Consider new bounds as a criteria to allow role creation (#2600)
* Consider new bounds as a criteria to allow role creation * Added a test
This commit is contained in:
parent
b6758b7ea9
commit
09cd069435
|
@ -350,12 +350,14 @@ func (b *backend) pathRoleCreateUpdate(
|
|||
|
||||
// Ensure that at least one bound is set on the role
|
||||
switch {
|
||||
case roleEntry.BoundAccountID != "":
|
||||
case roleEntry.BoundAmiID != "":
|
||||
case roleEntry.BoundIamInstanceProfileARN != "":
|
||||
case roleEntry.BoundAccountID != "":
|
||||
case roleEntry.BoundRegion != "":
|
||||
case roleEntry.BoundVpcID != "":
|
||||
case roleEntry.BoundSubnetID != "":
|
||||
case roleEntry.BoundIamRoleARN != "":
|
||||
case roleEntry.BoundIamInstanceProfileARN != "":
|
||||
default:
|
||||
|
||||
return logical.ErrorResponse("at least be one bound parameter should be specified on the role"), nil
|
||||
}
|
||||
|
||||
|
|
|
@ -9,6 +9,8 @@ import (
|
|||
)
|
||||
|
||||
func TestAwsEc2_RoleCrud(t *testing.T) {
|
||||
var err error
|
||||
var resp *logical.Response
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
config.StorageView = storage
|
||||
|
@ -22,6 +24,23 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
role1Data := map[string]interface{}{
|
||||
"bound_vpc_id": "testvpcid",
|
||||
"allow_instance_migration": true,
|
||||
"policies": "testpolicy1,testpolicy2",
|
||||
}
|
||||
roleReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Path: "role/role1",
|
||||
Data: role1Data,
|
||||
}
|
||||
|
||||
resp, err = b.HandleRequest(roleReq)
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("resp: %#v, err: %v", resp, err)
|
||||
}
|
||||
|
||||
roleData := map[string]interface{}{
|
||||
"bound_ami_id": "testamiid",
|
||||
"bound_account_id": "testaccountid",
|
||||
|
@ -40,14 +59,9 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
|
|||
"period": "1m",
|
||||
}
|
||||
|
||||
roleReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Path: "role/testrole",
|
||||
Data: roleData,
|
||||
}
|
||||
|
||||
resp, err := b.HandleRequest(roleReq)
|
||||
roleReq.Path = "role/testrole"
|
||||
roleReq.Data = roleData
|
||||
resp, err = b.HandleRequest(roleReq)
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("resp: %#v, err: %v", resp, err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue