From 83a05fcd40a70f5de6327b7b52ab62a43d24db71 Mon Sep 17 00:00:00 2001
From: Stefan Kalscheuer <stefan@stklcode.de>
Date: Sun, 29 Mar 2020 13:58:32 +0200
Subject: [PATCH] correctly map token policies on lookup (close #35)

Remove superfluous "role" flag and add "policies" list instead.
---
 CHANGELOG.md                                     |  1 +
 .../model/response/embedded/TokenData.java       | 16 +++++++++-------
 .../jvault/connector/HTTPVaultConnectorTest.java |  5 ++++-
 .../model/response/TokenResponseTest.java        |  6 ++++--
 4 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc5f108..6a4cd7e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ### Fixes
 * Correctly parse Map field for token metadata (#34)
+* Correctly map token policies on lookup (#35)
 
 ### Improvements
 * Minor dependency updates
diff --git a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
index 1652a05..1e5f202 100644
--- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
+++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/TokenData.java
@@ -19,13 +19,14 @@ package de.stklcode.jvault.connector.model.response.embedded;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.util.List;
 import java.util.Map;
 
 /**
  * Embedded token information inside Vault response.
  *
- * @author  Stefan Kalscheuer
- * @since   0.1
+ * @author Stefan Kalscheuer
+ * @since 0.1
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public final class TokenData {
@@ -56,8 +57,8 @@ public final class TokenData {
     @JsonProperty("path")
     private String path;
 
-    @JsonProperty("role")
-    private String role;
+    @JsonProperty("policies")
+    private List<String> policies;
 
     @JsonProperty("ttl")
     private Integer ttl;
@@ -119,10 +120,11 @@ public final class TokenData {
     }
 
     /**
-     * @return Token role
+     * @return Token policies
+     * @since 0.9
      */
-    public String getRole() {
-        return role;
+    public List<String> getPolicies() {
+        return policies;
     }
 
     /**
diff --git a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
index d6728ab..752118a 100644
--- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
@@ -41,7 +41,8 @@ import static org.hamcrest.Matchers.*;
 import static org.hamcrest.core.Is.is;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.fail;
-import static org.junit.jupiter.api.Assumptions.*;
+import static org.junit.jupiter.api.Assumptions.assumeFalse;
+import static org.junit.jupiter.api.Assumptions.assumeTrue;
 
 /**
  * JUnit test for HTTP Vault connector.
@@ -1128,6 +1129,8 @@ public class HTTPVaultConnectorTest {
             try {
                 TokenResponse res = connector.lookupToken("my-token");
                 assertThat("Unexpected token ID", res.getData().getId(), is(token.getId()));
+                assertThat("Unexpected number of policies", res.getData().getPolicies(), hasSize(1));
+                assertThat("Unexpected policy", res.getData().getPolicies(), contains("root"));
             } catch (VaultConnectorException e) {
                 fail("Token creation failed.");
             }
diff --git a/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java b/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
index 3d068af..bd853a4 100644
--- a/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
+++ b/src/test/java/de/stklcode/jvault/connector/model/response/TokenResponseTest.java
@@ -117,8 +117,10 @@ public class TokenResponseTest {
             assertThat("Incorrect token number of uses", data.getNumUses(), is(TOKEN_NUM_USES));
             assertThat("Incorrect token orphan flag", data.isOrphan(), is(TOKEN_ORPHAN));
             assertThat("Incorrect token path", data.getPath(), is(TOKEN_PATH));
-            assertThat("Incorrect auth metadata size", data.getMeta().entrySet(), hasSize(1));
-            assertThat("Incorrect auth metadata", data.getMeta().get(TOKEN_META_KEY), is(TOKEN_META_VALUE));
+            assertThat("Incorrect token metadata size", data.getMeta().entrySet(), hasSize(1));
+            assertThat("Incorrect token metadata", data.getMeta().get(TOKEN_META_KEY), is(TOKEN_META_VALUE));
+            assertThat("Incorrect number of token policies", data.getPolicies(), hasSize(2));
+            assertThat("Incorrect token policies", data.getPolicies(), contains(TOKEN_POLICY_1, TOKEN_POLICY_2));
             assertThat("Incorrect response renewable flag", res.isRenewable(), is(RES_RENEWABLE));
             assertThat("Incorrect response TTL", data.getTtl(), is(RES_TTL));
             assertThat("Incorrect response lease duration", res.getLeaseDuration(), is(RES_LEASE_DURATION));