Added lookup endpoint for entity (#3519)

* Added lookup endpoint for entity * Address review comments
hashicorp · Nov 2, 2017 · 0321a86 · 0321a86
1 parent c7b5b8b
commit 0321a86
Show file tree

Hide file tree

Showing 3 changed files with 133 additions and 4 deletions.
diff --git a/vault/identity_lookup.go b/vault/identity_lookup.go
@@ -4,12 +4,36 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/hashicorp/vault/helper/identity"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
 
 func lookupPaths(i *IdentityStore) []*framework.Path {
 	return []*framework.Path{
+		{
+			Pattern: "lookup/entity$",
+			Fields: map[string]*framework.FieldSchema{
+				"type": {
+					Type:        framework.TypeString,
+					Description: "Type of lookup. Current supported values are 'id' and 'name'.",
+				},
+				"name": {
+					Type:        framework.TypeString,
+					Description: "Name of the entity.",
+				},
+				"id": {
+					Type:        framework.TypeString,
+					Description: "ID of the entity.",
+				},
+			},
+			Callbacks: map[logical.Operation]framework.OperationFunc{
+				logical.UpdateOperation: i.pathLookupEntityUpdate,
+			},
+
+			HelpSynopsis:    strings.TrimSpace(lookupHelp["lookup-entity"][0]),
+			HelpDescription: strings.TrimSpace(lookupHelp["lookup-entity"][1]),
+		},
 		{
 			Pattern: "lookup/group$",
 			Fields: map[string]*framework.FieldSchema{
@@ -98,6 +122,47 @@ func lookupPaths(i *IdentityStore) []*framework.Path {
 	}
 }
 
+func (i *IdentityStore) pathLookupEntityUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
+	lookupType := d.Get("type").(string)
+	if lookupType == "" {
+		return logical.ErrorResponse("empty type"), nil
+	}
+
+	var entity *identity.Entity
+	var err error
+
+	switch lookupType {
+	case "id":
+		entityID := d.Get("id").(string)
+		if entityID == "" {
+			return logical.ErrorResponse("empty id"), nil
+		}
+		entity, err = i.MemDBEntityByID(entityID, false)
+		if err != nil {
+			return nil, err
+		}
+
+	case "name":
+		entityName := d.Get("name").(string)
+		if entityName == "" {
+			return logical.ErrorResponse("empty name"), nil
+		}
+		entity, err = i.MemDBEntityByName(entityName, false)
+		if err != nil {
+			return nil, err
+		}
+
+	default:
+		return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
+	}
+
+	if entity == nil {
+		return nil, nil
+	}
+
+	return i.handleEntityReadCommon(entity)
+}
+
 func (i *IdentityStore) pathLookupGroupUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	lookupType := d.Get("type").(string)
 	if lookupType == "" {
@@ -196,6 +261,15 @@ func (i *IdentityStore) handleLookupAliasUpdateCommon(req *logical.Request, d *f
 }
 
 var lookupHelp = map[string][2]string{
+	"lookup-entity": {
+		"Query entities based on types.",
+		`Supported types:
+		- 'id'
+		To query the entity by its ID. This requires 'id' parameter to be set.
+		- 'name'
+		To query the entity by its name. This requires 'name' parameter to be set.
+		`,
+	},
 	"lookup-group": {
 		"Query groups based on types.",
 		`Supported types:

diff --git a/vault/identity_lookup_test.go b/vault/identity_lookup_test.go
@@ -6,6 +6,59 @@ import (
 	"github.com/hashicorp/vault/logical"
 )
 
+func TestIdentityStore_Lookup_Entity(t *testing.T) {
+	var err error
+	var resp *logical.Response
+
+	i, _, _ := testIdentityStoreWithGithubAuth(t)
+
+	entityReq := &logical.Request{
+		Path:      "entity",
+		Operation: logical.UpdateOperation,
+	}
+	resp, err = i.HandleRequest(entityReq)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
+	}
+	entityID := resp.Data["id"].(string)
+
+	entity, err := i.MemDBEntityByID(entityID, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	lookupReq := &logical.Request{
+		Path:      "lookup/entity",
+		Operation: logical.UpdateOperation,
+		Data: map[string]interface{}{
+			"type": "id",
+			"id":   entityID,
+		},
+	}
+	resp, err = i.HandleRequest(lookupReq)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
+	}
+
+	if resp.Data["id"].(string) != entityID {
+		t.Fatalf("bad: entity: %#v", resp.Data)
+	}
+
+	lookupReq.Data = map[string]interface{}{
+		"type": "name",
+		"name": entity.Name,
+	}
+
+	resp, err = i.HandleRequest(lookupReq)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("bad: err: %#v\nresp: %v", err, resp)
+	}
+
+	if resp.Data["id"].(string) != entityID {
+		t.Fatalf("bad: entity: %#v", resp.Data)
+	}
+}
+
 func TestIdentityStore_Lookup_EntityAlias(t *testing.T) {
 	var err error
 	var resp *logical.Response

diff --git a/vault/identity_store_entities.go b/vault/identity_store_entities.go
@@ -410,6 +410,10 @@ func (i *IdentityStore) pathEntityIDRead(req *logical.Request, d *framework.Fiel
 		return nil, nil
 	}
 
+	return i.handleEntityReadCommon(entity)
+}
+
+func (i *IdentityStore) handleEntityReadCommon(entity *identity.Entity) (*logical.Response, error) {
 	respData := map[string]interface{}{}
 	respData["id"] = entity.ID
 	respData["name"] = entity.Name
@@ -442,11 +446,9 @@ func (i *IdentityStore) pathEntityIDRead(req *logical.Request, d *framework.Fiel
 	// formats
 	respData["aliases"] = aliasesToReturn
 
-	resp := &logical.Response{
+	return &logical.Response{
 		Data: respData,
-	}
-
-	return resp, nil
+	}, nil
 }
 
 // pathEntityIDDelete deletes the entity for a given entity ID