Add support for true/false string literals for agent injector (#22996)

* Add support for true/false string literals for agent injector * Add extra test * Changelog * parseutil * Godocs
2025-10-29 17:52:32 +00:00 · 2023-09-27 10:46:44 -04:00
parent 2631217227
commit 20c1f54906
3 changed files with 105 additions and 3 deletions
--- a/changelog/22996.txt
+++ b/changelog/22996.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+auto-auth/azure: Support setting the `authenticate_from_environment` variable to "true" and "false" string literals, too.
+```
--- a/command/agentproxyshared/auth/azure/azure.go
+++ b/command/agentproxyshared/auth/azure/azure.go
@@ -10,6 +10,8 @@ import (
 	"io"
 	"net/http"

+	"github.com/hashicorp/go-secure-stdlib/parseutil"
+
 	policy "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	az "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
@@ -101,10 +103,11 @@ func NewAzureAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {

 	authenticateFromEnvironmentRaw, ok := conf.Config["authenticate_from_environment"]
 	if ok {
-		a.authenticateFromEnvironment, ok = authenticateFromEnvironmentRaw.(bool)
-		if !ok {
-			return nil, errors.New("could not convert 'authenticate_from_environment' config value to bool")
+		authenticateFromEnvironment, err := parseutil.ParseBool(authenticateFromEnvironmentRaw)
+		if err != nil {
+			return nil, fmt.Errorf("could not convert 'authenticate_from_environment' config value to bool: %w", err)
 		}
+		a.authenticateFromEnvironment = authenticateFromEnvironment
 	}

 	switch {
--- a/command/agentproxyshared/auth/azure/azure_test.go
+++ b/command/agentproxyshared/auth/azure/azure_test.go
@@ -0,0 +1,96 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package azure
+
+import (
+	"testing"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/vault/command/agentproxyshared/auth"
+)
+
+// TestAzureAuthMethod tests that NewAzureAuthMethod succeeds
+// with valid config.
+func TestAzureAuthMethod(t *testing.T) {
+	t.Parallel()
+	config := &auth.AuthConfig{
+		Logger:    hclog.NewNullLogger(),
+		MountPath: "auth-test",
+		Config: map[string]interface{}{
+			"resource":                      "test",
+			"client_id":                     "test",
+			"role":                          "test",
+			"scope":                         "test",
+			"authenticate_from_environment": true,
+		},
+	}
+
+	_, err := NewAzureAuthMethod(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// TestAzureAuthMethod_StringAuthFromEnvironment tests that NewAzureAuthMethod succeeds
+// with valid config, where authenticate_from_environment is a string literal.
+func TestAzureAuthMethod_StringAuthFromEnvironment(t *testing.T) {
+	t.Parallel()
+	config := &auth.AuthConfig{
+		Logger:    hclog.NewNullLogger(),
+		MountPath: "auth-test",
+		Config: map[string]interface{}{
+			"resource":                      "test",
+			"client_id":                     "test",
+			"role":                          "test",
+			"scope":                         "test",
+			"authenticate_from_environment": "true",
+		},
+	}
+
+	_, err := NewAzureAuthMethod(config)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// TestAzureAuthMethod_BadConfig tests that NewAzureAuthMethod fails with
+// an invalid config.
+func TestAzureAuthMethod_BadConfig(t *testing.T) {
+	t.Parallel()
+	config := &auth.AuthConfig{
+		Logger:    hclog.NewNullLogger(),
+		MountPath: "auth-test",
+		Config: map[string]interface{}{
+			"bad_value": "abc",
+		},
+	}
+
+	_, err := NewAzureAuthMethod(config)
+	if err == nil {
+		t.Fatal("Expected error, got none.")
+	}
+}
+
+// TestAzureAuthMethod_BadAuthFromEnvironment tests that NewAzureAuthMethod fails
+// with otherwise valid config, but where authenticate_from_environment is
+// an invalid string literal.
+func TestAzureAuthMethod_BadAuthFromEnvironment(t *testing.T) {
+	t.Parallel()
+	config := &auth.AuthConfig{
+		Logger:    hclog.NewNullLogger(),
+		MountPath: "auth-test",
+		Config: map[string]interface{}{
+			"resource":                      "test",
+			"client_id":                     "test",
+			"role":                          "test",
+			"scope":                         "test",
+			"authenticate_from_environment": "bad_value",
+		},
+	}
+
+	_, err := NewAzureAuthMethod(config)
+	if err == nil {
+		t.Fatal("Expected error, got none.")
+	}
+}