Skip to content

Commit

Permalink
Add approle's remaining response schema definitions (#18772)
Browse files Browse the repository at this point in the history
  • Loading branch information
averche authored Jan 24, 2023
1 parent c1ea390 commit 4a6bfc9
Show file tree
Hide file tree
Showing 6 changed files with 97 additions and 6 deletions.
22 changes: 22 additions & 0 deletions builtin/credential/approle/path_login.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package approle
import (
"context"
"fmt"
"net/http"
"strings"
"time"

Expand All @@ -29,12 +30,33 @@ func pathLogin(b *backend) *framework.Path {
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathLoginUpdate,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: http.StatusText(http.StatusOK),
}},
},
},
logical.AliasLookaheadOperation: &framework.PathOperation{
Callback: b.pathLoginUpdateAliasLookahead,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: http.StatusText(http.StatusOK),
}},
},
},
logical.ResolveRoleOperation: &framework.PathOperation{
Callback: b.pathLoginResolveRole,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: http.StatusText(http.StatusOK),
Fields: map[string]*framework.FieldSchema{
"role": {
Type: framework.TypeString,
Required: true,
},
},
}},
},
},
},
HelpSynopsis: pathLoginHelpSys,
Expand Down
34 changes: 34 additions & 0 deletions builtin/credential/approle/path_login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"testing"
"time"

"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/testhelpers/schema"
"github.com/hashicorp/vault/sdk/logical"
)

Expand All @@ -14,6 +16,8 @@ func TestAppRole_BoundCIDRLogin(t *testing.T) {
var err error
b, s := createBackendWithStorage(t)

paths := []*framework.Path{pathLogin(b)}

// Create a role with secret ID binding disabled and only bound cidr list
// enabled
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Expand Down Expand Up @@ -64,6 +68,12 @@ func TestAppRole_BoundCIDRLogin(t *testing.T) {
if resp.Auth.BoundCIDRs[0].String() != "10.0.0.0/8" {
t.Fatalf("bad: %s", resp.Auth.BoundCIDRs[0].String())
}
schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, logical.UpdateOperation),
resp,
true,
)

// Override with a secret-id value, verify it doesn't pass
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Expand Down Expand Up @@ -120,13 +130,21 @@ func TestAppRole_BoundCIDRLogin(t *testing.T) {
if resp.Auth.BoundCIDRs[0].String() != "10.0.0.0/24" {
t.Fatalf("bad: %s", resp.Auth.BoundCIDRs[0].String())
}
schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, logical.UpdateOperation),
resp,
true,
)
}

func TestAppRole_RoleLogin(t *testing.T) {
var resp *logical.Response
var err error
b, storage := createBackendWithStorage(t)

paths := []*framework.Path{pathLogin(b)}

createRole(t, b, storage, "role1", "a,b,c")
roleRoleIDReq := &logical.Request{
Operation: logical.ReadOperation,
Expand Down Expand Up @@ -188,6 +206,13 @@ func TestAppRole_RoleLogin(t *testing.T) {
t.Fatalf("expected metadata.alias.role_name to equal 'role1', got: %v", val)
}

schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, loginReq.Operation),
resp,
true,
)

// Test renewal
renewReq := generateRenewRequest(storage, loginResp.Auth)

Expand Down Expand Up @@ -307,6 +332,8 @@ func TestAppRole_RoleResolve(t *testing.T) {
var err error
b, storage := createBackendWithStorage(t)

paths := []*framework.Path{pathLogin(b)}

role := "role1"
createRole(t, b, storage, role, "a,b,c")
roleRoleIDReq := &logical.Request{
Expand Down Expand Up @@ -353,6 +380,13 @@ func TestAppRole_RoleResolve(t *testing.T) {
if resp.Data["role"] != role {
t.Fatalf("Role was not as expected. Expected %s, received %s", role, resp.Data["role"])
}

schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, loginReq.Operation),
resp,
true,
)
}

func TestAppRole_RoleDoesNotExist(t *testing.T) {
Expand Down
11 changes: 9 additions & 2 deletions builtin/credential/approle/path_tidy_user_id.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,15 @@ func pathTidySecretID(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy/secret-id$",

Callbacks: map[logical.Operation]framework.OperationFunc{
logical.UpdateOperation: b.pathTidySecretIDUpdate,
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidySecretIDUpdate,
Responses: map[int][]framework.Response{
http.StatusAccepted: {{
Description: http.StatusText(http.StatusAccepted),
}},
},
},
},

HelpSynopsis: pathTidySecretIDSyn,
Expand Down
28 changes: 26 additions & 2 deletions builtin/credential/approle/path_tidy_user_id_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import (
"testing"
"time"

"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/testhelpers/schema"
"github.com/hashicorp/vault/sdk/logical"
)

Expand All @@ -16,6 +18,8 @@ func TestAppRole_TidyDanglingAccessors_Normal(t *testing.T) {
var err error
b, storage := createBackendWithStorage(t)

paths := []*framework.Path{pathTidySecretID(b)}

// Create a role
createRole(t, b, storage, "role1", "a,b,c")

Expand Down Expand Up @@ -73,12 +77,18 @@ func TestAppRole_TidyDanglingAccessors_Normal(t *testing.T) {
t.Fatalf("bad: len(accessorHashes); expect 3, got %d", len(accessorHashes))
}

_, err = b.tidySecretID(context.Background(), &logical.Request{
secret, err := b.tidySecretID(context.Background(), &logical.Request{
Storage: storage,
})
if err != nil {
t.Fatal(err)
}
schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, logical.UpdateOperation),
secret,
true,
)

// It runs async so we give it a bit of time to run
time.Sleep(10 * time.Second)
Expand All @@ -97,6 +107,8 @@ func TestAppRole_TidyDanglingAccessors_RaceTest(t *testing.T) {
var err error
b, storage := createBackendWithStorage(t)

paths := []*framework.Path{pathTidySecretID(b)}

// Create a role
createRole(t, b, storage, "role1", "a,b,c")

Expand All @@ -116,12 +128,18 @@ func TestAppRole_TidyDanglingAccessors_RaceTest(t *testing.T) {
start := time.Now()
for time.Now().Sub(start) < 10*time.Second {
if time.Now().Sub(start) > 100*time.Millisecond && atomic.LoadUint32(b.tidySecretIDCASGuard) == 0 {
_, err = b.tidySecretID(context.Background(), &logical.Request{
secret, err := b.tidySecretID(context.Background(), &logical.Request{
Storage: storage,
})
if err != nil {
t.Fatal(err)
}
schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, logical.UpdateOperation),
secret,
true,
)
}
wg.Add(1)
go func() {
Expand Down Expand Up @@ -173,6 +191,12 @@ func TestAppRole_TidyDanglingAccessors_RaceTest(t *testing.T) {
if err != nil || len(secret.Warnings) > 0 {
t.Fatal(err, secret.Warnings)
}
schema.ValidateResponse(
t,
schema.FindResponseSchema(t, paths, 0, logical.UpdateOperation),
secret,
true,
)

// Wait for tidy to start
for atomic.LoadUint32(b.tidySecretIDCASGuard) == 0 {
Expand Down
3 changes: 3 additions & 0 deletions changelog/18772.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
openapi: Add openapi response definitions to approle/path_login.go & approle/path_tidy_user_id.go
```
5 changes: 3 additions & 2 deletions sdk/helper/testhelpers/schema/response_validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,9 @@ func FindResponseSchema(t *testing.T, paths []*framework.Path, pathIdx int, oper
var schemaResponses []framework.Response

for _, status := range []int{
http.StatusOK,
http.StatusNoContent,
http.StatusOK, // 200
http.StatusAccepted, // 202
http.StatusNoContent, // 204
} {
schemaResponses, ok = schemaOperation.Properties().Responses[status]
if ok {
Expand Down

0 comments on commit 4a6bfc9

Please sign in to comment.