scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes from mount move testing (#14492)

Browse Source 
* Add validation, fix docs

* add changelog

* fmt fix

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
This commit is contained in:
Pratyoy Mukhopadhyay
2022-03-15 11:11:23 -07:00
committed by GitHub
parent a915c9dc10
commit 0cb4e1621a
4 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/mount-migration.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:feature
**Mount Migration**: Vault supports moving secrets and auth mounts both within and across namespaces.
```

7
vault/logical_system.go
View File

@@ -1201,6 +1201,13 @@ func (b *SystemBackend) handleRemount(ctx context.Context, req *logical.Request,
logical.ErrInvalidRequest logical.ErrInvalidRequest
} }
if strings.Contains(fromPath, " ") {
return logical.ErrorResponse("'from' path cannot contain whitespace"), logical.ErrInvalidRequest
}
if strings.Contains(toPath, " ") {
return logical.ErrorResponse("'to' path cannot contain whitespace"), logical.ErrInvalidRequest
}
fromPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, fromPath) fromPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, fromPath)
toPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, toPath) toPathDetails := b.Core.splitNamespaceAndMountFromPath(ns.Path, toPath)

32
vault/logical_system_test.go
View File

@@ -995,6 +995,38 @@ func TestSystemBackend_remount_nonPrintable(t *testing.T) {
} }
} }
func TestSystemBackend_remount_spacesInFromPath(t *testing.T) {
b := testSystemBackend(t)
req := logical.TestRequest(t, logical.UpdateOperation, "remount")
req.Data["from"] = " foo / "
req.Data["to"] = "bar"
req.Data["config"] = structs.Map(MountConfig{})
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != `'from' path cannot contain whitespace` {
t.Fatalf("bad: %v", resp)
}
}
func TestSystemBackend_remount_spacesInToPath(t *testing.T) {
b := testSystemBackend(t)
req := logical.TestRequest(t, logical.UpdateOperation, "remount")
req.Data["from"] = "foo"
req.Data["to"] = " bar / "
req.Data["config"] = structs.Map(MountConfig{})
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != `'to' path cannot contain whitespace` {
t.Fatalf("bad: %v", resp)
}
}
func TestSystemBackend_leases(t *testing.T) { func TestSystemBackend_leases(t *testing.T) {
core, b, root := testCoreSystemBackend(t) core, b, root := testCoreSystemBackend(t)

2
website/content/docs/commands/auth/move.mdx
View File

@@ -25,7 +25,7 @@ method.**
Move the existing auth method at ns1/approle/ to ns2/new-approle/: Move the existing auth method at ns1/approle/ to ns2/new-approle/:
```shell-session ```shell-session
$ vault auth move ns1/approle/ ns2/new-approle/ $ vault auth move ns1/auth/approle/ ns2/auth/new-approle/
``` ```
## Usage ## Usage