Consider new bounds as a criteria to allow role creation (#2600)

* Consider new bounds as a criteria to allow role creation

* Added a test
This commit is contained in:
Vishal Nayak 2017-04-17 10:36:11 -04:00 committed by GitHub
parent b6758b7ea9
commit 09cd069435
2 changed files with 27 additions and 11 deletions

View file

@ -350,12 +350,14 @@ func (b *backend) pathRoleCreateUpdate(
// Ensure that at least one bound is set on the role
switch {
case roleEntry.BoundAccountID != "":
case roleEntry.BoundAmiID != "":
case roleEntry.BoundIamInstanceProfileARN != "":
case roleEntry.BoundAccountID != "":
case roleEntry.BoundRegion != "":
case roleEntry.BoundVpcID != "":
case roleEntry.BoundSubnetID != "":
case roleEntry.BoundIamRoleARN != "":
case roleEntry.BoundIamInstanceProfileARN != "":
default:
return logical.ErrorResponse("at least be one bound parameter should be specified on the role"), nil
}

View file

@ -9,6 +9,8 @@ import (
)
func TestAwsEc2_RoleCrud(t *testing.T) {
var err error
var resp *logical.Response
config := logical.TestBackendConfig()
storage := &logical.InmemStorage{}
config.StorageView = storage
@ -22,6 +24,23 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
t.Fatal(err)
}
role1Data := map[string]interface{}{
"bound_vpc_id": "testvpcid",
"allow_instance_migration": true,
"policies": "testpolicy1,testpolicy2",
}
roleReq := &logical.Request{
Operation: logical.UpdateOperation,
Storage: storage,
Path: "role/role1",
Data: role1Data,
}
resp, err = b.HandleRequest(roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
roleData := map[string]interface{}{
"bound_ami_id": "testamiid",
"bound_account_id": "testaccountid",
@ -40,14 +59,9 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
"period": "1m",
}
roleReq := &logical.Request{
Operation: logical.UpdateOperation,
Storage: storage,
Path: "role/testrole",
Data: roleData,
}
resp, err := b.HandleRequest(roleReq)
roleReq.Path = "role/testrole"
roleReq.Data = roleData
resp, err = b.HandleRequest(roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}