Skip to content

Commit

Permalink
Add missed description field for GET /sys/auth/:path/tune endpoint (#…
Browse files Browse the repository at this point in the history
…8193)

* fix #7623: add missed description field for GET /sys/auth/:path/tune endpoint

* fix #7623: allow empty description

* fix #7623: update tests with description field
  • Loading branch information
vvelikodny authored Feb 15, 2020
1 parent 7d550e2 commit 23cdc86
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 0 deletions.
8 changes: 8 additions & 0 deletions http/sys_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,13 +293,15 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"audit_non_hmac_request_keys": []interface{}{"foo"},
"audit_non_hmac_response_keys": []interface{}{"bar"},
"token_type": "default-service",
},
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -336,11 +338,13 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"token_type": "default-service",
},
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -372,11 +376,13 @@ func TestSysTuneAuth_showUIMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"token_type": "default-service",
},
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand All @@ -400,13 +406,15 @@ func TestSysTuneAuth_showUIMount(t *testing.T) {

actual = map[string]interface{}{}
expected = map[string]interface{}{
"description": "token based credentials",
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down
21 changes: 21 additions & 0 deletions http/sys_mount_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -727,11 +727,13 @@ func TestSysTuneMount_Options(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foo",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"test": "true"},
},
"description": "foo",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand All @@ -755,13 +757,15 @@ func TestSysTuneMount_Options(t *testing.T) {

actual = map[string]interface{}{}
expected = map[string]interface{}{
"description": "foo",
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foo",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -1175,11 +1179,13 @@ func TestSysTuneMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foo",
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "foo",
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
"force_no_cache": false,
Expand All @@ -1195,6 +1201,7 @@ func TestSysTuneMount(t *testing.T) {

// Set a low max
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{
"description": "foobar",
"default_lease_ttl": "40s",
"max_lease_ttl": "80s",
})
Expand All @@ -1210,11 +1217,13 @@ func TestSysTuneMount(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "foobar",
"default_lease_ttl": json.Number("40"),
"max_lease_ttl": json.Number("80"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "foobar",
"default_lease_ttl": json.Number("40"),
"max_lease_ttl": json.Number("80"),
"force_no_cache": false,
Expand Down Expand Up @@ -1305,13 +1314,15 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"audit_non_hmac_request_keys": []interface{}{"foo"},
"audit_non_hmac_response_keys": []interface{}{"bar"},
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -1349,11 +1360,13 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -1385,11 +1398,13 @@ func TestSysTuneMount_listingVisibility(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -1420,12 +1435,14 @@ func TestSysTuneMount_listingVisibility(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"listing_visibility": "unauth",
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down Expand Up @@ -1464,12 +1481,14 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"options": map[string]interface{}{"version": "1"},
"force_no_cache": false,
"passthrough_request_headers": []interface{}{"X-Vault-Foo"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"options": map[string]interface{}{"version": "1"},
Expand Down Expand Up @@ -1501,11 +1520,13 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) {
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
"options": map[string]interface{}{"version": "1"},
},
"description": "key/value secret storage",
"default_lease_ttl": json.Number("2764800"),
"max_lease_ttl": json.Number("2764800"),
"force_no_cache": false,
Expand Down
1 change: 1 addition & 0 deletions vault/logical_system.go
Original file line number Diff line number Diff line change
Expand Up @@ -1075,6 +1075,7 @@ func (b *SystemBackend) handleTuneReadCommon(ctx context.Context, path string) (

resp := &logical.Response{
Data: map[string]interface{}{
"description": mountEntry.Description,
"default_lease_ttl": int(sysView.DefaultLeaseTTL().Seconds()),
"max_lease_ttl": int(sysView.MaxLeaseTTL().Seconds()),
"force_no_cache": mountEntry.Config.ForceNoCache,
Expand Down
48 changes: 48 additions & 0 deletions vault/logical_system_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1583,6 +1583,54 @@ func TestSystemBackend_disableAuth(t *testing.T) {
}
}

func TestSystemBackend_tuneAuth(t *testing.T) {
c, b, _ := testCoreSystemBackend(t)
c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) {
return &NoopBackend{BackendType: logical.TypeCredential}, nil
}

req := logical.TestRequest(t, logical.ReadOperation, "auth/token/tune")
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil {
t.Fatal("resp is nil")
}

exp := map[string]interface{}{
"description": "token based credentials",
"default_lease_ttl": int(2764800),
"max_lease_ttl": int(2764800),
"force_no_cache": false,
"token_type": "default-service",
}

if diff := deep.Equal(resp.Data, exp); diff != nil {
t.Fatal(diff)
}

req = logical.TestRequest(t, logical.UpdateOperation, "auth/token/tune")
req.Data["description"] = ""
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}

req = logical.TestRequest(t, logical.ReadOperation, "auth/token/tune")
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil {
t.Fatal("resp is nil")
}

if resp.Data["description"] != "" {
t.Fatalf("got: %#v expect: %#v", resp.Data["description"], "")
}
}

func TestSystemBackend_policyList(t *testing.T) {
b := testSystemBackend(t)
req := logical.TestRequest(t, logical.ReadOperation, "policy")
Expand Down

0 comments on commit 23cdc86

Please sign in to comment.