Skip to content

Commit

Permalink
Merge branch 'main' of github.com:G-Research/astral
Browse files Browse the repository at this point in the history
  • Loading branch information
suprjinx committed Nov 15, 2024
2 parents b3ba014 + 184ab37 commit 795c8e2
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 20 deletions.
21 changes: 13 additions & 8 deletions app/lib/clients/vault/entity_alias.rb
Original file line number Diff line number Diff line change
@@ -1,42 +1,47 @@
module Clients
class Vault
module EntityAlias
def put_entity_alias(entity_name, alias_name, auth_method)
def put_entity_alias(entity_name, alias_name, auth_path)
e = read_entity(entity_name)
if e.nil?
raise "no such entity #{entity_name}"
end
canonical_id = e.data[:id]
auth_sym = "#{auth_method}/".to_sym
auth_sym = "#{auth_path}/".to_sym
accessor = client.logical.read("/sys/auth").data[auth_sym][:accessor]
client.logical.write("identity/entity-alias",
name: alias_name,
canonical_id: canonical_id,
mount_accessor: accessor)
end

def read_entity_alias_id(entity_name, alias_name)
def read_entity_alias_id(entity_name, alias_name, auth_path)
e = read_entity(entity_name)
if e.nil?
raise "no such entity #{entity_name}"
end
aliases = e.data[:aliases]
a = aliases.find { |a| a[:name] == alias_name }
a = find_alias(aliases, alias_name, auth_path)
if a.nil?
raise "no such alias #{alias_name}"
end
a[:id]
end

def read_entity_alias(entity_name, alias_name)
id = read_entity_alias_id(entity_name, alias_name)
def read_entity_alias(entity_name, alias_name, auth_path)
id = read_entity_alias_id(entity_name, alias_name, auth_path)
client.logical.read("identity/entity-alias/id/#{id}")
end

def delete_entity_alias(entity_name, alias_name)
id = read_entity_alias_id(entity_name, alias_name)
def delete_entity_alias(entity_name, alias_name, auth_path)
id = read_entity_alias_id(entity_name, alias_name, auth_path)
client.logical.delete("identity/entity-alias/id/#{id}")
end

private
def find_alias(aliases, name, auth_path)
aliases.find { |a| a[:name] == name && a[:mount_path] == "auth/#{auth_path}/" }
end
end
end
end
2 changes: 1 addition & 1 deletion config/astral.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ shared:

initial_user_name: test
initial_user_password: test
initial_user_email: john.doe@example.com
initial_user_email: test2024@example.com

test:
cert_ttl: <%= 24.hours.in_seconds %>
Expand Down
33 changes: 24 additions & 9 deletions test/lib/clients/vault_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -120,30 +120,45 @@ class VaultTest < ActiveSupport::TestCase

test "entity_alias methods" do
# confirm no entity yet
auth_path = "token"
err = assert_raises RuntimeError do
@client.read_entity_alias(@entity_name, @alias_name)
@client.read_entity_alias(@entity_name, @alias_name, auth_path)
end
assert_match /no such entity/, err.message

# confirm no alias yet
@client.put_entity(@entity_name, @policies)
err = assert_raises RuntimeError do
@client.read_entity_alias(@entity_name, @alias_name)
@client.read_entity_alias(@entity_name, @alias_name, auth_path)
end
assert_match /no such alias/, err.message

# create alias
auth_method = "token"
@client.put_entity_alias(@entity_name, @alias_name, auth_method)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name)
assert_equal auth_method, entity_alias.data[:mount_type]
# create token alias
@client.put_entity_alias(@entity_name, @alias_name, auth_path)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name, auth_path)
assert_equal auth_path, entity_alias.data[:mount_type]

# create different alias type with same name
oidc_path = "oidc"
@client.put_entity_alias(@entity_name, @alias_name, oidc_path)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name, oidc_path)
assert_equal oidc_path, entity_alias.data[:mount_type]


# confirm two aliases
entity = @client.read_entity(@entity_name)
assert_equal 2, entity.data[:aliases].size

# confirm deleted alias
assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name)
assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name, auth_path)
err = assert_raises RuntimeError do
@client.delete_entity_alias(@entity_name, @alias_name)
@client.delete_entity_alias(@entity_name, @alias_name, auth_path)
end
assert_match /no such alias/, err.message

# confirm 1 aliases
entity = @client.read_entity(@entity_name)
assert_equal 1, entity.data[:aliases].size
end

test ".assign_policy creates valid entity" do
Expand Down
9 changes: 7 additions & 2 deletions test/test_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,16 @@ class TestCase

# Helper methods
def jwt_authorized
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
@@authorized_token ||= JWT.encode(@@authorized_data, Config[:jwt_signing_key])
end

def jwt_unauthorized
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcHBsaWNhdGlvbl9uYW1lIiwiY29tbW9uX25hbWUiOiJleGFtcGxlLmNvbSIsImlwX3NhbnMiOiIxMC4wLjEuMTAwIn0.gEUyaZcARiBQNq2RUwZU0MdFXqthyo_oSQ8DAgKvxCs"
@@unauthorized_token ||= JWT.encode(@@unauthorized_data, "bad_secret")
end

private
@@authorized_data = { "sub"=>"[email protected]", "name"=>"John Doe", "iat"=>1516239022,
"groups"=>[ "group1", "group2" ], "aud"=>"astral" }
@@unauthorized_data = { "sub"=>"application_name", "common_name"=>"example.com", "ip_sans"=>"10.0.1.100" }
end
end

0 comments on commit 795c8e2

Please sign in to comment.