PR suggestions

G-Research · Nov 19, 2024 · fd2f7d3 · fd2f7d3
1 parent 8756c9e
commit fd2f7d3
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 12 deletions.
diff --git a/app/lib/clients/vault/identity.rb b/app/lib/clients/vault/identity.rb
@@ -16,16 +16,16 @@ def put_group(name, policies)
                        defaults: { type: "external" })
       end
 
-      def read_entity(sub)
-        client.logical.read("identity/entity/name/#{sub}")
+      def read_entity(name)
+        client.logical.read("identity/entity/name/#{name}")
       end
 
       def delete_entity(name)
         client.logical.delete("identity/entity/name/#{name}")
       end
 
-      def get_entity_data(sub)
-        get_identity_data("identity/entity/name/#{sub}")
+      def get_entity_data(name)
+        get_identity_data("identity/entity/name/#{name}")
       end
 
       def read_group(name)

diff --git a/app/lib/clients/vault/identity_alias.rb b/app/lib/clients/vault/identity_alias.rb
@@ -1,12 +1,12 @@
 module Clients
   class Vault
     module IdentityAlias
-      def put_entity_alias(entity_name, alias_name, auth_method)
-        write_identity_alias("entity", entity_name, alias_name, auth_method)
+      def put_entity_alias(entity_name, alias_name, auth_path)
+        write_identity_alias("entity", entity_name, alias_name, auth_path)
       end
 
-      def put_group_alias(group_name, alias_name, auth_method)
-        write_identity_alias("group", group_name, alias_name, auth_method)
+      def put_group_alias(group_name, alias_name, auth_path)
+        write_identity_alias("group", group_name, alias_name, auth_path)
       end
 
       def read_entity_alias(entity_name, alias_name, auth_path)
@@ -53,8 +53,8 @@ def read_identity_alias(type, identity_name, alias_name, auth_path)
         client.logical.read("identity/#{type}-alias/id/#{id}")
       end
 
-      def write_identity_alias(type, identity_name, alias_name, auth_method)
-        auth_sym = "#{auth_method}/".to_sym
+      def write_identity_alias(type, identity_name, alias_name, auth_path)
+        auth_sym = "#{auth_path}/".to_sym
         accessor = client.logical.read("/sys/auth")
         accessor = accessor.data[auth_sym][:accessor]
 
@@ -63,7 +63,7 @@ def write_identity_alias(type, identity_name, alias_name, auth_method)
           raise "no such #{type} #{identity_name}"
         end
         aliases = (identity.data[:aliases] || [ identity.data[:alias] ])
-        identity_alias = find_alias(aliases, alias_name, auth_method)
+        identity_alias = find_alias(aliases, alias_name, auth_path)
         # only create alias when not existant
         unless identity_alias
           client.logical.write("identity/#{type}-alias",

diff --git a/test/lib/clients/vault/identity_alias_test.rb b/test/lib/clients/vault/identity_alias_test.rb
@@ -67,5 +67,8 @@ class IdentityAliasTest < ActiveSupport::TestCase
     assert_nil @client.put_group_alias(@group_name, existing_alias, @auth_path)
     group_alias = @client.read_group_alias(@group_name, existing_alias, @auth_path)
     assert_not_nil group_alias
-  end
+    # verify alias belongs to the group
+    group = @client.read_group(@group_name)
+    assert_equal group_alias.to_h[:data][:canonical_id], group.data[:alias][:canonical_id]
+   end
 end