Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add entity/entity alias primitives #41

Merged
merged 12 commits into from
Oct 3, 2024
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app/lib/clients/vault.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,6 @@ def enable_engine(mount, type)

require_relative "vault/key_value"
require_relative "vault/certificate"
require_relative "vault/entity"
require_relative "vault/entity_alias"
end
17 changes: 17 additions & 0 deletions app/lib/clients/vault/entity.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
module Clients
class Vault
class << self
def put_entity(name, policies)
client.logical.write("identity/entity",
name: name,
policies: policies)
end
def read_entity(name)
suprjinx marked this conversation as resolved.
Show resolved Hide resolved
client.logical.read("identity/entity/name/#{name}")
end
def delete_entity(name)
client.logical.delete("identity/entity/name/#{name}")
end
end
end
end
42 changes: 42 additions & 0 deletions app/lib/clients/vault/entity_alias.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
module Clients
class Vault
class << self
def put_entity_alias(entity_name, alias_name, auth_method)
e = read_entity(entity_name)
if e.nil?
raise "no such entity #{entity_name}"
end
canonical_id = e.data[:id]
auth_sym = "#{auth_method}/".to_sym
accessor = client.logical.read("/sys/auth").data[auth_sym][:accessor]
client.logical.write("identity/entity-alias",
name: alias_name,
canonical_id: canonical_id,
mount_accessor: accessor)
end

def read_entity_alias_id(entity_name, alias_name)
e = read_entity(entity_name)
if e.nil?
raise "no such entity #{entity_name}"
end
aliases = e.data[:aliases]
a = aliases.find { |a| a[:name] == alias_name }
if a.nil?
raise "no such alias #{alias_name}"
end
a[:id]
end

def read_entity_alias(entity_name, alias_name)
id = read_entity_alias_id(entity_name, alias_name)
client.logical.read("identity/entity-alias/id/#{id}")
end

def delete_entity_alias(entity_name, alias_name)
id = read_entity_alias_id(entity_name, alias_name)
client.logical.delete("identity/entity-alias/id/#{id}")
end
end
end
end
48 changes: 47 additions & 1 deletion test/lib/clients/vault_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,15 @@

class VaultTest < ActiveSupport::TestCase
attr_reader :random_mount

attr_reader :policies
attr_reader :entity_name
attr_reader :alias_name
setup do
@client = Clients::Vault
@random_mount = SecureRandom.hex(4)
@policies = SecureRandom.hex(4)
@entity_name = SecureRandom.hex(4)
@alias_name = SecureRandom.hex(4)
end

teardown do
Expand Down Expand Up @@ -40,6 +45,47 @@ class VaultTest < ActiveSupport::TestCase
end
end

test "#entity" do
entity = @client.read_entity(@entity_name)
assert_nil entity

@client.put_entity(@entity_name, @policies)
entity = @client.read_entity(@entity_name)
assert_equal entity.data[:policies][0], @policies

@client.delete_entity(@entity_name)
entity = @client.read_entity(@entity_name)
assert_nil entity
end

test "#entity_alias" do
# confirm no entity yet
err = assert_raises RuntimeError do
@client.read_entity_alias(@entity_name, @alias_name)
end
assert_match /no such entity/, err.message
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice


# confirm no alias yet
@client.put_entity(@entity_name, @policies)
err = assert_raises RuntimeError do
@client.read_entity_alias(@entity_name, @alias_name)
end
assert_match /no such alias/, err.message

# create alias
auth_method = "token"
@client.put_entity_alias(@entity_name, @alias_name, auth_method)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name)
assert_equal entity_alias.data[:mount_type], auth_method
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think in general the first argument is the expectation, and the second is the actual being tested -- reversed here and in other test above.
https://ruby-doc.org/stdlib-3.0.0/libdoc/minitest/rdoc/Minitest/Assertions.html


# confirm deleted alias
assert_equal @client.delete_entity_alias(@entity_name, @alias_name), true
err = assert_raises RuntimeError do
@client.delete_entity_alias(@entity_name, @alias_name)
end
assert_match /no such alias/, err.message
end

private

def vault_client
Expand Down
Loading