aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

internal/session: validate token resource type

Browse Source
pull/4202/head
Johan Brandhorst-Satzkorn 2 years ago
parent 12403d49ad
commit 3288f78f12
4 changed files with 42 additions and 139 deletions
Show Stats Download Patch File Download Diff File

172
internal/session/service_list_ext_test.go
Unescape View File

@ -118,7 +118,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, nil, 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "missing grants hash")
@ -128,7 +128,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 0, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
@ -138,14 +138,14 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), -1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("nil filter func", func(t *testing.T) {
t.Parallel()
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, nil, tok, repo, true)
require.ErrorContains(t, err, "missing filter item callback")
@ -163,7 +163,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a pagination token component")
@ -173,78 +173,20 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, nil, true)
require.ErrorContains(t, err, "missing repo")
})
})
t.Run("ListRefresh validation", func(t *testing.T) {
t.Parallel()
t.Run("missing grants hash", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, nil, 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "missing grants hash")
})
t.Run("zero page size", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 0, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("negative page size", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), -1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("nil filter func", func(t *testing.T) {
t.Parallel()
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, nil, tok, repo, true)
require.ErrorContains(t, err, "missing filter item callback")
})
t.Run("nil token", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, nil, repo, true)
require.ErrorContains(t, err, "missing token")
})
t.Run("wrong token type", func(t *testing.T) {
t.Run("wrong token resource type", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a start-refresh token component")
})
t.Run("nil repo", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, nil, true)
require.ErrorContains(t, err, "missing repo")
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a session resource type")
})
})
t.Run("ListRefresh validation", func(t *testing.T) {
@ -254,7 +196,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, nil, 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "missing grants hash")
@ -264,7 +206,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 0, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
@ -274,14 +216,14 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), -1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("nil filter func", func(t *testing.T) {
t.Parallel()
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, nil, tok, repo, true)
require.ErrorContains(t, err, "missing filter item callback")
@ -299,7 +241,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a start-refresh token component")
@ -309,11 +251,21 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, nil, true)
require.ErrorContains(t, err, "missing repo")
})
t.Run("wrong token resource type", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a session resource type")
})
})
t.Run("ListRefreshPage validation", func(t *testing.T) {
t.Parallel()
@ -322,7 +274,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, nil, 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "missing grants hash")
@ -332,7 +284,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 0, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
@ -342,14 +294,14 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), -1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("nil filter func", func(t *testing.T) {
t.Parallel()
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, nil, tok, repo, true)
require.ErrorContains(t, err, "missing filter item callback")
@ -367,7 +319,7 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a refresh token component")
@ -377,78 +329,20 @@ func TestService_List(t *testing.T) {
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Session, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, nil, true)
require.ErrorContains(t, err, "missing repo")
})
})
t.Run("ListRefreshPage validation", func(t *testing.T) {
t.Parallel()
t.Run("missing grants hash", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, nil, 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "missing grants hash")
})
t.Run("zero page size", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 0, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("negative page size", func(t *testing.T) {
t.Run("wrong token resource type", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), -1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "page size must be at least 1")
})
t.Run("nil filter func", func(t *testing.T) {
t.Parallel()
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, nil, tok, repo, true)
require.ErrorContains(t, err, "missing filter item callback")
})
t.Run("nil token", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, nil, repo, true)
require.ErrorContains(t, err, "missing token")
})
t.Run("wrong token type", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, true)
require.ErrorContains(t, err, "token did not have a refresh token component")
})
t.Run("nil repo", func(t *testing.T) {
t.Parallel()
filterFunc := func(_ context.Context, s *session.Session) (bool, error) {
return true, nil
}
tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo)
require.NoError(t, err)
_, err = session.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, nil, true)
require.ErrorContains(t, err, "missing repo")
require.ErrorContains(t, err, "token did not have a session resource type")
})
})

3
internal/session/service_list_page.go
Unescape View File

@ -10,6 +10,7 @@ import (
"github.com/hashicorp/boundary/internal/errors"
"github.com/hashicorp/boundary/internal/listtoken"
"github.com/hashicorp/boundary/internal/pagination"
"github.com/hashicorp/boundary/internal/types/resource"
)
// ListPage lists up to page size sessions, filtering out entries that
@ -40,6 +41,8 @@ func ListPage(
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
case repo == nil:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
case tok.ResourceType != resource.Session:
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a session resource type")
}
if _, ok := tok.Subtype.(*listtoken.PaginationToken); !ok {
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a pagination token component")

3
internal/session/service_list_refresh.go
Unescape View File

@ -11,6 +11,7 @@ import (
"github.com/hashicorp/boundary/internal/errors"
"github.com/hashicorp/boundary/internal/listtoken"
"github.com/hashicorp/boundary/internal/pagination"
"github.com/hashicorp/boundary/internal/types/resource"
)
// ListRefresh lists up to page size sessions, filtering out entries that
@ -44,6 +45,8 @@ func ListRefresh(
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
case repo == nil:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
case tok.ResourceType != resource.Session:
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a session resource type")
}
rt, ok := tok.Subtype.(*listtoken.StartRefreshToken)
if !ok {

3
internal/session/service_list_refresh_page.go
Unescape View File

@ -11,6 +11,7 @@ import (
"github.com/hashicorp/boundary/internal/errors"
"github.com/hashicorp/boundary/internal/listtoken"
"github.com/hashicorp/boundary/internal/pagination"
"github.com/hashicorp/boundary/internal/types/resource"
)
// ListRefreshPage lists up to page size sessions, filtering out entries that
@ -44,6 +45,8 @@ func ListRefreshPage(
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
case repo == nil:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
case tok.ResourceType != resource.Session:
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a session resource type")
}
rt, ok := tok.Subtype.(*listtoken.RefreshToken)
if !ok {

Write Preview
Loading…
Cancel
Save