scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit 87376a1f5c (#23790)

Browse Source 
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-10-23 12:19:20 -04:00
committed by GitHub
parent aebe972bca
commit 559f864654
3 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
builtin/credential/approle/path_login.go
View File

@@ -99,7 +99,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request
return nil, err
}
if roleIDIndex == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
roleName := roleIDIndex.Name
@@ -113,7 +113,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request
return nil, err
}
if role == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
return logical.ResolveRoleResponse(roleName)
@@ -134,7 +134,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if roleIDIndex == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
roleName := roleIDIndex.Name
@@ -148,7 +148,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if role == nil {
return logical.ErrorResponse("invalid role ID"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
metadata := make(map[string]string)
@@ -184,7 +184,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if entry == nil {
return logical.ErrorResponse("invalid secret id"), logical.ErrInvalidCredentials
return logical.ErrorResponse("invalid role or secret ID"), logical.ErrInvalidCredentials
}
// If a secret ID entry does not have a corresponding accessor
@@ -204,7 +204,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, err
}
if entry == nil {
return logical.ErrorResponse("invalid secret id"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
accessorEntry, err := b.secretIDAccessorEntry(ctx, req.Storage, entry.SecretIDAccessor, role.SecretIDPrefix)
@@ -217,7 +217,7 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
return nil, fmt.Errorf("error deleting secret ID %q from storage: %w", secretIDHMAC, err)
}
}
return logical.ErrorResponse("invalid secret id"), nil
return logical.ErrorResponse("invalid role or secret ID"), nil
}
switch {

2
builtin/credential/approle/path_login_test.go
View File

@@ -354,7 +354,7 @@ func TestAppRole_RoleDoesNotExist(t *testing.T) {
t.Fatal("Error not part of response.")
}
if !strings.Contains(errString, "invalid role ID") {
if !strings.Contains(errString, "invalid role or secret ID") {
t.Fatalf("Error was not due to invalid role ID. Error: %s", errString)
}
}

3
changelog/23786.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:change
auth/approle: Normalized error response messages when invalid credentials are provided
```