stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity

add missing fields to auth response

Browse Source 
* token_policies
* entity_id
* token_type
* orphan
This commit is contained in:
Stefan Kalscheuer 2020-03-29 11:53:02 +02:00
parent df696e9f17
commit a4a0e13904
4 changed files with 97 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -4,7 +4,11 @@
* Correctly parse Map field for token metadata (#34)
* Correctly map token policies on lookup (#35)
### Features
* Support for token types (#26)
### Improvements
* Added `entity_id`, `token_policies`, `token_type` and `orphan` flags to auth response
* Minor dependency updates

50
src/main/java/de/stklcode/jvault/connector/model/response/embedded/AuthData.java
View File

@ -39,6 +39,9 @@ public final class AuthData {
@JsonProperty("policies")
private List<String> policies;
@JsonProperty("token_policies")
private List<String> tokenPolicies;
@JsonProperty("metadata")
private Map<String, Object> metadata;
@ -48,6 +51,15 @@ public final class AuthData {
@JsonProperty("renewable")
private boolean renewable;
@JsonProperty("entity_id")
private String entityId;
@JsonProperty("token_type")
private String tokenType;
@JsonProperty("orphan")
private boolean orphan;
/**
* @return Client token
*/
@ -56,10 +68,11 @@ public final class AuthData {
}
/**
* @return Token accessor
* @return Token type
* @since 0.9
*/
public String getAccessor() {
return accessor;
public String getTokenType() {
return tokenType;
}
/**
@ -69,6 +82,14 @@ public final class AuthData {
return policies;
}
/**
* @return List of policies associated with the ooken
* @since 0.9
*/
public List<String> getTokenPolicies() {
return tokenPolicies;
}
/**
* @return Metadata
*/
@ -89,4 +110,27 @@ public final class AuthData {
public boolean isRenewable() {
return renewable;
}
/**
* @return Entity ID
* @since 0.9
*/
public String getEntityId() {
return entityId;
}
/**
* @return Token accessor
*/
public String getAccessor() {
return accessor;
}
/**
* @return Token is orphan
* @since 0.9
*/
public boolean isOrphan() {
return orphan;
}
}

28
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

@ -1050,8 +1050,12 @@ public class HTTPVaultConnectorTest {
assertThat("Invalid token ID returned.", res.getAuth().getClientToken(), is("test-id"));
assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(1));
assertThat("Root policy not inherited.", res.getAuth().getPolicies(), contains("root"));
assertThat("Invalid number of token policies returned.", res.getAuth().getTokenPolicies(), hasSize(1));
assertThat("Root policy not inherited for token.", res.getAuth().getTokenPolicies(), contains("root"));
assertThat("Unexpected token type.", res.getAuth().getTokenType(), is(Token.Type.SERVICE.value()));
assertThat("Metadata unexpected.", res.getAuth().getMetadata(), is(nullValue()));
assertThat("Root token should not be renewable", res.getAuth().isRenewable(), is(false));
assertThat("Root token should not be orphan", res.getAuth().isOrphan(), is(false));
// Starting with Vault 1.0 a warning "cusotm ID uses weaker SHA1..." is given.
if (VAULT_VERSION.startsWith("1.")) {
@ -1075,12 +1079,12 @@ public class HTTPVaultConnectorTest {
AuthResponse res = connector.createToken(token);
assertThat("Invalid token ID returned.", res.getAuth().getClientToken(), is("test-id2"));
assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(1));
assertThat("Root policy not inherited.", res.getAuth().getPolicies(), contains("testpolicy"));
assertThat("Custom policy not set.", res.getAuth().getPolicies(), contains("testpolicy"));
assertThat("Metadata not given.", res.getAuth().getMetadata(), is(notNullValue()));
assertThat("Metadata not correct.", res.getAuth().getMetadata().get("foo"), is("bar"));
assertThat("Token should be renewable", res.getAuth().isRenewable(), is(true));
} catch (VaultConnectorException e) {
fail("Secret written to inaccessible path.");
fail("Token createion failed: " + e.getMessage());
}
/* Overwrite token should fail as of Vault 0.8.0 */
@ -1102,6 +1106,26 @@ public class HTTPVaultConnectorTest {
/* Assert that the exception does not reveal token ID */
assertThat(stackTrace(e), not(stringContainsInOrder(token.getId())));
}
/* Create token with batch type */
token = Token.builder()
.withDisplayName("test name 3")
.withPolicy("batchpolicy")
.withoutDefaultPolicy()
.withType(Token.Type.BATCH)
.build();
try {
AuthResponse res = connector.createToken(token);
assertThat("Unexpected token prefix", res.getAuth().getClientToken(), startsWith("b."));
assertThat("Invalid number of policies returned.", res.getAuth().getPolicies(), hasSize(1));
assertThat("Custom policy policy not set.", res.getAuth().getPolicies(), contains("batchpolicy"));
assertThat("Token should not be renewable", res.getAuth().isRenewable(), is(false));
assertThat("Token should not be orphan", res.getAuth().isOrphan(), is(false));
assertThat("Specified token Type not set", res.getAuth().getTokenType(), is(Token.Type.BATCH.value()));
} catch (VaultConnectorException e) {
fail("Token createion failed: " + e.getMessage());
}
}
/**

22
src/test/java/de/stklcode/jvault/connector/model/response/AuthResponseTest.java
View File

@ -44,6 +44,9 @@ public class AuthResponseTest {
private static final String AUTH_META_VALUE = "armon";
private static final Integer AUTH_LEASE_DURATION = 3600;
private static final Boolean AUTH_RENEWABLE = true;
private static final String AUTH_ENTITY_ID = "";
private static final String AUTH_TOKEN_TYPE = "service";
private static final Boolean AUTH_ORPHAN = false;
private static final String RES_JSON = "{\n" +
" \"auth\": {\n" +
@ -53,11 +56,18 @@ public class AuthResponseTest {
" \"" + AUTH_POLICY_1 + "\", \n" +
" \"" + AUTH_POLICY_2 + "\"\n" +
" ],\n" +
" \"token_policies\": [\n" +
" \"" + AUTH_POLICY_2 + "\",\n" +
" \"" + AUTH_POLICY_1 + "\" \n" +
" ],\n" +
" \"metadata\": {\n" +
" \"" + AUTH_META_KEY + "\": \"" + AUTH_META_VALUE + "\"\n" +
" },\n" +
" \"lease_duration\": " + AUTH_LEASE_DURATION + ",\n" +
" \"renewable\": " + AUTH_RENEWABLE + "\n" +
" \"renewable\": " + AUTH_RENEWABLE + ",\n" +
" \"entity_id\": \"" + AUTH_ENTITY_ID + "\",\n" +
" \"token_type\": \"" + AUTH_TOKEN_TYPE + "\",\n" +
" \"orphan\": " + AUTH_ORPHAN + "\n" +
" }\n" +
"}";
@ -104,8 +114,16 @@ public class AuthResponseTest {
assertThat("Incorrect auth client token", data.getClientToken(), is(AUTH_CLIENT_TOKEN));
assertThat("Incorrect auth lease duration", data.getLeaseDuration(), is(AUTH_LEASE_DURATION));
assertThat("Incorrect auth renewable flag", data.isRenewable(), is(AUTH_RENEWABLE));
assertThat("Incorrect auth orphan flag", data.isOrphan(), is(AUTH_ORPHAN));
assertThat("Incorrect auth token type", data.getTokenType(), is(AUTH_TOKEN_TYPE));
assertThat("Incorrect auth entity id", data.getEntityId(), is(AUTH_ENTITY_ID));
assertThat("Incorrect number of policies", data.getPolicies(), hasSize(2));
assertThat("Incorrect auth policies", data.getPolicies(), containsInAnyOrder(AUTH_POLICY_1, AUTH_POLICY_2));
assertThat("Incorrect auth policies", data.getPolicies(), containsInRelativeOrder(AUTH_POLICY_1, AUTH_POLICY_2));
assertThat("Incorrect number of token policies", data.getTokenPolicies(), hasSize(2));
assertThat("Incorrect token policies", data.getTokenPolicies(), containsInRelativeOrder(AUTH_POLICY_2, AUTH_POLICY_1));
assertThat("Incorrect auth metadata size", data.getMetadata().entrySet(), hasSize(1));
assertThat("Incorrect auth metadata", data.getMetadata().get(AUTH_META_KEY), is(AUTH_META_VALUE));
} catch (IOException e) {
fail("AuthResponse deserialization failed: " + e.getMessage());
}