hashicorp · briankassouf · May 12, 2017 · May 11, 2017
diff --git a/builtin/logical/database/path_roles.go b/builtin/logical/database/path_roles.go
@@ -36,31 +36,30 @@ func pathRoles(b *databaseBackend) *framework.Path {
 			},
 			"creation_statements": {
 				Type: framework.TypeString,
-				Description: `Statements to be executed to create a user. Must be a semicolon-separated
-							string, a base64-encoded semicolon-separated string, a serialized JSON string
-							array, or a base64-encoded serialized JSON string array. The '{{name}}', 
-							'{{password}}', and '{{expiration}}' values will be substituted.`,
+				Description: `Specifies the database statements executed to
+				create and configure a user. See the plugin's API page for more
+				information on support and formatting for this parameter.`,
 			},
 			"revocation_statements": {
 				Type: framework.TypeString,
-				Description: `Statements to be executed to revoke a user. Must be a semicolon-separated
-							string, a base64-encoded semicolon-separated string, a serialized JSON string
-							array, or a base64-encoded serialized JSON string array. The '{{name}}' value
-							will be substituted.`,
+				Description: `Specifies the database statements to be executed
+				to revoke a user. See the plugin's API page for more information
+				on support and formatting for this parameter.`,
 			},
 			"renew_statements": {
 				Type: framework.TypeString,
-				Description: `Statements to be executed to renew a user. Must be a semicolon-separated
-							string, a base64-encoded semicolon-separated string, a serialized JSON string
-							array, or a base64-encoded serialized JSON string array. The '{{name}}' value
-							will be substituted.`,
+				Description: `Specifies the database statements to be executed
+				to renew a user. Not every plugin type will support this
+				functionality. See the plugin's API page for more information on
+				support and formatting for this parameter. `,
 			},
 			"rollback_statements": {
 				Type: framework.TypeString,
-				Description: `Statements to be executed to revoke a user. Must be a semicolon-separated
-							string, a base64-encoded semicolon-separated string, a serialized JSON string
-							array, or a base64-encoded serialized JSON string array. The '{{name}}' value
-							will be substituted.`,
+				Description: `Specifies the database statements to be executed
+				rollback a create operation in the event of an error. Not every
+				plugin type will support this functionality. See the plugin's
+				API page for more information on support and formatting for this
+				parameter.`,
 			},
 
 			"default_ttl": {

diff --git a/website/source/api/secret/databases/cassandra.html.md b/website/source/api/secret/databases/cassandra.html.md
@@ -94,3 +94,36 @@ $ curl \
     --data @payload.json \
     https://vault.rocks/v1/cassandra/config/connection
 ```
+
+## Statements
+
+Statements are configured during role creation and are used by the plugin to
+determine what is sent to the datatabse on user creation, renewing, and
+revocation. For more information on configuring roles see the [Role
+API](/api/secret/databases/index.html#create-role) in the Database Backend docs.
+
+### Parameters
+
+The following are the statements used by this plugin. If not mentioned in this
+list the plugin does not support that statement type.
+
+- `creation_statements` `(string: "")` – Specifies the database
+  statements executed to create and configure a user. Must be a
+  semicolon-separated string, a base64-encoded semicolon-separated string, a
+  serialized JSON string array, or a base64-encoded serialized JSON string
+  array. The '{{name}}' and '{{password}}' values will be substituted. If not
+  provided, defaults to a generic create user statements that creates a
+  non-superuser.
+
+- `revocation_statements` `(string: "")` – Specifies the database statements to
+  be executed to revoke a user. Must be a semicolon-separated string, a
+  base64-encoded semicolon-separated string, a serialized JSON string array, or
+  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  substituted. If not provided defaults to a generic drop user statement.
+
+- `rollback_statements` `(string: "")` – Specifies the database statements to be
+  executed to rollback a create operation in the event of an error. Must be a
+  semicolon-separated string, a base64-encoded semicolon-separated string, a
+  serialized JSON string array, or a base64-encoded serialized JSON string
+  array. The '{{name}}' value will be substituted. If not provided, defaults to
+  a generic drop user statement 
diff --git a/website/source/api/secret/databases/index.html.md b/website/source/api/secret/databases/index.html.md
@@ -171,31 +171,23 @@ This endpoint creates or updates a role definition.
   number of seconds. Defaults to system/backend default TTL time.
 
 - `creation_statements` `(string: <required>)` – Specifies the database
-  statements executed to create and configure a user. Must be a
-  semicolon-separated string, a base64-encoded semicolon-separated string, a
-  serialized JSON string array, or a base64-encoded serialized JSON string
-  array. The '{{name}}', '{{password}}' and '{{expiration}}' values will be
-  substituted.
+  statements executed to create and configure a user. See the plugin's API page
+  for more information on support and formatting for this parameter. 
 
 - `revocation_statements` `(string: "")` – Specifies the database statements to
-  be executed to revoke a user. Must be a semicolon-separated string, a
-  base64-encoded semicolon-separated string, a serialized JSON string array, or
-  a base64-encoded serialized JSON string array. The '{{name}}' value will be
-  substituted.
+  be executed to revoke a user. See the plugin's API page for more information
+  on support and formatting for this parameter. 
 
 - `rollback_statements` `(string: "")` – Specifies the database statements to be
   executed rollback a create operation in the event of an error. Not every
-  plugin type will support this functionality. Must be a semicolon-separated
-  string, a base64-encoded semicolon-separated string, a serialized JSON string
-  array, or a base64-encoded serialized JSON string array. The '{{name}}' value
-  will be substituted.
+  plugin type will support this functionality. See the plugin's API page for
+  more information on support and formatting for this parameter. 
 
 - `renew_statements` `(string: "")` – Specifies the database statements to be
   executed to renew a user. Not every plugin type will support this
-  functionality. Must be a semicolon-separated string, a base64-encoded
-  semicolon-separated string, a serialized JSON string array, or a
-  base64-encoded serialized JSON string array. The '{{name}}' and
-  '{{expiration}}` values will be substituted.
+  functionality. See the plugin's API page for more information on support and
+  formatting for this parameter. 
+
 
 
 ### Sample Payload

diff --git a/website/source/api/secret/databases/mssql.html.md b/website/source/api/secret/databases/mssql.html.md
@@ -58,3 +58,26 @@ $ curl \
     https://vault.rocks/v1/database/config/mssql
 ```
 
+## Statements
+
+Statements are configured during role creation and are used by the plugin to
+determine what is sent to the datatabse on user creation, renewing, and
+revocation. For more information on configuring roles see the [Role
+API](/api/secret/databases/index.html#create-role) in the Database Backend docs.
+
+### Parameters
+
+The following are the statements used by this plugin. If not mentioned in this
+list the plugin does not support that statement type.
+
+- `creation_statements` `(string: <required>)` – Specifies the database
+  statements executed to create and configure a user. Must be a
+  semicolon-separated string, a base64-encoded semicolon-separated string, a
+  serialized JSON string array, or a base64-encoded serialized JSON string
+  array. The '{{name}}' and '{{password}}' values will be substituted.
+
+- `revocation_statements` `(string: "")` – Specifies the database statements to
+  be executed to revoke a user. Must be a semicolon-separated string, a
+  base64-encoded semicolon-separated string, a serialized JSON string array, or
+  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  substituted. If not provided defaults to a generic drop user statement.
diff --git a/website/source/api/secret/databases/mysql-maria.html.md b/website/source/api/secret/databases/mysql-maria.html.md
@@ -58,3 +58,26 @@ $ curl \
     https://vault.rocks/v1/database/config/mysql
 ```
 
+## Statements
+
+Statements are configured during role creation and are used by the plugin to
+determine what is sent to the datatabse on user creation, renewing, and
+revocation. For more information on configuring roles see the [Role
+API](/api/secret/databases/index.html#create-role) in the Database Backend docs.
+
+### Parameters
+
+The following are the statements used by this plugin. If not mentioned in this
+list the plugin does not support that statement type.
+
+- `creation_statements` `(string: <required>)` – Specifies the database
+  statements executed to create and configure a user. Must be a
+  semicolon-separated string, a base64-encoded semicolon-separated string, a
+  serialized JSON string array, or a base64-encoded serialized JSON string
+  array. The '{{name}}' and '{{password}}' values will be substituted.
+
+- `revocation_statements` `(string: "")` – Specifies the database statements to
+  be executed to revoke a user. Must be a semicolon-separated string, a
+  base64-encoded semicolon-separated string, a serialized JSON string array, or
+  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  substituted. If not provided defaults to a generic drop user statement.
diff --git a/website/source/api/secret/databases/postgresql.html.md b/website/source/api/secret/databases/postgresql.html.md
@@ -58,3 +58,41 @@ $ curl \
     https://vault.rocks/v1/database/config/postgresql
 ```
 
+## Statements
+
+Statements are configured during role creation and are used by the plugin to
+determine what is sent to the datatabse on user creation, renewing, and
+revocation. For more information on configuring roles see the [Role
+API](/api/secret/databases/index.html#create-role) in the Database Backend docs.
+
+### Parameters
+
+The following are the statements used by this plugin. If not mentioned in this
+list the plugin does not support that statement type.
+
+- `creation_statements` `(string: <required>)` – Specifies the database
+  statements executed to create and configure a user. Must be a
+  semicolon-separated string, a base64-encoded semicolon-separated string, a
+  serialized JSON string array, or a base64-encoded serialized JSON string
+  array. The '{{name}}', '{{password}}' and '{{expiration}}' values will be
+  substituted.
+
+- `revocation_statements` `(string: "")` – Specifies the database statements to
+  be executed to revoke a user. Must be a semicolon-separated string, a
+  base64-encoded semicolon-separated string, a serialized JSON string array, or
+  a base64-encoded serialized JSON string array. The '{{name}}' value will be
+  substituted. If not provided defaults to a generic drop user statement.
+
+- `rollback_statements` `(string: "")` – Specifies the database statements to be
+  executed rollback a create operation in the event of an error. Not every
+  plugin type will support this functionality. Must be a semicolon-separated
+  string, a base64-encoded semicolon-separated string, a serialized JSON string
+  array, or a base64-encoded serialized JSON string array. The '{{name}}' value
+  will be substituted.
+
+- `renew_statements` `(string: "")` – Specifies the database statements to be
+  executed to renew a user. Not every plugin type will support this
+  functionality. Must be a semicolon-separated string, a base64-encoded
+  semicolon-separated string, a serialized JSON string array, or a
+  base64-encoded serialized JSON string array. The '{{name}}' and
+  '{{expiration}}` values will be substituted.