update AppRole model and builder to current API
Add missing JSON fields and remove unprefixed, already deprecated fields
This commit is contained in:
@ -881,6 +881,28 @@ public class HTTPVaultConnectorTest {
|
||||
fail("Role ID lookup failed.");
|
||||
}
|
||||
|
||||
/* Update role model with custom flags */
|
||||
role = AppRole.builder(roleName)
|
||||
.wit0hTokenPeriod(321)
|
||||
.build();
|
||||
|
||||
/* Create role */
|
||||
try {
|
||||
boolean res = connector.createAppRole(role);
|
||||
assertThat("No result given.", res, is(notNullValue()));
|
||||
} catch (VaultConnectorException e) {
|
||||
fail("Role creation failed.");
|
||||
}
|
||||
|
||||
/* Lookup updated role */
|
||||
try {
|
||||
AppRoleResponse res = connector.lookupAppRole(roleName);
|
||||
assertThat("Role lookup returned no role.", res.getRole(), is(notNullValue()));
|
||||
assertThat("Token period not set for role.", res.getRole().getTokenPeriod(), is(321));
|
||||
} catch (VaultConnectorException e) {
|
||||
fail("Role lookup failed.");
|
||||
}
|
||||
|
||||
/* Create role by name */
|
||||
roleName = "RoleByName";
|
||||
try {
|
||||
|
||||
@ -34,8 +34,6 @@ import static org.hamcrest.Matchers.*;
|
||||
* @since 0.4.0
|
||||
*/
|
||||
public class AppRoleBuilderTest {
|
||||
|
||||
|
||||
private static final String NAME = "TestRole";
|
||||
private static final String ID = "test-id";
|
||||
private static final Boolean BIND_SECRET_ID = true;
|
||||
@ -47,12 +45,17 @@ public class AppRoleBuilderTest {
|
||||
private static final String POLICY_2 = "policy2";
|
||||
private static final Integer SECRET_ID_NUM_USES = 10;
|
||||
private static final Integer SECRET_ID_TTL = 7200;
|
||||
private static final Boolean ENABLE_LOCAL_SECRET_IDS = false;
|
||||
private static final Integer TOKEN_TTL = 4800;
|
||||
private static final Integer TOKEN_MAX_TTL = 9600;
|
||||
private static final Integer PERIOD = 1234;
|
||||
private static final Integer TOKEN_EXPLICIT_MAX_TTL = 14400;
|
||||
private static final Boolean TOKEN_NO_DEFAULT_POLICY = false;
|
||||
private static final Integer TOKEN_NUM_USES = 42;
|
||||
private static final Integer TOKEN_PERIOD = 1234;
|
||||
private static final Token.Type TOKEN_TYPE = Token.Type.DEFAULT_SERVICE;
|
||||
private static final String JSON_MIN = "{\"role_name\":\"" + NAME + "\"}";
|
||||
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"bound_cidr_list\":\"%s\",\"secret_id_bound_cidrs\":\"%s\",\"policies\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"token_ttl\":%d,\"token_max_ttl\":%d,\"period\":%d}",
|
||||
NAME, ID, BIND_SECRET_ID, CIDR_1, CIDR_1, POLICY, SECRET_ID_NUM_USES, SECRET_ID_TTL, TOKEN_TTL, TOKEN_MAX_TTL, PERIOD);
|
||||
private static final String JSON_FULL = String.format("{\"role_name\":\"%s\",\"role_id\":\"%s\",\"bind_secret_id\":%s,\"secret_id_bound_cidrs\":\"%s\",\"secret_id_num_uses\":%d,\"secret_id_ttl\":%d,\"enable_local_secret_ids\":%s,\"token_ttl\":%d,\"token_max_ttl\":%d,\"token_policies\":\"%s\",\"token_bound_cidrs\":\"%s\",\"token_explicit_max_ttl\":%d,\"token_no_default_policy\":%s,\"token_num_uses\":%d,\"token_period\":%d,\"token_type\":\"%s\"}",
|
||||
NAME, ID, BIND_SECRET_ID, CIDR_1, SECRET_ID_NUM_USES, SECRET_ID_TTL, ENABLE_LOCAL_SECRET_IDS, TOKEN_TTL, TOKEN_MAX_TTL, POLICY, CIDR_1, TOKEN_EXPLICIT_MAX_TTL, TOKEN_NO_DEFAULT_POLICY, TOKEN_NUM_USES, TOKEN_PERIOD, TOKEN_TYPE.value());
|
||||
|
||||
@BeforeAll
|
||||
public static void init() {
|
||||
@ -68,14 +71,21 @@ public class AppRoleBuilderTest {
|
||||
AppRole role = new AppRoleBuilder(NAME).build();
|
||||
assertThat(role.getId(), is(nullValue()));
|
||||
assertThat(role.getBindSecretId(), is(nullValue()));
|
||||
assertThat(role.getBoundCidrList(), is(nullValue()));
|
||||
assertThat(role.getSecretIdBoundCidrs(), is(nullValue()));
|
||||
assertThat(role.getTokenPolicies(), is(nullValue()));
|
||||
assertThat(role.getPolicies(), is(nullValue()));
|
||||
assertThat(role.getSecretIdNumUses(), is(nullValue()));
|
||||
assertThat(role.getSecretIdTtl(), is(nullValue()));
|
||||
assertThat(role.getEnableLocalSecretIds(), is(nullValue()));
|
||||
assertThat(role.getTokenTtl(), is(nullValue()));
|
||||
assertThat(role.getTokenMaxTtl(), is(nullValue()));
|
||||
assertThat(role.getTokenBoundCidrs(), is(nullValue()));
|
||||
assertThat(role.getTokenExplicitMaxTtl(), is(nullValue()));
|
||||
assertThat(role.getTokenNoDefaultPolicy(), is(nullValue()));
|
||||
assertThat(role.getTokenNumUses(), is(nullValue()));
|
||||
assertThat(role.getTokenPeriod(), is(nullValue()));
|
||||
assertThat(role.getPeriod(), is(nullValue()));
|
||||
assertThat(role.getTokenType(), is(nullValue()));
|
||||
|
||||
/* optional fields should be ignored, so JSON string should only contain role_name */
|
||||
assertThat(new ObjectMapper().writeValueAsString(role), is(JSON_MIN));
|
||||
@ -89,26 +99,38 @@ public class AppRoleBuilderTest {
|
||||
AppRole role = new AppRoleBuilder(NAME)
|
||||
.withId(ID)
|
||||
.withBindSecretID(BIND_SECRET_ID)
|
||||
.withBoundCidrList(BOUND_CIDR_LIST)
|
||||
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
|
||||
.withPolicies(POLICIES)
|
||||
.withTokenPolicies(POLICIES)
|
||||
.withSecretIdNumUses(SECRET_ID_NUM_USES)
|
||||
.withSecretIdTtl(SECRET_ID_TTL)
|
||||
.withEnableLocalSecretIds(ENABLE_LOCAL_SECRET_IDS)
|
||||
.withTokenTtl(TOKEN_TTL)
|
||||
.withTokenMaxTtl(TOKEN_MAX_TTL)
|
||||
.withPeriod(PERIOD)
|
||||
.withTokenBoundCidrs(BOUND_CIDR_LIST)
|
||||
.withTokenExplicitMaxTtl(TOKEN_EXPLICIT_MAX_TTL)
|
||||
.withTokenNoDefaultPolicy(TOKEN_NO_DEFAULT_POLICY)
|
||||
.withTokenNumUses(TOKEN_NUM_USES)
|
||||
.wit0hTokenPeriod(TOKEN_PERIOD)
|
||||
.withTokenType(TOKEN_TYPE)
|
||||
.build();
|
||||
assertThat(role.getName(), is(NAME));
|
||||
assertThat(role.getId(), is(ID));
|
||||
assertThat(role.getBindSecretId(), is(BIND_SECRET_ID));
|
||||
assertThat(role.getBoundCidrList(), is(BOUND_CIDR_LIST));
|
||||
assertThat(role.getSecretIdBoundCidrs(), is(BOUND_CIDR_LIST));
|
||||
assertThat(role.getPolicies(), is(POLICIES));
|
||||
assertThat(role.getTokenPolicies(), is(POLICIES));
|
||||
assertThat(role.getPolicies(), is(role.getTokenPolicies()));
|
||||
assertThat(role.getSecretIdNumUses(), is(SECRET_ID_NUM_USES));
|
||||
assertThat(role.getSecretIdTtl(), is(SECRET_ID_TTL));
|
||||
assertThat(role.getEnableLocalSecretIds(), is(ENABLE_LOCAL_SECRET_IDS));
|
||||
assertThat(role.getTokenTtl(), is(TOKEN_TTL));
|
||||
assertThat(role.getTokenMaxTtl(), is(TOKEN_MAX_TTL));
|
||||
assertThat(role.getPeriod(), is(PERIOD));
|
||||
assertThat(role.getTokenBoundCidrs(), is(BOUND_CIDR_LIST));
|
||||
assertThat(role.getTokenExplicitMaxTtl(), is(TOKEN_EXPLICIT_MAX_TTL));
|
||||
assertThat(role.getTokenNoDefaultPolicy(), is(TOKEN_NO_DEFAULT_POLICY));
|
||||
assertThat(role.getTokenNumUses(), is(TOKEN_NUM_USES));
|
||||
assertThat(role.getTokenPeriod(), is(TOKEN_PERIOD));
|
||||
assertThat(role.getPeriod(), is(TOKEN_PERIOD));
|
||||
assertThat(role.getTokenType(), is(TOKEN_TYPE.value()));
|
||||
|
||||
/* Verify that all parameters are included in JSON string */
|
||||
assertThat(new ObjectMapper().writeValueAsString(role), is(JSON_FULL));
|
||||
@ -128,29 +150,33 @@ public class AppRoleBuilderTest {
|
||||
assertThat(role.getBindSecretId(), is(false));
|
||||
|
||||
/* Add single CIDR subnet */
|
||||
role = new AppRoleBuilder(NAME).withCidrBlock(CIDR_2).build();
|
||||
assertThat(role.getBoundCidrList(), hasSize(1));
|
||||
assertThat(role.getBoundCidrList(), contains(CIDR_2));
|
||||
role = new AppRoleBuilder(NAME).withSecretBoundCidr(CIDR_2).withTokenBoundCidr(CIDR_2).build();
|
||||
assertThat(role.getSecretIdBoundCidrs(), hasSize(1));
|
||||
assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_2));
|
||||
assertThat(role.getTokenBoundCidrs(), hasSize(1));
|
||||
assertThat(role.getTokenBoundCidrs(), contains(CIDR_2));
|
||||
role = new AppRoleBuilder(NAME)
|
||||
.withSecretIdBoundCidrs(BOUND_CIDR_LIST)
|
||||
.withCidrBlock(CIDR_2)
|
||||
.withSecretBoundCidr(CIDR_2)
|
||||
.withTokenBoundCidrs(BOUND_CIDR_LIST)
|
||||
.withTokenBoundCidr(CIDR_2)
|
||||
.build();
|
||||
assertThat(role.getBoundCidrList(), hasSize(1));
|
||||
assertThat(role.getBoundCidrList(), contains(CIDR_2));
|
||||
assertThat(role.getSecretIdBoundCidrs(), hasSize(2));
|
||||
assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_1, CIDR_2));
|
||||
assertThat(role.getTokenBoundCidrs(), hasSize(2));
|
||||
assertThat(role.getSecretIdBoundCidrs(), contains(CIDR_1, CIDR_2));
|
||||
|
||||
/* Add single policy */
|
||||
role = new AppRoleBuilder(NAME).withPolicy(POLICY_2).build();
|
||||
assertThat(role.getPolicies(), hasSize(1));
|
||||
assertThat(role.getPolicies(), contains(POLICY_2));
|
||||
role = new AppRoleBuilder(NAME).withTokenPolicy(POLICY_2).build();
|
||||
assertThat(role.getTokenPolicies(), hasSize(1));
|
||||
assertThat(role.getTokenPolicies(), contains(POLICY_2));
|
||||
assertThat(role.getPolicies(), is(role.getTokenPolicies()));
|
||||
role = new AppRoleBuilder(NAME)
|
||||
.withPolicies(POLICIES)
|
||||
.withPolicy(POLICY_2)
|
||||
.withTokenPolicies(POLICIES)
|
||||
.withTokenPolicy(POLICY_2)
|
||||
.build();
|
||||
assertThat(role.getPolicies(), hasSize(2));
|
||||
assertThat(role.getPolicies(), contains(POLICY, POLICY_2));
|
||||
assertThat(role.getTokenPolicies(), hasSize(2));
|
||||
assertThat(role.getTokenPolicies(), contains(POLICY, POLICY_2));
|
||||
assertThat(role.getPolicies(), is(role.getTokenPolicies()));
|
||||
}
|
||||
}
|
||||
|
||||
@ -53,10 +53,10 @@ public class AppRoleResponseTest {
|
||||
" \"token_max_ttl\": " + ROLE_TOKEN_MAX_TTL + ",\n" +
|
||||
" \"secret_id_ttl\": " + ROLE_SECRET_TTL + ",\n" +
|
||||
" \"secret_id_num_uses\": " + ROLE_SECRET_NUM_USES + ",\n" +
|
||||
" \"policies\": [\n" +
|
||||
" \"token_policies\": [\n" +
|
||||
" \"" + ROLE_POLICY + "\"\n" +
|
||||
" ],\n" +
|
||||
" \"period\": " + ROLE_PERIOD + ",\n" +
|
||||
" \"token_period\": " + ROLE_PERIOD + ",\n" +
|
||||
" \"bind_secret_id\": " + ROLE_BIND_SECRET + ",\n" +
|
||||
" \"bound_cidr_list\": \"\"\n" +
|
||||
" },\n" +
|
||||
@ -68,7 +68,7 @@ public class AppRoleResponseTest {
|
||||
private static final Map<String, Object> INVALID_DATA = new HashMap<>();
|
||||
|
||||
static {
|
||||
INVALID_DATA.put("policies", "fancy-policy");
|
||||
INVALID_DATA.put("token_policies", "fancy-policy");
|
||||
}
|
||||
|
||||
/**
|
||||
@ -104,12 +104,15 @@ public class AppRoleResponseTest {
|
||||
assertThat("Incorrect token max TTL", role.getTokenMaxTtl(), is(ROLE_TOKEN_MAX_TTL));
|
||||
assertThat("Incorrect secret ID TTL", role.getSecretIdTtl(), is(ROLE_SECRET_TTL));
|
||||
assertThat("Incorrect secret ID umber of uses", role.getSecretIdNumUses(), is(ROLE_SECRET_NUM_USES));
|
||||
assertThat("Incorrect number of policies", role.getTokenPolicies(), hasSize(1));
|
||||
assertThat("Incorrect role policies", role.getTokenPolicies(), contains(ROLE_POLICY));
|
||||
assertThat("Incorrect number of policies", role.getPolicies(), hasSize(1));
|
||||
assertThat("Incorrect role policies", role.getPolicies(), contains(ROLE_POLICY));
|
||||
assertThat("Incorrect role period", role.getTokenPeriod(), is(ROLE_PERIOD));
|
||||
assertThat("Incorrect role period", role.getPeriod(), is(ROLE_PERIOD));
|
||||
assertThat("Incorrect role bind secret ID flag", role.getBindSecretId(), is(ROLE_BIND_SECRET));
|
||||
assertThat("Incorrect biund CIDR list", role.getBoundCidrList(), is(nullValue()));
|
||||
assertThat("Incorrect biund CIDR list string", role.getBoundCidrListString(), is(emptyString()));
|
||||
assertThat("Incorrect bound CIDR list", role.getTokenBoundCidrs(), is(nullValue()));
|
||||
assertThat("Incorrect bound CIDR list string", role.getTokenBoundCidrsString(), is(emptyString()));
|
||||
} catch (IOException e) {
|
||||
fail("AuthResponse deserialization failed: " + e.getMessage());
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user