luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Merge identity alias lookups into either entity or group lookup endpoints (#3538) 

* merge identity alias lookups into either entity or group lookups

* Address review feedback

* address review feedback
This commit is contained in:
Vishal Nayak 2017-11-09 01:29:19 -05:00 committed by GitHub
parent 3555a17d52
commit 660c9ab382
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 440 additions and 362 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

432
vault/identity_lookup.go
View File

@ -14,10 +14,6 @@ func lookupPaths(i *IdentityStore) []*framework.Path {
{
Pattern: "lookup/entity$",
Fields: map[string]*framework.FieldSchema{
"type": {
Type: framework.TypeString,
Description: "Type of lookup. Current supported values are 'id' and 'name'.",
},
"name": {
Type: framework.TypeString,
Description: "Name of the entity.",
@ -26,6 +22,18 @@ func lookupPaths(i *IdentityStore) []*framework.Path {
Type: framework.TypeString,
Description: "ID of the entity.",
},
"alias_id": {
Type: framework.TypeString,
Description: "ID of the alias.",
},
"alias_name": {
Type: framework.TypeString,
Description: "Name of the alias. This should be supplied in conjuction with 'alias_mount_accessor'.",
},
"alias_mount_accessor": {
Type: framework.TypeString,
Description: "Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: i.pathLookupEntityUpdate,
@ -37,10 +45,6 @@ func lookupPaths(i *IdentityStore) []*framework.Path {
{
Pattern: "lookup/group$",
Fields: map[string]*framework.FieldSchema{
"type": {
Type: framework.TypeString,
Description: "Type of lookup. Current supported values are 'id' and 'name'",
},
"name": {
Type: framework.TypeString,
Description: "Name of the group.",
@ -49,6 +53,18 @@ func lookupPaths(i *IdentityStore) []*framework.Path {
Type: framework.TypeString,
Description: "ID of the group.",
},
"alias_id": {
Type: framework.TypeString,
Description: "ID of the alias.",
},
"alias_name": {
Type: framework.TypeString,
Description: "Name of the alias. This should be supplied in conjuction with 'alias_mount_accessor'.",
},
"alias_mount_accessor": {
Type: framework.TypeString,
Description: "Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with 'alias_name'.",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: i.pathLookupGroupUpdate,
@ -57,103 +73,110 @@ func lookupPaths(i *IdentityStore) []*framework.Path {
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-group"][0]),
HelpDescription: strings.TrimSpace(lookupHelp["lookup-group"][1]),
},
{
Pattern: "lookup/entity-alias$",
Fields: map[string]*framework.FieldSchema{
"type": {
Type: framework.TypeString,
Description: "Type of lookup. Current supported values are 'id', 'canonical_id' and 'factors'.",
},
"id": {
Type: framework.TypeString,
Description: "ID of the entity.",
},
"canonical_id": {
Type: framework.TypeString,
Description: "ID of the entity to which the alias belongs to.",
},
"name": {
Type: framework.TypeString,
Description: "Name of the alias.",
},
"mount_accessor": {
Type: framework.TypeString,
Description: "Accessor of the mount to which the entity alias belongs to.",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: i.pathLookupEntityAliasUpdate,
},
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-entity-alias"][0]),
HelpDescription: strings.TrimSpace(lookupHelp["lookup-entity-alias"][1]),
},
{
Pattern: "lookup/group-alias$",
Fields: map[string]*framework.FieldSchema{
"type": {
Type: framework.TypeString,
Description: "Type of lookup. Current supported values are 'id', 'canonical_id' and 'factors'.",
},
"id": {
Type: framework.TypeString,
Description: "ID of the group.",
},
"canonical_id": {
Type: framework.TypeString,
Description: "ID of the group to which the alias belongs to.",
},
"name": {
Type: framework.TypeString,
Description: "Name of the alias.",
},
"mount_accessor": {
Type: framework.TypeString,
Description: "Accessor of the mount to which the group alias belongs to.",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: i.pathLookupGroupAliasUpdate,
},
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-group-alias"][0]),
HelpDescription: strings.TrimSpace(lookupHelp["lookup-group-alias"][1]),
},
}
}
func (i *IdentityStore) pathLookupEntityUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
lookupType := d.Get("type").(string)
if lookupType == "" {
return logical.ErrorResponse("empty type"), nil
}
var entity *identity.Entity
var err error
switch lookupType {
case "id":
entityID := d.Get("id").(string)
if entityID == "" {
return logical.ErrorResponse("empty id"), nil
inputCount := 0
id := ""
idRaw, ok := d.GetOk("id")
if ok {
inputCount++
id = idRaw.(string)
}
name := ""
nameRaw, ok := d.GetOk("name")
if ok {
inputCount++
name = nameRaw.(string)
}
aliasID := ""
aliasIDRaw, ok := d.GetOk("alias_id")
if ok {
inputCount++
aliasID = aliasIDRaw.(string)
}
aliasName := ""
aliasNameRaw, ok := d.GetOk("alias_name")
if ok {
inputCount++
aliasName = aliasNameRaw.(string)
}
aliasMountAccessor := ""
aliasMountAccessorRaw, ok := d.GetOk("alias_mount_accessor")
if ok {
inputCount++
aliasMountAccessor = aliasMountAccessorRaw.(string)
}
switch {
case inputCount == 0:
return logical.ErrorResponse(fmt.Sprintf("query parameter not supplied")), nil
case inputCount != 1:
switch {
case inputCount == 2 && aliasName != "" && aliasMountAccessor != "":
default:
return logical.ErrorResponse(fmt.Sprintf("query parameter conflict; please supply distinct set of query parameters")), nil
}
entity, err = i.MemDBEntityByID(entityID, false)
case inputCount == 1:
switch {
case aliasName != "" || aliasMountAccessor != "":
return logical.ErrorResponse(fmt.Sprintf("both 'alias_name' and 'alias_mount_accessor' needs to be set")), nil
}
}
switch {
case id != "":
entity, err = i.MemDBEntityByID(id, false)
if err != nil {
return nil, err
}
case "name":
entityName := d.Get("name").(string)
if entityName == "" {
return logical.ErrorResponse("empty name"), nil
}
entity, err = i.MemDBEntityByName(entityName, false)
case name != "":
entity, err = i.MemDBEntityByName(name, false)
if err != nil {
return nil, err
}
default:
return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
case aliasID != "":
alias, err := i.MemDBAliasByID(aliasID, false, false)
if err != nil {
return nil, err
}
if alias == nil {
break
}
entity, err = i.MemDBEntityByAliasID(alias.ID, false)
if err != nil {
return nil, err
}
case aliasName != "" && aliasMountAccessor != "":
alias, err := i.MemDBAliasByFactors(aliasMountAccessor, aliasName, false, false)
if err != nil {
return nil, err
}
if alias == nil {
break
}
entity, err = i.MemDBEntityByAliasID(alias.ID, false)
if err != nil {
return nil, err
}
}
if entity == nil {
@ -164,141 +187,138 @@ func (i *IdentityStore) pathLookupEntityUpdate(req *logical.Request, d *framewor
}
func (i *IdentityStore) pathLookupGroupUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
lookupType := d.Get("type").(string)
if lookupType == "" {
return logical.ErrorResponse("empty type"), nil
var group *identity.Group
var err error
inputCount := 0
id := ""
idRaw, ok := d.GetOk("id")
if ok {
inputCount++
id = idRaw.(string)
}
switch lookupType {
case "id":
groupID := d.Get("id").(string)
if groupID == "" {
return logical.ErrorResponse("empty ID"), nil
}
group, err := i.MemDBGroupByID(groupID, false)
if err != nil {
return nil, err
}
return i.handleGroupReadCommon(group)
case "name":
groupName := d.Get("name").(string)
if groupName == "" {
return logical.ErrorResponse("empty name"), nil
}
group, err := i.MemDBGroupByName(groupName, false)
if err != nil {
return nil, err
}
return i.handleGroupReadCommon(group)
default:
return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
name := ""
nameRaw, ok := d.GetOk("name")
if ok {
inputCount++
name = nameRaw.(string)
}
return nil, nil
}
func (i *IdentityStore) pathLookupEntityAliasUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
return i.handleLookupAliasUpdateCommon(req, d, false)
}
func (i *IdentityStore) pathLookupGroupAliasUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
return i.handleLookupAliasUpdateCommon(req, d, true)
}
func (i *IdentityStore) handleLookupAliasUpdateCommon(req *logical.Request, d *framework.FieldData, groupAlias bool) (*logical.Response, error) {
lookupType := d.Get("type").(string)
if lookupType == "" {
return logical.ErrorResponse("empty type"), nil
aliasID := ""
aliasIDRaw, ok := d.GetOk("alias_id")
if ok {
inputCount++
aliasID = aliasIDRaw.(string)
}
switch lookupType {
case "id":
aliasID := d.Get("id").(string)
if aliasID == "" {
return logical.ErrorResponse("empty ID"), nil
}
alias, err := i.MemDBAliasByID(aliasID, false, groupAlias)
if err != nil {
return nil, err
}
return i.handleAliasReadCommon(alias)
case "canonical_id":
canonicalID := d.Get("canonical_id").(string)
if canonicalID == "" {
return logical.ErrorResponse("empty canonical_id"), nil
}
alias, err := i.MemDBAliasByCanonicalID(canonicalID, false, groupAlias)
if err != nil {
return nil, err
}
return i.handleAliasReadCommon(alias)
case "factors":
aliasName := d.Get("name").(string)
if aliasName == "" {
return logical.ErrorResponse("empty name"), nil
}
mountAccessor := d.Get("mount_accessor").(string)
if mountAccessor == "" {
return logical.ErrorResponse("empty 'mount_accessor'"), nil
}
alias, err := i.MemDBAliasByFactors(mountAccessor, aliasName, false, groupAlias)
if err != nil {
return nil, err
}
return i.handleAliasReadCommon(alias)
default:
return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
aliasName := ""
aliasNameRaw, ok := d.GetOk("alias_name")
if ok {
inputCount++
aliasName = aliasNameRaw.(string)
}
aliasMountAccessor := ""
aliasMountAccessorRaw, ok := d.GetOk("alias_mount_accessor")
if ok {
inputCount++
aliasMountAccessor = aliasMountAccessorRaw.(string)
}
switch {
case inputCount == 0:
return logical.ErrorResponse(fmt.Sprintf("query parameter not supplied")), nil
case inputCount != 1:
switch {
case inputCount == 2 && aliasName != "" && aliasMountAccessor != "":
default:
return logical.ErrorResponse(fmt.Sprintf("query parameter conflict; please supply distinct set of query parameters")), nil
}
case inputCount == 1:
switch {
case aliasName != "" || aliasMountAccessor != "":
return logical.ErrorResponse(fmt.Sprintf("both 'alias_name' and 'alias_mount_accessor' needs to be set")), nil
}
}
switch {
case id != "":
group, err = i.MemDBGroupByID(id, false)
if err != nil {
return nil, err
}
case name != "":
group, err = i.MemDBGroupByName(name, false)
if err != nil {
return nil, err
}
case aliasID != "":
alias, err := i.MemDBAliasByID(aliasID, false, true)
if err != nil {
return nil, err
}
if alias == nil {
break
}
group, err = i.MemDBGroupByAliasID(alias.ID, false)
if err != nil {
return nil, err
}
case aliasName != "" && aliasMountAccessor != "":
alias, err := i.MemDBAliasByFactors(aliasMountAccessor, aliasName, false, true)
if err != nil {
return nil, err
}
if alias == nil {
break
}
group, err = i.MemDBGroupByAliasID(alias.ID, false)
if err != nil {
return nil, err
}
}
if group == nil {
return nil, nil
}
return i.handleGroupReadCommon(group)
}
var lookupHelp = map[string][2]string{
"lookup-entity": {
"Query entities based on types.",
`Supported types:
"Query entities based on various properties.",
`Distinct query parameters to be set:
- 'id'
To query the entity by its ID. This requires 'id' parameter to be set.
To query the entity by its ID.
- 'name'
To query the entity by its name. This requires 'name' parameter to be set.
To query the entity by its name.
- 'alias_id'
To query the entity by the ID of any of its aliases.
- 'alias_name' and 'alias_mount_accessor'
To query the entity by the unique factors that represent an alias; the name and the mount accessor.
`,
},
"lookup-group": {
"Query groups based on types.",
`Supported types:
"Query groups based on various properties.",
`Distinct query parameters to be set:
- 'id'
To query the group by its ID. This requires 'id' parameter to be set.
To query the group by its ID.
- 'name'
To query the group by its name. This requires 'name' parameter to be set.
`,
},
"lookup-group-alias": {
"Query group alias based on types.",
`Supported types:
- 'id'
To query the group alias by its ID. This requires 'id' parameter to be set.
- 'canonical_id'
To query the group alias by the ID of the group it belongs to. This requires the 'canonical_id' parameter to be set.
- 'factors'
To query the group alias using the factors that uniquely identifies a group alias; its name and the mount accessor. This requires the 'name' and 'mount_accessor' parameters to be set.
`,
},
"lookup-entity-alias": {
"Query entity alias based on types.",
`Supported types:
- 'id'
To query the entity alias by its ID. This requires 'id' parameter to be set.
- 'canonical_id'
To query the entity alias by the ID of the entity it belongs to. This requires the 'canonical_id' parameter to be set.
- 'factors'
To query the entity alias using the factors that uniquely identifies an entity alias; its name and the mount accessor. This requires the 'name' and 'mount_accessor' parameters to be set.
To query the group by its name.
- 'alias_id'
To query the group by the ID of any of its aliases.
- 'alias_name' and 'alias_mount_accessor'
To query the group by the unique factors that represent an alias; the name and the mount accessor.
`,
},
}

370
vault/identity_lookup_test.go
View File

@ -10,7 +10,7 @@ func TestIdentityStore_Lookup_Entity(t *testing.T) {
var err error
var resp *logical.Response
i, _, _ := testIdentityStoreWithGithubAuth(t)
i, accessor, _ := testIdentityStoreWithGithubAuth(t)
entityReq := &logical.Request{
Path: "entity",
@ -22,6 +22,22 @@ func TestIdentityStore_Lookup_Entity(t *testing.T) {
}
entityID := resp.Data["id"].(string)
aliasReq := &logical.Request{
Path: "entity-alias",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"name": "testaliasname",
"mount_accessor": accessor,
"entity_id": entityID,
},
}
resp, err = i.HandleRequest(aliasReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
}
aliasID := resp.Data["id"].(string)
entity, err := i.MemDBEntityByID(entityID, false)
if err != nil {
t.Fatal(err)
@ -31,8 +47,7 @@ func TestIdentityStore_Lookup_Entity(t *testing.T) {
Path: "lookup/entity",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"type": "id",
"id": entityID,
"id": entityID,
},
}
resp, err = i.HandleRequest(lookupReq)
@ -45,7 +60,6 @@ func TestIdentityStore_Lookup_Entity(t *testing.T) {
}
lookupReq.Data = map[string]interface{}{
"type": "name",
"name": entity.Name,
}
@ -57,169 +71,103 @@ func TestIdentityStore_Lookup_Entity(t *testing.T) {
if resp.Data["id"].(string) != entityID {
t.Fatalf("bad: entity: %#v", resp.Data)
}
}
func TestIdentityStore_Lookup_EntityAlias(t *testing.T) {
var err error
var resp *logical.Response
i, accessor, _ := testIdentityStoreWithGithubAuth(t)
entityReq := &logical.Request{
Path: "entity",
Operation: logical.UpdateOperation,
lookupReq.Data = map[string]interface{}{
"alias_id": aliasID,
}
resp, err = i.HandleRequest(entityReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
entityID := resp.Data["id"].(string)
entityAliasReq := &logical.Request{
Path: "entity-alias",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"canonical_id": entityID,
"name": "testentityaliasname",
"mount_type": "ldap",
"mount_accessor": accessor,
},
}
resp, err = i.HandleRequest(entityAliasReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
entityAliasID := resp.Data["id"].(string)
lookupReq := &logical.Request{
Path: "lookup/entity-alias",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"type": "id",
"id": entityAliasID,
},
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
}
if resp.Data["id"].(string) != entityAliasID {
t.Fatalf("bad: group alias: %#v\n", resp.Data)
if resp.Data["id"].(string) != entityID {
t.Fatalf("bad: entity: %#v", resp.Data)
}
lookupReq.Data = map[string]interface{}{
"type": "factors",
"mount_accessor": accessor,
"name": "testentityaliasname",
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != entityAliasID {
t.Fatalf("bad: entity alias: %#v\n", resp.Data)
"alias_name": "testaliasname",
"alias_mount_accessor": accessor,
}
entityReq = &logical.Request{
Path: "entity/id/" + entityID,
Operation: logical.ReadOperation,
}
resp, err = i.HandleRequest(entityReq)
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
}
if resp.Data["id"].(string) != entityID {
t.Fatalf("bad: entity: %#v", resp.Data)
}
// Supply 2 query criteria
lookupReq.Data = map[string]interface{}{
"id": entityID,
"name": entity.Name,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Supply alias name and skip accessor
lookupReq.Data = map[string]interface{}{
"alias_name": "testaliasname",
}
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Supply alias accessor and skip name
lookupReq.Data = map[string]interface{}{
"alias_mount_accessor": accessor,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Don't supply any criteria
lookupReq.Data = nil
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Delete the alias in the entity
aliasReq.Path = "entity-alias/id/" + aliasID
aliasReq.Operation = logical.DeleteOperation
resp, err = i.HandleRequest(aliasReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
}
lookupReq.Data = map[string]interface{}{
"type": "canonical_id",
"canonical_id": entityID,
"alias_id": aliasID,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
}
if resp.Data["id"].(string) != entityAliasID {
t.Fatalf("bad: entity alias: %#v\n", resp.Data)
}
}
func TestIdentityStore_Lookup_GroupAlias(t *testing.T) {
var err error
var resp *logical.Response
i, accessor, _ := testIdentityStoreWithGithubAuth(t)
groupReq := &logical.Request{
Path: "group",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"type": "external",
},
}
resp, err = i.HandleRequest(groupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
groupID := resp.Data["id"].(string)
groupAliasReq := &logical.Request{
Path: "group-alias",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"canonical_id": groupID,
"name": "testgroupaliasname",
"mount_type": "ldap",
"mount_accessor": accessor,
},
}
resp, err = i.HandleRequest(groupAliasReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
groupAliasID := resp.Data["id"].(string)
lookupReq := &logical.Request{
Path: "lookup/group-alias",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"type": "id",
"id": groupAliasID,
},
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != groupAliasID {
t.Fatalf("bad: group alias: %#v\n", resp.Data)
}
lookupReq.Data = map[string]interface{}{
"type": "factors",
"mount_accessor": accessor,
"name": "testgroupaliasname",
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != groupAliasID {
t.Fatalf("bad: group alias: %#v\n", resp.Data)
}
lookupReq.Data = map[string]interface{}{
"type": "canonical_id",
"canonical_id": groupID,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != groupAliasID {
t.Fatalf("bad: group alias: %#v\n", resp.Data)
if resp != nil {
t.Fatalf("expected a nil response")
}
}
@ -227,7 +175,7 @@ func TestIdentityStore_Lookup_Group(t *testing.T) {
var err error
var resp *logical.Response
i, _, _ := testIdentityStoreWithGithubAuth(t)
i, accessor, _ := testIdentityStoreWithGithubAuth(t)
groupReq := &logical.Request{
Path: "group",
@ -240,16 +188,15 @@ func TestIdentityStore_Lookup_Group(t *testing.T) {
groupID := resp.Data["id"].(string)
groupName := resp.Data["name"].(string)
lookupGroupReq := &logical.Request{
lookupReq := &logical.Request{
Path: "lookup/group",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"type": "id",
"id": groupID,
"id": groupID,
},
}
resp, err = i.HandleRequest(lookupGroupReq)
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
@ -257,16 +204,127 @@ func TestIdentityStore_Lookup_Group(t *testing.T) {
t.Fatalf("failed to lookup group")
}
lookupGroupReq.Data = map[string]interface{}{
"type": "name",
lookupReq.Data = map[string]interface{}{
"name": groupName,
}
resp, err = i.HandleRequest(lookupGroupReq)
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != groupID {
t.Fatalf("failed to lookup group")
}
// Query using an invalid alias_id
lookupReq.Data = map[string]interface{}{
"alias_id": "invalidaliasid",
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp != nil {
t.Fatalf("expected a nil response")
}
groupReq.Data = map[string]interface{}{
"type": "external",
}
resp, err = i.HandleRequest(groupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
groupID = resp.Data["id"].(string)
aliasReq := &logical.Request{
Path: "group-alias",
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"canonical_id": groupID,
"name": "testgroupalias",
"mount_accessor": accessor,
},
}
resp, err = i.HandleRequest(aliasReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
aliasID := resp.Data["id"].(string)
lookupReq.Data = map[string]interface{}{
"alias_id": aliasID,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != groupID {
t.Fatalf("failed to lookup group")
}
lookupReq.Data = map[string]interface{}{
"alias_name": "testgroupalias",
"alias_mount_accessor": accessor,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %#v\n", resp, err)
}
if resp.Data["id"].(string) != groupID {
t.Fatalf("failed to lookup group")
}
// Supply 2 query criteria
lookupReq.Data = map[string]interface{}{
"id": groupID,
"name": groupName,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Supply alias name and skip accessor
lookupReq.Data = map[string]interface{}{
"alias_name": "testgroupalias",
}
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Supply alias accessor and skip name
lookupReq.Data = map[string]interface{}{
"alias_mount_accessor": accessor,
}
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
// Don't supply any criteria
lookupReq.Data = nil
resp, err = i.HandleRequest(lookupReq)
if err != nil {
t.Fatal(err)
}
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error")
}
}