Fix PKI test; add deprecated parameter as synonym

2018-09-05 12:33:31 -04:00 · 2018-09-05 12:33:31 -04:00 · f8da8a556f
parent 14d7921db6
commit f8da8a556f
3 changed files with 11 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -26,7 +26,7 @@ BUG FIXES:
 * secrets/database: Fix nil pointer when revoking some leases [GH-5262]
 * secrets/pki: Fix sign-verbatim losing extra Subject attributes [GH-5245]
 * secrets/pki: Remove certificates from store when tidying revoked
-   certificates [GH-5231]
+   certificates and simplify API [GH-5231]
 * ui: JSON editor will not coerce input to an object, and will now show an 
   error about Vault expecting an object [GH-5271]
 
--- a/builtin/logical/pki/ca_test.go
+++ b/builtin/logical/pki/ca_test.go
@ -82,7 +82,7 @@ func TestBackend_CA_Steps(t *testing.T) {
 			NotBefore:             time.Now().Add(-30 * time.Second),
 			NotAfter:              time.Now().Add(262980 * time.Hour),
 			BasicConstraintsValid: true,
-			IsCA:                  true,
+			IsCA: true,
 		}
 		caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, cak.Public(), cak)
 		if err != nil {
@ -107,7 +107,7 @@ func TestBackend_CA_Steps(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
-		subjKeyID, err = certutil.GetSubjKeyID(rak)
+		_, err = certutil.GetSubjKeyID(rak)
 		if err != nil {
 			panic(err)
 		}
@ -437,6 +437,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
 	}

 	verifyRevocation := func(t *testing.T, serial string, shouldFind bool) {
+		t.Helper()
 		// Verify it is now revoked
 		{
 			resp, err := client.Logical().Read(rootName + "cert/" + intSerialNumber)
--- a/builtin/logical/pki/path_tidy.go
+++ b/builtin/logical/pki/path_tidy.go
@ -23,6 +23,11 @@ func pathTidy(b *backend) *framework.Path {
 the certificate store`,
 			},

+			"tidy_revocation_list": &framework.FieldSchema{
+				Type:        framework.TypeBool,
+				Description: `Deprecated; synonym for 'tidy_revoked_certs`,
+			},
+
 			"tidy_revoked_certs": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `Set to true to expire all revoked
@ -54,6 +59,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
 	safetyBuffer := d.Get("safety_buffer").(int)
 	tidyCertStore := d.Get("tidy_cert_store").(bool)
 	tidyRevokedCerts := d.Get("tidy_revoked_certs").(bool)
+	tidyRevocationList := d.Get("tidy_revocation_list").(bool)

 	if safetyBuffer < 1 {
 		return logical.ErrorResponse("safety_buffer must be greater than zero"), nil
@ -121,7 +127,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
 				}
 			}

-			if tidyRevokedCerts {
+			if tidyRevokedCerts || tidyRevocationList {
 				b.revokeStorageLock.Lock()
 				defer b.revokeStorageLock.Unlock()