mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-14 02:27:02 +02:00
Return absolute paths while listing in LDAP backend (#5537)
This commit is contained in:
Vishal Nayak
GitHub
parent
9d6ca37537
commit
173f0e446e
@ -10,6 +10,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/vault/helper/namespace"
|
||||
"github.com/hashicorp/vault/helper/policyutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
logicaltest "github.com/hashicorp/vault/logical/testing"
|
||||
@ -33,6 +34,92 @@ func createBackendWithStorage(t *testing.T) (*backend, logical.Storage) {
|
||||
return b, config.StorageView
|
||||
}
|
||||
|
||||
func TestLdapAuthBackend_Listing(t *testing.T) {
|
||||
b, storage := createBackendWithStorage(t)
|
||||
|
||||
// Create group "testgroup"
|
||||
resp, err := b.HandleRequest(namespace.RootContext(nil), &logical.Request{
|
||||
Path: "groups/testgroup",
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Data: map[string]interface{}{
|
||||
"policies": []string{"default"},
|
||||
},
|
||||
})
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
|
||||
}
|
||||
|
||||
// Create group "nested/testgroup"
|
||||
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
|
||||
Path: "groups/nested/testgroup",
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Data: map[string]interface{}{
|
||||
"policies": []string{"default"},
|
||||
},
|
||||
})
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
|
||||
}
|
||||
|
||||
// Create user "testuser"
|
||||
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
|
||||
Path: "users/testuser",
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Data: map[string]interface{}{
|
||||
"policies": []string{"default"},
|
||||
"groups": "testgroup,nested/testgroup",
|
||||
},
|
||||
})
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
|
||||
}
|
||||
|
||||
// Create user "nested/testuser"
|
||||
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
|
||||
Path: "users/nested/testuser",
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Data: map[string]interface{}{
|
||||
"policies": []string{"default"},
|
||||
"groups": "testgroup,nested/testgroup",
|
||||
},
|
||||
})
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
|
||||
}
|
||||
|
||||
// List users
|
||||
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
|
||||
Path: "users/",
|
||||
Operation: logical.ListOperation,
|
||||
Storage: storage,
|
||||
})
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
|
||||
}
|
||||
expected := []string{"testuser", "nested/testuser"}
|
||||
if !reflect.DeepEqual(expected, resp.Data["keys"].([]string)) {
|
||||
t.Fatalf("bad: listed users; expected: %#v actual: %#v", expected, resp.Data["keys"].([]string))
|
||||
}
|
||||
|
||||
// List groups
|
||||
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
|
||||
Path: "groups/",
|
||||
Operation: logical.ListOperation,
|
||||
Storage: storage,
|
||||
})
|
||||
if err != nil || (resp != nil && resp.IsError()) {
|
||||
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
|
||||
}
|
||||
expected = []string{"testgroup", "nested/testgroup"}
|
||||
if !reflect.DeepEqual(expected, resp.Data["keys"].([]string)) {
|
||||
t.Fatalf("bad: listed groups; expected: %#v actual: %#v", expected, resp.Data["keys"].([]string))
|
||||
}
|
||||
}
|
||||
|
||||
func TestLdapAuthBackend_CaseSensitivity(t *testing.T) {
|
||||
var resp *logical.Response
|
||||
var err error
|
||||
|
||||
@ -132,11 +132,17 @@ func (b *backend) pathGroupWrite(ctx context.Context, req *logical.Request, d *f
|
||||
}
|
||||
|
||||
func (b *backend) pathGroupList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||
groups, err := req.Storage.List(ctx, "group/")
|
||||
keys, err := logical.CollectKeys(ctx, req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return logical.ListResponse(groups), nil
|
||||
retKeys := make([]string, 0)
|
||||
for _, key := range keys {
|
||||
if strings.HasPrefix(key, "group/") && !strings.HasPrefix(key, "/") {
|
||||
retKeys = append(retKeys, strings.TrimPrefix(key, "group/"))
|
||||
}
|
||||
}
|
||||
return logical.ListResponse(retKeys), nil
|
||||
}
|
||||
|
||||
type GroupEntry struct {
|
||||
|
||||
@ -148,11 +148,18 @@ func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *fr
|
||||
}
|
||||
|
||||
func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||
users, err := req.Storage.List(ctx, "user/")
|
||||
keys, err := logical.CollectKeys(ctx, req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return logical.ListResponse(users), nil
|
||||
retKeys := make([]string, 0)
|
||||
for _, key := range keys {
|
||||
if strings.HasPrefix(key, "user/") && !strings.HasPrefix(key, "/") {
|
||||
retKeys = append(retKeys, strings.TrimPrefix(key, "user/"))
|
||||
}
|
||||
}
|
||||
return logical.ListResponse(retKeys), nil
|
||||
|
||||
}
|
||||
|
||||
type UserEntry struct {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user