Skip to content

Commit

Permalink
Return absolute paths while listing in LDAP backend (#5537)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vishalnayak
vishalnayak authored Oct 17, 2018
1 parent 9d6ca37 commit 173f0e4
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 4 deletions.
87 changes: 87 additions & 0 deletions builtin/credential/ldap/backend_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"testing"
"time"

"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/logical"
logicaltest "github.com/hashicorp/vault/logical/testing"
Expand All @@ -33,6 +34,92 @@ func createBackendWithStorage(t *testing.T) (*backend, logical.Storage) {
return b, config.StorageView
}

func TestLdapAuthBackend_Listing(t *testing.T) {
b, storage := createBackendWithStorage(t)

// Create group "testgroup"
resp, err := b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "groups/testgroup",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}

// Create group "nested/testgroup"
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "groups/nested/testgroup",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}

// Create user "testuser"
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "users/testuser",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
"groups": "testgroup,nested/testgroup",
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}

// Create user "nested/testuser"
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "users/nested/testuser",
Operation: logical.UpdateOperation,
Storage: storage,
Data: map[string]interface{}{
"policies": []string{"default"},
"groups": "testgroup,nested/testgroup",
},
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}

// List users
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "users/",
Operation: logical.ListOperation,
Storage: storage,
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
expected := []string{"testuser", "nested/testuser"}
if !reflect.DeepEqual(expected, resp.Data["keys"].([]string)) {
t.Fatalf("bad: listed users; expected: %#v actual: %#v", expected, resp.Data["keys"].([]string))
}

// List groups
resp, err = b.HandleRequest(namespace.RootContext(nil), &logical.Request{
Path: "groups/",
Operation: logical.ListOperation,
Storage: storage,
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
expected = []string{"testgroup", "nested/testgroup"}
if !reflect.DeepEqual(expected, resp.Data["keys"].([]string)) {
t.Fatalf("bad: listed groups; expected: %#v actual: %#v", expected, resp.Data["keys"].([]string))
}
}

func TestLdapAuthBackend_CaseSensitivity(t *testing.T) {
var resp *logical.Response
var err error
Expand Down
10 changes: 8 additions & 2 deletions builtin/credential/ldap/path_groups.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,11 +132,17 @@ func (b *backend) pathGroupWrite(ctx context.Context, req *logical.Request, d *f
}

func (b *backend) pathGroupList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
groups, err := req.Storage.List(ctx, "group/")
keys, err := logical.CollectKeys(ctx, req.Storage)
if err != nil {
return nil, err
}
return logical.ListResponse(groups), nil
retKeys := make([]string, 0)
for _, key := range keys {
if strings.HasPrefix(key, "group/") && !strings.HasPrefix(key, "/") {
retKeys = append(retKeys, strings.TrimPrefix(key, "group/"))
}
}
return logical.ListResponse(retKeys), nil
}

type GroupEntry struct {
Expand Down
11 changes: 9 additions & 2 deletions builtin/credential/ldap/path_users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,18 @@ func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *fr
}

func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List(ctx, "user/")
keys, err := logical.CollectKeys(ctx, req.Storage)
if err != nil {
return nil, err
}
return logical.ListResponse(users), nil
retKeys := make([]string, 0)
for _, key := range keys {
if strings.HasPrefix(key, "user/") && !strings.HasPrefix(key, "/") {
retKeys = append(retKeys, strings.TrimPrefix(key, "user/"))
}
}
return logical.ListResponse(retKeys), nil

}

type UserEntry struct {
Expand Down

0 comments on commit 173f0e4

Please sign in to comment.