aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add authorized collection actions output for credential stores (#1530)

Browse Source 
Add authorized collection actions output for credential stores
pull/1531/head v0.6.1
Jeff Mitchell 5 years ago committed by GitHub
parent 5d7e723768
commit 1f7999ed97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 48 additions and 23 deletions
Show Stats Download Patch File Download Diff File

5
CHANGELOG.md
Unescape View File

@ -2,9 +2,6 @@
Canonical reference for changes, improvements, and bugfixes for Boundary.
## Next
## 0.6.1 (2021/09/14)
### Bug Fixes
@ -15,6 +12,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
project scope output. ([PR](https://github.com/hashicorp/boundary/pull/1524))
* actions: Fix `sessions` collection actions not being visible when reading a
scope ([PR](https://github.com/hashicorp/boundary/pull/1527))
* credential stores: Fix credential stores not showing authorized collection
actions ([PR](https://github.com/hashicorp/boundary/pull/1530))
## 0.6.0 (2021/09/03)

2
internal/servers/controller/auth/authorized_actions.go
Unescape View File

@ -38,7 +38,7 @@ func CalculateAuthorizedCollectionActions(ctx context.Context,
if err != nil {
return nil, err
}
ret[k.String()+"s"] = lv
ret[k.PluralString()] = lv
}
}
return ret, nil

3
internal/servers/controller/handlers/credentialstores/credentialstore_service.go
Unescape View File

@ -501,6 +501,9 @@ func toProto(in credential.Store, opt ...handlers.Option) (*pb.CredentialStore,
if outputFields.Has(globals.AuthorizedActionsField) {
out.AuthorizedActions = opts.WithAuthorizedActions
}
if outputFields.Has(globals.AuthorizedCollectionActionsField) {
out.AuthorizedCollectionActions = opts.WithAuthorizedCollectionActions
}
if outputFields.Has(globals.AttributesField) {
switch credential.SubtypeFromId(in.GetPublicId()) {
case vault.Subtype:

52
internal/servers/controller/handlers/credentialstores/credentialstore_service_test.go
Unescape View File

@ -34,7 +34,17 @@ import (
"google.golang.org/protobuf/types/known/wrapperspb"
)
var testAuthorizedActions = []string{"no-op", "read", "update", "delete"}
var (
testAuthorizedActions = []string{"no-op", "read", "update", "delete"}
testAuthorizedCollectionActions = map[string]*structpb.ListValue{
"credential-libraries": {
Values: []*structpb.Value{
structpb.NewStringValue("create"),
structpb.NewStringValue("list"),
},
},
}
)
func TestList(t *testing.T) {
conn, _ := db.TestSetup(t, "postgres")
@ -57,14 +67,15 @@ func TestList(t *testing.T) {
var wantStores []*pb.CredentialStore
for _, s := range vault.TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), 10) {
wantStores = append(wantStores, &pb.CredentialStore{
Id: s.GetPublicId(),
ScopeId: prj.GetPublicId(),
Scope: &scopepb.ScopeInfo{Id: prj.GetPublicId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
CreatedTime: s.GetCreateTime().GetTimestamp(),
UpdatedTime: s.GetUpdateTime().GetTimestamp(),
Version: s.GetVersion(),
Type: vault.Subtype.String(),
AuthorizedActions: testAuthorizedActions,
Id: s.GetPublicId(),
ScopeId: prj.GetPublicId(),
Scope: &scopepb.ScopeInfo{Id: prj.GetPublicId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
CreatedTime: s.GetCreateTime().GetTimestamp(),
UpdatedTime: s.GetUpdateTime().GetTimestamp(),
Version: s.GetVersion(),
Type: vault.Subtype.String(),
AuthorizedActions: testAuthorizedActions,
AuthorizedCollectionActions: testAuthorizedCollectionActions,
Attributes: func() *structpb.Struct {
attrs, err := handlers.ProtoToStruct(&pb.VaultCredentialStoreAttributes{
Address: wrapperspb.String(s.GetVaultAddress()),
@ -451,7 +462,8 @@ func TestCreate(t *testing.T) {
require.NoError(t, err)
return attrs
}(),
AuthorizedActions: testAuthorizedActions,
AuthorizedActions: testAuthorizedActions,
AuthorizedCollectionActions: testAuthorizedCollectionActions,
},
},
},
@ -495,7 +507,8 @@ func TestCreate(t *testing.T) {
require.NoError(t, err)
return attrs
}(),
AuthorizedActions: testAuthorizedActions,
AuthorizedActions: testAuthorizedActions,
AuthorizedCollectionActions: testAuthorizedCollectionActions,
},
},
},
@ -580,14 +593,15 @@ func TestGet(t *testing.T) {
id: store.GetPublicId(),
res: &pbs.GetCredentialStoreResponse{
Item: &pb.CredentialStore{
Id: store.GetPublicId(),
ScopeId: store.GetScopeId(),
Scope: &scopepb.ScopeInfo{Id: store.GetScopeId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
Type: vault.Subtype.String(),
AuthorizedActions: testAuthorizedActions,
CreatedTime: store.CreateTime.GetTimestamp(),
UpdatedTime: store.UpdateTime.GetTimestamp(),
Version: 1,
Id: store.GetPublicId(),
ScopeId: store.GetScopeId(),
Scope: &scopepb.ScopeInfo{Id: store.GetScopeId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
Type: vault.Subtype.String(),
AuthorizedActions: testAuthorizedActions,
AuthorizedCollectionActions: testAuthorizedCollectionActions,
CreatedTime: store.CreateTime.GetTimestamp(),
UpdatedTime: store.UpdateTime.GetTimestamp(),
Version: 1,
Attributes: func() *structpb.Struct {
attrs, err := handlers.ProtoToStruct(&pb.VaultCredentialStoreAttributes{
Address: wrapperspb.String(store.GetVaultAddress()),

9
internal/types/resource/resource.go
Unescape View File

@ -60,6 +60,15 @@ func (r Type) String() string {
}[r]
}
func (r Type) PluralString() string {
switch r {
case CredentialLibrary:
return "credential-libraries"
default:
return r.String() + "s"
}
}
var Map = map[string]Type{
Unknown.String(): Unknown,
All.String(): All,

Write Preview
Loading…
Cancel
Save