diff --git a/changelog/11975.txt b/changelog/11975.txt new file mode 100644 index 000000000..09691123e --- /dev/null +++ b/changelog/11975.txt @@ -0,0 +1,3 @@ +```release-note:bug +auth/ldap: Fix a bug where the LDAP auth method does not return the request_timeout configuration parameter on config read. +``` diff --git a/sdk/helper/ldaputil/client_test.go b/sdk/helper/ldaputil/client_test.go index 199f93a6b..f81294ffc 100644 --- a/sdk/helper/ldaputil/client_test.go +++ b/sdk/helper/ldaputil/client_test.go @@ -43,7 +43,7 @@ func TestLDAPEscape(t *testing.T) { } func TestGetTLSConfigs(t *testing.T) { - config := testConfig() + config := testConfig(t) if err := config.Validate(); err != nil { t.Fatal(err) } diff --git a/sdk/helper/ldaputil/config.go b/sdk/helper/ldaputil/config.go index b23f0304e..d4b21c8b8 100644 --- a/sdk/helper/ldaputil/config.go +++ b/sdk/helper/ldaputil/config.go @@ -417,6 +417,7 @@ func (c *ConfigEntry) PasswordlessMap() map[string]interface{} { "tls_max_version": c.TLSMaxVersion, "use_token_groups": c.UseTokenGroups, "anonymous_group_search": c.AnonymousGroupSearch, + "request_timeout": c.RequestTimeout, } if c.CaseSensitiveNames != nil { m["case_sensitive_names"] = *c.CaseSensitiveNames diff --git a/sdk/helper/ldaputil/config_test.go b/sdk/helper/ldaputil/config_test.go index 40288cd02..21a552b9f 100644 --- a/sdk/helper/ldaputil/config_test.go +++ b/sdk/helper/ldaputil/config_test.go @@ -5,11 +5,12 @@ import ( "testing" "github.com/go-test/deep" + "github.com/hashicorp/vault/sdk/framework" ) func TestCertificateValidation(t *testing.T) { // certificate should default to "" without error if it doesn't exist - config := testConfig() + config := testConfig(t) if err := config.Validate(); err != nil { t.Fatal(err) } @@ -30,9 +31,24 @@ func TestCertificateValidation(t *testing.T) { } } +func TestNewConfigEntry(t *testing.T) { + s := &framework.FieldData{Schema: ConfigFields()} + config, err := NewConfigEntry(nil, s) + if err != nil { + t.Fatal("error getting default config") + } + configFromJSON := testJSONConfig(t, jsonConfigDefault) + + t.Run("equality_check", func(t *testing.T) { + if diff := deep.Equal(config, configFromJSON); len(diff) > 0 { + t.Fatalf("bad, diff: %#v", diff) + } + }) +} + func TestConfig(t *testing.T) { - config := testConfig() - configFromJSON := testJSONConfig(t) + config := testConfig(t) + configFromJSON := testJSONConfig(t, jsonConfig) t.Run("equality_check", func(t *testing.T) { if diff := deep.Equal(config, configFromJSON); len(diff) > 0 { @@ -51,7 +67,9 @@ func TestConfig(t *testing.T) { }) } -func testConfig() *ConfigEntry { +func testConfig(t *testing.T) *ConfigEntry { + t.Helper() + return &ConfigEntry{ Url: "ldap://138.91.247.105", UserDN: "example,com", @@ -63,9 +81,11 @@ func testConfig() *ConfigEntry { } } -func testJSONConfig(t *testing.T) *ConfigEntry { +func testJSONConfig(t *testing.T, rawJson []byte) *ConfigEntry { + t.Helper() + config := new(ConfigEntry) - if err := json.Unmarshal(jsonConfig, config); err != nil { + if err := json.Unmarshal(rawJson, config); err != nil { t.Fatal(err) } return config @@ -119,3 +139,31 @@ var jsonConfig = []byte(` "request_timeout": 30 } `) + +var jsonConfigDefault = []byte(` +{ + "url": "ldap://127.0.0.1", + "userdn": "", + "anonymous_group_search": false, + "groupdn": "", + "groupfilter": "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))", + "groupattr": "cn", + "upndomain": "", + "userattr": "cn", + "certificate": "", + "client_tls_cert": "", + "client_tsl_key": "", + "insecure_tls": false, + "starttls": false, + "binddn": "", + "bindpass": "", + "deny_null_bind": true, + "discoverdn": false, + "tls_min_version": "tls12", + "tls_max_version": "tls12", + "use_token_groups": false, + "use_pre111_group_cn_behavior": null, + "request_timeout": 90, + "case_sensitive_names": false +} +`)