From a4a0e13904195e207bd382a38c9bd1a52d824ea7 Mon Sep 17 00:00:00 2001 From: Stefan Kalscheuer Date: Sun, 29 Mar 2020 11:53:02 +0200 Subject: [PATCH] add missing fields to auth response * token_policies * entity_id * token_type * orphan --- CHANGELOG.md | 4 ++ .../model/response/embedded/AuthData.java | 50 +++++++++++++++++-- .../connector/HTTPVaultConnectorTest.java | 28 ++++++++++- .../model/response/AuthResponseTest.java | 22 +++++++- 4 files changed, 97 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a4cd7e..be674ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,11 @@ * Correctly parse Map field for token metadata (#34) * Correctly map token policies on lookup (#35) +### Features +* Support for token types (#26) + ### Improvements +* Added `entity_id`, `token_policies`, `token_type` and `orphan` flags to auth response * Minor dependency updates diff --git a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java index bf2d12f..ac5fc5c 100644 --- a/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java +++ b/src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java @@ -39,6 +39,9 @@ public final class AuthData { @JsonProperty("policies") private List policies; + @JsonProperty("token_policies") + private List tokenPolicies; + @JsonProperty("metadata") private Map metadata; @@ -48,6 +51,15 @@ public final class AuthData { @JsonProperty("renewable") private boolean renewable; + @JsonProperty("entity_id") + private String entityId; + + @JsonProperty("token_type") + private String tokenType; + + @JsonProperty("orphan") + private boolean orphan; + /** * @return Client token */ @@ -56,10 +68,11 @@ public final class AuthData { } /** - * @return Token accessor + * @return Token type + * @since 0.9 */ - public String getAccessor() { - return accessor; + public String getTokenType() { + return tokenType; } /** @@ -69,6 +82,14 @@ public final class AuthData { return policies; } + /** + * @return List of policies associated with the ooken + * @since 0.9 + */ + public List getTokenPolicies() { + return tokenPolicies; + } + /** * @return Metadata */ @@ -89,4 +110,27 @@ public final class AuthData { public boolean isRenewable() { return renewable; } + + /** + * @return Entity ID + * @since 0.9 + */ + public String getEntityId() { + return entityId; + } + + /** + * @return Token accessor + */ + public String getAccessor() { + return accessor; + } + + /** + * @return Token is orphan + * @since 0.9 + */ + public boolean isOrphan() { + return orphan; + } } diff --git a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java index dd2a394..ca8f6a5 100644 --- a/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java +++ b/src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java @@ -1050,8 +1050,12 @@ public class HTTPVaultConnectorTest { assertThat("Invalid token ID returned.", res.getAuth().getClientToken(), is("test-id")); assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(1)); assertThat("Root policy not inherited.", res.getAuth().getPolicies(), contains("root")); + assertThat("Invalid number of token policies returned.", res.getAuth().getTokenPolicies(), hasSize(1)); + assertThat("Root policy not inherited for token.", res.getAuth().getTokenPolicies(), contains("root")); + assertThat("Unexpected token type.", res.getAuth().getTokenType(), is(Token.Type.SERVICE.value())); assertThat("Metadata unexpected.", res.getAuth().getMetadata(), is(nullValue())); assertThat("Root token should not be renewable", res.getAuth().isRenewable(), is(false)); + assertThat("Root token should not be orphan", res.getAuth().isOrphan(), is(false)); // Starting with Vault 1.0 a warning "cusotm ID uses weaker SHA1..." is given. if (VAULT_VERSION.startsWith("1.")) { @@ -1075,12 +1079,12 @@ public class HTTPVaultConnectorTest { AuthResponse res = connector.createToken(token); assertThat("Invalid token ID returned.", res.getAuth().getClientToken(), is("test-id2")); assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(1)); - assertThat("Root policy not inherited.", res.getAuth().getPolicies(), contains("testpolicy")); + assertThat("Custom policy not set.", res.getAuth().getPolicies(), contains("testpolicy")); assertThat("Metadata not given.", res.getAuth().getMetadata(), is(notNullValue())); assertThat("Metadata not correct.", res.getAuth().getMetadata().get("foo"), is("bar")); assertThat("Token should be renewable", res.getAuth().isRenewable(), is(true)); } catch (VaultConnectorException e) { - fail("Secret written to inaccessible path."); + fail("Token createion failed: " + e.getMessage()); } /* Overwrite token should fail as of Vault 0.8.0 */ @@ -1102,6 +1106,26 @@ public class HTTPVaultConnectorTest { /* Assert that the exception does not reveal token ID */ assertThat(stackTrace(e), not(stringContainsInOrder(token.getId()))); } + + /* Create token with batch type */ + token = Token.builder() + .withDisplayName("test name 3") + .withPolicy("batchpolicy") + .withoutDefaultPolicy() + .withType(Token.Type.BATCH) + .build(); + try { + AuthResponse res = connector.createToken(token); + assertThat("Unexpected token prefix", res.getAuth().getClientToken(), startsWith("b.")); + assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(1)); + assertThat("Custom policy policy not set.", res.getAuth().getPolicies(), contains("batchpolicy")); + assertThat("Token should not be renewable", res.getAuth().isRenewable(), is(false)); + assertThat("Token should not be orphan", res.getAuth().isOrphan(), is(false)); + assertThat("Specified token Type not set", res.getAuth().getTokenType(), is(Token.Type.BATCH.value())); + + } catch (VaultConnectorException e) { + fail("Token createion failed: " + e.getMessage()); + } } /** diff --git a/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java b/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java index a0f1e62..f2e942b 100644 --- a/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java +++ b/src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java @@ -44,6 +44,9 @@ public class AuthResponseTest { private static final String AUTH_META_VALUE = "armon"; private static final Integer AUTH_LEASE_DURATION = 3600; private static final Boolean AUTH_RENEWABLE = true; + private static final String AUTH_ENTITY_ID = ""; + private static final String AUTH_TOKEN_TYPE = "service"; + private static final Boolean AUTH_ORPHAN = false; private static final String RES_JSON = "{\n" + " \"auth\": {\n" + @@ -53,11 +56,18 @@ public class AuthResponseTest { " \"" + AUTH_POLICY_1 + "\", \n" + " \"" + AUTH_POLICY_2 + "\"\n" + " ],\n" + + " \"token_policies\": [\n" + + " \"" + AUTH_POLICY_2 + "\",\n" + + " \"" + AUTH_POLICY_1 + "\" \n" + + " ],\n" + " \"metadata\": {\n" + " \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" + " },\n" + " \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" + - " \"renewable\": " + AUTH_RENEWABLE + "\n" + + " \"renewable\": " + AUTH_RENEWABLE + ",\n" + + " \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" + + " \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" + + " \"orphan\": " + AUTH_ORPHAN + "\n" + " }\n" + "}"; @@ -104,8 +114,16 @@ public class AuthResponseTest { assertThat("Incorrect auth client token", data.getClientToken(), is(AUTH_CLIENT_TOKEN)); assertThat("Incorrect auth lease duration", data.getLeaseDuration(), is(AUTH_LEASE_DURATION)); assertThat("Incorrect auth renewable flag", data.isRenewable(), is(AUTH_RENEWABLE)); + assertThat("Incorrect auth orphan flag", data.isOrphan(), is(AUTH_ORPHAN)); + assertThat("Incorrect auth token type", data.getTokenType(), is(AUTH_TOKEN_TYPE)); + assertThat("Incorrect auth entity id", data.getEntityId(), is(AUTH_ENTITY_ID)); assertThat("Incorrect number of policies", data.getPolicies(), hasSize(2)); - assertThat("Incorrect auth policies", data.getPolicies(), containsInAnyOrder(AUTH_POLICY_1, AUTH_POLICY_2)); + assertThat("Incorrect auth policies", data.getPolicies(), containsInRelativeOrder(AUTH_POLICY_1, AUTH_POLICY_2)); + assertThat("Incorrect number of token policies", data.getTokenPolicies(), hasSize(2)); + assertThat("Incorrect token policies", data.getTokenPolicies(), containsInRelativeOrder(AUTH_POLICY_2, AUTH_POLICY_1)); + assertThat("Incorrect auth metadata size", data.getMetadata().entrySet(), hasSize(1)); + assertThat("Incorrect auth metadata", data.getMetadata().get(AUTH_META_KEY), is(AUTH_META_VALUE)); + } catch (IOException e) { fail("AuthResponse deserialization failed: " + e.getMessage()); }