scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check ErrPluginStaticUnsupported for fallback to RotateRootCredentials (#11585)

Browse Source
This commit is contained in:
Michael Golowka
2021-05-12 15:22:41 -06:00
committed by GitHub
parent c191081750
commit 67ca3beb1e
2 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
builtin/logical/database/version_wrapper.go
View File

@@ -152,7 +152,7 @@ func (d databaseVersionWrapper) changePasswordLegacy(ctx context.Context, userna
err = d.changeUserPasswordLegacy(ctx, username, passwordChange)
// If changing the root user's password but SetCredentials is unimplemented, fall back to RotateRootCredentials
if isRootUser && status.Code(err) == codes.Unimplemented {
if isRootUser && (err == v4.ErrPluginStaticUnsupported || status.Code(err) == codes.Unimplemented) {
saveConfig, err = d.changeRootUserPasswordLegacy(ctx, passwordChange)
if err != nil {
return nil, err

27
builtin/logical/database/version_wrapper_test.go
View File

@@ -8,6 +8,7 @@ import (
"testing"
"time"
v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
"github.com/hashicorp/vault/sdk/logical"
"github.com/stretchr/testify/mock"
@@ -672,7 +673,7 @@ func TestUpdateUser_legacyDB(t *testing.T) {
expectedConfig: nil,
expectErr: true,
},
"change password - RotateRootCredentials": {
"change password - RotateRootCredentials (gRPC Unimplemented)": {
req: v5.UpdateUserRequest{
Username: "existing_user",
Password: &v5.ChangePassword{
@@ -696,6 +697,30 @@ func TestUpdateUser_legacyDB(t *testing.T) {
},
expectErr: false,
},
"change password - RotateRootCredentials (ErrPluginStaticUnsupported)": {
req: v5.UpdateUserRequest{
Username: "existing_user",
Password: &v5.ChangePassword{
NewPassword: "newpassowrd",
},
},
isRootUser: true,
setCredentialsErr: v4.ErrPluginStaticUnsupported,
setCredentialsCalls: 1,
rotateRootConfig: map[string]interface{}{
"foo": "bar",
},
rotateRootCalls: 1,
renewUserCalls: 0,
expectedConfig: map[string]interface{}{
"foo": "bar",
},
expectErr: false,
},
"change password - RotateRootCredentials failed": {
req: v5.UpdateUserRequest{
Username: "existing_user",