scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit 87376a1f5c (#23789)

Browse Source 
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-10-23 12:23:35 -04:00
committed by GitHub
parent b7e8bf96cc
commit 239ccdd259
3 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
builtin/credential/approle/path_login.go
View File

@@ -92,7 +92,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request
return nil, err
}
if roleIDIndex == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
roleName := roleIDIndex.Name
@@ -106,7 +106,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request
return nil, err
}
if role == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
return logical.ResolveRoleResponse(roleName)
@@ -127,7 +127,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if roleIDIndex == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
roleName := roleIDIndex.Name
@@ -141,7 +141,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if role == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
metadata := make(map[string]string)
@@ -177,7 +177,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if entry == nil {
return logical.ErrorResponse("invalid secret id"), logical.ErrInvalidCredentials
return logical.ErrorResponse("invalid role or secret ID"), logical.ErrInvalidCredentials
}
// If a secret ID entry does not have a corresponding accessor
@@ -197,7 +197,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if entry == nil {
return logical.ErrorResponse("invalid secret id"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
accessorEntry, err := b.secretIDAccessorEntry(ctx, req.Storage, entry.SecretIDAccessor, role.SecretIDPrefix)
@@ -210,7 +210,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, fmt.Errorf("error deleting secret ID %q from storage: %w", secretIDHMAC, err)
}
}
return logical.ErrorResponse("invalid secret id"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
switch {

2
builtin/credential/approle/path_login_test.go
View File

@@ -420,7 +420,7 @@ func TestAppRole_RoleDoesNotExist(t *testing.T) {
t.Fatal("Error not part of response.")
}
if !strings.Contains(errString, "invalid role ID") {
if !strings.Contains(errString, "invalid role or secret ID") {
t.Fatalf("Error was not due to invalid role ID. Error: %s", errString)
}
}

3
changelog/23786.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:change
auth/approle: Normalized error response messages when invalid credentials are provided
```