backport of commit df304012f3b3f4d7860b3bb3b58f844291495793 (#21457)

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-06-26 14:42:40 -04:00 committed by GitHub
parent 5d2320170c
commit 45b8674d03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 38 additions and 27 deletions

View File

@ -237,6 +237,8 @@ func TestIntegration_SetSignedWithBackwardsPemBundles(t *testing.T) {
require.False(t, resp.IsError(), "got an error from generating root ca: %#v", resp)
rootCert := resp.Data["certificate"].(string)
schema.ValidateResponse(t, schema.GetResponseSchema(t, rootBackend.Route("issuers/generate/root/internal"), logical.UpdateOperation), resp, true)
// generate intermediate
resp, err = intBackend.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
@ -298,6 +300,8 @@ func TestIntegration_SetSignedWithBackwardsPemBundles(t *testing.T) {
require.NoError(t, err, "failed setting up role example")
require.NotNil(t, resp, "got nil response from setting up role example: %#v", resp)
schema.ValidateResponse(t, schema.GetResponseSchema(t, intBackend.Route("roles/example"), logical.UpdateOperation), resp, true)
// Issue cert
resp, err = intBackend.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
@ -312,6 +316,8 @@ func TestIntegration_SetSignedWithBackwardsPemBundles(t *testing.T) {
require.NoError(t, err, "failed issuing a leaf cert from int ca")
require.NotNil(t, resp, "got nil response issuing a leaf cert from int ca")
require.False(t, resp.IsError(), "got an error issuing a leaf cert from int ca: %#v", resp)
schema.ValidateResponse(t, schema.GetResponseSchema(t, intBackend.Route("issue/example"), logical.UpdateOperation), resp, true)
}
func TestIntegration_CSRGeneration(t *testing.T) {

View File

@ -28,7 +28,7 @@ var pathFetchReadSchema = map[int][]framework.Response{
Required: false,
},
"revocation_time": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Revocation time`,
Required: false,
},
@ -43,7 +43,7 @@ var pathFetchReadSchema = map[int][]framework.Response{
Required: false,
},
"ca_chain": {
Type: framework.TypeStringSlice,
Type: framework.TypeString,
Description: `Issuing CA Chain`,
Required: false,
},

View File

@ -249,7 +249,7 @@ to be set on all PR secondary clusters.`,
Required: false,
},
"usage": {
Type: framework.TypeStringSlice,
Type: framework.TypeString,
Description: `Usage`,
Required: false,
},

View File

@ -75,12 +75,12 @@ func buildPathIssue(b *backend, pattern string, displayAttrs *framework.DisplayA
"serial_number": {
Type: framework.TypeString,
Description: `Serial Number`,
Required: false,
Required: true,
},
"expiration": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Time of expiration`,
Required: false,
Required: true,
},
"private_key": {
Type: framework.TypeString,
@ -163,7 +163,7 @@ func buildPathSign(b *backend, pattern string, displayAttrs *framework.DisplayAt
Required: true,
},
"expiration": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Time of expiration`,
Required: true,
},
@ -253,12 +253,12 @@ func buildPathIssuerSignVerbatim(b *backend, pattern string, displayAttrs *frame
"serial_number": {
Type: framework.TypeString,
Description: `Serial Number`,
Required: false,
Required: true,
},
"expiration": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Time of expiration`,
Required: false,
Required: true,
},
"private_key": {
Type: framework.TypeString,

View File

@ -34,7 +34,7 @@ func pathRotateRoot(b *backend) *framework.Path {
pattern := "root/rotate/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuers,
OperationPrefix: operationPrefixPKI,
OperationVerb: "rotate",
OperationSuffix: "root",
}
@ -55,8 +55,8 @@ func buildPathGenerateRoot(b *backend, pattern string, displayAttrs *framework.D
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"expiration": {
Type: framework.TypeString,
Description: `The expiration of the given.`,
Type: framework.TypeInt64,
Description: `The expiration of the given issuer.`,
Required: true,
},
"serial_number": {

View File

@ -111,7 +111,7 @@ signed by an issuer in this mount.`,
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"revocation_time": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Description: `Revocation Time`,
Required: false,
},
@ -176,7 +176,7 @@ be in PEM format.`,
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"revocation_time": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Description: `Revocation Time`,
Required: false,
},

View File

@ -55,7 +55,7 @@ func pathListRoles(b *backend) *framework.Path {
func pathRoles(b *backend) *framework.Path {
pathRolesResponseFields := map[string]*framework.FieldSchema{
"ttl": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Required: true,
Description: `The lease duration (validity period of the
certificate) if no specific lease duration is requested.
@ -65,7 +65,7 @@ value or the value of max_ttl, whichever is shorter.`,
},
"max_ttl": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Required: true,
Description: `The maximum allowed lease duration. If not
set, defaults to the system maximum lease TTL.`,
@ -384,8 +384,8 @@ information, which must include an oid, and may include a notice and/or cps url,
Description: `Mark Basic Constraints valid when issuing non-CA certificates.`,
},
"not_before_duration": {
Type: framework.TypeDurationSecond,
Description: `The duration before now which the certificate needs to be backdated by.`,
Type: framework.TypeInt64,
Description: `The duration in seconds before now which the certificate needs to be backdated by.`,
},
"not_after": {
Type: framework.TypeString,

View File

@ -279,8 +279,9 @@ func pathTidyCancel(b *backend) *framework.Path {
Required: false,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeBool,
Required: false,
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: false,
},
"tidy_revocation_queue": {
Type: framework.TypeBool,
@ -387,8 +388,8 @@ func pathTidyStatus(b *backend) *framework.Path {
Required: true,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeString,
Description: ``,
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: false,
},
"tidy_acme": {
@ -617,7 +618,7 @@ available on the tidy-status endpoint.`,
Required: true,
},
"revocation_queue_safety_buffer": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt,
Required: true,
},
"publish_stored_certificate_count_metrics": {
@ -698,8 +699,9 @@ available on the tidy-status endpoint.`,
Required: true,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeBool,
Required: true,
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: true,
},
"tidy_revocation_queue": {
Type: framework.TypeBool,
@ -710,7 +712,7 @@ available on the tidy-status endpoint.`,
Required: true,
},
"revocation_queue_safety_buffer": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt,
Required: true,
},
"publish_stored_certificate_count_metrics": {

3
changelog/21449.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
openapi: Fix response schema for PKI Issue requests
```