luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

backport of commit 0defa2a1e74348fc3c3628b9b6a16772a2b3c033 (#20910) 

Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-05-31 16:53:06 -04:00 committed by GitHub
parent cdace6f002
commit 4175665640
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/20897.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
ui: Fixes issue unsealing cluster for seal types other than shamir
```

3
ui/app/controllers/vault/cluster/init.js
View File

@ -48,6 +48,7 @@ export default Controller.extend(DEFAULTS, {
if (isCloudSeal) {
data.stored_shares = 1;
data.recovery_shares = shares;
delete data.secret_shares; // API will throw an error if secret_shares is passed for seal types other than shamir (transit, AWSKMS etc.)
}
}
if (data.secret_threshold) {
@ -55,6 +56,7 @@ export default Controller.extend(DEFAULTS, {
data.secret_threshold = threshold;
if (isCloudSeal) {
data.recovery_threshold = threshold;
delete data.secret_threshold; // API will throw an error if secret_threshold is passed for seal types other than shamir (transit, AWSKMS etc.)
}
}
if (!data.use_pgp) {
@ -63,7 +65,6 @@ export default Controller.extend(DEFAULTS, {
if (data.use_pgp && isCloudSeal) {
data.recovery_pgp_keys = data.pgp_keys;
}
if (!data.use_pgp_for_root) {
delete data.root_token_pgp_key;
}

38
ui/tests/acceptance/init-test.js
View File

@ -64,6 +64,22 @@ const SEAL_STATUS_RESPONSE = {
initialized: false,
};
const assertRequest = (req, assert, isCloud) => {
const json = JSON.parse(req.requestBody);
for (const key of ['recovery_shares', 'recovery_threshold']) {
assert[isCloud ? 'ok' : 'notOk'](
json[key],
`requestBody ${isCloud ? 'includes' : 'does not include'} cloud seal specific attribute: ${key}`
);
}
for (const key of ['secret_shares', 'secret_threshold']) {
assert[isCloud ? 'notOk' : 'ok'](
json[key],
`requestBody ${isCloud ? 'does not include' : 'includes'} shamir specific attribute: ${key}`
);
}
};
module('Acceptance | init', function (hooks) {
setupApplicationTest(hooks);
@ -90,36 +106,32 @@ module('Acceptance | init', function (hooks) {
});
test('cloud seal init', async function (assert) {
assert.expect(4);
assert.expect(6);
setInitResponse(this.server, CLOUD_SEAL_RESPONSE);
setStatusResponse(this.server, CLOUD_SEAL_STATUS_RESPONSE);
await initPage.init(5, 3);
assert.strictEqual(
initPage.keys.length,
CLOUD_SEAL_RESPONSE.recovery_keys.length,
'shows all of the recovery keys'
);
assert.strictEqual(initPage.buttonText, 'Continue to Authenticate', 'links to authenticate');
let { requestBody } = this.server.handledRequests.findBy('url', '/v1/sys/init');
requestBody = JSON.parse(requestBody);
for (const attr of ['recovery_shares', 'recovery_threshold']) {
assert.ok(requestBody[attr], `requestBody includes cloud seal specific attribute: ${attr}`);
}
assertRequest(this.server.handledRequests.findBy('url', '/v1/sys/init'), assert, true);
});
test('shamir seal init', async function (assert) {
assert.expect(4);
assert.expect(6);
setInitResponse(this.server, SEAL_RESPONSE);
setStatusResponse(this.server, SEAL_STATUS_RESPONSE);
await initPage.init(3, 2);
assert.strictEqual(initPage.keys.length, SEAL_RESPONSE.keys.length, 'shows all of the recovery keys');
assert.strictEqual(initPage.buttonText, 'Continue to Unseal', 'links to unseal');
let { requestBody } = this.server.handledRequests.findBy('url', '/v1/sys/init');
requestBody = JSON.parse(requestBody);
for (const attr of ['recovery_shares', 'recovery_threshold']) {
assert.notOk(requestBody[attr], `requestBody does not include cloud seal specific attribute: ${attr}`);
}
assertRequest(this.server.handledRequests.findBy('url', '/v1/sys/init'), assert, false);
});
});