scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

openapi: Fix response schema for PKI Issue requests (#21449)

Browse Source 
* openapi: Fix response schema for PKI Issue requests

* tests

* changelog

* another expiration for generate/rotate root

* more type fixes from @stevendpclark
This commit is contained in:
Anton Averchenkov
2023-06-26 13:31:56 -04:00
committed by GitHub
parent f381fba4a6
commit df304012f3
9 changed files with 38 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/logical/pki/integration_test.go
View File

@@ -237,6 +237,8 @@ func TestIntegration_SetSignedWithBackwardsPemBundles(t *testing.T) {
require.False(t, resp.IsError(), "got an error from generating root ca: %#v", resp)
rootCert := resp.Data["certificate"].(string)
schema.ValidateResponse(t, schema.GetResponseSchema(t, rootBackend.Route("issuers/generate/root/internal"), logical.UpdateOperation), resp, true)
// generate intermediate
resp, err = intBackend.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
@@ -298,6 +300,8 @@ func TestIntegration_SetSignedWithBackwardsPemBundles(t *testing.T) {
require.NoError(t, err, "failed setting up role example")
require.NotNil(t, resp, "got nil response from setting up role example: %#v", resp)
schema.ValidateResponse(t, schema.GetResponseSchema(t, intBackend.Route("roles/example"), logical.UpdateOperation), resp, true)
// Issue cert
resp, err = intBackend.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
@@ -312,6 +316,8 @@ func TestIntegration_SetSignedWithBackwardsPemBundles(t *testing.T) {
require.NoError(t, err, "failed issuing a leaf cert from int ca")
require.NotNil(t, resp, "got nil response issuing a leaf cert from int ca")
require.False(t, resp.IsError(), "got an error issuing a leaf cert from int ca: %#v", resp)
schema.ValidateResponse(t, schema.GetResponseSchema(t, intBackend.Route("issue/example"), logical.UpdateOperation), resp, true)
}
func TestIntegration_CSRGeneration(t *testing.T) {

4
builtin/logical/pki/path_fetch.go
View File

@@ -28,7 +28,7 @@ var pathFetchReadSchema = map[int][]framework.Response{
Required: false,
},
"revocation_time": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Revocation time`,
Required: false,
},
@@ -43,7 +43,7 @@ var pathFetchReadSchema = map[int][]framework.Response{
Required: false,
},
"ca_chain": {
Type: framework.TypeStringSlice,
Type: framework.TypeString,
Description: `Issuing CA Chain`,
Required: false,
},

2
builtin/logical/pki/path_fetch_issuers.go
View File

@@ -249,7 +249,7 @@ to be set on all PR secondary clusters.`,
Required: false,
},
"usage": {
Type: framework.TypeStringSlice,
Type: framework.TypeString,
Description: `Usage`,
Required: false,
},

14
builtin/logical/pki/path_issue_sign.go
View File

@@ -75,12 +75,12 @@ func buildPathIssue(b *backend, pattern string, displayAttrs *framework.DisplayA
"serial_number": {
Type: framework.TypeString,
Description: `Serial Number`,
Required: false,
Required: true,
},
"expiration": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Time of expiration`,
Required: false,
Required: true,
},
"private_key": {
Type: framework.TypeString,
@@ -163,7 +163,7 @@ func buildPathSign(b *backend, pattern string, displayAttrs *framework.DisplayAt
Required: true,
},
"expiration": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Time of expiration`,
Required: true,
},
@@ -253,12 +253,12 @@ func buildPathIssuerSignVerbatim(b *backend, pattern string, displayAttrs *frame
"serial_number": {
Type: framework.TypeString,
Description: `Serial Number`,
Required: false,
Required: true,
},
"expiration": {
Type: framework.TypeString,
Type: framework.TypeInt64,
Description: `Time of expiration`,
Required: false,
Required: true,
},
"private_key": {
Type: framework.TypeString,

6
builtin/logical/pki/path_manage_issuers.go
View File

@@ -34,7 +34,7 @@ func pathRotateRoot(b *backend) *framework.Path {
pattern := "root/rotate/" + framework.GenericNameRegex("exported")
displayAttrs := &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKIIssuers,
OperationPrefix: operationPrefixPKI,
OperationVerb: "rotate",
OperationSuffix: "root",
}
@@ -55,8 +55,8 @@ func buildPathGenerateRoot(b *backend, pattern string, displayAttrs *framework.D
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"expiration": {
Type: framework.TypeString,
Description: `The expiration of the given.`,
Type: framework.TypeInt64,
Description: `The expiration of the given issuer.`,
Required: true,
},
"serial_number": {

4
builtin/logical/pki/path_revoke.go
View File

@@ -111,7 +111,7 @@ signed by an issuer in this mount.`,
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"revocation_time": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Description: `Revocation Time`,
Required: false,
},
@@ -176,7 +176,7 @@ be in PEM format.`,
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"revocation_time": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Description: `Revocation Time`,
Required: false,
},

8
builtin/logical/pki/path_roles.go
View File

@@ -55,7 +55,7 @@ func pathListRoles(b *backend) *framework.Path {
func pathRoles(b *backend) *framework.Path {
pathRolesResponseFields := map[string]*framework.FieldSchema{
"ttl": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Required: true,
Description: `The lease duration (validity period of the
certificate) if no specific lease duration is requested.
@@ -65,7 +65,7 @@ value or the value of max_ttl, whichever is shorter.`,
},
"max_ttl": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt64,
Required: true,
Description: `The maximum allowed lease duration. If not
set, defaults to the system maximum lease TTL.`,
@@ -384,8 +384,8 @@ information, which must include an oid, and may include a notice and/or cps url,
Description: `Mark Basic Constraints valid when issuing non-CA certificates.`,
},
"not_before_duration": {
Type: framework.TypeDurationSecond,
Description: `The duration before now which the certificate needs to be backdated by.`,
Type: framework.TypeInt64,
Description: `The duration in seconds before now which the certificate needs to be backdated by.`,
},
"not_after": {
Type: framework.TypeString,

18
builtin/logical/pki/path_tidy.go
View File

@@ -279,8 +279,9 @@ func pathTidyCancel(b *backend) *framework.Path {
Required: false,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeBool,
Required: false,
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: false,
},
"tidy_revocation_queue": {
Type: framework.TypeBool,
@@ -387,8 +388,8 @@ func pathTidyStatus(b *backend) *framework.Path {
Required: true,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeString,
Description: ``,
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: false,
},
"tidy_acme": {
@@ -617,7 +618,7 @@ available on the tidy-status endpoint.`,
Required: true,
},
"revocation_queue_safety_buffer": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt,
Required: true,
},
"publish_stored_certificate_count_metrics": {
@@ -698,8 +699,9 @@ available on the tidy-status endpoint.`,
Required: true,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeBool,
Required: true,
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: true,
},
"tidy_revocation_queue": {
Type: framework.TypeBool,
@@ -710,7 +712,7 @@ available on the tidy-status endpoint.`,
Required: true,
},
"revocation_queue_safety_buffer": {
Type: framework.TypeDurationSecond,
Type: framework.TypeInt,
Required: true,
},
"publish_stored_certificate_count_metrics": {

3
changelog/21449.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
openapi: Fix response schema for PKI Issue requests
```