diff --git a/CHANGELOG.md b/CHANGELOG.md index b6d89a57acf0..aa39ae2d740e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,8 @@ IMPROVEMENTS: * core: Tokens can now renew themselves [GH-455] * core: Base64-encoded PGP keys can be used with the CLI for `init` and `rekey` operations [GH-653] + * credential/token: Display whether or not a token is an orphan in the output + of a lookup call [GH-766] * logical: Allow `.` in path-based variables in many more locations [GH-244] * logical: Responses now contain a "warnings" key containing a list of warnings returned from the server. These are conditions that did not require diff --git a/http/logical_test.go b/http/logical_test.go index 7d48c6c36025..0edf44f19a5e 100644 --- a/http/logical_test.go +++ b/http/logical_test.go @@ -121,6 +121,7 @@ func TestLogical_StandbyRedirect(t *testing.T) { "path": "auth/token/root", "policies": []interface{}{"root"}, "display_name": "root", + "orphan": true, "id": root, "ttl": float64(0), }, diff --git a/vault/token_store.go b/vault/token_store.go index 9bbccf9d53c8..048203ff880c 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -800,10 +800,16 @@ func (ts *TokenStore) handleLookup( "meta": out.Meta, "display_name": out.DisplayName, "num_uses": out.NumUses, + "orphan": false, "creation_time": int(out.CreationTime), "ttl": int(out.TTL.Seconds()), }, } + + if out.Parent == "" { + resp.Data["orphan"] = true + } + return resp, nil } diff --git a/vault/token_store_test.go b/vault/token_store_test.go index 9682f30e9e30..8a47627ad39a 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -866,12 +866,39 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) { "path": "auth/token/root", "meta": map[string]string(nil), "display_name": "root", + "orphan": true, "num_uses": 0, "ttl": 0, } delete(resp.Data, "creation_time") if !reflect.DeepEqual(resp.Data, exp) { - t.Fatalf("bad: %#v exp: %#v", resp.Data, exp) + t.Fatalf("bad:\n%#v\nexp:\n%#v\n", resp.Data, exp) + } + + testMakeToken(t, ts, root, "client", []string{"foo"}) + + req = logical.TestRequest(t, logical.ReadOperation, "lookup/client") + resp, err = ts.HandleRequest(req) + if err != nil { + t.Fatalf("err: %v %v", err, resp) + } + if resp == nil { + t.Fatalf("bad: %#v", resp) + } + + exp = map[string]interface{}{ + "id": "client", + "policies": []string{"foo"}, + "path": "auth/token/create", + "meta": map[string]string(nil), + "display_name": "token", + "orphan": false, + "num_uses": 0, + "ttl": 2592000, + } + delete(resp.Data, "creation_time") + if !reflect.DeepEqual(resp.Data, exp) { + t.Fatalf("bad:\n%#v\nexp:\n%#v\n", resp.Data, exp) } } @@ -933,6 +960,7 @@ func TestTokenStore_HandleRequest_LookupSelf(t *testing.T) { "path": "auth/token/root", "meta": map[string]string(nil), "display_name": "root", + "orphan": true, "num_uses": 0, "ttl": 0, }