mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 02:28:09 +00:00
Remove sys_policy from special handling as it's implemented in
logical_system too. Clean up the mux handlers.
This commit is contained in:
Jeff Mitchell
@@ -24,28 +24,14 @@ func Handler(core *vault.Core) http.Handler {
|
|||||||
mux.Handle("/v1/sys/seal-status", handleSysSealStatus(core))
|
mux.Handle("/v1/sys/seal-status", handleSysSealStatus(core))
|
||||||
mux.Handle("/v1/sys/seal", handleSysSeal(core))
|
mux.Handle("/v1/sys/seal", handleSysSeal(core))
|
||||||
mux.Handle("/v1/sys/unseal", handleSysUnseal(core))
|
mux.Handle("/v1/sys/unseal", handleSysUnseal(core))
|
||||||
mux.Handle("/v1/sys/mounts", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/mounts/", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/remount", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/policy", handleSysListPolicies(core))
|
|
||||||
mux.Handle("/v1/sys/policy/", handleSysPolicy(core))
|
|
||||||
mux.Handle("/v1/sys/renew/", handleLogical(core, false))
|
mux.Handle("/v1/sys/renew/", handleLogical(core, false))
|
||||||
mux.Handle("/v1/sys/revoke/", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/revoke-prefix/", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/auth", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/auth/", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/audit-hash/", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/audit", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/audit/", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/leader", handleSysLeader(core))
|
mux.Handle("/v1/sys/leader", handleSysLeader(core))
|
||||||
mux.Handle("/v1/sys/health", handleSysHealth(core))
|
mux.Handle("/v1/sys/health", handleSysHealth(core))
|
||||||
mux.Handle("/v1/sys/rotate", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/key-status", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/generate-root/attempt", handleSysGenerateRootAttempt(core))
|
mux.Handle("/v1/sys/generate-root/attempt", handleSysGenerateRootAttempt(core))
|
||||||
mux.Handle("/v1/sys/generate-root/update", handleSysGenerateRootUpdate(core))
|
mux.Handle("/v1/sys/generate-root/update", handleSysGenerateRootUpdate(core))
|
||||||
mux.Handle("/v1/sys/rekey/init", handleSysRekeyInit(core))
|
mux.Handle("/v1/sys/rekey/init", handleSysRekeyInit(core))
|
||||||
mux.Handle("/v1/sys/rekey/backup", proxySysRequest(core))
|
|
||||||
mux.Handle("/v1/sys/rekey/update", handleSysRekeyUpdate(core))
|
mux.Handle("/v1/sys/rekey/update", handleSysRekeyUpdate(core))
|
||||||
|
mux.Handle("/v1/sys/", proxySysRequest(core))
|
||||||
mux.Handle("/v1/", handleLogical(core, false))
|
mux.Handle("/v1/", handleLogical(core, false))
|
||||||
|
|
||||||
// Wrap the handler in another handler to trigger all help paths.
|
// Wrap the handler in another handler to trigger all help paths.
|
||||||
|
|||||||
@@ -1,150 +0,0 @@
|
|||||||
package http
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/hashicorp/vault/logical"
|
|
||||||
"github.com/hashicorp/vault/vault"
|
|
||||||
)
|
|
||||||
|
|
||||||
func handleSysListPolicies(core *vault.Core) http.Handler {
|
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
if r.Method != "GET" {
|
|
||||||
respondError(w, http.StatusMethodNotAllowed, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
resp, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
|
||||||
Operation: logical.ReadOperation,
|
|
||||||
Path: "sys/policy",
|
|
||||||
Connection: getConnection(r),
|
|
||||||
}))
|
|
||||||
if !ok {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
var policies []string
|
|
||||||
policiesRaw, ok := resp.Data["keys"]
|
|
||||||
if ok {
|
|
||||||
policies = policiesRaw.([]string)
|
|
||||||
}
|
|
||||||
|
|
||||||
respondOk(w, &listPolicyResponse{Policies: policies})
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleSysPolicy(core *vault.Core) http.Handler {
|
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
switch r.Method {
|
|
||||||
case "GET":
|
|
||||||
handleSysReadPolicy(core, w, r)
|
|
||||||
case "PUT":
|
|
||||||
fallthrough
|
|
||||||
case "POST":
|
|
||||||
handleSysWritePolicy(core, w, r)
|
|
||||||
case "DELETE":
|
|
||||||
handleSysDeletePolicy(core, w, r)
|
|
||||||
default:
|
|
||||||
respondError(w, http.StatusMethodNotAllowed, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleSysDeletePolicy(core *vault.Core, w http.ResponseWriter, r *http.Request) {
|
|
||||||
// Determine the path...
|
|
||||||
prefix := "/v1/sys/policy/"
|
|
||||||
if !strings.HasPrefix(r.URL.Path, prefix) {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
path := r.URL.Path[len(prefix):]
|
|
||||||
if path == "" {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
_, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
|
||||||
Operation: logical.DeleteOperation,
|
|
||||||
Path: "sys/policy/" + path,
|
|
||||||
Connection: getConnection(r),
|
|
||||||
}))
|
|
||||||
if !ok {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
respondOk(w, nil)
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleSysReadPolicy(core *vault.Core, w http.ResponseWriter, r *http.Request) {
|
|
||||||
// Determine the path...
|
|
||||||
prefix := "/v1/sys/policy/"
|
|
||||||
if !strings.HasPrefix(r.URL.Path, prefix) {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
path := r.URL.Path[len(prefix):]
|
|
||||||
if path == "" {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
resp, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
|
||||||
Operation: logical.ReadOperation,
|
|
||||||
Path: "sys/policy/" + path,
|
|
||||||
Connection: getConnection(r),
|
|
||||||
}))
|
|
||||||
if !ok {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if resp == nil {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
respondOk(w, resp.Data)
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleSysWritePolicy(core *vault.Core, w http.ResponseWriter, r *http.Request) {
|
|
||||||
// Determine the path...
|
|
||||||
prefix := "/v1/sys/policy/"
|
|
||||||
if !strings.HasPrefix(r.URL.Path, prefix) {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
path := r.URL.Path[len(prefix):]
|
|
||||||
if path == "" {
|
|
||||||
respondError(w, http.StatusNotFound, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Parse the request if we can
|
|
||||||
var req writePolicyRequest
|
|
||||||
if err := parseRequest(r, &req); err != nil {
|
|
||||||
respondError(w, http.StatusBadRequest, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
_, ok := request(core, w, r, requestAuth(r, &logical.Request{
|
|
||||||
Operation: logical.UpdateOperation,
|
|
||||||
Path: "sys/policy/" + path,
|
|
||||||
Connection: getConnection(r),
|
|
||||||
Data: map[string]interface{}{
|
|
||||||
"rules": req.Rules,
|
|
||||||
},
|
|
||||||
}))
|
|
||||||
if !ok {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
respondOk(w, nil)
|
|
||||||
}
|
|
||||||
|
|
||||||
type listPolicyResponse struct {
|
|
||||||
Policies []string `json:"policies"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type writePolicyRequest struct {
|
|
||||||
Rules string `json:"rules"`
|
|
||||||
}
|
|
||||||
@@ -18,11 +18,12 @@ func TestSysPolicies(t *testing.T) {
|
|||||||
var actual map[string]interface{}
|
var actual map[string]interface{}
|
||||||
expected := map[string]interface{}{
|
expected := map[string]interface{}{
|
||||||
"policies": []interface{}{"default", "root"},
|
"policies": []interface{}{"default", "root"},
|
||||||
|
"keys": []interface{}{"default", "root"},
|
||||||
}
|
}
|
||||||
testResponseStatus(t, resp, 200)
|
testResponseStatus(t, resp, 200)
|
||||||
testResponseBody(t, resp, &actual)
|
testResponseBody(t, resp, &actual)
|
||||||
if !reflect.DeepEqual(actual, expected) {
|
if !reflect.DeepEqual(actual, expected) {
|
||||||
t.Fatalf("bad: %#v", actual)
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -42,7 +43,7 @@ func TestSysReadPolicy(t *testing.T) {
|
|||||||
testResponseStatus(t, resp, 200)
|
testResponseStatus(t, resp, 200)
|
||||||
testResponseBody(t, resp, &actual)
|
testResponseBody(t, resp, &actual)
|
||||||
if !reflect.DeepEqual(actual, expected) {
|
if !reflect.DeepEqual(actual, expected) {
|
||||||
t.Fatalf("bad: %#v", actual)
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -62,11 +63,12 @@ func TestSysWritePolicy(t *testing.T) {
|
|||||||
var actual map[string]interface{}
|
var actual map[string]interface{}
|
||||||
expected := map[string]interface{}{
|
expected := map[string]interface{}{
|
||||||
"policies": []interface{}{"default", "foo", "root"},
|
"policies": []interface{}{"default", "foo", "root"},
|
||||||
|
"keys": []interface{}{"default", "foo", "root"},
|
||||||
}
|
}
|
||||||
testResponseStatus(t, resp, 200)
|
testResponseStatus(t, resp, 200)
|
||||||
testResponseBody(t, resp, &actual)
|
testResponseBody(t, resp, &actual)
|
||||||
if !reflect.DeepEqual(actual, expected) {
|
if !reflect.DeepEqual(actual, expected) {
|
||||||
t.Fatalf("bad: %#v", actual)
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -89,10 +91,11 @@ func TestSysDeletePolicy(t *testing.T) {
|
|||||||
var actual map[string]interface{}
|
var actual map[string]interface{}
|
||||||
expected := map[string]interface{}{
|
expected := map[string]interface{}{
|
||||||
"policies": []interface{}{"default", "root"},
|
"policies": []interface{}{"default", "root"},
|
||||||
|
"keys": []interface{}{"default", "root"},
|
||||||
}
|
}
|
||||||
testResponseStatus(t, resp, 200)
|
testResponseStatus(t, resp, 200)
|
||||||
testResponseBody(t, resp, &actual)
|
testResponseBody(t, resp, &actual)
|
||||||
if !reflect.DeepEqual(actual, expected) {
|
if !reflect.DeepEqual(actual, expected) {
|
||||||
t.Fatalf("bad: %#v", actual)
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -246,6 +246,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
|
|||||||
|
|
||||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||||
logical.ReadOperation: b.handlePolicyList,
|
logical.ReadOperation: b.handlePolicyList,
|
||||||
|
logical.ListOperation: b.handlePolicyList,
|
||||||
},
|
},
|
||||||
|
|
||||||
HelpSynopsis: strings.TrimSpace(sysHelp["policy-list"][0]),
|
HelpSynopsis: strings.TrimSpace(sysHelp["policy-list"][0]),
|
||||||
@@ -815,7 +816,12 @@ func (b *SystemBackend) handlePolicyList(
|
|||||||
|
|
||||||
// Add the special "root" policy
|
// Add the special "root" policy
|
||||||
policies = append(policies, "root")
|
policies = append(policies, "root")
|
||||||
return logical.ListResponse(policies), err
|
resp := logical.ListResponse(policies)
|
||||||
|
|
||||||
|
// Backwords compatibility
|
||||||
|
resp.Data["policies"] = resp.Data["keys"]
|
||||||
|
|
||||||
|
return resp, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// handlePolicyRead handles the "policy/<name>" endpoint to read a policy
|
// handlePolicyRead handles the "policy/<name>" endpoint to read a policy
|
||||||
|
|||||||
@@ -431,7 +431,8 @@ func TestSystemBackend_policyList(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
exp := map[string]interface{}{
|
exp := map[string]interface{}{
|
||||||
"keys": []string{"default", "root"},
|
"keys": []string{"default", "root"},
|
||||||
|
"policies": []string{"default", "root"},
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(resp.Data, exp) {
|
if !reflect.DeepEqual(resp.Data, exp) {
|
||||||
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
||||||
@@ -483,7 +484,8 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
exp = map[string]interface{}{
|
exp = map[string]interface{}{
|
||||||
"keys": []string{"default", "foo", "root"},
|
"keys": []string{"default", "foo", "root"},
|
||||||
|
"policies": []string{"default", "foo", "root"},
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(resp.Data, exp) {
|
if !reflect.DeepEqual(resp.Data, exp) {
|
||||||
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
||||||
@@ -517,7 +519,8 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
exp = map[string]interface{}{
|
exp = map[string]interface{}{
|
||||||
"keys": []string{"default", "root"},
|
"keys": []string{"default", "root"},
|
||||||
|
"policies": []string{"default", "root"},
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(resp.Data, exp) {
|
if !reflect.DeepEqual(resp.Data, exp) {
|
||||||
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
|
||||||
|
|||||||
Reference in New Issue
Block a user