From 2c7130d296155b01c5c43534c3f07209fafec155 Mon Sep 17 00:00:00 2001
From: George Jahad <george@georgejahad.com>
Date: Fri, 8 Nov 2024 11:52:33 -0800
Subject: [PATCH 1/4] email fix

---
 config/astral.yml   | 2 +-
 test/test_helper.rb | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/config/astral.yml b/config/astral.yml
index 8700280..733b9b9 100644
--- a/config/astral.yml
+++ b/config/astral.yml
@@ -55,7 +55,7 @@ shared:
 
   initial_user_name: test
   initial_user_password: test
-  initial_user_email: john.doe@example.com
+  initial_user_email: test2024@example.com
 
 test:
   cert_ttl: <%= 24.hours.in_seconds %>
diff --git a/test/test_helper.rb b/test/test_helper.rb
index d5cdb9d..1939593 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -13,11 +13,14 @@ class TestCase
 
     # Helper methods
     def jwt_authorized
-      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
+      data = {"sub"=>"john.doe@example.com", "name"=>"John Doe", "iat"=>1516239022,
+               "groups"=>["group1", "group2"], "aud"=>"astral"}
+      JWT.encode(data, Config[:jwt_signing_key])
     end
 
     def jwt_unauthorized
-      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcHBsaWNhdGlvbl9uYW1lIiwiY29tbW9uX25hbWUiOiJleGFtcGxlLmNvbSIsImlwX3NhbnMiOiIxMC4wLjEuMTAwIn0.gEUyaZcARiBQNq2RUwZU0MdFXqthyo_oSQ8DAgKvxCs"
+      data = {"sub"=>"application_name", "common_name"=>"example.com", "ip_sans"=>"10.0.1.100"}
+      JWT.encode(data, "bad_secret")
     end
   end
 end

From 25bb9cb2855312bf9d4576cbbef5c305c81c3874 Mon Sep 17 00:00:00 2001
From: George Jahad <george@georgejahad.com>
Date: Fri, 8 Nov 2024 12:16:16 -0800
Subject: [PATCH 2/4] added auth_path to alias's

---
 app/lib/clients/vault/entity_alias.rb | 21 +++++++++++++--------
 test/lib/clients/vault_test.rb        | 16 ++++++++--------
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/app/lib/clients/vault/entity_alias.rb b/app/lib/clients/vault/entity_alias.rb
index fb2456c..7048b23 100644
--- a/app/lib/clients/vault/entity_alias.rb
+++ b/app/lib/clients/vault/entity_alias.rb
@@ -1,13 +1,13 @@
 module Clients
   class Vault
     module EntityAlias
-      def put_entity_alias(entity_name, alias_name, auth_method)
+      def put_entity_alias(entity_name, alias_name, auth_path)
         e = read_entity(entity_name)
         if e.nil?
           raise "no such entity #{entity_name}"
         end
         canonical_id = e.data[:id]
-        auth_sym = "#{auth_method}/".to_sym
+        auth_sym = "#{auth_path}/".to_sym
         accessor = client.logical.read("/sys/auth").data[auth_sym][:accessor]
         client.logical.write("identity/entity-alias",
                              name: alias_name,
@@ -15,28 +15,33 @@ def put_entity_alias(entity_name, alias_name, auth_method)
                              mount_accessor: accessor)
       end
 
-      def read_entity_alias_id(entity_name, alias_name)
+      def read_entity_alias_id(entity_name, alias_name, auth_path)
         e = read_entity(entity_name)
         if e.nil?
           raise "no such entity #{entity_name}"
         end
         aliases = e.data[:aliases]
-        a = aliases.find { |a| a[:name] == alias_name }
+        a = find_alias(aliases, alias_name, auth_path)
         if a.nil?
           raise "no such alias #{alias_name}"
         end
         a[:id]
       end
 
-      def read_entity_alias(entity_name, alias_name)
-        id = read_entity_alias_id(entity_name, alias_name)
+      def read_entity_alias(entity_name, alias_name, auth_path)
+        id = read_entity_alias_id(entity_name, alias_name, auth_path)
         client.logical.read("identity/entity-alias/id/#{id}")
       end
 
-      def delete_entity_alias(entity_name, alias_name)
-        id = read_entity_alias_id(entity_name, alias_name)
+      def delete_entity_alias(entity_name, alias_name, auth_path)
+        id = read_entity_alias_id(entity_name, alias_name, auth_path)
         client.logical.delete("identity/entity-alias/id/#{id}")
       end
+
+      private
+      def find_alias(aliases, name, auth_path)
+        aliases.find { |a| a[:name] == name && a[:mount_path] == "auth/#{auth_path}/"}
+      end
     end
   end
 end
diff --git a/test/lib/clients/vault_test.rb b/test/lib/clients/vault_test.rb
index 0d80b9c..58d9ab8 100644
--- a/test/lib/clients/vault_test.rb
+++ b/test/lib/clients/vault_test.rb
@@ -120,28 +120,28 @@ class VaultTest < ActiveSupport::TestCase
 
   test "entity_alias methods" do
     # confirm no entity yet
+    auth_path = "token"
     err = assert_raises RuntimeError do
-      @client.read_entity_alias(@entity_name, @alias_name)
+      @client.read_entity_alias(@entity_name, @alias_name, auth_path)
     end
     assert_match /no such entity/, err.message
 
     # confirm no alias yet
     @client.put_entity(@entity_name, @policies)
     err = assert_raises RuntimeError do
-      @client.read_entity_alias(@entity_name, @alias_name)
+      @client.read_entity_alias(@entity_name, @alias_name, auth_path)
     end
     assert_match /no such alias/, err.message
 
     # create alias
-    auth_method = "token"
-    @client.put_entity_alias(@entity_name, @alias_name, auth_method)
-    entity_alias =  @client.read_entity_alias(@entity_name, @alias_name)
-    assert_equal auth_method, entity_alias.data[:mount_type]
+    @client.put_entity_alias(@entity_name, @alias_name, auth_path)
+    entity_alias =  @client.read_entity_alias(@entity_name, @alias_name, auth_path)
+    assert_equal auth_path, entity_alias.data[:mount_type]
 
     # confirm deleted alias
-    assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name)
+    assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name, auth_path)
     err = assert_raises RuntimeError do
-      @client.delete_entity_alias(@entity_name, @alias_name)
+      @client.delete_entity_alias(@entity_name, @alias_name, auth_path)
     end
     assert_match /no such alias/, err.message
   end

From fbc6e0c96c32d5fc2a829f21e8e0f229596d9c89 Mon Sep 17 00:00:00 2001
From: George Jahad <george@georgejahad.com>
Date: Fri, 8 Nov 2024 14:44:55 -0800
Subject: [PATCH 3/4] added alias tests

---
 test/lib/clients/vault_test.rb | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/test/lib/clients/vault_test.rb b/test/lib/clients/vault_test.rb
index 58d9ab8..fe1c8f0 100644
--- a/test/lib/clients/vault_test.rb
+++ b/test/lib/clients/vault_test.rb
@@ -133,17 +133,32 @@ class VaultTest < ActiveSupport::TestCase
     end
     assert_match /no such alias/, err.message
 
-    # create alias
+    # create token alias
     @client.put_entity_alias(@entity_name, @alias_name, auth_path)
     entity_alias =  @client.read_entity_alias(@entity_name, @alias_name, auth_path)
     assert_equal auth_path, entity_alias.data[:mount_type]
 
+    # create different alias type with same name
+    oidc_path = "oidc"
+    @client.put_entity_alias(@entity_name, @alias_name, oidc_path)
+    entity_alias =  @client.read_entity_alias(@entity_name, @alias_name, oidc_path)
+    assert_equal oidc_path, entity_alias.data[:mount_type]
+
+
+    # confirm two aliases
+    entity =  @client.read_entity(@entity_name)
+    assert_equal 2, entity.data[:aliases].size
+
     # confirm deleted alias
     assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name, auth_path)
     err = assert_raises RuntimeError do
       @client.delete_entity_alias(@entity_name, @alias_name, auth_path)
     end
     assert_match /no such alias/, err.message
+
+    # confirm 1 aliases
+    entity =  @client.read_entity(@entity_name)
+    assert_equal 1, entity.data[:aliases].size
   end
 
   test ".assign_policy creates valid entity" do

From f459d523b45ae2f1537a638f7cdd8020624064c3 Mon Sep 17 00:00:00 2001
From: George Jahad <george@georgejahad.com>
Date: Fri, 8 Nov 2024 14:59:07 -0800
Subject: [PATCH 4/4] cleanup

---
 app/lib/clients/vault/entity_alias.rb |  2 +-
 test/test_helper.rb                   | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/app/lib/clients/vault/entity_alias.rb b/app/lib/clients/vault/entity_alias.rb
index 7048b23..88e42cc 100644
--- a/app/lib/clients/vault/entity_alias.rb
+++ b/app/lib/clients/vault/entity_alias.rb
@@ -40,7 +40,7 @@ def delete_entity_alias(entity_name, alias_name, auth_path)
 
       private
       def find_alias(aliases, name, auth_path)
-        aliases.find { |a| a[:name] == name && a[:mount_path] == "auth/#{auth_path}/"}
+        aliases.find { |a| a[:name] == name && a[:mount_path] == "auth/#{auth_path}/" }
       end
     end
   end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 1939593..efec512 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -13,14 +13,16 @@ class TestCase
 
     # Helper methods
     def jwt_authorized
-      data = {"sub"=>"john.doe@example.com", "name"=>"John Doe", "iat"=>1516239022,
-               "groups"=>["group1", "group2"], "aud"=>"astral"}
-      JWT.encode(data, Config[:jwt_signing_key])
+      @@authorized_token ||= JWT.encode(@@authorized_data, Config[:jwt_signing_key])
     end
 
     def jwt_unauthorized
-      data = {"sub"=>"application_name", "common_name"=>"example.com", "ip_sans"=>"10.0.1.100"}
-      JWT.encode(data, "bad_secret")
+      @@unauthorized_token ||= JWT.encode(@@unauthorized_data, "bad_secret")
     end
+
+    private
+    @@authorized_data   = { "sub"=>"john.doe@example.com", "name"=>"John Doe", "iat"=>1516239022,
+                           "groups"=>[ "group1", "group2" ], "aud"=>"astral" }
+    @@unauthorized_data = { "sub"=>"application_name", "common_name"=>"example.com", "ip_sans"=>"10.0.1.100" }
   end
 end