scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

VAULT-12112: add openapi response structures for /sys/capabilities* endpoints (#18468)

Browse Source 
* add capabilities

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* added change log

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use nil for dynamic fields

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
This commit is contained in:
Daniel Huckins
2023-02-16 15:04:37 -05:00
committed by GitHub
parent 6bab86f88b
commit 6dafb4ffb8
3 changed files with 90 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/18468.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:improvement
openapi: add openapi response defintions to /sys/capabilities endpoints
```

39
vault/logical_system_paths.go
View File

@@ -1520,8 +1520,17 @@ func (b *SystemBackend) capabilitiesPaths() []*framework.Path {
}, },
}, },
Callbacks: map[logical.Operation]framework.OperationFunc{ Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: b.handleCapabilitiesAccessor, logical.UpdateOperation: &framework.PathOperation{
Callback: b.handleCapabilitiesAccessor,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
// response keys are dynamic
Fields: nil,
}},
},
},
}, },
HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_accessor"][0]), HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_accessor"][0]),
@@ -1547,8 +1556,17 @@ func (b *SystemBackend) capabilitiesPaths() []*framework.Path {
}, },
}, },
Callbacks: map[logical.Operation]framework.OperationFunc{ Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: b.handleCapabilities, logical.UpdateOperation: &framework.PathOperation{
Callback: b.handleCapabilities,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
// response keys are dynamic
Fields: nil,
}},
},
},
}, },
HelpSynopsis: strings.TrimSpace(sysHelp["capabilities"][0]), HelpSynopsis: strings.TrimSpace(sysHelp["capabilities"][0]),
@@ -1574,8 +1592,17 @@ func (b *SystemBackend) capabilitiesPaths() []*framework.Path {
}, },
}, },
Callbacks: map[logical.Operation]framework.OperationFunc{ Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: b.handleCapabilities, logical.UpdateOperation: &framework.PathOperation{
Callback: b.handleCapabilities,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
// response keys are dynamic
Fields: nil,
}},
},
},
}, },
HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_self"][0]), HelpSynopsis: strings.TrimSpace(sysHelp["capabilities_self"][0]),

66
vault/logical_system_test.go
View File

@@ -501,31 +501,45 @@ func TestSystemBackend_PathCapabilities(t *testing.T) {
} }
// Check the capabilities using the root token // Check the capabilities using the root token
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{ req := &logical.Request{
Path: "capabilities", Path: "capabilities",
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
Data: map[string]interface{}{ Data: map[string]interface{}{
"paths": []string{path1, path2, path3, path4}, "paths": []string{path1, path2, path3, path4},
"token": rootToken, "token": rootToken,
}, },
}) }
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) { if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
} }
schema.ValidateResponse(
t,
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
resp,
true,
)
rootCheckFunc(t, resp) rootCheckFunc(t, resp)
// Check the capabilities using capabilities-self // Check the capabilities using capabilities-self
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{ req = &logical.Request{
ClientToken: rootToken, ClientToken: rootToken,
Path: "capabilities-self", Path: "capabilities-self",
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
Data: map[string]interface{}{ Data: map[string]interface{}{
"paths": []string{path1, path2, path3, path4}, "paths": []string{path1, path2, path3, path4},
}, },
}) }
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) { if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
} }
schema.ValidateResponse(
t,
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
resp,
true,
)
rootCheckFunc(t, resp) rootCheckFunc(t, resp)
// Lookup the accessor of the root token // Lookup the accessor of the root token
@@ -535,17 +549,24 @@ func TestSystemBackend_PathCapabilities(t *testing.T) {
} }
// Check the capabilities using capabilities-accessor endpoint // Check the capabilities using capabilities-accessor endpoint
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{ req = &logical.Request{
Path: "capabilities-accessor", Path: "capabilities-accessor",
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
Data: map[string]interface{}{ Data: map[string]interface{}{
"paths": []string{path1, path2, path3, path4}, "paths": []string{path1, path2, path3, path4},
"accessor": te.Accessor, "accessor": te.Accessor,
}, },
}) }
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) { if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
} }
schema.ValidateResponse(
t,
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
resp,
true,
)
rootCheckFunc(t, resp) rootCheckFunc(t, resp)
// Create a non-root token // Create a non-root token
@@ -566,32 +587,46 @@ func TestSystemBackend_PathCapabilities(t *testing.T) {
} }
// Check the capabilities using a non-root token // Check the capabilities using a non-root token
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{ req = &logical.Request{
Path: "capabilities", Path: "capabilities",
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
Data: map[string]interface{}{ Data: map[string]interface{}{
"paths": []string{path1, path2, path3, path4}, "paths": []string{path1, path2, path3, path4},
"token": "tokenid", "token": "tokenid",
}, },
}) }
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) { if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
} }
schema.ValidateResponse(
t,
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
resp,
true,
)
nonRootCheckFunc(t, resp) nonRootCheckFunc(t, resp)
// Check the capabilities of a non-root token using capabilities-self // Check the capabilities of a non-root token using capabilities-self
// endpoint // endpoint
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{ req = &logical.Request{
ClientToken: "tokenid", ClientToken: "tokenid",
Path: "capabilities-self", Path: "capabilities-self",
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
Data: map[string]interface{}{ Data: map[string]interface{}{
"paths": []string{path1, path2, path3, path4}, "paths": []string{path1, path2, path3, path4},
}, },
}) }
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) { if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
} }
schema.ValidateResponse(
t,
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
resp,
true,
)
nonRootCheckFunc(t, resp) nonRootCheckFunc(t, resp)
// Lookup the accessor of the non-root token // Lookup the accessor of the non-root token
@@ -602,17 +637,24 @@ func TestSystemBackend_PathCapabilities(t *testing.T) {
// Check the capabilities using a non-root token using // Check the capabilities using a non-root token using
// capabilities-accessor endpoint // capabilities-accessor endpoint
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{ req = &logical.Request{
Path: "capabilities-accessor", Path: "capabilities-accessor",
Operation: logical.UpdateOperation, Operation: logical.UpdateOperation,
Data: map[string]interface{}{ Data: map[string]interface{}{
"paths": []string{path1, path2, path3, path4}, "paths": []string{path1, path2, path3, path4},
"accessor": te.Accessor, "accessor": te.Accessor,
}, },
}) }
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil || (resp != nil && resp.IsError()) { if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
} }
schema.ValidateResponse(
t,
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
resp,
true,
)
nonRootCheckFunc(t, resp) nonRootCheckFunc(t, resp)
} }