From 23cdc8676149b25605808f2ee360f16bb29b1036 Mon Sep 17 00:00:00 2001 From: Vitaly Velikodny Date: Sat, 15 Feb 2020 18:32:47 +0000 Subject: [PATCH] Add missed description field for GET /sys/auth/:path/tune endpoint (#8193) * fix #7623: add missed description field for GET /sys/auth/:path/tune endpoint * fix #7623: allow empty description * fix #7623: update tests with description field --- http/sys_auth_test.go | 8 ++++++ http/sys_mount_test.go | 21 ++++++++++++++++ vault/logical_system.go | 1 + vault/logical_system_test.go | 48 ++++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+) diff --git a/http/sys_auth_test.go b/http/sys_auth_test.go index fa774a302227..84322c99a31d 100644 --- a/http/sys_auth_test.go +++ b/http/sys_auth_test.go @@ -293,6 +293,7 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -300,6 +301,7 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) { "audit_non_hmac_response_keys": []interface{}{"bar"}, "token_type": "default-service", }, + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -336,11 +338,13 @@ func TestSysTuneAuth_nonHMACKeys(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "token_type": "default-service", }, + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -372,11 +376,13 @@ func TestSysTuneAuth_showUIMount(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "token_type": "default-service", }, + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -400,6 +406,7 @@ func TestSysTuneAuth_showUIMount(t *testing.T) { actual = map[string]interface{}{} expected = map[string]interface{}{ + "description": "token based credentials", "lease_id": "", "renewable": false, "lease_duration": json.Number("0"), @@ -407,6 +414,7 @@ func TestSysTuneAuth_showUIMount(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "token based credentials", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, diff --git a/http/sys_mount_test.go b/http/sys_mount_test.go index ab448ac5e155..a235bf862e2d 100644 --- a/http/sys_mount_test.go +++ b/http/sys_mount_test.go @@ -727,11 +727,13 @@ func TestSysTuneMount_Options(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "foo", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "options": map[string]interface{}{"test": "true"}, }, + "description": "foo", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -755,6 +757,7 @@ func TestSysTuneMount_Options(t *testing.T) { actual = map[string]interface{}{} expected = map[string]interface{}{ + "description": "foo", "lease_id": "", "renewable": false, "lease_duration": json.Number("0"), @@ -762,6 +765,7 @@ func TestSysTuneMount_Options(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "foo", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -1175,11 +1179,13 @@ func TestSysTuneMount(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "foo", "default_lease_ttl": json.Number("259196400"), "max_lease_ttl": json.Number("259200000"), "force_no_cache": false, "options": map[string]interface{}{"version": "1"}, }, + "description": "foo", "default_lease_ttl": json.Number("259196400"), "max_lease_ttl": json.Number("259200000"), "force_no_cache": false, @@ -1195,6 +1201,7 @@ func TestSysTuneMount(t *testing.T) { // Set a low max resp = testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{ + "description": "foobar", "default_lease_ttl": "40s", "max_lease_ttl": "80s", }) @@ -1210,11 +1217,13 @@ func TestSysTuneMount(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "foobar", "default_lease_ttl": json.Number("40"), "max_lease_ttl": json.Number("80"), "force_no_cache": false, "options": map[string]interface{}{"version": "1"}, }, + "description": "foobar", "default_lease_ttl": json.Number("40"), "max_lease_ttl": json.Number("80"), "force_no_cache": false, @@ -1305,6 +1314,7 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -1312,6 +1322,7 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) { "audit_non_hmac_response_keys": []interface{}{"bar"}, "options": map[string]interface{}{"version": "1"}, }, + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -1349,11 +1360,13 @@ func TestSysTuneMount_nonHMACKeys(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "options": map[string]interface{}{"version": "1"}, }, + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -1385,11 +1398,13 @@ func TestSysTuneMount_listingVisibility(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "options": map[string]interface{}{"version": "1"}, }, + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -1420,12 +1435,14 @@ func TestSysTuneMount_listingVisibility(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "listing_visibility": "unauth", "options": map[string]interface{}{"version": "1"}, }, + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, @@ -1464,12 +1481,14 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "options": map[string]interface{}{"version": "1"}, "force_no_cache": false, "passthrough_request_headers": []interface{}{"X-Vault-Foo"}, }, + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "options": map[string]interface{}{"version": "1"}, @@ -1501,11 +1520,13 @@ func TestSysTuneMount_passthroughRequestHeaders(t *testing.T) { "warnings": nil, "auth": nil, "data": map[string]interface{}{ + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, "options": map[string]interface{}{"version": "1"}, }, + "description": "key/value secret storage", "default_lease_ttl": json.Number("2764800"), "max_lease_ttl": json.Number("2764800"), "force_no_cache": false, diff --git a/vault/logical_system.go b/vault/logical_system.go index a3c22d127b60..fc58ec6d8434 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -1075,6 +1075,7 @@ func (b *SystemBackend) handleTuneReadCommon(ctx context.Context, path string) ( resp := &logical.Response{ Data: map[string]interface{}{ + "description": mountEntry.Description, "default_lease_ttl": int(sysView.DefaultLeaseTTL().Seconds()), "max_lease_ttl": int(sysView.MaxLeaseTTL().Seconds()), "force_no_cache": mountEntry.Config.ForceNoCache, diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index ef8e892e78c6..30b1dffebe3c 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -1583,6 +1583,54 @@ func TestSystemBackend_disableAuth(t *testing.T) { } } +func TestSystemBackend_tuneAuth(t *testing.T) { + c, b, _ := testCoreSystemBackend(t) + c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) { + return &NoopBackend{BackendType: logical.TypeCredential}, nil + } + + req := logical.TestRequest(t, logical.ReadOperation, "auth/token/tune") + resp, err := b.HandleRequest(namespace.RootContext(nil), req) + if err != nil { + t.Fatalf("err: %v", err) + } + if resp == nil { + t.Fatal("resp is nil") + } + + exp := map[string]interface{}{ + "description": "token based credentials", + "default_lease_ttl": int(2764800), + "max_lease_ttl": int(2764800), + "force_no_cache": false, + "token_type": "default-service", + } + + if diff := deep.Equal(resp.Data, exp); diff != nil { + t.Fatal(diff) + } + + req = logical.TestRequest(t, logical.UpdateOperation, "auth/token/tune") + req.Data["description"] = "" + resp, err = b.HandleRequest(namespace.RootContext(nil), req) + if err != nil { + t.Fatalf("err: %v", err) + } + + req = logical.TestRequest(t, logical.ReadOperation, "auth/token/tune") + resp, err = b.HandleRequest(namespace.RootContext(nil), req) + if err != nil { + t.Fatalf("err: %v", err) + } + if resp == nil { + t.Fatal("resp is nil") + } + + if resp.Data["description"] != "" { + t.Fatalf("got: %#v expect: %#v", resp.Data["description"], "") + } +} + func TestSystemBackend_policyList(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.ReadOperation, "policy")