-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added documentation for Introspection API #17753
Conversation
@@ -0,0 +1,17 @@ | |||
--- | |||
layout: api | |||
page_title: /sys/internal/inspect - HTTP API |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The RFC mentions that because this would expose information at a similar sensitivity to sys/raw
, there would be more required to enable the endpoint. We should document somewhere how to enable and disable the feature. sys/raw
config is documented here https://developer.hashicorp.com/vault/docs/configuration#parameters and the API docs (https://developer.hashicorp.com/vault/api-docs/system/raw) link to that page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes - added this as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the link, but I think we also should document what they need to change in the configuration to enable this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Spoke to Josh about this - it seems that sys/raw is off by default because it's a dangerous endpoint that if used incorrectly has the capacity to change storage.
Since this endpoint is a read only endpoint, we think it's probably not necessary to have it off by default.
The way it's currently implemented also configured this way.
I removed this portion form the docs.
|
||
## Supported Inspection Paths | ||
|
||
- [Router](/api-docs/system/internal/inspect/router) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the vercel preview, this link is broken - I think because the path
in the api-docs-nav json doesn't have the internal
part of the link. Edit (sorry missed this on the first pass)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed this in the current commit
--- | ||
|
||
# `/sys/internal/inspect/router` | ||
The `/sys/internal/inspect/router` is intended for Vault admin to inspect a specific internal subsystem for debugging purposes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The `/sys/internal/inspect/router` is intended for Vault admin to inspect a specific internal subsystem for debugging purposes. | |
The `/sys/internal/inspect/router` is intended for a Vault admin to inspect a specific internal subsystem of the router for debugging purposes. |
|
||
# `/sys/internal/inspect/router` | ||
The `/sys/internal/inspect/router` is intended for Vault admin to inspect a specific internal subsystem for debugging purposes. | ||
This token can be accessed with a root token or sudo privileges. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This token can be accessed with a root token or sudo privileges. | |
This endpoint can be accessed with a root token or sudo privileges. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Just a few minor nits.
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
No description provided.