Skip to content

Commit

Permalink
test description change
Browse files Browse the repository at this point in the history
  • Loading branch information
@suprjinx
suprjinx committed Nov 16, 2024
1 parent 5d85704 commit a11c887
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
5 changes: 3 additions & 2 deletions app/lib/clients/vault/policy.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,9 @@ def remove_group_policy(group, policy_name)
write_identity(path: "identity/group",
name: group,
policies: policies,
extra_params: [ :disabled, :metadata ],
merge_policies: false)
extra_params: [ :metadata, :type, :member_group_ids, :member_entity_ids ],
merge_policies: false,
defaults: { type: "external" })
end
client.sys.delete_policy(policy_name)
end
Expand Down
8 changes: 4 additions & 4 deletions test/lib/clients/vault/policy_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ class PolicyTest < ActiveSupport::TestCase
assert_nil @client.verify_policy(@identity, policy_name)
end

test "#verify_policy looks checks groups for consumer_policy when supplied" do
test "#verify_policy checks identity.groups that overlap with supplied groups for the policy" do
producer_policy = "some/policy/name"
consumer_policy = "some/policy/other"
@identity.groups = [ "my-group" ]
@identity.groups = [ "my-group", "some-other-group" ]
@client.expects(:get_entity_data).with(@identity.sub).returns([ [], nil ])
@client.expects(:get_group_data).with("my-group").returns([ [], {} ])
err = assert_raises { @client.verify_policy(@identity, producer_policy, [ "my-group" ], consumer_policy) }
err = assert_raises { @client.verify_policy(@identity, producer_policy, [ "my-group", "yet-another-group" ], consumer_policy) }
assert_kind_of AuthError, err
end

test "#verify_policy permits identity having group which has the consumer policy role" do
test "#verify_policy permits identity when one overlapping group (identity.groups and supplied groups) has the policy" do
producer_policy = "some/policy/name"
consumer_policy = "some/policy/other"
@identity.groups = [ "my-group" ]
Expand Down

0 comments on commit a11c887

Please sign in to comment.