mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-30 18:17:55 +00:00
Remove sys_policy from special handling as it's implemented in
logical_system too. Clean up the mux handlers.
This commit is contained in:
Jeff Mitchell
@@ -24,28 +24,14 @@ func Handler(core *vault.Core) http.Handler {
|
||||
mux.Handle("/v1/sys/seal-status", handleSysSealStatus(core))
|
||||
mux.Handle("/v1/sys/seal", handleSysSeal(core))
|
||||
mux.Handle("/v1/sys/unseal", handleSysUnseal(core))
|
||||
mux.Handle("/v1/sys/mounts", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/mounts/", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/remount", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/policy", handleSysListPolicies(core))
|
||||
mux.Handle("/v1/sys/policy/", handleSysPolicy(core))
|
||||
mux.Handle("/v1/sys/renew/", handleLogical(core, false))
|
||||
mux.Handle("/v1/sys/revoke/", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/revoke-prefix/", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/auth", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/auth/", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/audit-hash/", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/audit", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/audit/", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/leader", handleSysLeader(core))
|
||||
mux.Handle("/v1/sys/health", handleSysHealth(core))
|
||||
mux.Handle("/v1/sys/rotate", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/key-status", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/generate-root/attempt", handleSysGenerateRootAttempt(core))
|
||||
mux.Handle("/v1/sys/generate-root/update", handleSysGenerateRootUpdate(core))
|
||||
mux.Handle("/v1/sys/rekey/init", handleSysRekeyInit(core))
|
||||
mux.Handle("/v1/sys/rekey/backup", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/rekey/update", handleSysRekeyUpdate(core))
|
||||
mux.Handle("/v1/sys/", proxySysRequest(core))
|
||||
mux.Handle("/v1/", handleLogical(core, false))
|
||||
|
||||
// Wrap the handler in another handler to trigger all help paths.
|
||||
|
||||
@@ -1,150 +0,0 @@
|
||||
package http
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/vault/logical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
func handleSysListPolicies(core *vault.Core) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != "GET" {
|
||||
respondError(w, http.StatusMethodNotAllowed, nil)
|
||||
return
|
||||
}
|
||||
|
||||
resp, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
||||
Operation: logical.ReadOperation,
|
||||
Path: "sys/policy",
|
||||
Connection: getConnection(r),
|
||||
}))
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
var policies []string
|
||||
policiesRaw, ok := resp.Data["keys"]
|
||||
if ok {
|
||||
policies = policiesRaw.([]string)
|
||||
}
|
||||
|
||||
respondOk(w, &listPolicyResponse{Policies: policies})
|
||||
})
|
||||
}
|
||||
|
||||
func handleSysPolicy(core *vault.Core) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
switch r.Method {
|
||||
case "GET":
|
||||
handleSysReadPolicy(core, w, r)
|
||||
case "PUT":
|
||||
fallthrough
|
||||
case "POST":
|
||||
handleSysWritePolicy(core, w, r)
|
||||
case "DELETE":
|
||||
handleSysDeletePolicy(core, w, r)
|
||||
default:
|
||||
respondError(w, http.StatusMethodNotAllowed, nil)
|
||||
return
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func handleSysDeletePolicy(core *vault.Core, w http.ResponseWriter, r *http.Request) {
|
||||
// Determine the path...
|
||||
prefix := "/v1/sys/policy/"
|
||||
if !strings.HasPrefix(r.URL.Path, prefix) {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
path := r.URL.Path[len(prefix):]
|
||||
if path == "" {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
|
||||
_, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
||||
Operation: logical.DeleteOperation,
|
||||
Path: "sys/policy/" + path,
|
||||
Connection: getConnection(r),
|
||||
}))
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
respondOk(w, nil)
|
||||
}
|
||||
|
||||
func handleSysReadPolicy(core *vault.Core, w http.ResponseWriter, r *http.Request) {
|
||||
// Determine the path...
|
||||
prefix := "/v1/sys/policy/"
|
||||
if !strings.HasPrefix(r.URL.Path, prefix) {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
path := r.URL.Path[len(prefix):]
|
||||
if path == "" {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
|
||||
resp, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
||||
Operation: logical.ReadOperation,
|
||||
Path: "sys/policy/" + path,
|
||||
Connection: getConnection(r),
|
||||
}))
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if resp == nil {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
|
||||
respondOk(w, resp.Data)
|
||||
}
|
||||
|
||||
func handleSysWritePolicy(core *vault.Core, w http.ResponseWriter, r *http.Request) {
|
||||
// Determine the path...
|
||||
prefix := "/v1/sys/policy/"
|
||||
if !strings.HasPrefix(r.URL.Path, prefix) {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
path := r.URL.Path[len(prefix):]
|
||||
if path == "" {
|
||||
respondError(w, http.StatusNotFound, nil)
|
||||
return
|
||||
}
|
||||
|
||||
// Parse the request if we can
|
||||
var req writePolicyRequest
|
||||
if err := parseRequest(r, &req); err != nil {
|
||||
respondError(w, http.StatusBadRequest, err)
|
||||
return
|
||||
}
|
||||
|
||||
_, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "sys/policy/" + path,
|
||||
Connection: getConnection(r),
|
||||
Data: map[string]interface{}{
|
||||
"rules": req.Rules,
|
||||
},
|
||||
}))
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
respondOk(w, nil)
|
||||
}
|
||||
|
||||
type listPolicyResponse struct {
|
||||
Policies []string `json:"policies"`
|
||||
}
|
||||
|
||||
type writePolicyRequest struct {
|
||||
Rules string `json:"rules"`
|
||||
}
|
||||
@@ -18,11 +18,12 @@ func TestSysPolicies(t *testing.T) {
|
||||
var actual map[string]interface{}
|
||||
expected := map[string]interface{}{
|
||||
"policies": []interface{}{"default", "root"},
|
||||
"keys": []interface{}{"default", "root"},
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad: %#v", actual)
|
||||
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -42,7 +43,7 @@ func TestSysReadPolicy(t *testing.T) {
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad: %#v", actual)
|
||||
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,11 +63,12 @@ func TestSysWritePolicy(t *testing.T) {
|
||||
var actual map[string]interface{}
|
||||
expected := map[string]interface{}{
|
||||
"policies": []interface{}{"default", "foo", "root"},
|
||||
"keys": []interface{}{"default", "foo", "root"},
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad: %#v", actual)
|
||||
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -89,10 +91,11 @@ func TestSysDeletePolicy(t *testing.T) {
|
||||
var actual map[string]interface{}
|
||||
expected := map[string]interface{}{
|
||||
"policies": []interface{}{"default", "root"},
|
||||
"keys": []interface{}{"default", "root"},
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad: %#v", actual)
|
||||
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -246,6 +246,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ReadOperation: b.handlePolicyList,
|
||||
logical.ListOperation: b.handlePolicyList,
|
||||
},
|
||||
|
||||
HelpSynopsis: strings.TrimSpace(sysHelp["policy-list"][0]),
|
||||
@@ -815,7 +816,12 @@ func (b *SystemBackend) handlePolicyList(
|
||||
|
||||
// Add the special "root" policy
|
||||
policies = append(policies, "root")
|
||||
return logical.ListResponse(policies), err
|
||||
resp := logical.ListResponse(policies)
|
||||
|
||||
// Backwords compatibility
|
||||
resp.Data["policies"] = resp.Data["keys"]
|
||||
|
||||
return resp, err
|
||||
}
|
||||
|
||||
// handlePolicyRead handles the "policy/<name>" endpoint to read a policy
|
||||
|
||||
@@ -431,7 +431,8 @@ func TestSystemBackend_policyList(t *testing.T) {
|
||||
}
|
||||
|
||||
exp := map[string]interface{}{
|
||||
"keys": []string{"default", "root"},
|
||||
"keys": []string{"default", "root"},
|
||||
"policies": []string{"default", "root"},
|
||||
}
|
||||
if !reflect.DeepEqual(resp.Data, exp) {
|
||||
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
||||
@@ -483,7 +484,8 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
|
||||
}
|
||||
|
||||
exp = map[string]interface{}{
|
||||
"keys": []string{"default", "foo", "root"},
|
||||
"keys": []string{"default", "foo", "root"},
|
||||
"policies": []string{"default", "foo", "root"},
|
||||
}
|
||||
if !reflect.DeepEqual(resp.Data, exp) {
|
||||
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
||||
@@ -517,7 +519,8 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
|
||||
}
|
||||
|
||||
exp = map[string]interface{}{
|
||||
"keys": []string{"default", "root"},
|
||||
"keys": []string{"default", "root"},
|
||||
"policies": []string{"default", "root"},
|
||||
}
|
||||
if !reflect.DeepEqual(resp.Data, exp) {
|
||||
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
||||
|
||||
Reference in New Issue
Block a user