Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate password policies #40

Merged
merged 7 commits into from
Jun 17, 2020
Merged

Integrate password policies #40

merged 7 commits into from
Jun 17, 2020

Conversation

pcman312
Copy link
Contributor

@pcman312 pcman312 commented Jun 8, 2020
edited
Loading

Overview

  • Added password_policy field to config that references the new GeneratePasswordFromPolicy available on SystemView
  • Changed default password generation from a uuid to base62
  • Improved timeout handling on retry (adheres to context timeout)
  • Improved timeout assertion
  • Updated vendoring

Design of Change

password_policy field available on the config which references a password policy in Vault. This is an optional field and it will default to using the base62 package instead of uuid for password generation. The password length is the same as previous, but using uuid didn't feel right for default password generation.

Test Output

Output

This was run numerous times to check for flakiness and none was detected:

$ go test -v -race
=== RUN   TestRetry
=== PAUSE TestRetry
=== RUN   TestConfig
--- PASS: TestConfig (0.00s)
=== RUN   TestConfigDelete
--- PASS: TestConfigDelete (0.00s)
=== RUN   TestRoleCreate
=== RUN   TestRoleCreate/SP_role
=== RUN   TestRoleCreate/Static_SP_role
=== RUN   TestRoleCreate/Optional_role_TTLs
=== RUN   TestRoleCreate/Role_TTL_Checks
=== RUN   TestRoleCreate/Role_name_lookup
=== RUN   TestRoleCreate/Group_name_lookup
=== RUN   TestRoleCreate/Duplicate_role_name_and_scope
=== RUN   TestRoleCreate/Duplicate_role_name,_different_scope
=== RUN   TestRoleCreate/Duplicate_group_object_ID
=== RUN   TestRoleCreate/Role_name_lookup_(multiple_match)
=== RUN   TestRoleCreate/Group_name_lookup_(multiple_match)
--- PASS: TestRoleCreate (0.01s)
    --- PASS: TestRoleCreate/SP_role (0.00s)
    --- PASS: TestRoleCreate/Static_SP_role (0.00s)
    --- PASS: TestRoleCreate/Optional_role_TTLs (0.00s)
    --- PASS: TestRoleCreate/Role_TTL_Checks (0.00s)
    --- PASS: TestRoleCreate/Role_name_lookup (0.00s)
    --- PASS: TestRoleCreate/Group_name_lookup (0.00s)
    --- PASS: TestRoleCreate/Duplicate_role_name_and_scope (0.00s)
    --- PASS: TestRoleCreate/Duplicate_role_name,_different_scope (0.00s)
    --- PASS: TestRoleCreate/Duplicate_group_object_ID (0.00s)
    --- PASS: TestRoleCreate/Role_name_lookup_(multiple_match) (0.00s)
    --- PASS: TestRoleCreate/Group_name_lookup_(multiple_match) (0.00s)
=== RUN   TestRoleCreateBad
--- PASS: TestRoleCreateBad (0.00s)
=== RUN   TestRoleUpdateError
--- PASS: TestRoleUpdateError (0.00s)
=== RUN   TestRoleList
--- PASS: TestRoleList (0.00s)
=== RUN   TestRoleDelete
--- PASS: TestRoleDelete (0.00s)
=== RUN   TestSPRead
=== RUN   TestSPRead/Basic_Role
=== RUN   TestSPRead/Basic_Group
=== RUN   TestSPRead/TTLs
--- PASS: TestSPRead (0.01s)
    --- PASS: TestSPRead/Basic_Role (0.00s)
    --- PASS: TestSPRead/Basic_Group (0.00s)
    --- PASS: TestSPRead/TTLs (0.00s)
=== RUN   TestStaticSPRead
=== RUN   TestStaticSPRead/Basic
=== RUN   TestStaticSPRead/TTLs
--- PASS: TestStaticSPRead (0.00s)
    --- PASS: TestStaticSPRead/Basic (0.00s)
    --- PASS: TestStaticSPRead/TTLs (0.00s)
=== RUN   TestSPRevoke
=== RUN   TestSPRevoke/roles
=== RUN   TestSPRevoke/groups
--- PASS: TestSPRevoke (0.00s)
    --- PASS: TestSPRevoke/roles (0.00s)
    --- PASS: TestSPRevoke/groups (0.00s)
=== RUN   TestStaticSPRevoke
--- PASS: TestStaticSPRevoke (0.00s)
=== RUN   TestSPReadMissingRole
--- PASS: TestSPReadMissingRole (0.00s)
=== RUN   TestCredentialReadProviderError
--- PASS: TestCredentialReadProviderError (0.00s)
=== RUN   TestCredentialInteg
--- SKIP: TestCredentialInteg (0.00s)
=== CONT  TestRetry
=== RUN   TestRetry/First_try_success
=== RUN   TestRetry/Three_retries
=== PAUSE TestRetry/Three_retries
=== RUN   TestRetry/Error_on_attempt
=== PAUSE TestRetry/Error_on_attempt
=== RUN   TestRetry/Timeout
=== PAUSE TestRetry/Timeout
=== RUN   TestRetry/Cancellation
=== PAUSE TestRetry/Cancellation
=== CONT  TestRetry/Cancellation
=== CONT  TestRetry/Timeout
=== CONT  TestRetry/Three_retries
=== CONT  TestRetry/Error_on_attempt
--- PASS: TestRetry (0.00s)
    --- PASS: TestRetry/First_try_success (0.00s)
    --- PASS: TestRetry/Error_on_attempt (0.00s)
    --- PASS: TestRetry/Cancellation (7.00s)
    --- PASS: TestRetry/Three_retries (9.98s)
    --- PASS: TestRetry/Timeout (10.00s)
PASS
ok  	github.com/hashicorp/vault-plugin-secrets-azure	11.817s

Related Issues/Pull Requests

Password Policies PR (Vault#8637)

Contributor Checklist

  • Docs PR (to be added on Vault repo)
  • Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
  • Backwards compatible
    • Yes, though the default password generation is changed from a uuid to using base62

pcman312 added 2 commits June 8, 2020 14:14
@pcman312
Integrate password policies
adf8051 
* Added `password_policy` field to config that references the new
  `GeneratePasswordFromPolicy` available on `SystemView`
* Improved timeout handling on `retry` (adheres to context timeout)
* Improved timeout assertion
* Updated vendoring
@pcman312
Update go to 1.13.7
f7197b1
@pcman312 pcman312 requested a review from a team June 8, 2020 20:29
catsby
catsby reviewed Jun 15, 2020
View reviewed changes
Copy link
Contributor

@catsby catsby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit and a question that's easily resolved

client.go Show resolved Hide resolved
helpers_test.go Outdated Show resolved Hide resolved
@pcman312 pcman312 mentioned this pull request Jun 17, 2020
Merged
2 tasks
catsby
catsby approved these changes Jun 17, 2020
View reviewed changes
Copy link
Contributor

@catsby catsby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@pcman312 pcman312 merged commit 7f1b19e into master Jun 17, 2020
@pcman312 pcman312 deleted the password-policies branch June 17, 2020 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catsby catsby catsby approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pcman312 @catsby