Skip to content

Commit

Permalink
s/enable_local_secret_ids/local_secret_ids
Browse files Browse the repository at this point in the history
  • Loading branch information
vishalnayak committed Apr 24, 2018
1 parent 3c49d7b commit a030db2
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 39 deletions.
36 changes: 18 additions & 18 deletions builtin/credential/approle/path_role.go
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ TTL will be set to the value of this parameter.`,
Type: framework.TypeString,
Description: "Identifier of the role. Defaults to a UUID.",
},
"enable_local_secret_ids": &framework.FieldSchema{
"local_secret_ids": &framework.FieldSchema{
Type: framework.TypeBool,
Description: `If set, the secret IDs generated using this role will be cluster local. This
can only be set during role creation and once set, it can't be reset later.`,
Expand All @@ -184,15 +184,15 @@ can only be set during role creation and once set, it can't be reset later.`,
HelpDescription: strings.TrimSpace(roleHelp["role"][1]),
},
&framework.Path{
Pattern: "role/" + framework.GenericNameRegex("role_name") + "/enable-local-secret-ids$",
Pattern: "role/" + framework.GenericNameRegex("role_name") + "/local-secret-ids$",
Fields: map[string]*framework.FieldSchema{
"role_name": &framework.FieldSchema{
Type: framework.TypeString,
Description: "Name of the role.",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.pathRoleEnableLocalSecretIDsRead,
logical.ReadOperation: b.pathRoleLocalSecretIDsRead,
},
HelpSynopsis: strings.TrimSpace(roleHelp["role-local-secret-ids"][0]),
HelpDescription: strings.TrimSpace(roleHelp["role-local-secret-ids"][1]),
Expand Down Expand Up @@ -807,7 +807,7 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request
return logical.ErrorResponse(fmt.Sprintf("role name %q doesn't exist", roleName)), nil
}

localSecretIDsRaw, ok := data.GetOk("enable_local_secret_ids")
localSecretIDsRaw, ok := data.GetOk("local_secret_ids")
if ok {
switch {
case req.Operation == logical.CreateOperation:
Expand All @@ -816,7 +816,7 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request
role.SecretIDPrefix = secretIDLocalPrefix
}
default:
return logical.ErrorResponse("enable_local_secret_ids can only be modified during role creation"), nil
return logical.ErrorResponse("local_secret_ids can only be modified during role creation"), nil
}
}

Expand Down Expand Up @@ -948,20 +948,20 @@ func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *
}

respData := map[string]interface{}{
"bind_secret_id": role.BindSecretID,
"bound_cidr_list": role.BoundCIDRList,
"period": role.Period / time.Second,
"policies": role.Policies,
"secret_id_num_uses": role.SecretIDNumUses,
"secret_id_ttl": role.SecretIDTTL / time.Second,
"token_max_ttl": role.TokenMaxTTL / time.Second,
"token_num_uses": role.TokenNumUses,
"token_ttl": role.TokenTTL / time.Second,
"enable_local_secret_ids": false,
"bind_secret_id": role.BindSecretID,
"bound_cidr_list": role.BoundCIDRList,
"period": role.Period / time.Second,
"policies": role.Policies,
"secret_id_num_uses": role.SecretIDNumUses,
"secret_id_ttl": role.SecretIDTTL / time.Second,
"token_max_ttl": role.TokenMaxTTL / time.Second,
"token_num_uses": role.TokenNumUses,
"token_ttl": role.TokenTTL / time.Second,
"local_secret_ids": false,
}

if role.SecretIDPrefix == secretIDLocalPrefix {
respData["enable_local_secret_ids"] = true
respData["local_secret_ids"] = true
}

resp := &logical.Response{
Expand Down Expand Up @@ -1450,7 +1450,7 @@ func (b *backend) pathRoleBindSecretIDDelete(ctx context.Context, req *logical.R
return nil, b.setRoleEntry(ctx, req.Storage, roleName, role, "")
}

func (b *backend) pathRoleEnableLocalSecretIDsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleLocalSecretIDsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
Expand All @@ -1471,7 +1471,7 @@ func (b *backend) pathRoleEnableLocalSecretIDsRead(ctx context.Context, req *log
}
return &logical.Response{
Data: map[string]interface{}{
"enable_local_secret_ids": localSecretIDs,
"local_secret_ids": localSecretIDs,
},
}, nil
}
Expand Down
42 changes: 21 additions & 21 deletions builtin/credential/approle/path_role_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ import (
"github.com/mitchellh/mapstructure"
)

func TestAppRole_EnableLocalSecretIDsRead(t *testing.T) {
func TestAppRole_LocalSecretIDsRead(t *testing.T) {
var resp *logical.Response
var err error
b, storage := createBackendWithStorage(t)

roleData := map[string]interface{}{
"enable_local_secret_ids": true,
"bind_secret_id": true,
"local_secret_ids": true,
"bind_secret_id": true,
}

resp, err = b.HandleRequest(context.Background(), &logical.Request{
Expand All @@ -35,13 +35,13 @@ func TestAppRole_EnableLocalSecretIDsRead(t *testing.T) {
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Storage: storage,
Path: "role/testrole/enable-local-secret-ids",
Path: "role/testrole/local-secret-ids",
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
if !resp.Data["enable_local_secret_ids"].(bool) {
t.Fatalf("expected enable_local_secret_ids to be returned")
if !resp.Data["local_secret_ids"].(bool) {
t.Fatalf("expected local_secret_ids to be returned")
}
}

Expand All @@ -51,22 +51,22 @@ func TestApprole_LocalNonLocalSecretIDs(t *testing.T) {

b, storage := createBackendWithStorage(t)

// Create a role with enable_local_secret_ids set
// Create a role with local_secret_ids set
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrole1",
Operation: logical.CreateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default", "role1policy"},
"bind_secret_id": true,
"enable_local_secret_ids": true,
"policies": []string{"default", "role1policy"},
"bind_secret_id": true,
"local_secret_ids": true,
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: err: %v\n resp: %#v", err, resp)
}

// Create another role without setting enable_local_secret_ids
// Create another role without setting local_secret_ids
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrole2",
Operation: logical.CreateOperation,
Expand Down Expand Up @@ -158,7 +158,7 @@ func TestApprole_UpgradeSecretIDPrefix(t *testing.T) {
t.Fatalf("expected SecretIDPrefix to be set")
}

// Ensure that the API response contains enable_local_secret_ids
// Ensure that the API response contains local_secret_ids
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrole",
Operation: logical.ReadOperation,
Expand All @@ -167,9 +167,9 @@ func TestApprole_UpgradeSecretIDPrefix(t *testing.T) {
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: err: %v\n resp: %#v", err, resp)
}
_, ok := resp.Data["enable_local_secret_ids"]
_, ok := resp.Data["local_secret_ids"]
if !ok {
t.Fatalf("expected enable_local_secret_ids to be present in the response")
t.Fatalf("expected local_secret_ids to be present in the response")
}
}

Expand All @@ -180,13 +180,13 @@ func TestApprole_LocalSecretIDImmutability(t *testing.T) {
b, storage := createBackendWithStorage(t)

roleData := map[string]interface{}{
"policies": []string{"default"},
"bind_secret_id": true,
"bound_cidr_list": []string{"127.0.0.1/18", "192.178.1.2/24"},
"enable_local_secret_ids": true,
"policies": []string{"default"},
"bind_secret_id": true,
"bound_cidr_list": []string{"127.0.0.1/18", "192.178.1.2/24"},
"local_secret_ids": true,
}

// Create a role with enable_local_secret_ids set
// Create a role with local_secret_ids set
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrole",
Operation: logical.CreateOperation,
Expand All @@ -197,15 +197,15 @@ func TestApprole_LocalSecretIDImmutability(t *testing.T) {
t.Fatalf("bad: err: %v\nresp: %#v", err, resp)
}

// Attempt to modify enable_local_secret_ids should fail
// Attempt to modify local_secret_ids should fail
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrole",
Operation: logical.UpdateOperation,
Storage: storage,
Data: roleData,
})
if resp == nil || !resp.IsError() {
t.Fatalf("expected an error since enable_local_secret_ids can't be overwritten")
t.Fatalf("expected an error since local_secret_ids can't be overwritten")
}
}

Expand Down

0 comments on commit a030db2

Please sign in to comment.