From c663c5b6ec2a9458a544bc6599e2490cc9b2ddfc Mon Sep 17 00:00:00 2001 From: ncabatoff Date: Thu, 23 Apr 2020 14:35:26 -0400 Subject: [PATCH] The new okta library doesn't prepend /api/v1 to our URL paths like the old one does (we still use the old one in the absence of an API token, since the new one doesn't support that.) Make our shim prepend /api/v1 to manual requests for the new library like the old library does, and remove explicit /api/v1 from our request paths. (#8807) --- builtin/credential/okta/backend.go | 2 +- builtin/credential/okta/backend_test.go | 9 +++++++++ builtin/credential/okta/path_config.go | 4 ++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index 6d75a61883ab..441443cf3a31 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -100,7 +100,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri StateToken string `json:"stateToken"` } - authReq, err := shim.NewRequest("POST", "/api/v1/authn", map[string]interface{}{ + authReq, err := shim.NewRequest("POST", "authn", map[string]interface{}{ "username": username, "password": password, }) diff --git a/builtin/credential/okta/backend_test.go b/builtin/credential/okta/backend_test.go index 9a6b20d9e130..0794ea9081fc 100644 --- a/builtin/credential/okta/backend_test.go +++ b/builtin/credential/okta/backend_test.go @@ -15,6 +15,15 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) +// To run this test, set the following env variables: +// VAULT_ACC=1 +// OKTA_ORG=dev-219337 +// OKTA_API_TOKEN= +// OKTA_USERNAME=test2@example.com +// OKTA_PASSWORD= +// +// You will need to install the Okta client app on your mobile device and +// setup MFA. func TestBackend_Config(t *testing.T) { defaultLeaseTTLVal := time.Hour * 12 maxLeaseTTLVal := time.Hour * 24 diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index 32d8b3d959f6..7faede370a89 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-cleanhttp" "net/http" "net/url" + "strings" "time" oktaold "github.com/chrismalek/oktasdk-go/okta" @@ -282,6 +283,9 @@ func (new *oktaShimNew) Client() *oktanew.Client { } func (new *oktaShimNew) NewRequest(method string, url string, body interface{}) (*http.Request, error) { + if !strings.HasPrefix(url, "/") { + url = "/api/v1/" + url + } return new.client.GetRequestExecutor().NewRequest(method, url, body) }