Support listing ldap group to policy mappings (Fixes #1270)

builtin/credential/ldap/backend.go

@@ -35,7 +35,9 @@ func Backend() *framework.Backend {
 		Paths: append([]*framework.Path{
 			pathConfig(&b),
 			pathGroups(&b),
+			pathGroupsList(&b),
 			pathUsers(&b),
+			pathUsersList(&b),
 		},
 			mfa.MFAPaths(b.Backend, pathLogin(&b))...,
 		),

builtin/credential/ldap/backend_test.go

@@ -2,6 +2,7 @@ package ldap
 
 import (
 	"fmt"
+	"reflect"
 	"testing"
 	"time"
 
@@ -38,6 +39,8 @@ func TestBackend_basic(t *testing.T) {
 			testAccStepGroup(t, "engineers", "bar"),
 			testAccStepUser(t, "tesla", "engineers"),
 			testAccStepLogin(t, "tesla", "password"),
+			testAccStepGroupList(t, []string{"engineers", "scientists"}),
+			testAccStepUserList(t, []string{"tesla"}),
 		},
 	})
 }
@@ -321,3 +324,39 @@ func TestLDAPEscape(t *testing.T) {
 		}
 	}
 }
+
+func testAccStepGroupList(t *testing.T, groups []string) logicaltest.TestStep {
+	return logicaltest.TestStep{
+		Operation: logical.ListOperation,
+		Path:      "groups",
+		Check: func(resp *logical.Response) error {
+			if resp.IsError() {
+				return fmt.Errorf("Got error response: %#v", *resp)
+			}
+
+			exp := groups
+			if !reflect.DeepEqual(exp, resp.Data["keys"].([]string)) {
+				return fmt.Errorf("expected:\n%#v\ngot:\n%#v\n", exp, resp.Data["keys"])
+			}
+			return nil
+		},
+	}
+}
+
+func testAccStepUserList(t *testing.T, users []string) logicaltest.TestStep {
+	return logicaltest.TestStep{
+		Operation: logical.ListOperation,
+		Path:      "users",
+		Check: func(resp *logical.Response) error {
+			if resp.IsError() {
+				return fmt.Errorf("Got error response: %#v", *resp)
+			}
+
+			exp := users
+			if !reflect.DeepEqual(exp, resp.Data["keys"].([]string)) {
+				return fmt.Errorf("expected:\n%#v\ngot:\n%#v\n", exp, resp.Data["keys"])
+			}
+			return nil
+		},
+	}
+}

builtin/credential/ldap/path_groups.go

@@ -8,6 +8,19 @@ import (
 	"github.com/hashicorp/vault/logical/framework"
 )
 
+func pathGroupsList(b *backend) *framework.Path {
+	return &framework.Path{
+		Pattern: "groups/?$",
+
+		Callbacks: map[logical.Operation]framework.OperationFunc{
+			logical.ListOperation: b.pathGroupList,
+		},
+
+		HelpSynopsis:    pathGroupHelpSyn,
+		HelpDescription: pathGroupHelpDesc,
+	}
+}
+
 func pathGroups(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: `groups/(?P<name>.+)`,
@@ -94,6 +107,15 @@ func (b *backend) pathGroupWrite(
 	return nil, nil
 }
 
+func (b *backend) pathGroupList(
+	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
+	groups, err := req.Storage.List("group/")
+	if err != nil {
+		return nil, err
+	}
+	return logical.ListResponse(groups), nil
+}
+
 type GroupEntry struct {
 	Policies []string
 }

builtin/credential/ldap/path_users.go

@@ -7,6 +7,19 @@ import (
 	"github.com/hashicorp/vault/logical/framework"
 )
 
+func pathUsersList(b *backend) *framework.Path {
+	return &framework.Path{
+		Pattern: "users/?$",
+
+		Callbacks: map[logical.Operation]framework.OperationFunc{
+			logical.ListOperation: b.pathUserList,
+		},
+
+		HelpSynopsis:    pathUserHelpSyn,
+		HelpDescription: pathUserHelpDesc,
+	}
+}
+
 func pathUsers(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: `users/(?P<name>.+)`,
@@ -25,7 +38,7 @@ func pathUsers(b *backend) *framework.Path {
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: b.pathUserDelete,
 			logical.ReadOperation:   b.pathUserRead,
-			logical.UpdateOperation:  b.pathUserWrite,
+			logical.UpdateOperation: b.pathUserWrite,
 		},
 
 		HelpSynopsis:    pathUserHelpSyn,
@@ -99,6 +112,15 @@ func (b *backend) pathUserWrite(
 	return nil, nil
 }
 
+func (b *backend) pathUserList(
+	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
+	users, err := req.Storage.List("user/")
+	if err != nil {
+		return nil, err
+	}
+	return logical.ListResponse(users), nil
+}
+
 type UserEntry struct {
 	Groups []string
 }