diff --git a/api/sys_generate_root.go b/api/sys_generate_root.go index 8f6e460ba..ec267a3d6 100644 --- a/api/sys_generate_root.go +++ b/api/sys_generate_root.go @@ -104,6 +104,7 @@ type GenerateRootStatusResponse struct { Progress int Required int Complete bool + EncodedToken string `json:"encoded_token"` EncodedRootToken string `json:"encoded_root_token"` PGPFingerprint string `json:"pgp_fingerprint"` } diff --git a/command/generate-root.go b/command/generate-root.go index 9402b8a24..955e3d8bd 100644 --- a/command/generate-root.go +++ b/command/generate-root.go @@ -309,6 +309,8 @@ func (c *GenerateRootCommand) dumpStatus(status *api.GenerateRootStatusResponse) } if len(status.EncodedRootToken) > 0 { statString = fmt.Sprintf("%s\n\nEncoded root token: %s", statString, status.EncodedRootToken) + } else if len(status.EncodedToken) > 0 { + statString = fmt.Sprintf("%s\n\nEncoded token: %s", statString, status.EncodedToken) } c.Ui.Output(statString) } diff --git a/http/sys_generate_root.go b/http/sys_generate_root.go index 1911e4259..a7f1e565d 100644 --- a/http/sys_generate_root.go +++ b/http/sys_generate_root.go @@ -148,13 +148,17 @@ func handleSysGenerateRootUpdate(core *vault.Core, generateStrategy vault.Genera } resp := &GenerateRootStatusResponse{ - Complete: result.Progress == result.Required, - Nonce: req.Nonce, - Progress: result.Progress, - Required: result.Required, - Started: true, - EncodedRootToken: result.EncodedRootToken, - PGPFingerprint: result.PGPFingerprint, + Complete: result.Progress == result.Required, + Nonce: req.Nonce, + Progress: result.Progress, + Required: result.Required, + Started: true, + EncodedToken: result.EncodedToken, + PGPFingerprint: result.PGPFingerprint, + } + + if generateStrategy == vault.GenerateStandardRootTokenStrategy { + resp.EncodedRootToken = result.EncodedToken } respondOk(w, resp) @@ -172,6 +176,7 @@ type GenerateRootStatusResponse struct { Progress int `json:"progress"` Required int `json:"required"` Complete bool `json:"complete"` + EncodedToken string `json:"encoded_token"` EncodedRootToken string `json:"encoded_root_token"` PGPFingerprint string `json:"pgp_fingerprint"` } diff --git a/http/sys_generate_root_test.go b/http/sys_generate_root_test.go index 347dd2e43..73850f662 100644 --- a/http/sys_generate_root_test.go +++ b/http/sys_generate_root_test.go @@ -32,6 +32,7 @@ func TestSysGenerateRootAttempt_Status(t *testing.T) { "progress": json.Number("0"), "required": json.Number("3"), "complete": false, + "encoded_token": "", "encoded_root_token": "", "pgp_fingerprint": "", "nonce": "", @@ -66,6 +67,7 @@ func TestSysGenerateRootAttempt_Setup_OTP(t *testing.T) { "progress": json.Number("0"), "required": json.Number("3"), "complete": false, + "encoded_token": "", "encoded_root_token": "", "pgp_fingerprint": "", } @@ -87,6 +89,7 @@ func TestSysGenerateRootAttempt_Setup_OTP(t *testing.T) { "progress": json.Number("0"), "required": json.Number("3"), "complete": false, + "encoded_token": "", "encoded_root_token": "", "pgp_fingerprint": "", } @@ -120,6 +123,7 @@ func TestSysGenerateRootAttempt_Setup_PGP(t *testing.T) { "progress": json.Number("0"), "required": json.Number("3"), "complete": false, + "encoded_token": "", "encoded_root_token": "", "pgp_fingerprint": "816938b8a29146fbe245dd29e7cbaf8e011db793", } @@ -156,6 +160,7 @@ func TestSysGenerateRootAttempt_Cancel(t *testing.T) { "progress": json.Number("0"), "required": json.Number("3"), "complete": false, + "encoded_token": "", "encoded_root_token": "", "pgp_fingerprint": "", } @@ -183,6 +188,7 @@ func TestSysGenerateRootAttempt_Cancel(t *testing.T) { "progress": json.Number("0"), "required": json.Number("3"), "complete": false, + "encoded_token": "", "encoded_root_token": "", "pgp_fingerprint": "", "nonce": "", @@ -282,9 +288,13 @@ func TestSysGenerateRoot_Update_OTP(t *testing.T) { testResponseBody(t, resp, &actual) } - if actual["encoded_root_token"] == nil { + if actual["encoded_token"] == nil || actual["encoded_token"] == "" { + t.Fatalf("no encoded token found in response") + } + if actual["encoded_root_token"] == nil || actual["encoded_root-token"] == "" { t.Fatalf("no encoded root token found in response") } + expected["encoded_token"] = actual["encoded_token"] expected["encoded_root_token"] = actual["encoded_root_token"] if !reflect.DeepEqual(actual, expected) { @@ -372,9 +382,13 @@ func TestSysGenerateRoot_Update_PGP(t *testing.T) { testResponseBody(t, resp, &actual) } - if actual["encoded_root_token"] == nil { + if actual["encoded_token"] == nil || actual["encoded_token"] == "" { + t.Fatalf("no encoded token found in response") + } + if actual["encoded_root_token"] == nil || actual["encoded_root-token"] == "" { t.Fatalf("no encoded root token found in response") } + expected["encoded_token"] = actual["encoded_token"] expected["encoded_root_token"] = actual["encoded_root_token"] if !reflect.DeepEqual(actual, expected) { diff --git a/vault/generate_root.go b/vault/generate_root.go index 13d280682..a248187b0 100644 --- a/vault/generate_root.go +++ b/vault/generate_root.go @@ -61,13 +61,13 @@ type GenerateRootConfig struct { // GenerateRootResult holds the result of a root generation update // command type GenerateRootResult struct { - Progress int - Required int - EncodedRootToken string - PGPFingerprint string + Progress int + Required int + EncodedToken string + PGPFingerprint string } -// GenerateRoot is used to return the root generation progress (num shares) +// GenerateRootProgress is used to return the root generation progress (num shares) func (c *Core) GenerateRootProgress() (int, error) { c.stateLock.RLock() defer c.stateLock.RUnlock() @@ -84,7 +84,7 @@ func (c *Core) GenerateRootProgress() (int, error) { return len(c.generateRootProgress), nil } -// GenerateRootConfig is used to read the root generation configuration +// GenerateRootConfiguration is used to read the root generation configuration // It stubbornly refuses to return the OTP if one is there. func (c *Core) GenerateRootConfiguration() (*GenerateRootConfig, error) { c.stateLock.RLock() @@ -328,10 +328,10 @@ func (c *Core) GenerateRootUpdate(key []byte, nonce string, strategy GenerateRoo } results := &GenerateRootResult{ - Progress: progress, - Required: config.SecretThreshold, - EncodedRootToken: base64.StdEncoding.EncodeToString(tokenBytes), - PGPFingerprint: c.generateRootConfig.PGPFingerprint, + Progress: progress, + Required: config.SecretThreshold, + EncodedToken: base64.StdEncoding.EncodeToString(tokenBytes), + PGPFingerprint: c.generateRootConfig.PGPFingerprint, } if c.logger.IsInfo() { diff --git a/vault/generate_root_test.go b/vault/generate_root_test.go index 50dad32f2..4c08f5bc5 100644 --- a/vault/generate_root_test.go +++ b/vault/generate_root_test.go @@ -190,7 +190,7 @@ func testCore_GenerateRoot_Update_OTP_Common(t *testing.T, c *Core, keys [][]byt t.Fatalf("Bad, result is nil") } - encodedRootToken := result.EncodedRootToken + encodedToken := result.EncodedToken // Should be no progress num, err := c.GenerateRootProgress() @@ -210,7 +210,7 @@ func testCore_GenerateRoot_Update_OTP_Common(t *testing.T, c *Core, keys [][]byt t.Fatalf("bad: %v", conf) } - tokenBytes, err := xor.XORBase64(encodedRootToken, otp) + tokenBytes, err := xor.XORBase64(encodedToken, otp) if err != nil { t.Fatal(err) } @@ -267,7 +267,7 @@ func testCore_GenerateRoot_Update_PGP_Common(t *testing.T, c *Core, keys [][]byt t.Fatalf("Bad, result is nil") } - encodedRootToken := result.EncodedRootToken + encodedToken := result.EncodedToken // Should be no progress num, err := c.GenerateRootProgress() @@ -287,7 +287,7 @@ func testCore_GenerateRoot_Update_PGP_Common(t *testing.T, c *Core, keys [][]byt t.Fatalf("bad: %v", conf) } - ptBuf, err := pgpkeys.DecryptBytes(encodedRootToken, pgpkeys.TestPrivKey1) + ptBuf, err := pgpkeys.DecryptBytes(encodedToken, pgpkeys.TestPrivKey1) if err != nil { t.Fatal(err) }