Skip to content

Commit

Permalink
Fixes from mount move testing (#14492)
Browse files Browse the repository at this point in the history
* Add validation, fix docs

* add changelog

* fmt fix

* Update vault/logical_system.go

Co-authored-by: Josh Black <[email protected]>

* Update vault/logical_system.go

Co-authored-by: Josh Black <[email protected]>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <[email protected]>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <[email protected]>

Co-authored-by: Josh Black <[email protected]>
  • Loading branch information
pmmukh and raskchanky authored Mar 15, 2022
1 parent a915c9d commit 0cb4e16
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 1 deletion.
3 changes: 3 additions & 0 deletions changelog/mount-migration.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
**Mount Migration**: Vault supports moving secrets and auth mounts both within and across namespaces.
```
7 changes: 7 additions & 0 deletions vault/logical_system.go
Original file line number Diff line number Diff line change
Expand Up @@ -1201,6 +1201,13 @@ func (b *SystemBackend) handleRemount(ctx context.Context, req *logical.Request,
logical.ErrInvalidRequest
}

if strings.Contains(fromPath, " ") {
return logical.ErrorResponse("'from' path cannot contain whitespace"), logical.ErrInvalidRequest
}
if strings.Contains(toPath, " ") {
return logical.ErrorResponse("'to' path cannot contain whitespace"), logical.ErrInvalidRequest
}

fromPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, fromPath)
toPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, toPath)

Expand Down
32 changes: 32 additions & 0 deletions vault/logical_system_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -995,6 +995,38 @@ func TestSystemBackend_remount_nonPrintable(t *testing.T) {
}
}

func TestSystemBackend_remount_spacesInFromPath(t *testing.T) {
b := testSystemBackend(t)

req := logical.TestRequest(t, logical.UpdateOperation, "remount")
req.Data["from"] = " foo / "
req.Data["to"] = "bar"
req.Data["config"] = structs.Map(MountConfig{})
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != `'from' path cannot contain whitespace` {
t.Fatalf("bad: %v", resp)
}
}

func TestSystemBackend_remount_spacesInToPath(t *testing.T) {
b := testSystemBackend(t)

req := logical.TestRequest(t, logical.UpdateOperation, "remount")
req.Data["from"] = "foo"
req.Data["to"] = " bar / "
req.Data["config"] = structs.Map(MountConfig{})
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != `'to' path cannot contain whitespace` {
t.Fatalf("bad: %v", resp)
}
}

func TestSystemBackend_leases(t *testing.T) {
core, b, root := testCoreSystemBackend(t)

Expand Down
2 changes: 1 addition & 1 deletion website/content/docs/commands/auth/move.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ method.**
Move the existing auth method at ns1/approle/ to ns2/new-approle/:

```shell-session
$ vault auth move ns1/approle/ ns2/new-approle/
$ vault auth move ns1/auth/approle/ ns2/auth/new-approle/
```

## Usage
Expand Down

0 comments on commit 0cb4e16

Please sign in to comment.