Refactor updating user values

This commit is contained in:
vishalnayak 2016-03-16 13:39:20 -04:00
parent 533b136fe7
commit 239ad4ad7e
3 changed files with 75 additions and 24 deletions

View file

@ -3,6 +3,8 @@ package userpass
import (
"fmt"
"golang.org/x/crypto/bcrypt"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@ -33,11 +35,34 @@ func pathUserPassword(b *backend) *framework.Path {
func (b *backend) pathUserPasswordUpdate(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
userEntry, err := b.user(req.Storage, username)
if err != nil {
return nil, err
}
err = b.updateUserPassword(req, d, userEntry)
if err != nil {
return nil, err
}
return nil, b.setUser(req.Storage, username, userEntry)
}
func (b *backend) updateUserPassword(req *logical.Request, d *framework.FieldData, userEntry *UserEntry) error {
password := d.Get("password").(string)
if password == "" {
return nil, fmt.Errorf("missing password")
return fmt.Errorf("missing password")
}
return b.userCreateUpdate(req, d)
// Generate a hash of the password
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return err
}
userEntry.PasswordHash = hash
return nil
}
const pathUserPasswordHelpSyn = `

View file

@ -1,6 +1,8 @@
package userpass
import (
"strings"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@ -30,7 +32,29 @@ func pathUserPolicies(b *backend) *framework.Path {
func (b *backend) pathUserPoliciesUpdate(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
return b.userCreateUpdate(req, d)
username := d.Get("username").(string)
userEntry, err := b.user(req.Storage, username)
if err != nil {
return nil, err
}
err = b.updateUserPolicies(req, d, userEntry)
if err != nil {
return nil, err
}
return nil, b.setUser(req.Storage, username, userEntry)
}
func (b *backend) updateUserPolicies(req *logical.Request, d *framework.FieldData, userEntry *UserEntry) error {
policies := strings.Split(d.Get("policies").(string), ",")
for i, p := range policies {
policies[i] = strings.TrimSpace(p)
}
userEntry.Policies = policies
return nil
}
const pathUserPoliciesHelpSyn = `

View file

@ -7,7 +7,6 @@ import (
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"golang.org/x/crypto/bcrypt"
)
func pathUsers(b *backend) *framework.Path {
@ -132,33 +131,36 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
userEntry = &UserEntry{}
}
// Set/update the values of UserEntry only if fields are supplied
if passwordRaw, ok := d.GetOk("password"); ok {
// Generate a hash of the password
hash, err := bcrypt.GenerateFromPassword([]byte(passwordRaw.(string)), bcrypt.DefaultCost)
// "password" will always be set here
err = b.updateUserPassword(req, d, userEntry)
if err != nil {
return nil, err
}
if _, ok := d.GetOk("policies"); ok {
err = b.updateUserPolicies(req, d, userEntry)
if err != nil {
return nil, err
}
userEntry.PasswordHash = hash
}
if policiesRaw, ok := d.GetOk("policies"); ok {
policies := strings.Split(policiesRaw.(string), ",")
for i, p := range policies {
policies[i] = strings.TrimSpace(p)
}
userEntry.Policies = policies
ttlStr := ""
if ttlStrRaw, ok := d.GetOk("ttl"); ok {
ttlStr = ttlStrRaw.(string)
} else if req.Operation == logical.CreateOperation {
ttlStr = d.Get("ttl").(string)
}
_, ttlSet := d.GetOk("ttl")
_, maxTTLSet := d.GetOk("max_ttl")
if ttlSet || maxTTLSet {
ttlStr := d.Get("ttl").(string)
maxTTLStr := d.Get("max_ttl").(string)
userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil
}
maxTTLStr := ""
if maxTTLStrRaw, ok := d.GetOk("max_ttl"); ok {
maxTTLStr = maxTTLStrRaw.(string)
} else if req.Operation == logical.CreateOperation {
maxTTLStr = d.Get("max_ttl").(string)
}
userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil
}
return nil, b.setUser(req.Storage, username, userEntry)