diff --git a/app/lib/clients/vault/identity.rb b/app/lib/clients/vault/identity.rb index 58c3ed1..364b249 100644 --- a/app/lib/clients/vault/identity.rb +++ b/app/lib/clients/vault/identity.rb @@ -16,16 +16,16 @@ def put_group(name, policies) defaults: { type: "external" }) end - def read_entity(sub) - client.logical.read("identity/entity/name/#{sub}") + def read_entity(name) + client.logical.read("identity/entity/name/#{name}") end def delete_entity(name) client.logical.delete("identity/entity/name/#{name}") end - def get_entity_data(sub) - get_identity_data("identity/entity/name/#{sub}") + def get_entity_data(name) + get_identity_data("identity/entity/name/#{name}") end def read_group(name) diff --git a/app/lib/clients/vault/identity_alias.rb b/app/lib/clients/vault/identity_alias.rb index a489e05..de83add 100644 --- a/app/lib/clients/vault/identity_alias.rb +++ b/app/lib/clients/vault/identity_alias.rb @@ -1,12 +1,12 @@ module Clients class Vault module IdentityAlias - def put_entity_alias(entity_name, alias_name, auth_method) - write_identity_alias("entity", entity_name, alias_name, auth_method) + def put_entity_alias(entity_name, alias_name, auth_path) + write_identity_alias("entity", entity_name, alias_name, auth_path) end - def put_group_alias(group_name, alias_name, auth_method) - write_identity_alias("group", group_name, alias_name, auth_method) + def put_group_alias(group_name, alias_name, auth_path) + write_identity_alias("group", group_name, alias_name, auth_path) end def read_entity_alias(entity_name, alias_name, auth_path) @@ -53,8 +53,8 @@ def read_identity_alias(type, identity_name, alias_name, auth_path) client.logical.read("identity/#{type}-alias/id/#{id}") end - def write_identity_alias(type, identity_name, alias_name, auth_method) - auth_sym = "#{auth_method}/".to_sym + def write_identity_alias(type, identity_name, alias_name, auth_path) + auth_sym = "#{auth_path}/".to_sym accessor = client.logical.read("/sys/auth") accessor = accessor.data[auth_sym][:accessor] @@ -63,7 +63,7 @@ def write_identity_alias(type, identity_name, alias_name, auth_method) raise "no such #{type} #{identity_name}" end aliases = (identity.data[:aliases] || [ identity.data[:alias] ]) - identity_alias = find_alias(aliases, alias_name, auth_method) + identity_alias = find_alias(aliases, alias_name, auth_path) # only create alias when not existant unless identity_alias client.logical.write("identity/#{type}-alias", diff --git a/test/lib/clients/vault/identity_alias_test.rb b/test/lib/clients/vault/identity_alias_test.rb index 7b89510..e7fd913 100644 --- a/test/lib/clients/vault/identity_alias_test.rb +++ b/test/lib/clients/vault/identity_alias_test.rb @@ -67,5 +67,8 @@ class IdentityAliasTest < ActiveSupport::TestCase assert_nil @client.put_group_alias(@group_name, existing_alias, @auth_path) group_alias = @client.read_group_alias(@group_name, existing_alias, @auth_path) assert_not_nil group_alias - end + # verify alias belongs to the group + group = @client.read_group(@group_name) + assert_equal group_alias.to_h[:data][:canonical_id], group.data[:alias][:canonical_id] + end end