luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add missed description field for GET /sys/auth/:path/tune endpoint (#8193) 

* fix #7623: add missed description field for GET /sys/auth/:path/tune endpoint

* fix #7623: allow empty description

* fix #7623: update tests with description field
This commit is contained in:
Vitaly Velikodny 2020-02-15 18:32:47 +00:00 committed by GitHub
parent dd9f25a118
commit 3ae6568512
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 78 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
http/sys_auth_test.go
View File

@ -293,6 +293,7 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -300,6 +301,7 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) {
"audit_non_hmac_response_keys": []interface{}{"bar"},
"token_type": "default-service",
},
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -336,11 +338,13 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"token_type": "default-service",
},
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -372,11 +376,13 @@ func TestSysTuneAuth_showUIMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"token_type": "default-service",
},
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -400,6 +406,7 @@ func TestSysTuneAuth_showUIMount(t *testing.T) {
actual = map[string]interface{}{}
expected = map[string]interface{}{
"description": "token based credentials",
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
@ -407,6 +414,7 @@ func TestSysTuneAuth_showUIMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,

21
http/sys_mount_test.go
View File

@ -727,11 +727,13 @@ func TestSysTuneMount_Options(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foo",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"test": "true"},
},
"description": "foo",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -755,6 +757,7 @@ func TestSysTuneMount_Options(t *testing.T) {
actual = map[string]interface{}{}
expected = map[string]interface{}{
"description": "foo",
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
@ -762,6 +765,7 @@ func TestSysTuneMount_Options(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foo",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -1175,11 +1179,13 @@ func TestSysTuneMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foo",
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "foo",
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
"force_no_cache": false,
@ -1195,6 +1201,7 @@ func TestSysTuneMount(t *testing.T) {
// Set a low max
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{
"description": "foobar",
"default_lease_ttl": "40s",
"max_lease_ttl": "80s",
})
@ -1210,11 +1217,13 @@ func TestSysTuneMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foobar",
"default_lease_ttl": json.Number("40"),
"max_lease_ttl": json.Number("80"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "foobar",
"default_lease_ttl": json.Number("40"),
"max_lease_ttl": json.Number("80"),
"force_no_cache": false,
@ -1305,6 +1314,7 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -1312,6 +1322,7 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) {
"audit_non_hmac_response_keys": []interface{}{"bar"},
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -1349,11 +1360,13 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -1385,11 +1398,13 @@ func TestSysTuneMount_listingVisibility(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -1420,12 +1435,14 @@ func TestSysTuneMount_listingVisibility(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"listing_visibility": "unauth",
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
@ -1464,12 +1481,14 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"options": map[string]interface{}{"version": "1"},
"force_no_cache": false,
"passthrough_request_headers": []interface{}{"X-Vault-Foo"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"options": map[string]interface{}{"version": "1"},
@ -1501,11 +1520,13 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,

1
vault/logical_system.go
View File

@ -1075,6 +1075,7 @@ func (b *SystemBackend) handleTuneReadCommon(ctx context.Context, path string) (
resp := &logical.Response{
Data: map[string]interface{}{
"description": mountEntry.Description,
"default_lease_ttl": int(sysView.DefaultLeaseTTL().Seconds()),
"max_lease_ttl": int(sysView.MaxLeaseTTL().Seconds()),
"force_no_cache": mountEntry.Config.ForceNoCache,

48
vault/logical_system_test.go
View File

@ -1583,6 +1583,54 @@ func TestSystemBackend_disableAuth(t *testing.T) {
}
}
func TestSystemBackend_tuneAuth(t *testing.T) {
c, b, _ := testCoreSystemBackend(t)
c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) {
return &NoopBackend{BackendType: logical.TypeCredential}, nil
}
req := logical.TestRequest(t, logical.ReadOperation, "auth/token/tune")
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil {
t.Fatal("resp is nil")
}
exp := map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": int(2764800),
"max_lease_ttl": int(2764800),
"force_no_cache": false,
"token_type": "default-service",
}
if diff := deep.Equal(resp.Data, exp); diff != nil {
t.Fatal(diff)
}
req = logical.TestRequest(t, logical.UpdateOperation, "auth/token/tune")
req.Data["description"] = ""
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
req = logical.TestRequest(t, logical.ReadOperation, "auth/token/tune")
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil {
t.Fatal("resp is nil")
}
if resp.Data["description"] != "" {
t.Fatalf("got: %#v expect: %#v", resp.Data["description"], "")
}
}
func TestSystemBackend_policyList(t *testing.T) {
b := testSystemBackend(t)
req := logical.TestRequest(t, logical.ReadOperation, "policy")