Skip to content

Commit

Permalink
Display whether a token is an orphan on lookup.
Browse files Browse the repository at this point in the history
  • Loading branch information
jefferai committed Nov 9, 2015
1 parent 254dccc commit 06544af
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ IMPROVEMENTS:
* core: Tokens can now renew themselves [GH-455]
* core: Base64-encoded PGP keys can be used with the CLI for `init` and
`rekey` operations [GH-653]
* credential/token: Display whether or not a token is an orphan in the output
of a lookup call [GH-766]
* logical: Allow `.` in path-based variables in many more locations [GH-244]
* logical: Responses now contain a "warnings" key containing a list of
warnings returned from the server. These are conditions that did not require
Expand Down
1 change: 1 addition & 0 deletions http/logical_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ func TestLogical_StandbyRedirect(t *testing.T) {
"path": "auth/token/root",
"policies": []interface{}{"root"},
"display_name": "root",
"orphan": true,
"id": root,
"ttl": float64(0),
},
Expand Down
6 changes: 6 additions & 0 deletions vault/token_store.go
Original file line number Diff line number Diff line change
Expand Up @@ -800,10 +800,16 @@ func (ts *TokenStore) handleLookup(
"meta": out.Meta,
"display_name": out.DisplayName,
"num_uses": out.NumUses,
"orphan": false,
"creation_time": int(out.CreationTime),
"ttl": int(out.TTL.Seconds()),
},
}

if out.Parent == "" {
resp.Data["orphan"] = true
}

return resp, nil
}

Expand Down
30 changes: 29 additions & 1 deletion vault/token_store_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -866,12 +866,39 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
"path": "auth/token/root",
"meta": map[string]string(nil),
"display_name": "root",
"orphan": true,
"num_uses": 0,
"ttl": 0,
}
delete(resp.Data, "creation_time")
if !reflect.DeepEqual(resp.Data, exp) {
t.Fatalf("bad: %#v exp: %#v", resp.Data, exp)
t.Fatalf("bad:\n%#v\nexp:\n%#v\n", resp.Data, exp)
}

testMakeToken(t, ts, root, "client", []string{"foo"})

req = logical.TestRequest(t, logical.ReadOperation, "lookup/client")
resp, err = ts.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v %v", err, resp)
}
if resp == nil {
t.Fatalf("bad: %#v", resp)
}

exp = map[string]interface{}{
"id": "client",
"policies": []string{"foo"},
"path": "auth/token/create",
"meta": map[string]string(nil),
"display_name": "token",
"orphan": false,
"num_uses": 0,
"ttl": 2592000,
}
delete(resp.Data, "creation_time")
if !reflect.DeepEqual(resp.Data, exp) {
t.Fatalf("bad:\n%#v\nexp:\n%#v\n", resp.Data, exp)
}
}

Expand Down Expand Up @@ -933,6 +960,7 @@ func TestTokenStore_HandleRequest_LookupSelf(t *testing.T) {
"path": "auth/token/root",
"meta": map[string]string(nil),
"display_name": "root",
"orphan": true,
"num_uses": 0,
"ttl": 0,
}
Expand Down

0 comments on commit 06544af

Please sign in to comment.