Test for issue 5729 (#5750)

* Test for 5729 * Remove unneeded space Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 11:16:10 -05:00 · 2018-11-13 11:16:10 -05:00 · b4836575fb
parent e4087474b6
commit b4836575fb
6 changed files with 79 additions and 7 deletions
--- a/vault/identity_store_aliases.go
+++ b/vault/identity_store_aliases.go
@ -192,7 +192,7 @@ func (i *IdentityStore) handleAliasUpdateCommon() framework.OperationFunc {

 		resp := &logical.Response{}

-		// If we found an exisitng alias we won't hit this condition because
+		// If we found an existing alias we won't hit this condition because
 		// canonicalID being empty will result in nil being returned in the block
 		// above, so in this case we know that creating a new entity is the right
 		// thing.
--- a/vault/identity_store_aliases_test.go
+++ b/vault/identity_store_aliases_test.go
@ -10,6 +10,78 @@ import (
 	"github.com/hashicorp/vault/logical"
 )

+// Issue 5729
+func TestIdentityStore_DuplicateAliases(t *testing.T) {
+	c, _, _ := TestCoreUnsealed(t)
+
+	resp, err := c.systemBackend.HandleRequest(namespace.RootContext(nil), &logical.Request{
+		Path:      "auth",
+		Operation: logical.ReadOperation,
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
+	}
+
+	tokenMountAccessor := resp.Data["token/"].(map[string]interface{})["accessor"].(string)
+
+	// Create an entity and attach an alias to it
+	resp, err = c.identityStore.HandleRequest(namespace.RootContext(nil), &logical.Request{
+		Path:      "entity-alias",
+		Operation: logical.UpdateOperation,
+		Data: map[string]interface{}{
+			"mount_accessor": tokenMountAccessor,
+			"name":           "testaliasname",
+		},
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
+	}
+	aliasID := resp.Data["id"].(string)
+
+	// Create another entity without an alias
+	resp, err = c.identityStore.HandleRequest(namespace.RootContext(nil), &logical.Request{
+		Path:      "entity",
+		Operation: logical.UpdateOperation,
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
+	}
+	entityID2 := resp.Data["id"].(string)
+
+	// Set the second entity ID as the canonical ID for the previous alias,
+	// initiating an alias transfer
+	resp, err = c.identityStore.HandleRequest(namespace.RootContext(nil), &logical.Request{
+		Path:      "entity-alias/id/" + aliasID,
+		Operation: logical.UpdateOperation,
+		Data: map[string]interface{}{
+			"canonical_id": entityID2,
+		},
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
+	}
+
+	// Read the new entity
+	resp, err = c.identityStore.HandleRequest(namespace.RootContext(nil), &logical.Request{
+		Path:      "entity/id/" + entityID2,
+		Operation: logical.ReadOperation,
+	})
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
+	}
+
+	// Ensure that there is only one alias
+	aliases := resp.Data["aliases"].([]interface{})
+	if len(aliases) != 1 {
+		t.Fatalf("bad: length of aliases; expected: %d, actual: %d", 1, len(aliases))
+	}
+
+	// Ensure that no merging activity has taken place
+	if len(aliases[0].(map[string]interface{})["merged_from_canonical_ids"].([]string)) != 0 {
+		t.Fatalf("expected no merging to take place")
+	}
+}
+
 func TestIdentityStore_CaseInsensitiveEntityAliasName(t *testing.T) {
 	ctx := namespace.RootContext(nil)
 	i, accessor, _ := testIdentityStoreWithGithubAuth(ctx, t)
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -2710,7 +2710,7 @@ func hasMountAccess(ctx context.Context, acl *ACL, path string) bool {
 		return false
 	}

-	// If an ealier policy is giving us access to the mount path then we can do
+	// If an earlier policy is giving us access to the mount path then we can do
 	// a fast return.
 	capabilities := acl.Capabilities(ctx, ns.TrimmedPath(path))
 	if !strutil.StrListContains(capabilities, DenyCapability) {
--- a/vault/policy_test.go
+++ b/vault/policy_test.go
@ -299,14 +299,14 @@ func TestPolicy_ParseBadPath(t *testing.T) {
 	_, err := ParseACLPolicy(namespace.RootNamespace, strings.TrimSpace(`
 path "/" {
 	capabilities = ["read"]
-	capabilites  = ["read"]
+	capabilities = ["read"]
 }
 `))
 	if err == nil {
 		t.Fatalf("expected error")
 	}

-	if !strings.Contains(err.Error(), `invalid key "capabilites" on line 3`) {
+	if !strings.Contains(err.Error(), `invalid key "capabilities" on line 3`) {
 		t.Errorf("bad error: %s", err)
 	}
 }
--- a/vault/testing.go
+++ b/vault/testing.go
@ -107,7 +107,7 @@ func TestCoreNewSeal(t testing.T) *Core {
 }

 // TestCoreWithConfig returns a pure in-memory, uninitialized core with the
-// specified core configurations overriden for testing.
+// specified core configurations overridden for testing.
 func TestCoreWithConfig(t testing.T, conf *CoreConfig) *Core {
 	return TestCoreWithSealAndUI(t, conf)
 }
@ -282,7 +282,7 @@ func TestCoreUnsealedRaw(t testing.T) (*Core, [][]byte, string) {
 }

 // TestCoreUnsealedWithConfig returns a pure in-memory core that is already
-// initialized, unsealed, with the any provided core config values overriden.
+// initialized, unsealed, with the any provided core config values overridden.
 func TestCoreUnsealedWithConfig(t testing.T, conf *CoreConfig) (*Core, [][]byte, string) {
 	t.Helper()
 	core := TestCoreWithConfig(t, conf)
--- a/vault/token_store.go
+++ b/vault/token_store.go
@ -65,7 +65,7 @@ const (
 )

 var (
-	// TokenLength is the size of tokens we are currenlty generating, without
+	// TokenLength is the size of tokens we are currently generating, without
 	// any namespace information
 	TokenLength = 24