[VAULT-3519] Return no_default_policy on token role read (#12565)

* [VAULT-3519] Return no_default_policy on token role read if set

* [VAULT-3519] Add changelog

* [VAULT-3519] Always return token_no_default_policy on role read

* Fix broken test

* Update role read response in docs
This commit is contained in:
Pratyoy Mukhopadhyay 2021-09-21 09:53:08 -07:00 committed by GitHub
parent a538936367
commit 8e6698fb4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 8 deletions

3
changelog/12565.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
core/token: Return the token_no_default_policy config on token role read if set
```

View File

@ -3223,6 +3223,7 @@ func (ts *TokenStore) tokenStoreRoleRead(ctx context.Context, req *logical.Reque
"renewable": role.Renewable,
"token_type": role.TokenType.String(),
"allowed_entity_aliases": role.AllowedEntityAliases,
"token_no_default_policy": role.TokenNoDefaultPolicy,
},
}

View File

@ -3194,6 +3194,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
"token_type": "default-service",
"token_num_uses": 123,
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": false,
}
if resp.Data["bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "0.0.0.0/0" {
@ -3219,6 +3220,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
"renewable": false,
"explicit_max_ttl": "80h",
"token_num_uses": 0,
"token_no_default_policy": true,
}
resp, err = core.HandleRequest(namespace.RootContext(nil), req)
@ -3256,6 +3258,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
"renewable": false,
"token_type": "default-service",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": true,
}
if resp.Data["bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "0.0.0.0/0" {
@ -3308,6 +3311,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
"renewable": false,
"token_type": "default-service",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": true,
}
if resp.Data["bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "0.0.0.0/0" {
@ -3328,6 +3332,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
req.Data = map[string]interface{}{
"path_suffix": "",
"bound_cidrs": []string{},
"token_no_default_policy": false,
}
resp, err = core.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) {
@ -3360,6 +3365,7 @@ func TestTokenStore_RoleCRUD(t *testing.T) {
"renewable": false,
"token_type": "default-service",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": false,
}
if diff := deep.Equal(expected, resp.Data); diff != nil {
@ -4428,6 +4434,7 @@ func TestTokenStore_RoleTokenFields(t *testing.T) {
"renewable": false,
"token_type": "batch",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": false,
}
if resp.Data["bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "127.0.0.1" {
@ -4483,6 +4490,7 @@ func TestTokenStore_RoleTokenFields(t *testing.T) {
"renewable": false,
"token_type": "default-service",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": false,
}
if resp.Data["bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "127.0.0.1" {
@ -4537,6 +4545,7 @@ func TestTokenStore_RoleTokenFields(t *testing.T) {
"renewable": false,
"token_type": "default-service",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": false,
}
if resp.Data["token_bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "127.0.0.1" {
@ -4593,6 +4602,7 @@ func TestTokenStore_RoleTokenFields(t *testing.T) {
"renewable": false,
"token_type": "service",
"allowed_entity_aliases": []string(nil),
"token_no_default_policy": false,
}
if resp.Data["token_bound_cidrs"].([]*sockaddr.SockAddrMarshaler)[0].String() != "127.0.0.1" {

View File

@ -636,6 +636,7 @@ $ curl \
"period": 0,
"renewable": true,
"token_explicit_max_ttl": 0,
"token_no_default_policy": false,
"token_period": 0,
"token_type": "default-service"
},