Properly store iam_server_id_header_value (#3014)

In auth/aws/config/client, when only the iam_server_id_header_value was being updated on an existing config, it wouldn't get stored because I was trying to avoid unnecessarily flushing the cache of AWS clients, and the flag to not flush the cache also meant that the updated entry didn't get written back to the storage. This now adds a new flag for when other changes occur that don't require flushing the cache but do require getting written to the storage. It also adds a test for this explicitly. Fixes #3004
2025-11-01 19:17:58 +00:00 · 2017-07-17 11:08:57 -04:00
parent debe0fbe70
commit 9a0c544092
2 changed files with 39 additions and 1 deletions
--- a/builtin/credential/aws/path_config_client.go
+++ b/builtin/credential/aws/path_config_client.go
@@ -150,7 +150,11 @@ func (b *backend) pathConfigClientCreateUpdate(
 		configEntry = &clientConfig{}
 	}

+	// changedCreds is whether we need to flush the cached AWS clients and store in the backend
 	changedCreds := false
+	// changedOtherConfig is whether other config has changed that requires storing in the backend
+	// but does not require flushing the cached clients
+	changedOtherConfig := false

 	accessKeyStr, ok := data.GetOk("access_key")
 	if ok {
@@ -213,6 +217,7 @@ func (b *backend) pathConfigClientCreateUpdate(
 		if configEntry.IAMServerIdHeaderValue != headerValStr.(string) {
 			// NOT setting changedCreds here, since this isn't really cached
 			configEntry.IAMServerIdHeaderValue = headerValStr.(string)
+			changedOtherConfig = true
 		}
 	} else if req.Operation == logical.CreateOperation {
 		configEntry.IAMServerIdHeaderValue = data.Get("iam_server_id_header_value").(string)
@@ -228,7 +233,7 @@ func (b *backend) pathConfigClientCreateUpdate(
 		return nil, err
 	}

-	if changedCreds || req.Operation == logical.CreateOperation {
+	if changedCreds || changedOtherConfig || req.Operation == logical.CreateOperation {
 		if err := req.Storage.Put(entry); err != nil {
 			return nil, err
 		}
--- a/builtin/credential/aws/path_config_client_test.go
+++ b/builtin/credential/aws/path_config_client_test.go
@@ -73,4 +73,37 @@ func TestBackend_pathConfigClient(t *testing.T) {
 		t.Fatalf("expected iam_server_id_header_value: '%#v'; returned iam_server_id_header_value: '%#v'",
 			data["iam_server_id_header_value"], resp.Data["iam_server_id_header_value"])
 	}
+
+	data = map[string]interface{}{
+		"iam_server_id_header_value": "vault_server_identification_2718281",
+	}
+	resp, err = b.HandleRequest(&logical.Request{
+		Operation: logical.UpdateOperation,
+		Path:      "config/client",
+		Data:      data,
+		Storage:   storage,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resp != nil && resp.IsError() {
+		t.Fatal("failed to update the client config entry")
+	}
+
+	resp, err = b.HandleRequest(&logical.Request{
+		Operation: logical.ReadOperation,
+		Path:      "config/client",
+		Storage:   storage,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if resp == nil || resp.IsError() {
+		t.Fatal("failed to read the client config entry")
+	}
+	if resp.Data["iam_server_id_header_value"] != data["iam_server_id_header_value"] {
+		t.Fatalf("expected iam_server_id_header_value: '%#v'; returned iam_server_id_header_value: '%#v'",
+			data["iam_server_id_header_value"], resp.Data["iam_server_id_header_value"])
+	}
 }