Fix issuer patch of leaf_not_after_behavior (#20341)

* Fix patching issuer leaf_not_after_behavior

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for patching leaf_not_after_behavior

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
Alexander Scheel 2023-04-25 11:02:13 -04:00 committed by GitHub
parent 1e433add83
commit 918305d450
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 3 deletions

View File

@ -4984,12 +4984,13 @@ func TestIssuanceTTLs(t *testing.T) {
}) })
require.Error(t, err, "expected issuance to fail due to longer default ttl than cert ttl") require.Error(t, err, "expected issuance to fail due to longer default ttl than cert ttl")
resp, err = CBWrite(b, s, "issuer/root", map[string]interface{}{ resp, err = CBPatch(b, s, "issuer/root", map[string]interface{}{
"issuer_name": "root",
"leaf_not_after_behavior": "permit", "leaf_not_after_behavior": "permit",
}) })
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, resp) require.NotNil(t, resp)
require.NotNil(t, resp.Data)
require.Equal(t, resp.Data["leaf_not_after_behavior"], "permit")
_, err = CBWrite(b, s, "issue/local-testing", map[string]interface{}{ _, err = CBWrite(b, s, "issue/local-testing", map[string]interface{}{
"common_name": "testing", "common_name": "testing",
@ -5002,6 +5003,8 @@ func TestIssuanceTTLs(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
require.NotNil(t, resp) require.NotNil(t, resp)
require.NotNil(t, resp.Data)
require.Equal(t, resp.Data["leaf_not_after_behavior"], "truncate")
_, err = CBWrite(b, s, "issue/local-testing", map[string]interface{}{ _, err = CBWrite(b, s, "issue/local-testing", map[string]interface{}{
"common_name": "testing", "common_name": "testing",

View File

@ -783,7 +783,7 @@ func (b *backend) pathPatchIssuer(ctx context.Context, req *logical.Request, dat
} }
// Leaf Not After Changes // Leaf Not After Changes
rawLeafBehaviorData, ok := data.GetOk("leaf_not_after_behaivor") rawLeafBehaviorData, ok := data.GetOk("leaf_not_after_behavior")
if ok { if ok {
rawLeafBehavior := rawLeafBehaviorData.(string) rawLeafBehavior := rawLeafBehaviorData.(string)
var newLeafBehavior certutil.NotAfterBehavior var newLeafBehavior certutil.NotAfterBehavior

3
changelog/20341.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
secrets/pki: Fix patching of leaf_not_after_behavior on issuers.
```