mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-03 20:17:59 +00:00
backport of commit 20c1f54906 (#23315)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core
committed by
GitHub
GitHub
parent
52ccaf699d
commit
16cbd56f94
3
changelog/22996.txt
Normal file
3
changelog/22996.txt
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
```release-note:improvement
|
||||||
|
auto-auth/azure: Support setting the `authenticate_from_environment` variable to "true" and "false" string literals, too.
|
||||||
|
```
|
||||||
@@ -10,6 +10,8 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
||||||
|
|
||||||
policy "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
|
policy "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
|
||||||
az "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
az "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
||||||
cleanhttp "github.com/hashicorp/go-cleanhttp"
|
cleanhttp "github.com/hashicorp/go-cleanhttp"
|
||||||
@@ -101,10 +103,11 @@ func NewAzureAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
|
|||||||
|
|
||||||
authenticateFromEnvironmentRaw, ok := conf.Config["authenticate_from_environment"]
|
authenticateFromEnvironmentRaw, ok := conf.Config["authenticate_from_environment"]
|
||||||
if ok {
|
if ok {
|
||||||
a.authenticateFromEnvironment, ok = authenticateFromEnvironmentRaw.(bool)
|
authenticateFromEnvironment, err := parseutil.ParseBool(authenticateFromEnvironmentRaw)
|
||||||
if !ok {
|
if err != nil {
|
||||||
return nil, errors.New("could not convert 'authenticate_from_environment' config value to bool")
|
return nil, fmt.Errorf("could not convert 'authenticate_from_environment' config value to bool: %w", err)
|
||||||
}
|
}
|
||||||
|
a.authenticateFromEnvironment = authenticateFromEnvironment
|
||||||
}
|
}
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
|
|||||||
96
command/agentproxyshared/auth/azure/azure_test.go
Normal file
96
command/agentproxyshared/auth/azure/azure_test.go
Normal file
@@ -0,0 +1,96 @@
|
|||||||
|
// Copyright (c) HashiCorp, Inc.
|
||||||
|
// SPDX-License-Identifier: BUSL-1.1
|
||||||
|
|
||||||
|
package azure
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/go-hclog"
|
||||||
|
"github.com/hashicorp/vault/command/agentproxyshared/auth"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TestAzureAuthMethod tests that NewAzureAuthMethod succeeds
|
||||||
|
// with valid config.
|
||||||
|
func TestAzureAuthMethod(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
config := &auth.AuthConfig{
|
||||||
|
Logger: hclog.NewNullLogger(),
|
||||||
|
MountPath: "auth-test",
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"resource": "test",
|
||||||
|
"client_id": "test",
|
||||||
|
"role": "test",
|
||||||
|
"scope": "test",
|
||||||
|
"authenticate_from_environment": true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := NewAzureAuthMethod(config)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestAzureAuthMethod_StringAuthFromEnvironment tests that NewAzureAuthMethod succeeds
|
||||||
|
// with valid config, where authenticate_from_environment is a string literal.
|
||||||
|
func TestAzureAuthMethod_StringAuthFromEnvironment(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
config := &auth.AuthConfig{
|
||||||
|
Logger: hclog.NewNullLogger(),
|
||||||
|
MountPath: "auth-test",
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"resource": "test",
|
||||||
|
"client_id": "test",
|
||||||
|
"role": "test",
|
||||||
|
"scope": "test",
|
||||||
|
"authenticate_from_environment": "true",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := NewAzureAuthMethod(config)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestAzureAuthMethod_BadConfig tests that NewAzureAuthMethod fails with
|
||||||
|
// an invalid config.
|
||||||
|
func TestAzureAuthMethod_BadConfig(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
config := &auth.AuthConfig{
|
||||||
|
Logger: hclog.NewNullLogger(),
|
||||||
|
MountPath: "auth-test",
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"bad_value": "abc",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := NewAzureAuthMethod(config)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("Expected error, got none.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestAzureAuthMethod_BadAuthFromEnvironment tests that NewAzureAuthMethod fails
|
||||||
|
// with otherwise valid config, but where authenticate_from_environment is
|
||||||
|
// an invalid string literal.
|
||||||
|
func TestAzureAuthMethod_BadAuthFromEnvironment(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
config := &auth.AuthConfig{
|
||||||
|
Logger: hclog.NewNullLogger(),
|
||||||
|
MountPath: "auth-test",
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"resource": "test",
|
||||||
|
"client_id": "test",
|
||||||
|
"role": "test",
|
||||||
|
"scope": "test",
|
||||||
|
"authenticate_from_environment": "bad_value",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err := NewAzureAuthMethod(config)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("Expected error, got none.")
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user