mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-14 10:37:00 +02:00
Code Issues Projects Releases Wiki Activity

Return absolute paths while listing in LDAP backend (#5537)

Browse Source
This commit is contained in:
Vishal Nayak 2018-10-17 14:56:51 -07:00 committed by GitHub
parent 9d6ca37537
commit 173f0e446e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 104 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
builtin/credential/ldap/backend_test.go
View File

@ -10,6 +10,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/helper/policyutil" "github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical"
logicaltest "github.com/hashicorp/vault/logical/testing" logicaltest "github.com/hashicorp/vault/logical/testing"
@ -33,6 +34,92 @@ func createBackendWithStorage(t *testing.T) (*backend, logical.Storage) {
return b, config.StorageView return b, config.StorageView
} }
func TestLdapAuthBackend_Listing(t *testing.T) {
b, storage := createBackendWithStorage(t)
// Create group "testgroup"
resp, err := b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "groups/testgroup",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
// Create group "nested/testgroup"
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "groups/nested/testgroup",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
// Create user "testuser"
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "users/testuser",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
"groups": "testgroup,nested/testgroup",
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
// Create user "nested/testuser"
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "users/nested/testuser",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
"groups": "testgroup,nested/testgroup",
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
// List users
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "users/",
Operation: logical.ListOperation,
Storage: storage,
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
expected := []string{"testuser", "nested/testuser"}
if !reflect.DeepEqual(expected, resp.Data["keys"].([]string)) {
t.Fatalf("bad: listed users; expected: %#v actual: %#v", expected, resp.Data["keys"].([]string))
}
// List groups
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "groups/",
Operation: logical.ListOperation,
Storage: storage,
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
expected = []string{"testgroup", "nested/testgroup"}
if !reflect.DeepEqual(expected, resp.Data["keys"].([]string)) {
t.Fatalf("bad: listed groups; expected: %#v actual: %#v", expected, resp.Data["keys"].([]string))
}
}
func TestLdapAuthBackend_CaseSensitivity(t *testing.T) { func TestLdapAuthBackend_CaseSensitivity(t *testing.T) {
var resp *logical.Response var resp *logical.Response
var err error var err error

10
builtin/credential/ldap/path_groups.go
View File

@ -132,11 +132,17 @@ func (b *backend) pathGroupWrite(ctx context.Context, req *logical.Request, d *f
} }
func (b *backend) pathGroupList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { func (b *backend) pathGroupList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
groups, err := req.Storage.List(ctx, "group/") keys, err := logical.CollectKeys(ctx, req.Storage)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return logical.ListResponse(groups), nil retKeys := make([]string, 0)
for _, key := range keys {
if strings.HasPrefix(key, "group/") && !strings.HasPrefix(key, "/") {
retKeys = append(retKeys, strings.TrimPrefix(key, "group/"))
}
}
return logical.ListResponse(retKeys), nil
} }
type GroupEntry struct { type GroupEntry struct {

11
builtin/credential/ldap/path_users.go
View File

@ -148,11 +148,18 @@ func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *fr
} }
func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List(ctx, "user/") keys, err := logical.CollectKeys(ctx, req.Storage)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return logical.ListResponse(users), nil retKeys := make([]string, 0)
for _, key := range keys {
if strings.HasPrefix(key, "user/") && !strings.HasPrefix(key, "/") {
retKeys = append(retKeys, strings.TrimPrefix(key, "user/"))
}
}
return logical.ListResponse(retKeys), nil
} }
type UserEntry struct { type UserEntry struct {