luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Fixes from mount move testing (#14492) 

* Add validation, fix docs

* add changelog

* fmt fix

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
This commit is contained in:
Pratyoy Mukhopadhyay 2022-03-15 11:11:23 -07:00 committed by GitHub
parent f6712ca417
commit d222981cec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/mount-migration.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
**Mount Migration**: Vault supports moving secrets and auth mounts both within and across namespaces.
```

7
vault/logical_system.go
View File

@ -1201,6 +1201,13 @@ func (b *SystemBackend) handleRemount(ctx context.Context, req *logical.Request,
logical.ErrInvalidRequest logical.ErrInvalidRequest
} }
if strings.Contains(fromPath, " ") {
return logical.ErrorResponse("'from' path cannot contain whitespace"), logical.ErrInvalidRequest
}
if strings.Contains(toPath, " ") {
return logical.ErrorResponse("'to' path cannot contain whitespace"), logical.ErrInvalidRequest
}
fromPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, fromPath) fromPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, fromPath)
toPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, toPath) toPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, toPath)

32
vault/logical_system_test.go
View File

@ -995,6 +995,38 @@ func TestSystemBackend_remount_nonPrintable(t *testing.T) {
} }
} }
func TestSystemBackend_remount_spacesInFromPath(t *testing.T) {
b := testSystemBackend(t)
req := logical.TestRequest(t, logical.UpdateOperation, "remount")
req.Data["from"] = " foo / "
req.Data["to"] = "bar"
req.Data["config"] = structs.Map(MountConfig{})
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != `'from' path cannot contain whitespace` {
t.Fatalf("bad: %v", resp)
}
}
func TestSystemBackend_remount_spacesInToPath(t *testing.T) {
b := testSystemBackend(t)
req := logical.TestRequest(t, logical.UpdateOperation, "remount")
req.Data["from"] = "foo"
req.Data["to"] = " bar / "
req.Data["config"] = structs.Map(MountConfig{})
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != `'to' path cannot contain whitespace` {
t.Fatalf("bad: %v", resp)
}
}
func TestSystemBackend_leases(t *testing.T) { func TestSystemBackend_leases(t *testing.T) {
core, b, root := testCoreSystemBackend(t) core, b, root := testCoreSystemBackend(t)

2
website/content/docs/commands/auth/move.mdx
View File

@ -25,7 +25,7 @@ method.**
Move the existing auth method at ns1/approle/ to ns2/new-approle/: Move the existing auth method at ns1/approle/ to ns2/new-approle/:
```shell-session ```shell-session
$ vault auth move ns1/approle/ ns2/new-approle/ $ vault auth move ns1/auth/approle/ ns2/auth/new-approle/
``` ```
## Usage ## Usage