upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-10 17:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

approle: Include role_name in alias metadata (#9529)

Browse source 
This change allows people who are using templated policies to use the
role_name in their templates through {{
identity.entity.aliases.approle.metadata.role_name }}.

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
This commit is contained in:
Danielle 2020-10-16 23:01:57 +02:00 committed by GitHub
parent 30e7943e37
commit eba1dd0025
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
builtin/credential/approle/path_login.go
View file

@ -287,7 +287,8 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
},
Metadata: metadata,
Alias: &logical.Alias{
Name: role.RoleID,
Name: role.RoleID,
Metadata: metadata,
},
}
role.PopulateTokenAuth(auth)

16
builtin/credential/approle/path_login_test.go
View file

@ -171,6 +171,22 @@ func TestAppRole_RoleLogin(t *testing.T) {
t.Fatalf("expected a non-nil auth object in the response")
}
if loginResp.Auth.Metadata == nil {
t.Fatalf("expected a non-nil metadata object in the response")
}
if val := loginResp.Auth.Metadata["role_name"]; val != "role1" {
t.Fatalf("expected metadata.role_name to equal 'role1', got: %v", val)
}
if loginResp.Auth.Alias.Metadata == nil {
t.Fatalf("expected a non-nil alias metadata object in the response")
}
if val := loginResp.Auth.Alias.Metadata["role_name"]; val != "role1" {
t.Fatalf("expected metadata.alias.role_name to equal 'role1', got: %v", val)
}
// Test renewal
renewReq := generateRenewRequest(storage, loginResp.Auth)