logical/framework: support Salt in PathMap

2015-06-30 14:28:45 -07:00 · 2015-06-30 14:28:45 -07:00 · e892d728a2
parent 579c1433a2
commit e892d728a2
2 changed files with 125 additions and 0 deletions
--- a/logical/framework/path_map.go
+++ b/logical/framework/path_map.go
@ -5,6 +5,7 @@ import (
 	"strings"
 	"sync"

+	"github.com/hashicorp/vault/helper/salt"
 	"github.com/hashicorp/vault/logical"
 )

@ -19,6 +20,7 @@ type PathMap struct {
 	Name          string
 	Schema        map[string]*FieldSchema
 	CaseSensitive bool
+	Salt          *salt.Salt

 	once sync.Once
 }
@ -47,6 +49,11 @@ func (p *PathMap) pathStruct(k string) *PathStruct {
 		k = strings.ToLower(k)
 	}

+	// If we have a salt, apply it before lookup
+	if p.Salt != nil {
+		k = p.Salt.SaltID(k)
+	}
+
 	return &PathStruct{
 		Name:   fmt.Sprintf("map/%s/%s", p.Name, k),
 		Schema: p.Schema,
--- a/logical/framework/path_map_test.go
+++ b/logical/framework/path_map_test.go
@ -3,6 +3,7 @@ package framework
 import (
 	"testing"

+	"github.com/hashicorp/vault/helper/salt"
 	"github.com/hashicorp/vault/logical"
 )

@ -121,3 +122,120 @@ func TestPathMap_routes(t *testing.T) {
 		"map/foo/bar-baz", // Hyphen key
 	})
 }
+
+func TestPathMap_Salted(t *testing.T) {
+	storage := new(logical.InmemStorage)
+	salt, err := salt.NewSalt(storage, nil)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	p := &PathMap{Name: "foo", Salt: salt}
+	var b logical.Backend = &Backend{Paths: p.Paths()}
+
+	// Write via HTTP
+	_, err = b.HandleRequest(&logical.Request{
+		Operation: logical.WriteOperation,
+		Path:      "map/foo/a",
+		Data: map[string]interface{}{
+			"value": "bar",
+		},
+		Storage: storage,
+	})
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+
+	// Non-salted version should not be there
+	out, err := storage.Get("struct/map/foo/a")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if out != nil {
+		t.Fatalf("non-salted key found")
+	}
+
+	// Ensure the path is salted
+	expect := salt.SaltID("a")
+	out, err = storage.Get("struct/map/foo/" + expect)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if out == nil {
+		t.Fatalf("missing salted key")
+	}
+
+	// Read via HTTP
+	resp, err := b.HandleRequest(&logical.Request{
+		Operation: logical.ReadOperation,
+		Path:      "map/foo/a",
+		Storage:   storage,
+	})
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if resp.Data["value"] != "bar" {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	// Read via API
+	v, err := p.Get(storage, "a")
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if v["value"] != "bar" {
+		t.Fatalf("bad: %#v", v)
+	}
+
+	// Read via API with other casing
+	v, err = p.Get(storage, "A")
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if v["value"] != "bar" {
+		t.Fatalf("bad: %#v", v)
+	}
+
+	// Verify List
+	keys, err := p.List(storage, "")
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if len(keys) != 1 || keys[0] != expect {
+		t.Fatalf("bad: %#v", keys)
+	}
+
+	// Delete via HTTP
+	resp, err = b.HandleRequest(&logical.Request{
+		Operation: logical.DeleteOperation,
+		Path:      "map/foo/a",
+		Storage:   storage,
+	})
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if resp != nil {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	// Re-read via HTTP
+	resp, err = b.HandleRequest(&logical.Request{
+		Operation: logical.ReadOperation,
+		Path:      "map/foo/a",
+		Storage:   storage,
+	})
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if _, ok := resp.Data["value"]; ok {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	// Re-read via API
+	v, err = p.Get(storage, "a")
+	if err != nil {
+		t.Fatalf("bad: %#v", err)
+	}
+	if v != nil {
+		t.Fatalf("bad: %#v", v)
+	}
+}