From 3538eba0345fe4ac4cfa97d75a6319c70b36bcbb Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Wed, 30 Jun 2021 20:18:17 -0500 Subject: [PATCH 1/5] [ldap] auth method fix request_timeout --- sdk/helper/ldaputil/client_test.go | 2 +- sdk/helper/ldaputil/config.go | 1 + sdk/helper/ldaputil/config_test.go | 60 +++++++++++++++++++++++++++--- 3 files changed, 56 insertions(+), 7 deletions(-) diff --git a/sdk/helper/ldaputil/client_test.go b/sdk/helper/ldaputil/client_test.go index 199f93a6be72..f81294ffcab0 100644 --- a/sdk/helper/ldaputil/client_test.go +++ b/sdk/helper/ldaputil/client_test.go @@ -43,7 +43,7 @@ func TestLDAPEscape(t *testing.T) { } func TestGetTLSConfigs(t *testing.T) { - config := testConfig() + config := testConfig(t) if err := config.Validate(); err != nil { t.Fatal(err) } diff --git a/sdk/helper/ldaputil/config.go b/sdk/helper/ldaputil/config.go index b23f0304e803..d4b21c8b8224 100644 --- a/sdk/helper/ldaputil/config.go +++ b/sdk/helper/ldaputil/config.go @@ -417,6 +417,7 @@ func (c *ConfigEntry) PasswordlessMap() map[string]interface{} { "tls_max_version": c.TLSMaxVersion, "use_token_groups": c.UseTokenGroups, "anonymous_group_search": c.AnonymousGroupSearch, + "request_timeout": c.RequestTimeout, } if c.CaseSensitiveNames != nil { m["case_sensitive_names"] = *c.CaseSensitiveNames diff --git a/sdk/helper/ldaputil/config_test.go b/sdk/helper/ldaputil/config_test.go index 40288cd02277..cd60a0293286 100644 --- a/sdk/helper/ldaputil/config_test.go +++ b/sdk/helper/ldaputil/config_test.go @@ -5,11 +5,12 @@ import ( "testing" "github.com/go-test/deep" + "github.com/hashicorp/vault/sdk/framework" ) func TestCertificateValidation(t *testing.T) { // certificate should default to "" without error if it doesn't exist - config := testConfig() + config := testConfig(t) if err := config.Validate(); err != nil { t.Fatal(err) } @@ -30,9 +31,24 @@ func TestCertificateValidation(t *testing.T) { } } +func TestNewConfigEntry(t *testing.T) { + s := &framework.FieldData{Schema: ConfigFields()} + config, err := NewConfigEntry(nil, s) + if err != nil { + t.Fatal("error getting default config") + } + configFromJSON := testJSONConfig(t, jsonConfigDefault) + + t.Run("equality_check", func(t *testing.T) { + if diff := deep.Equal(config, configFromJSON); len(diff) > 0 { + t.Fatalf("bad, diff: %#v", diff) + } + }) +} + func TestConfig(t *testing.T) { - config := testConfig() - configFromJSON := testJSONConfig(t) + config := testConfig(t) + configFromJSON := testJSONConfig(t, jsonConfig) t.Run("equality_check", func(t *testing.T) { if diff := deep.Equal(config, configFromJSON); len(diff) > 0 { @@ -51,7 +67,9 @@ func TestConfig(t *testing.T) { }) } -func testConfig() *ConfigEntry { +func testConfig(t *testing.T) *ConfigEntry { + t.Helper() + return &ConfigEntry{ Url: "ldap://138.91.247.105", UserDN: "example,com", @@ -63,9 +81,11 @@ func testConfig() *ConfigEntry { } } -func testJSONConfig(t *testing.T) *ConfigEntry { +func testJSONConfig(t *testing.T, rawJson []byte) *ConfigEntry { + t.Helper() + config := new(ConfigEntry) - if err := json.Unmarshal(jsonConfig, config); err != nil { + if err := json.Unmarshal(rawJson, config); err != nil { t.Fatal(err) } return config @@ -119,3 +139,31 @@ var jsonConfig = []byte(` "request_timeout": 30 } `) + +var jsonConfigDefault = []byte(` +{ + "url": "ldap://127.0.0.1", + "userdn": "", + "anonymous_group_search": false, + "groupdn": "", + "groupfilter": "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))", + "groupattr": "cn", + "upndomain": "", + "userattr": "cn", + "certificate": "", + "ClientTLSCert": "", + "ClientTLSKey": "", + "insecure_tls": false, + "starttls": false, + "binddn": "", + "bindpass": "", + "deny_null_bind": true, + "discoverdn": false, + "tls_min_version": "tls12", + "tls_max_version": "tls12", + "use_token_groups": false, + "use_pre111_group_cn_behavior": null, + "request_timeout": 90, + "CaseSensitiveNames": false +} +`) From deafd0646fc684d0e77c1627313e0fba862c7d6f Mon Sep 17 00:00:00 2001 From: JM Faircloth Date: Thu, 1 Jul 2021 10:38:16 -0500 Subject: [PATCH 2/5] add changelog --- changelog/11975.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/11975.txt diff --git a/changelog/11975.txt b/changelog/11975.txt new file mode 100644 index 000000000000..05ec0c50238a --- /dev/null +++ b/changelog/11975.txt @@ -0,0 +1,3 @@ +```release-note:bug +auth/ldap: Fix a bug where the LDAP auth method does not maintain the request_timeout configuration parameter +``` From d2c7cc182c18d2cfe105f05d68e64a39e35fe05b Mon Sep 17 00:00:00 2001 From: John-Michael Faircloth Date: Thu, 1 Jul 2021 11:54:41 -0500 Subject: [PATCH 3/5] Update sdk/helper/ldaputil/config_test.go Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com> --- sdk/helper/ldaputil/config_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/helper/ldaputil/config_test.go b/sdk/helper/ldaputil/config_test.go index cd60a0293286..a15ea6541995 100644 --- a/sdk/helper/ldaputil/config_test.go +++ b/sdk/helper/ldaputil/config_test.go @@ -151,8 +151,8 @@ var jsonConfigDefault = []byte(` "upndomain": "", "userattr": "cn", "certificate": "", - "ClientTLSCert": "", - "ClientTLSKey": "", + "client_tls_cert": "", + "client_tsl_key": "", "insecure_tls": false, "starttls": false, "binddn": "", From 168d3bfb1c0087b0f455b40130860baf93620882 Mon Sep 17 00:00:00 2001 From: John-Michael Faircloth Date: Thu, 1 Jul 2021 11:54:46 -0500 Subject: [PATCH 4/5] Update sdk/helper/ldaputil/config_test.go Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com> --- sdk/helper/ldaputil/config_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/helper/ldaputil/config_test.go b/sdk/helper/ldaputil/config_test.go index a15ea6541995..21a552b9ffbc 100644 --- a/sdk/helper/ldaputil/config_test.go +++ b/sdk/helper/ldaputil/config_test.go @@ -164,6 +164,6 @@ var jsonConfigDefault = []byte(` "use_token_groups": false, "use_pre111_group_cn_behavior": null, "request_timeout": 90, - "CaseSensitiveNames": false + "case_sensitive_names": false } `) From 635746219320c5868d85a24cfc12aea11a2ab8b1 Mon Sep 17 00:00:00 2001 From: John-Michael Faircloth Date: Thu, 1 Jul 2021 12:46:59 -0500 Subject: [PATCH 5/5] Update changelog/11975.txt Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com> --- changelog/11975.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/11975.txt b/changelog/11975.txt index 05ec0c50238a..09691123e406 100644 --- a/changelog/11975.txt +++ b/changelog/11975.txt @@ -1,3 +1,3 @@ ```release-note:bug -auth/ldap: Fix a bug where the LDAP auth method does not maintain the request_timeout configuration parameter +auth/ldap: Fix a bug where the LDAP auth method does not return the request_timeout configuration parameter on config read. ```