Implement LookupSelf, RevokeSelf, and RenewSelf in the API client
Fixes #739
This commit is contained in:
Jeff Mitchell
parent
80705b7963
commit
195caa6bf6
|
|
@ -8,7 +8,9 @@ policy names are not currently normalized when reading or deleting. [GH-676]
|
|||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* api: API client now uses a 30 second timeout instead of indefinite [GH-681]
|
||||
* api: API client now uses a 60 second timeout instead of indefinite [GH-681]
|
||||
* api: Implement LookupSelf, RenewSelf, and RevokeSelf functions for auth
|
||||
tokens [GH-739]
|
||||
* audit: HMAC-SHA256'd client tokens are now stored with each request entry.
|
||||
Previously they were only displayed at creation time; this allows much
|
||||
better traceability of client actions. [GH-713]
|
||||
|
|
|
|||
|
|
@ -25,6 +25,18 @@ func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error) {
|
|||
return ParseSecret(resp.Body)
|
||||
}
|
||||
|
||||
func (c *TokenAuth) LookupSelf() (*Secret, error) {
|
||||
r := c.c.NewRequest("POST", "/v1/auth/token/lookup-self")
|
||||
|
||||
resp, err := c.c.RawRequest(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
return ParseSecret(resp.Body)
|
||||
}
|
||||
|
||||
func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) {
|
||||
r := c.c.NewRequest("PUT", "/v1/auth/token/renew/"+token)
|
||||
|
||||
|
|
@ -42,6 +54,23 @@ func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) {
|
|||
return ParseSecret(resp.Body)
|
||||
}
|
||||
|
||||
func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) {
|
||||
r := c.c.NewRequest("PUT", "/v1/auth/token/renew-self")
|
||||
|
||||
body := map[string]interface{}{"increment": increment}
|
||||
if err := r.SetJSONBody(body); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
resp, err := c.c.RawRequest(r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
return ParseSecret(resp.Body)
|
||||
}
|
||||
|
||||
func (c *TokenAuth) RevokeOrphan(token string) error {
|
||||
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-orphan/"+token)
|
||||
resp, err := c.c.RawRequest(r)
|
||||
|
|
@ -64,6 +93,17 @@ func (c *TokenAuth) RevokePrefix(token string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (c *TokenAuth) RevokeSelf() error {
|
||||
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self")
|
||||
resp, err := c.c.RawRequest(r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *TokenAuth) RevokeTree(token string) error {
|
||||
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke/"+token)
|
||||
resp, err := c.c.RawRequest(r)
|
||||
|
|
|
|||
|
|
@ -79,4 +79,18 @@ func TestAuthTokenRenew(t *testing.T) {
|
|||
if secret.Auth.Renewable != true {
|
||||
t.Error("expected lease to be renewable")
|
||||
}
|
||||
|
||||
// Do the same thing with the self variant
|
||||
secret, err = client.Auth().Token().RenewSelf(0)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if secret.Auth.LeaseDuration != 3600 {
|
||||
t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)
|
||||
}
|
||||
|
||||
if secret.Auth.Renewable != true {
|
||||
t.Error("expected lease to be renewable")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue