de419a6c99
In auth/aws/config/client, when only the iam_server_id_header_value was being updated on an existing config, it wouldn't get stored because I was trying to avoid unnecessarily flushing the cache of AWS clients, and the flag to not flush the cache also meant that the updated entry didn't get written back to the storage. This now adds a new flag for when other changes occur that don't require flushing the cache but do require getting written to the storage. It also adds a test for this explicitly. Fixes #3004
110 lines
2.9 KiB
Go
110 lines
2.9 KiB
Go
package awsauth
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/hashicorp/vault/logical"
|
|
)
|
|
|
|
func TestBackend_pathConfigClient(t *testing.T) {
|
|
config := logical.TestBackendConfig()
|
|
storage := &logical.InmemStorage{}
|
|
config.StorageView = storage
|
|
|
|
b, err := Backend(config)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, err = b.Setup(config)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// make sure we start with empty roles, which gives us confidence that the read later
|
|
// actually is the two roles we created
|
|
resp, err := b.HandleRequest(&logical.Request{
|
|
Operation: logical.ReadOperation,
|
|
Path: "config/client",
|
|
Storage: storage,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// at this point, resp == nil is valid as no client config exists
|
|
// if resp != nil, then resp.Data must have EndPoint and IAMServerIdHeaderValue as nil
|
|
if resp != nil {
|
|
if resp.IsError() {
|
|
t.Fatalf("failed to read client config entry")
|
|
} else if resp.Data["endpoint"] != nil || resp.Data["iam_server_id_header_value"] != nil {
|
|
t.Fatalf("returned endpoint or iam_server_id_header_value non-nil")
|
|
}
|
|
}
|
|
|
|
data := map[string]interface{}{
|
|
"sts_endpoint": "https://my-custom-sts-endpoint.example.com",
|
|
"iam_server_id_header_value": "vault_server_identification_314159",
|
|
}
|
|
resp, err = b.HandleRequest(&logical.Request{
|
|
Operation: logical.CreateOperation,
|
|
Path: "config/client",
|
|
Data: data,
|
|
Storage: storage,
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if resp != nil && resp.IsError() {
|
|
t.Fatal("failed to create the client config entry")
|
|
}
|
|
|
|
resp, err = b.HandleRequest(&logical.Request{
|
|
Operation: logical.ReadOperation,
|
|
Path: "config/client",
|
|
Storage: storage,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if resp == nil || resp.IsError() {
|
|
t.Fatal("failed to read the client config entry")
|
|
}
|
|
if resp.Data["iam_server_id_header_value"] != data["iam_server_id_header_value"] {
|
|
t.Fatalf("expected iam_server_id_header_value: '%#v'; returned iam_server_id_header_value: '%#v'",
|
|
data["iam_server_id_header_value"], resp.Data["iam_server_id_header_value"])
|
|
}
|
|
|
|
data = map[string]interface{}{
|
|
"iam_server_id_header_value": "vault_server_identification_2718281",
|
|
}
|
|
resp, err = b.HandleRequest(&logical.Request{
|
|
Operation: logical.UpdateOperation,
|
|
Path: "config/client",
|
|
Data: data,
|
|
Storage: storage,
|
|
})
|
|
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if resp != nil && resp.IsError() {
|
|
t.Fatal("failed to update the client config entry")
|
|
}
|
|
|
|
resp, err = b.HandleRequest(&logical.Request{
|
|
Operation: logical.ReadOperation,
|
|
Path: "config/client",
|
|
Storage: storage,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if resp == nil || resp.IsError() {
|
|
t.Fatal("failed to read the client config entry")
|
|
}
|
|
if resp.Data["iam_server_id_header_value"] != data["iam_server_id_header_value"] {
|
|
t.Fatalf("expected iam_server_id_header_value: '%#v'; returned iam_server_id_header_value: '%#v'",
|
|
data["iam_server_id_header_value"], resp.Data["iam_server_id_header_value"])
|
|
}
|
|
}
|