Token backend documentation inconsistencies

[jefferai]

I noticed a few inconsistencies today with the Token auth backend:

1. The docs specify no_parent to create an orphan token, but the help text from the token-create command says that this command is called orphan.

2. The docs say that if lease is not specified, "the token is valid indefinitely." But this isn't true; it's valid for Vault's hard-coded limit of 30 days. Someone that doesn't carefully look at the returned token_duration and only uses the documentation may get a rude awakening a month down the line.

3. The docs for auth/token/create indicate that to add metadata to a token you use metadata, but when doing this via the Go API it doesn't work; I need to use meta. However, from the command line client, metadata does work, because it's not converting from JSON like the API.

[sethvargo]

Hey @jefferai

I think the command is functioning as intended and this is actually a docs bug. What do you think?

[jefferai]

@sethvargo I think these are both documentation bugs, although I haven't checked orphan (it accepts the flag without choking but that doesn't mean it's valid).

[jefferai]

Please note problem number 3 that I just added to the original comment above.

[armon]

@jefferai Thanks for catching these! The first one is not a "bug" per-se, the CLI tool just is mapping the -orphan flag to the no_parent option. The API is no_parent however.