passed to store a secrets |
|
| 24 |
+ in an external secrets store. The `Driver` property can be omitted |
|
| 25 |
+ if the default (internal) secrets store is used. |
|
| 26 |
+* `GET /secrets/(id)` and `GET /secrets` now return a `Driver` struct, |
|
| 27 |
+ containing the `Name` and driver-specific `Options` of the external |
|
| 28 |
+ secrets store used to store the secret. The `Driver` property is |
|
| 29 |
+ omitted if no external store is used. |
|
| 22 | 30 |
* `POST /secrets/(name)/update` now returns status code 400 instead of 500 when updating a secret's content which is not the labels. |
| 23 | 31 |
* `POST /nodes/(name)/update` now returns status code 400 instead of 500 when demoting last node fails. |
| 24 | 32 |
* `GET /networks/(id or name)` now takes an optional query parameter `scope` that will filter the network based on the scope (`local`, `swarm`, or `global`). |