You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/sandboxes/providers-v2.mdx
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,7 +67,7 @@ The following Providers v2 design items are not part of the current behavior:
67
67
68
68
| Roadmap item | Current behavior |
69
69
|---|---|
70
-
| Profile-driven explicit credential injection | Profile `auth_style`, `header_name`, and `query_param` fields are stored and validated, but runtime injection still depends on environment placeholders generated from provider credentials. |
70
+
| Profile-driven explicit credential injection | Profile `auth_style`, `header_name`, `query_param`, and `path_template` fields are stored and validated, but runtime injection still depends on environment placeholders generated from provider credentials. |
71
71
| Endpoint and binary scoped credential injection | Provider profile endpoints and binaries affect policy composition. They do not yet restrict which outbound requests can receive credential injection. |
72
72
| Credential verification on create |`openshell provider create` does not yet probe provider verification endpoints or expose `--no-verify`. |
73
73
| Automatic credential scope extraction | OpenShell does not yet inspect upstream provider responses to discover credential scopes. |
# These fields describe the intended credential placement.
163
163
# Runtime injection still uses env placeholder resolution today.
164
164
auth_style: bearer
165
165
header_name: authorization
166
166
query_param: api_key
167
+
path_template: /v1/{credential}/resources
167
168
168
169
refresh:
169
170
# Accepted values:
@@ -239,7 +240,7 @@ binaries:
239
240
240
241
`category`groups profiles in `openshell provider list-profiles`. Use one of the values in the category enum.
241
242
242
-
`credentials`declares the credential names, environment variables, auth metadata, and optional refresh metadata for the provider type. The current runtime still exposes configured credential keys as placeholder environment variables and resolves placeholders in outbound HTTP requests.
243
+
`credentials`declares the credential names, environment variables, auth metadata, and optional refresh metadata for the provider type. The `auth_style` field accepts `basic`, `bearer`, `header`, `query`, or `path`. When `auth_style` is `path`, set `path_template` to a URL path containing the `{credential}` placeholder exactly once (for example, `/v1/{credential}/resources`). The current runtime still exposes configured credential keys as placeholder environment variables and resolves placeholders in outbound HTTP requests.
243
244
244
245
`discovery`controls what `--from-existing` scans when
245
246
`providers_v2_enabled=true`. Each entry in `discovery.credentials` must name a
0 commit comments