changes for tests green

G-Research · Nov 16, 2024 · 81a5614 · 81a5614
1 parent 7a2afcb
commit 81a5614
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 24 deletions.
diff --git a/app/lib/clients/vault/identity.rb b/app/lib/clients/vault/identity.rb
@@ -17,7 +17,11 @@ def put_group(name, policies)
       end
 
       def read_entity(sub)
-        read_identity("identity/entity/name/#{sub}")
+        client.logical.read("identity/entity/name/#{sub}")
+      end
+
+      def delete_entity(name)
+        client.logical.delete("identity/entity/name/#{name}")
       end
 
       def get_entity_data(sub)
@@ -28,16 +32,12 @@ def get_group_data(name)
         get_identity_data("identity/group/name/#{name}")
       end
 
-      def delete_entity(name)
-        client.logical.delete("identity/entity/name/#{name}")
-      end
-
       private
 
       def write_identity(path:, name:, policies:, defaults: {}, extra_params: [], merge_policies: true)
         full_path = "#{path}/name/#{name}"
         Domain.with_advisory_lock(full_path) do
-          identity = read_identity(full_path)
+          identity = client.logical.read(full_path)
           policies = (policies || []) + (identity&.data&.fetch(:policies) || []) if merge_policies
           params = defaults.
                      merge({
@@ -51,12 +51,8 @@ def write_identity(path:, name:, policies:, defaults: {}, extra_params: [], merg
         end
       end
 
-      def read_identity(path)
-        client.logical.read(path)
-      end
-
       def get_identity_data(path)
-        identity = read_identity(path)
+        identity = client.logical.read(path)
         if identity
           [ identity.data[:policies], identity.data[:metadata] ]
         else

diff --git a/app/lib/clients/vault/identity_alias.rb b/app/lib/clients/vault/identity_alias.rb
@@ -9,25 +9,26 @@ def put_group_alias(group_name, auth_method)
         write_identity_alias("group", group_name, group_name, auth_method)
       end
 
-
       def read_entity_alias(entity_name, alias_name, auth_path)
-        id = find_identity_alias_id("entity", entity_name, alias_name, auth_path)
-        client.logical.read("identity/entity-alias/id/#{id}")
+        read_identity_alias("entity", entity_name, alias_name, auth_path)
       end
 
       def delete_entity_alias(entity_name, alias_name, auth_path)
-        id = find_identity_alias_id("entity", entity_name, alias_name, auth_path)
+        identity = client.logical.read("identity/entity/name/#{entity_name}")
+        if identity.nil?
+          raise "no such #{type} #{identity_name}"
+        end
+        id = find_identity_alias_id(identity, alias_name, auth_path)
+        if id.nil?
+          raise "no such alias #{alias_name}"
+        end
         client.logical.delete("identity/entity-alias/id/#{id}")
       end
 
       private
 
-      def find_identity_alias_id(type, identity_name, alias_name, auth_path)
-        e = read_identity("identity/#{type}/name/#{identity_name}")
-        if e.nil?
-          raise "no such #{type} #{identity_name}"
-        end
-        aliases = e.data[:aliases]
+      def find_identity_alias_id(identity, alias_name, auth_path)
+        aliases = (identity.data[:aliases] || [ identity.data[:alias] ])
         a = find_alias(aliases, alias_name, auth_path)
         a&.fetch(:id)
       end
@@ -36,15 +37,31 @@ def find_alias(aliases, name, auth_path)
         aliases&.find { |a| a[:name] == name && a[:mount_path] == "auth/#{auth_path}/" }
       end
 
+      def read_identity_alias(type, identity_name, alias_name, auth_path)
+        identity = client.logical.read("identity/#{type}/name/#{identity_name}")
+        if identity.nil?
+          raise "no such #{type} #{identity_name}"
+        end
+        id = find_identity_alias_id(identity, alias_name, auth_path)
+        if id.nil?
+          raise "no such alias #{alias_name}"
+        end
+        client.logical.read("identity/#{type}-alias/id/#{id}")
+      end
+
       def write_identity_alias(type, identity_name, alias_name, auth_method)
         auth_sym = "#{auth_method}/".to_sym
         accessor = client.logical.read("/sys/auth")
         accessor = accessor.data[auth_sym][:accessor]
 
-        id = find_identity_alias_id(type, identity_name, alias_name, "oidc")
+        identity = client.logical.read("identity/#{type}/name/#{identity_name}")
+        if identity.nil?
+          raise "no such #{type} #{identity_name}"
+        end
+        aliases = (identity.data[:aliases] || [ identity.data[:alias] ])
+        identity_alias = find_alias(aliases, alias_name, "oidc")
         # only create alias when not existant
-        unless id
-          identity = read_identity("identity/#{type}/name/#{identity_name}")
+        unless identity_alias
           client.logical.write("identity/#{type}-alias",
                                {
                                  name: alias_name,