Cleanup docs/paramters

hashicorp · Jul 20, 2023 · b43a008 · b43a008
1 parent 4378f4e
commit b43a008
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 9 deletions.
diff --git a/benchmarktests/target_auth_aws.go b/benchmarktests/target_auth_aws.go
@@ -62,7 +62,7 @@ type AWSAuthConfig struct {
 }
 
 type AWSTestUserConfig struct {
-	Role                       string `hcl:"role,optional"`
+	Role                       string `hcl:"role"`
 	AuthType                   string `hcl:"auth_type,optional"`
 	BoundAMIID                 string `hcl:"bound_ami_id,optional"`
 	BoundAccountID             string `hcl:"bound_account_id,optional"`
@@ -195,8 +195,6 @@ func (a *AWSAuth) Setup(client *api.Client, randomMountName bool, mountName stri
 	// Create AWS Test Role
 	setupLogger.Trace(writingLogMessage("aws auth user config"))
 	_, err = client.Logical().Write("auth/"+authPath+"/role/"+a.config.AWSTestUserConfig.Role, awsAuthUser)
-	// print out what we are writing
-	fmt.Print("auth/"+authPath+"/role/"+a.role, awsAuthUser)
 	if err != nil {
 		return nil, fmt.Errorf("error writing aws auth user: %v", err)
 	}

diff --git a/benchmarktests/target_secret_aws.go b/benchmarktests/target_secret_aws.go
@@ -48,8 +48,8 @@ type AWSSecretTestConfig struct {
 
 type AWSConnectionConfig struct {
 	MaxRetries       int    `hcl:"max_retries,optional"`
-	AccessKey        string `hcl:"access_key"`
-	SecretKey        string `hcl:"secret_key"`
+	AccessKey        string `hcl:"access_key,optional"`
+	SecretKey        string `hcl:"secret_key,optional"`
 	Region           string `hcl:"region,optional"`
 	IAMEndpoint      string `hcl:"iam_endpoint,optional"`
 	STSEndpoint      string `hcl:"sts_endpoint,optional"`

diff --git a/docs/tests/auth-aws.md b/docs/tests/auth-aws.md
@@ -7,8 +7,8 @@ This benchmark tests the performance of logins using the aws auth method.
 ### AWS Authentication Configuration (`auth`)`
 
 - `max_retries` `(int: -1)` - Number of max retries the client should use for recoverable errors. The default (`-1`) falls back to the AWS SDK's default behavior.
-- `access_key` `(string: "")` - AWS Access key with permissions to query AWS APIs. The permissions required depend on the specific configurations. If using the `iam` auth method without inferencing, then no credentials are necessary. If using the `ec2` auth method or using the `iam` auth method with inferencing, then these credentials need access to `ec2:DescribeInstances`. If additionally a `bound_iam_role` is specified, then these credentials also need access to `iam:GetInstanceProfile`. If, however, an alternate sts configuration is set for the target account, then the credentials must be permissioned to call `sts:AssumeRole` on the configured role, and that role must have the permissions described here.
-- `secret_key` `(string: "")` - AWS Secret key with permissions to query AWS APIs.
+- `access_key` `(string: "")` - AWS Access key with permissions to query AWS APIs. The permissions required depend on the specific configurations. If using the `iam` auth method without inferencing, then no credentials are necessary. If using the `ec2` auth method or using the `iam` auth method with inferencing, then these credentials need access to `ec2:DescribeInstances`. If additionally a `bound_iam_role` is specified, then these credentials also need access to `iam:GetInstanceProfile`. If, however, an alternate sts configuration is set for the target account, then the credentials must be permissioned to call `sts:AssumeRole` on the configured role, and that role must have the permissions described here.  This can also be provided via the `VAULT_BENCHMARK_AWS_ACCESS_KEY` environment variable.
+- `secret_key` `(string: "")` - AWS Secret key with permissions to query AWS APIs.  This can also be provided via the `VAULT_BENCHMARK_AWS_SECRET_KEY` environment variable.
 - `endpoint` `(string: "")` - URL to override the default generated endpoint for making AWS EC2 API calls.
 - `iam_endpoint` `(string: "")` - URL to override the default generated endpoint for making AWS IAM API calls.
 - `sts_endpoint` `(string: "")` - URL to override the default generated endpoint for making AWS STS API calls. If set, `sts_region` should also be set.

diff --git a/docs/tests/secret-aws.md b/docs/tests/secret-aws.md
@@ -36,9 +36,9 @@ This benchmark will test the dynamic generation of AWS credentials.
 
 ### Role Config `role`
 
-- `name` `(string: <required>)` – Specifies the name of the role to create. This
+- `name` `(string: "benchmark-role")` – Specifies the name of the role to create. This
   is part of the request URL.
-- `credential_type` `(string: <required>)` – Specifies the type of credential to be used when
+- `credential_type` `(string: "iam_user")` – Specifies the type of credential to be used when
   retrieving credentials from the role. Must be one of `iam_user`,
   `assumed_role`, or `federation_token`.
 - `role_arns` `(list: [])` – Specifies the ARNs of the AWS roles this Vault role