Return 404 response when looking for a secret_id_accessor that does not exist (#12788)
* Return 404 response when looking for an secret_id_accessor that does not exist Closes https://github.com/hashicorp/vault/issues/12660
This commit is contained in:
parent
964a0f3b15
commit
308806eee3
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
|
@ -1297,7 +1298,11 @@ func (b *backend) pathRoleSecretIDAccessorLookupUpdate(ctx context.Context, req
|
|||
return nil, err
|
||||
}
|
||||
if accessorEntry == nil {
|
||||
return nil, fmt.Errorf("failed to find accessor entry for secret_id_accessor: %q", secretIDAccessor)
|
||||
return logical.RespondWithStatusCode(
|
||||
logical.ErrorResponse("failed to find accessor entry for secret_id_accessor: %q", secretIDAccessor),
|
||||
req,
|
||||
http.StatusNotFound,
|
||||
)
|
||||
}
|
||||
|
||||
roleNameHMAC, err := createHMAC(role.HMACKey, role.name)
|
||||
|
|
|
@ -993,6 +993,34 @@ func TestAppRole_RoleSecretIDAccessorReadDelete(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestAppRoleSecretIDLookup(t *testing.T) {
|
||||
b, storage := createBackendWithStorage(t)
|
||||
createRole(t, b, storage, "role1", "a,b")
|
||||
|
||||
req := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Path: "role/role1/secret-id-accessor/lookup",
|
||||
Data: map[string]interface{}{
|
||||
"secret_id_accessor": "invalid",
|
||||
},
|
||||
}
|
||||
resp, err := b.HandleRequest(context.Background(), req)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
expected := &logical.Response{
|
||||
Data: map[string]interface{}{
|
||||
"http_content_type": "application/json",
|
||||
"http_raw_body": `{"request_id":"","lease_id":"","renewable":false,"lease_duration":0,"data":{"error":"failed to find accessor entry for secret_id_accessor: \"invalid\""},"wrap_info":null,"warnings":null,"auth":null}`,
|
||||
"http_status_code": 404,
|
||||
},
|
||||
}
|
||||
if !reflect.DeepEqual(resp, expected) {
|
||||
t.Fatalf("resp:%#v expected:%#v", resp, expected)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppRoleRoleListSecretID(t *testing.T) {
|
||||
var resp *logical.Response
|
||||
var err error
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
```release-note:improvement
|
||||
auth/approle: The `role/:name/secret-id-accessor/lookup` endpoint now returns a 404 status code when the `secret_id_accessor` cannot be found
|
||||
```
|
Loading…
Reference in New Issue