Skip to content

Minor clarifications on token docs #8725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 13, 2020
Merged

Minor clarifications on token docs #8725

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion command/token_create.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ func (c *TokenCreateCommand) Flags() *FlagSets {
Default: false,
Usage: "Create the token with no parent. This prevents the token from " +
"being revoked when the token which created it expires. Setting this " +
"value requires sudo permissions.",
"value requires root or sudo permissions.",
})

f.BoolVar(&BoolVar{
Expand Down
6 changes: 3 additions & 3 deletions website/pages/api-docs/auth/token/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,8 @@ during this call.
If not specified, defaults to all the policies of the calling token.
- `meta` `(map: {})` – A map of string to string valued metadata. This is
passed through to the audit devices.
- `no_parent` `(bool: false)` - If true and set by a root caller, the token will
not have the parent token of the caller. This creates a token with no parent.
- `no_parent` `(bool: false)` - This argument only has effect if used by a root
or sudo caller. When set to true, the token created will not have a parent.
- `no_default_policy` `(bool: false)` - If true the `default` policy will not be
contained in this token's policy set.
- `renewable` `(bool: true)` - Set to `false` to disable the ability of the token
Expand All @@ -99,7 +99,7 @@ during this call.
limit to the number of uses.
- `period` `(string: "")` - If specified, the token will be periodic; it will have
no maximum TTL (unless an "explicit-max-ttl" is also set) but every renewal
will use the given period. Requires a root/sudo token to use.
will use the given period. Requires a root token or one with the sudo capability.
- `entity_alias` `(string: "")` - Name of the entity alias to associate with
during token creation. Only works in combination with `role_name` argument
and used entity alias must be listed in `allowed_entity_aliases`. If this has
Expand Down
6 changes: 3 additions & 3 deletions website/pages/docs/concepts/tokens.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,9 +91,9 @@ Often this behavior is not desired, so users with appropriate access can create
`orphan` tokens. These tokens have no parent -- they are the root of their own
token tree. These orphan tokens can be created:

1. Via the `auth/token/create-orphan` endpoint
2. By having `sudo` capability or `root` policy when accessing
`auth/token/create` and setting the `orphan` parameter to `true`
1. Via `write` access to the `auth/token/create-orphan` endpoint
2. By having `sudo` or `root` access to the `auth/token/create`
and setting the `no_parent` parameter to `true`
3. Via token store roles
4. By logging in with any other (non-`token`) auth method

Expand Down