aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refact(cred-libs): Update user_password to username_password (#2154)

Browse Source 
* refact(cred-libs): Update user_password to username_password
pull/2183/head
Louis Ruch 4 years ago committed by GitHub
parent 06a2f4ce9c
commit b6ca61a7f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 254 additions and 117 deletions
Show Stats Download Patch File Download Diff File

6
CHANGELOG.md
Unescape View File

@ -14,6 +14,10 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
### Deprecations/Changes
* Credential Libraries: The `user_password` credential type has been renamed to
`username_password` to remove any inconsistency over what the credential type is.
All existing `user_password` typed credential libraries will be migrated to
`username_password` ([PR](https://github.com/hashicorp/boundary/pull/2154)).
* controller: Change the default behavior of the session list endpoint
to no longer include sessions in a terminated state and introduces
a new query parameter/cli flag to include the terminated sessions.
@ -28,8 +32,6 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
documentation](https://www.boundaryproject.io/docs/concepts/security/permissions/assignable-permissions)
for more details.
### Bug Fixes
## 0.8.1 (2022/05/13)
### Bug Fixes

4
internal/credential/credential.go
Unescape View File

@ -26,8 +26,8 @@ type Type string
// Credential type values.
const (
UnspecifiedType Type = "unspecified"
UserPasswordType Type = "user_password"
UnspecifiedType Type = "unspecified"
UsernamePasswordType Type = "username_password"
)
// A Library is a resource that provides credentials that are of the same

12
internal/credential/vault/credential_library_test.go
Unescape View File

@ -214,7 +214,7 @@ func TestCredentialLibrary_New(t *testing.T) {
vaultPath: "vault/path",
opts: []Option{
WithMethod(MethodGet),
WithCredentialType(credential.UserPasswordType),
WithCredentialType(credential.UsernamePasswordType),
},
},
want: &CredentialLibrary{
@ -222,7 +222,7 @@ func TestCredentialLibrary_New(t *testing.T) {
StoreId: cs.PublicId,
VaultPath: "vault/path",
HttpMethod: string(MethodGet),
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -233,7 +233,7 @@ func TestCredentialLibrary_New(t *testing.T) {
vaultPath: "vault/path",
opts: []Option{
WithMethod(MethodGet),
WithCredentialType(credential.UserPasswordType),
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(WithOverrideUsernameAttribute("test"))),
},
},
@ -243,7 +243,7 @@ func TestCredentialLibrary_New(t *testing.T) {
StoreId: cs.PublicId,
VaultPath: "vault/path",
HttpMethod: string(MethodGet),
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -262,8 +262,8 @@ func TestCredentialLibrary_New(t *testing.T) {
assert.Equal(tt.want, got)
switch ct := tt.want.GetCredentialType(); ct {
case string(credential.UserPasswordType):
assert.Equal(credential.UserPasswordType, got.CredentialType())
case string(credential.UsernamePasswordType):
assert.Equal(credential.UsernamePasswordType, got.CredentialType())
case string(credential.UnspecifiedType), "":
assert.Equal(credential.UnspecifiedType, got.CredentialType())
default:

2
internal/credential/vault/mapping_overriders.go
Unescape View File

@ -15,7 +15,7 @@ func validMappingOverride(m MappingOverride, ct credential.Type) bool {
case nil:
return true // it is always valid to not specify a mapping override
case *UserPasswordOverride:
return ct == credential.UserPasswordType
return ct == credential.UsernamePasswordType
default:
return false // an unknown mapping override type is never valid
}

6
internal/credential/vault/mapping_overriders_test.go
Unescape View File

@ -34,7 +34,7 @@ func TestValidMappingOverrides(t *testing.T) {
},
{
m: nil,
ct: credential.UserPasswordType,
ct: credential.UsernamePasswordType,
want: true,
},
{
@ -44,7 +44,7 @@ func TestValidMappingOverrides(t *testing.T) {
},
{
m: unknownMapper(1),
ct: credential.UserPasswordType,
ct: credential.UsernamePasswordType,
want: false,
},
{
@ -54,7 +54,7 @@ func TestValidMappingOverrides(t *testing.T) {
},
{
m: allocUserPasswordOverride(),
ct: credential.UserPasswordType,
ct: credential.UsernamePasswordType,
want: true,
},
}

4
internal/credential/vault/options_test.go
Unescape View File

@ -85,9 +85,9 @@ func Test_GetOpts(t *testing.T) {
assert.Equal(t, opts, testOpts)
})
t.Run("WithCredentialType", func(t *testing.T) {
opts := getOpts(WithCredentialType(credential.UserPasswordType))
opts := getOpts(WithCredentialType(credential.UsernamePasswordType))
testOpts := getDefaultOptions()
testOpts.withCredentialType = credential.UserPasswordType
testOpts.withCredentialType = credential.UsernamePasswordType
assert.Equal(t, opts, testOpts)
})
t.Run("WithOverrideUsernameAttribute", func(t *testing.T) {

4
internal/credential/vault/private_library.go
Unescape View File

@ -47,7 +47,7 @@ func (bc *baseCred) getExpiration() time.Duration { return bc.expiration }
// UnspecifiedType.
func convert(ctx context.Context, bc *baseCred) (dynamicCred, error) {
switch bc.Library().CredentialType() {
case credential.UserPasswordType:
case credential.UsernamePasswordType:
return baseToUsrPass(ctx, bc)
}
return bc, nil
@ -59,7 +59,7 @@ func baseToUsrPass(ctx context.Context, bc *baseCred) (*usrPassCred, error) {
return nil, errors.E(ctx, errors.WithCode(errors.InvalidParameter), errors.WithMsg("nil baseCred"))
case bc.lib == nil:
return nil, errors.E(ctx, errors.WithCode(errors.InvalidParameter), errors.WithMsg("nil baseCred.lib"))
case bc.Library().CredentialType() != credential.UserPasswordType:
case bc.Library().CredentialType() != credential.UsernamePasswordType:
return nil, errors.E(ctx, errors.WithCode(errors.InvalidParameter), errors.WithMsg("invalid credential type"))
}

46
internal/credential/vault/private_library_test.go
Unescape View File

@ -115,7 +115,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
}
{
opts := []Option{
WithCredentialType(credential.UserPasswordType),
WithCredentialType(credential.UsernamePasswordType),
}
libIn, err := NewCredentialLibrary(origStore.GetPublicId(), "/vault/path", opts...)
assert.NoError(err)
@ -129,7 +129,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
}
{
opts := []Option{
WithCredentialType(credential.UserPasswordType),
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(
WithOverrideUsernameAttribute("test-username"),
)),
@ -146,7 +146,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
}
{
opts := []Option{
WithCredentialType(credential.UserPasswordType),
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(
WithOverridePasswordAttribute("test-password"),
)),
@ -163,7 +163,7 @@ func TestRepository_getPrivateLibraries(t *testing.T) {
}
{
opts := []Option{
WithCredentialType(credential.UserPasswordType),
WithCredentialType(credential.UsernamePasswordType),
WithMappingOverride(NewUserPasswordOverride(
WithOverrideUsernameAttribute("test-username"),
WithOverridePasswordAttribute("test-password"),
@ -336,7 +336,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-no-username-default-password-attribute",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"password": "my-password",
@ -348,7 +348,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-no-password-default-username-attribute",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"username": "my-username",
@ -360,7 +360,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-default-attributes",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"username": "my-username",
@ -376,7 +376,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-override-attributes",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
UsernameAttribute: "test-username",
PasswordAttribute: "test-password",
},
@ -396,7 +396,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-default-username-override-password",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
PasswordAttribute: "test-password",
},
secretData: map[string]interface{}{
@ -415,7 +415,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-override-username-default-password",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
UsernameAttribute: "test-username",
},
secretData: map[string]interface{}{
@ -434,7 +434,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-username-override",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
UsernameAttribute: "missing-username",
},
secretData: map[string]interface{}{
@ -450,7 +450,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-password-override",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
UsernameAttribute: "missing-password",
},
secretData: map[string]interface{}{
@ -466,7 +466,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-no-metadata-field",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"data": map[string]interface{}{
@ -481,7 +481,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-no-data-field",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"metadata": map[string]interface{}{},
@ -493,7 +493,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-no-username-default-password-attribute",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"metadata": map[string]interface{}{},
@ -508,7 +508,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-no-passsword-default-username-attribute",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"metadata": map[string]interface{}{},
@ -523,7 +523,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-invalid-metadata-type",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"metadata": "hello",
@ -539,7 +539,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-invalid-metadata-type",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"metadata": map[string]interface{}{},
@ -552,7 +552,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "invalid-kv2-additional-field",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"bad-field": "hello",
@ -569,7 +569,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-kv2-default-attributes",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
},
secretData: map[string]interface{}{
"metadata": map[string]interface{}{},
@ -588,7 +588,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-kv2-override-attributes",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
UsernameAttribute: "test-username",
PasswordAttribute: "test-password",
},
@ -611,7 +611,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-kv2-default-username-override-password",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
PasswordAttribute: "test-password",
},
secretData: map[string]interface{}{
@ -633,7 +633,7 @@ func TestBaseToUsrPass(t *testing.T) {
name: "valid-kv2-override-username-default-password",
given: &baseCred{
lib: &privateLibrary{
CredType: string(credential.UserPasswordType),
CredType: string(credential.UsernamePasswordType),
UsernameAttribute: "test-username",
},
secretData: map[string]interface{}{

56
internal/credential/vault/repository_credential_library_test.go
Unescape View File

@ -171,7 +171,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
want: &CredentialLibrary{
@ -179,7 +179,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -191,7 +191,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantErr: errors.VaultInvalidMappingOverride,
@ -218,7 +218,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
want: &CredentialLibrary{
@ -229,7 +229,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -243,7 +243,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
want: &CredentialLibrary{
@ -254,7 +254,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -269,7 +269,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
want: &CredentialLibrary{
@ -281,7 +281,7 @@ func TestRepository_CreateCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -761,7 +761,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
CredentialLibrary: &store.CredentialLibrary{
HttpMethod: "GET",
VaultPath: "/old/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeVaultPath("/new/path"),
@ -771,7 +771,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
CredentialLibrary: &store.CredentialLibrary{
HttpMethod: "GET",
VaultPath: "/new/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantCount: 1,
@ -921,7 +921,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeCredentialType(credential.UnspecifiedType),
@ -939,7 +939,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeMappingOverride(
@ -956,7 +956,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantCount: 1,
@ -972,7 +972,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeMappingOverride(
@ -989,7 +989,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantCount: 1,
@ -1005,7 +1005,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeMappingOverride(
@ -1024,7 +1024,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantCount: 1,
@ -1036,7 +1036,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeMappingOverride(
@ -1055,7 +1055,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantCount: 1,
@ -1071,7 +1071,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
chgFn: changeMappingOverride(nil),
@ -1081,7 +1081,7 @@ func TestRepository_UpdateCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
wantCount: 1,
@ -1324,7 +1324,7 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -1338,7 +1338,7 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -1352,7 +1352,7 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -1367,7 +1367,7 @@ func TestRepository_LookupCredentialLibrary(t *testing.T) {
StoreId: cs.GetPublicId(),
HttpMethod: "GET",
VaultPath: "/some/path",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
},
},
@ -1528,7 +1528,7 @@ func TestRepository_DeleteCredentialLibrary(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
}
@ -1572,7 +1572,7 @@ func TestRepository_ListCredentialLibraries(t *testing.T) {
HttpMethod: "GET",
VaultPath: "/some/path",
Name: "test-name-repo",
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
},
}

8
internal/credential/vault/repository_credentials_test.go
Unescape View File

@ -128,7 +128,7 @@ func TestRepository_IssueCredentials(t *testing.T) {
{
libPath := path.Join("database", "creds", "opened")
opts := []vault.Option{
vault.WithCredentialType(credential.UserPasswordType),
vault.WithCredentialType(credential.UsernamePasswordType),
}
libIn, err := vault.NewCredentialLibrary(origStore.GetPublicId(), libPath, opts...)
assert.NoError(t, err)
@ -141,7 +141,7 @@ func TestRepository_IssueCredentials(t *testing.T) {
{
libPath := path.Join("database", "creds", "opened")
opts := []vault.Option{
vault.WithCredentialType(credential.UserPasswordType),
vault.WithCredentialType(credential.UsernamePasswordType),
vault.WithMappingOverride(vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("test-username"),
vault.WithOverridePasswordAttribute("test-password"),
@ -158,7 +158,7 @@ func TestRepository_IssueCredentials(t *testing.T) {
{
libPath := path.Join("secret", "data", "my-secret")
opts := []vault.Option{
vault.WithCredentialType(credential.UserPasswordType),
vault.WithCredentialType(credential.UsernamePasswordType),
}
libIn, err := vault.NewCredentialLibrary(origStore.GetPublicId(), libPath, opts...)
assert.NoError(t, err)
@ -326,7 +326,7 @@ func TestRepository_IssueCredentials(t *testing.T) {
assert.NotZero(len(got))
for _, dc := range got {
switch dc.Library().CredentialType() {
case credential.UserPasswordType:
case credential.UsernamePasswordType:
if upc, ok := dc.(credential.UserPassword); ok {
assert.NotEmpty(upc.Username())
assert.NotEmpty(upc.Password())

6
internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go
Unescape View File

@ -579,7 +579,7 @@ func toStorageVaultLibrary(storeId string, in *pb.CredentialLibrary) (out *vault
credentialType := credential.Type(in.GetCredentialType())
switch credentialType {
case credential.UserPasswordType:
case credential.UsernamePasswordType:
opts = append(opts, vault.WithCredentialType(credentialType))
overrides := in.CredentialMappingOverrides.AsMap()
var mapOpts []vault.Option
@ -694,7 +694,7 @@ func validateMapping(badFields map[string]string, credentialType credential.Type
badFields[globals.CredentialMappingOverridesField] = fmt.Sprintf("This field can only be set if %q is set", globals.CredentialTypeField)
}
return
case credential.UserPasswordType:
case credential.UsernamePasswordType:
validFields[usernameAttribute] = true
validFields[passwordAttribute] = true
default:
@ -734,7 +734,7 @@ func getMappingUpdates(credentialType credential.Type, current vault.MappingOver
}
switch credentialType {
case credential.UserPasswordType:
case credential.UsernamePasswordType:
var currentUser, currentPass interface{}
if overrides, ok := current.(*vault.UserPasswordOverride); ok {
currentUser = overrides.UsernameAttribute

44
internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service_test.go
Unescape View File

@ -318,7 +318,7 @@ func TestCreate(t *testing.T) {
err: handlers.ApiErrorWithCode(codes.InvalidArgument),
},
{
name: "Invalid user_password mapping",
name: "Invalid username_password mapping",
req: &pbs.CreateCredentialLibraryRequest{Item: &pb.CredentialLibrary{
CredentialStoreId: store.GetPublicId(),
Attrs: &pb.CredentialLibrary_VaultCredentialLibraryAttributes{
@ -326,7 +326,7 @@ func TestCreate(t *testing.T) {
Path: wrapperspb.String("something"),
},
},
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
CredentialMappingOverrides: func() *structpb.Struct {
v := map[string]interface{}{
usernameAttribute: "user-test",
@ -410,7 +410,7 @@ func TestCreate(t *testing.T) {
},
},
{
name: "Create a valid vault CredentialLibrary user_password type",
name: "Create a valid vault CredentialLibrary username_password type",
req: &pbs.CreateCredentialLibraryRequest{Item: &pb.CredentialLibrary{
CredentialStoreId: store.GetPublicId(),
Attrs: &pb.CredentialLibrary_VaultCredentialLibraryAttributes{
@ -418,7 +418,7 @@ func TestCreate(t *testing.T) {
Path: wrapperspb.String("something"),
},
},
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
}},
idPrefix: vault.CredentialLibraryPrefix + "_",
res: &pbs.CreateCredentialLibraryResponse{
@ -437,13 +437,13 @@ func TestCreate(t *testing.T) {
HttpMethod: wrapperspb.String("GET"),
},
},
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
AuthorizedActions: testAuthorizedActions,
},
},
},
{
name: "Create a valid vault CredentialLibrary user_password type with username mapping",
name: "Create a valid vault CredentialLibrary username_password type with username mapping",
req: &pbs.CreateCredentialLibraryRequest{Item: &pb.CredentialLibrary{
CredentialStoreId: store.GetPublicId(),
Attrs: &pb.CredentialLibrary_VaultCredentialLibraryAttributes{
@ -459,7 +459,7 @@ func TestCreate(t *testing.T) {
require.NoError(t, err)
return ret
}(),
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
}},
idPrefix: vault.CredentialLibraryPrefix + "_",
res: &pbs.CreateCredentialLibraryResponse{
@ -478,7 +478,7 @@ func TestCreate(t *testing.T) {
HttpMethod: wrapperspb.String("GET"),
},
},
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
CredentialMappingOverrides: func() *structpb.Struct {
v := map[string]interface{}{
usernameAttribute: "user-test",
@ -492,7 +492,7 @@ func TestCreate(t *testing.T) {
},
},
{
name: "Create a valid vault CredentialLibrary user_password type with username/password mapping",
name: "Create a valid vault CredentialLibrary username_password type with username/password mapping",
req: &pbs.CreateCredentialLibraryRequest{Item: &pb.CredentialLibrary{
CredentialStoreId: store.GetPublicId(),
Attrs: &pb.CredentialLibrary_VaultCredentialLibraryAttributes{
@ -509,7 +509,7 @@ func TestCreate(t *testing.T) {
require.NoError(t, err)
return ret
}(),
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
}},
idPrefix: vault.CredentialLibraryPrefix + "_",
res: &pbs.CreateCredentialLibraryResponse{
@ -528,7 +528,7 @@ func TestCreate(t *testing.T) {
HttpMethod: wrapperspb.String("GET"),
},
},
CredentialType: string(credential.UserPasswordType),
CredentialType: string(credential.UsernamePasswordType),
CredentialMappingOverrides: func() *structpb.Struct {
v := map[string]interface{}{
usernameAttribute: "user-test",
@ -607,7 +607,7 @@ func TestGet(t *testing.T) {
repo, err := repoFn()
require.NoError(t, err)
lib, err := vault.NewCredentialLibrary(store.GetPublicId(), "vault/path",
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("user"),
@ -664,7 +664,7 @@ func TestGet(t *testing.T) {
HttpMethod: wrapperspb.String(userPassLib.GetHttpMethod()),
},
},
CredentialType: "user_password",
CredentialType: "username_password",
CredentialMappingOverrides: func() *structpb.Struct {
v := map[string]interface{}{
usernameAttribute: "user",
@ -903,7 +903,7 @@ func TestUpdate(t *testing.T) {
{
name: "user-password-attributes-change-username-attribute",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
@ -932,7 +932,7 @@ func TestUpdate(t *testing.T) {
{
name: "user-password-attributes-change-password-attribute",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
@ -961,7 +961,7 @@ func TestUpdate(t *testing.T) {
{
name: "user-password-attributes-change-username-and-password-attributes",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
@ -992,7 +992,7 @@ func TestUpdate(t *testing.T) {
{
name: "no-mapping-override-change-username-and-password-attributes",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
},
req: &pbs.UpdateCredentialLibraryRequest{
UpdateMask: fieldmask(passwordAttrField, usernameAttrField),
@ -1023,7 +1023,7 @@ func TestUpdate(t *testing.T) {
{
name: "user-password-attributes-delete-mapping-override",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
@ -1045,7 +1045,7 @@ func TestUpdate(t *testing.T) {
{
name: "no-mapping-override-delete-mapping-override",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
},
req: &pbs.UpdateCredentialLibraryRequest{
UpdateMask: fieldmask(credentialMappingPathField),
@ -1062,7 +1062,7 @@ func TestUpdate(t *testing.T) {
{
name: "user-password-attributes-delete-mapping-override-field-specific",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
vault.WithMappingOverride(
vault.NewUserPasswordOverride(
vault.WithOverrideUsernameAttribute("orig-user"),
@ -1092,7 +1092,7 @@ func TestUpdate(t *testing.T) {
{
name: "no-mapping-override-delete-mapping-override-field-specific",
opts: []vault.Option{
vault.WithCredentialType("user_password"),
vault.WithCredentialType("username_password"),
},
req: &pbs.UpdateCredentialLibraryRequest{
UpdateMask: fieldmask(passwordAttrField, usernameAttrField),
@ -1185,7 +1185,7 @@ func TestUpdate(t *testing.T) {
{
name: "read only credential type",
path: "credential_type",
item: &pb.CredentialLibrary{CredentialType: string(credential.UserPasswordType)},
item: &pb.CredentialLibrary{CredentialType: string(credential.UsernamePasswordType)},
},
}
for _, tc := range errCases {

8
internal/daemon/controller/handlers/targets/tcp/target_service_test.go
Unescape View File

@ -3002,7 +3002,7 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
HttpMethod: wrapperspb.String("GET"),
},
},
CredentialType: "user_password",
CredentialType: "username_password",
}})
require.NoError(t, err)
@ -3033,7 +3033,7 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
HttpMethod: wrapperspb.String("GET"),
},
},
CredentialType: "user_password",
CredentialType: "username_password",
CredentialMappingOverrides: &structpb.Struct{Fields: map[string]*structpb.Value{
"username_attribute": structpb.NewStringValue("non-default-user"),
"password_attribute": structpb.NewStringValue("non-default-pass"),
@ -3072,7 +3072,7 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
require.NoError(t, err)
return st
}(),
wantedCredType: string(credential.UserPasswordType),
wantedCredType: string(credential.UsernamePasswordType),
},
{
name: "userpassword-with-mapping",
@ -3089,7 +3089,7 @@ func TestAuthorizeSessionTypedCredentials(t *testing.T) {
require.NoError(t, err)
return st
}(),
wantedCredType: string(credential.UserPasswordType),
wantedCredType: string(credential.UsernamePasswordType),
},
}

1
internal/db/schema/migrations/oss/postgres/22/02_credential_type.up.sql
Unescape View File

@ -2,6 +2,7 @@ begin;
create table credential_type_enm (
name text primary key
-- This constraint is replaced in 32/01_credential_type.up.sql
constraint only_predefined_credential_types_allowed
check (
name in (

23
internal/db/schema/migrations/oss/postgres/32/01_credential_type.up.sql
Unescape View File

@ -0,0 +1,23 @@
begin;
-- drop constraint so we can migrate user_password to username_password
alter table credential_type_enm
drop constraint only_predefined_credential_types_allowed;
-- Next: we will update user_password to username_password
update credential_type_enm
set name = 'username_password'
where name = 'user_password';
-- Add new constraint that only allows unspecified and new username_password
-- This replaces the constraint defined in 2/02_credential_type.up.sql
alter table credential_type_enm
add constraint only_predefined_credential_types_allowed
check (
name in (
'unspecified',
'username_password'
)
);
commit;

111
internal/db/schema/migrations/oss/postgres_32_01_test.go
Unescape View File

@ -0,0 +1,111 @@
package oss_test
import (
"context"
"testing"
"github.com/hashicorp/boundary/internal/credential/vault"
"github.com/hashicorp/boundary/internal/db"
"github.com/hashicorp/boundary/internal/db/common"
"github.com/hashicorp/boundary/internal/db/schema"
"github.com/hashicorp/boundary/internal/iam"
"github.com/hashicorp/boundary/testing/dbtest"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestMigrations_user_password_Migration(t *testing.T) {
const (
priorMigration = 31002
currentMigration = 32001
)
t.Parallel()
ctx := context.Background()
dialect := dbtest.Postgres
c, u, _, err := dbtest.StartUsingTemplate(dialect, dbtest.WithTemplate(dbtest.Template1))
require.NoError(t, err)
t.Cleanup(func() {
require.NoError(t, c())
})
d, err := common.SqlOpen(dialect, u)
require.NoError(t, err)
// migration to the prior migration (before the one we want to test)
m, err := schema.NewManager(ctx, schema.Dialect(dialect), d, schema.WithEditions(
schema.TestCreatePartialEditions(schema.Dialect(dialect), schema.PartialEditions{"oss": priorMigration}),
))
require.NoError(t, err)
require.NoError(t, m.ApplyMigrations(ctx))
state, err := m.CurrentState(ctx)
require.NoError(t, err)
want := &schema.State{
Initialized: true,
Editions: []schema.EditionState{
{
Name: "oss",
BinarySchemaVersion: priorMigration,
DatabaseSchemaVersion: priorMigration,
DatabaseSchemaState: schema.Equal,
},
},
}
require.Equal(t, want, state)
// get a connection
dbType, err := db.StringToDbType(dialect)
require.NoError(t, err)
conn, err := db.Open(dbType, u)
require.NoError(t, err)
rw := db.New(conn)
rootWrapper := db.TestWrapper(t)
iamRepo := iam.TestRepo(t, conn, rootWrapper)
_, prj := iam.TestScopes(t, iamRepo)
cs, err := vault.NewCredentialStore(prj.PublicId, "https://vault", []byte("token"))
cs.PublicId = "csvlt_test1234"
require.NoError(t, rw.Create(context.Background(), cs))
upLib, err := vault.NewCredentialLibrary(cs.PublicId, "vault_path", vault.WithMethod("GET"), vault.WithCredentialType("user_password"))
upLib.PublicId = "clvlt_testuplib"
require.NoError(t, rw.Create(context.Background(), upLib))
lib, err := vault.NewCredentialLibrary(cs.PublicId, "vault_path", vault.WithMethod("GET"))
lib.PublicId = "clvlt_testlib"
require.NoError(t, rw.Create(context.Background(), lib))
// now we're ready for the migration we want to test.
m, err = schema.NewManager(ctx, schema.Dialect(dialect), d, schema.WithEditions(
schema.TestCreatePartialEditions(schema.Dialect(dialect), schema.PartialEditions{"oss": currentMigration}),
))
require.NoError(t, err)
require.NoError(t, m.ApplyMigrations(ctx))
state, err = m.CurrentState(ctx)
require.NoError(t, err)
want = &schema.State{
Initialized: true,
Editions: []schema.EditionState{
{
Name: "oss",
BinarySchemaVersion: currentMigration,
DatabaseSchemaVersion: currentMigration,
DatabaseSchemaState: schema.Equal,
},
},
}
require.Equal(t, want, state)
// Validate uplib was migrated to username_password
err = rw.LookupByPublicId(context.Background(), upLib)
require.NoError(t, err)
assert.Equal(t, "username_password", upLib.GetCredentialType())
// Validate lib was left as unspecified
err = rw.LookupByPublicId(context.Background(), lib)
require.NoError(t, err)
assert.Equal(t, "unspecified", lib.GetCredentialType())
}

10
internal/db/sqltest/initdb.d/03_widgets_persona.sql
Unescape View File

@ -346,11 +346,11 @@ begin;
values
('vs_______wvs', 'vl______wvl1', 'widget vault library', 'None', '/secrets', 'GET', 'unspecified'),
('vs_______wvs', 'vl______wvl2', 'widget vault ssh', 'None', '/secrets/ssh/admin', 'GET', 'unspecified'),
('vs_______wvs', 'vl______wvl3', 'widget vault kv one', 'None', '/secrets/kv/one', 'GET', 'user_password'),
('vs_______wvs', 'vl______wvl4', 'widget vault kv two', 'None', '/secrets/kv/two', 'GET', 'user_password'),
('vs_______wvs', 'vl______wvl5', 'widget vault kv three', 'None', '/secrets/kv/three', 'GET', 'user_password'),
('vs_______wvs', 'vl______wvl6', 'widget vault kv four', 'None', '/secrets/kv/four', 'GET', 'user_password'),
('vs_______wvs', 'vl______wvl7', 'widget vault kv five', 'None', '/secrets/kv/five', 'GET', 'user_password');
('vs_______wvs', 'vl______wvl3', 'widget vault kv one', 'None', '/secrets/kv/one', 'GET', 'username_password'),
('vs_______wvs', 'vl______wvl4', 'widget vault kv two', 'None', '/secrets/kv/two', 'GET', 'username_password'),
('vs_______wvs', 'vl______wvl5', 'widget vault kv three', 'None', '/secrets/kv/three', 'GET', 'username_password'),
('vs_______wvs', 'vl______wvl6', 'widget vault kv four', 'None', '/secrets/kv/four', 'GET', 'username_password'),
('vs_______wvs', 'vl______wvl7', 'widget vault kv five', 'None', '/secrets/kv/five', 'GET', 'username_password');
insert into credential_vault_library_user_password_mapping_override
(library_id)

10
internal/db/sqltest/tests/credential/vault/credential_vault_library.sql
Unescape View File

@ -11,19 +11,19 @@ begin;
select is(count(*), 1::bigint) from credential_vault_library where public_id = 'vl______wvl1' and credential_type = 'unspecified';
select is(count(*), 1::bigint) from credential_library where public_id = 'vl______wvl1' and credential_type = 'unspecified';
select is(count(*), 1::bigint) from credential_vault_library where public_id = 'vl______wvl3' and credential_type = 'user_password';
select is(count(*), 1::bigint) from credential_library where public_id = 'vl______wvl3' and credential_type = 'user_password';
select is(count(*), 1::bigint) from credential_vault_library where public_id = 'vl______wvl3' and credential_type = 'username_password';
select is(count(*), 1::bigint) from credential_library where public_id = 'vl______wvl3' and credential_type = 'username_password';
-- validate the insert triggers
prepare insert_vault_library as
insert into credential_vault_library
(store_id, public_id, vault_path, http_method, credential_type)
values
('vs_______wvs', 'vl_______tt1', '/secrets/kv', 'GET', 'user_password');
('vs_______wvs', 'vl_______tt1', '/secrets/kv', 'GET', 'username_password');
select lives_ok('insert_vault_library');
select is(count(*), 1::bigint) from credential_vault_library where public_id = 'vl_______tt1' and credential_type = 'user_password';
select is(count(*), 1::bigint) from credential_library where public_id = 'vl_______tt1' and credential_type = 'user_password';
select is(count(*), 1::bigint) from credential_vault_library where public_id = 'vl_______tt1' and credential_type = 'username_password';
select is(count(*), 1::bigint) from credential_library where public_id = 'vl_______tt1' and credential_type = 'username_password';
-- validate the delete triggers
prepare delete_vault_library as

10
internal/db/sqltest/tests/credential/vault/credential_vault_library_user_password_mapping_override.sql
Unescape View File

@ -26,11 +26,11 @@ begin;
'select_private_libraries',
$$VALUES
('vl______wvl2', 'unspecified', null, null),
('vl______wvl3', 'user_password', null, null),
('vl______wvl4', 'user_password', null, null),
('vl______wvl5', 'user_password', 'my_username', null),
('vl______wvl6', 'user_password', null, 'my_password'),
('vl______wvl7', 'user_password', 'my_username', 'my_password')$$
('vl______wvl3', 'username_password', null, null),
('vl______wvl4', 'username_password', null, null),
('vl______wvl5', 'username_password', 'my_username', null),
('vl______wvl6', 'username_password', null, 'my_password'),
('vl______wvl7', 'username_password', 'my_username', 'my_password')$$
);
-- validate the insert triggers

Write Preview
Loading…
Cancel
Save