From 88dbbe8a078472fb5f04b6420463d8be021e75f4 Mon Sep 17 00:00:00 2001 From: lursu Date: Mon, 9 Jan 2023 11:36:11 -0500 Subject: [PATCH 01/15] added response objects for sys 3 section --- vault/logical_raw.go | 48 +++++++++++++++-- vault/logical_system_paths.go | 96 +++++++++++++++++++++++++++++++--- vault/logical_system_quotas.go | 82 +++++++++++++++++++++++++++++ 3 files changed, 214 insertions(+), 12 deletions(-) diff --git a/vault/logical_raw.go b/vault/logical_raw.go index 0d51db2f55a5..bd4417938f79 100644 --- a/vault/logical_raw.go +++ b/vault/logical_raw.go @@ -5,6 +5,7 @@ import ( "context" "encoding/base64" "fmt" + "net/http" "strings" log "github.com/hashicorp/go-hclog" @@ -315,23 +316,60 @@ func rawPaths(prefix string, r *RawBackend) []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: r.handleRawRead, - Summary: "Read the value of the key at the given path.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "value": { + Type: framework.TypeString, // TODO not sure how to represent as this is an interface with type of string/[]byte + Required: true, + }, + }, + }}, + }, + Summary: "Read the value of the key at the given path.", }, logical.UpdateOperation: &framework.PathOperation{ Callback: r.handleRawWrite, - Summary: "Update the value of the key at the given path.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, + Summary: "Update the value of the key at the given path.", }, logical.CreateOperation: &framework.PathOperation{ Callback: r.handleRawWrite, - Summary: "Create a key with value at the given path.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, + Summary: "Create a key with value at the given path.", }, logical.DeleteOperation: &framework.PathOperation{ Callback: r.handleRawDelete, - Summary: "Delete the key with given path.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, + Summary: "Delete the key with given path.", }, logical.ListOperation: &framework.PathOperation{ Callback: r.handleRawList, - Summary: "Return a list keys for a given path prefix.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "keys": { + Type: framework.TypeStringSlice, + Required: true, + }, + }, + }}, + }, + Summary: "Return a list keys for a given path prefix.", }, }, diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index 6422536765c8..708edf2c2fc2 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -1,6 +1,7 @@ package vault import ( + "net/http" "strings" "github.com/hashicorp/vault/sdk/framework" @@ -371,6 +372,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { }, }, + // TODO not sure what to do for this as there are no callbacks Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Summary: "Reads the configuration and progress of the current rekey attempt.", @@ -393,11 +395,35 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.handleRekeyRetrieveBarrier, - Summary: "Return the backup copy of PGP-encrypted unseal keys.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "nonce": { + Type: framework.TypeString, + Required: true, + }, + "keys": { + Type: framework.TypeMap, + Required: true, + }, + "keys_base64": { + Type: framework.TypeMap, + Required: true, + }, + }, + }}, + }, + Summary: "Return the backup copy of PGP-encrypted unseal keys.", }, logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRekeyDeleteBarrier, - Summary: "Delete the backup copy of PGP-encrypted unseal keys.", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, + Summary: "Delete the backup copy of PGP-encrypted unseal keys.", }, }, @@ -410,9 +436,37 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { Fields: map[string]*framework.FieldSchema{}, - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: b.handleRekeyRetrieveRecovery, - logical.DeleteOperation: b.handleRekeyDeleteRecovery, + Operations: map[logical.Operation]framework.OperationHandler{ + logical.ReadOperation: &framework.PathOperation{ + Callback: b.handleRekeyRetrieveRecovery, + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "nonce": { + Type: framework.TypeString, + Required: true, + }, + "keys": { + Type: framework.TypeMap, + Required: true, + }, + "keys_base64": { + Type: framework.TypeMap, + Required: true, + }, + }, + }}, + }, + }, + logical.DeleteOperation: &framework.PathOperation{ + Callback: b.handleRekeyDeleteRecovery, + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, + }, }, HelpSynopsis: strings.TrimSpace(sysHelp["rekey_backup"][0]), @@ -434,6 +488,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ + // TODO what to do with no callback Summary: "Enter a single unseal key share to progress the rekey of the Vault.", }, }, @@ -452,6 +507,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { }, }, + // TODO no callbacks here as well Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Summary: "Read the configuration and progress of the current rekey verification attempt.", @@ -1403,7 +1459,18 @@ func (b *SystemBackend) remountPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleRemount, - Summary: "Initiate a mount migration", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "migration_id": { + Type: framework.TypeString, + Required: true, + }, + }, + }}, + }, + Summary: "Initiate a mount migration", }, }, HelpSynopsis: strings.TrimSpace(sysHelp["remount"][0]), @@ -1422,7 +1489,22 @@ func (b *SystemBackend) remountPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Callback: b.handleRemountStatusCheck, - Summary: "Check status of a mount migration", + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "migration_id": { + Type: framework.TypeString, + Required: true, + }, + "migration_info": { + Type: framework.TypeMap, + Required: true, + }, + }, + }}, + }, + Summary: "Check status of a mount migration", }, }, HelpSynopsis: strings.TrimSpace(sysHelp["remount-status"][0]), diff --git a/vault/logical_system_quotas.go b/vault/logical_system_quotas.go index 9d8de5769742..b96cba0c0a70 100644 --- a/vault/logical_system_quotas.go +++ b/vault/logical_system_quotas.go @@ -2,6 +2,7 @@ package vault import ( "context" + "net/http" "strings" "time" @@ -34,9 +35,33 @@ func (b *SystemBackend) quotasPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleQuotasConfigUpdate(), + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, }, logical.ReadOperation: &framework.PathOperation{ Callback: b.handleQuotasConfigRead(), + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "enable_rate_limit_audit_logging": { + Type: framework.TypeBool, + Required: true, + }, + "enable_rate_limit_response_headers": { + Type: framework.TypeBool, + Required: true, + }, + "rate_limit_exempt_paths": { + Type: framework.TypeStringSlice, + Required: true, + }, + }, + }}, + }, }, }, HelpSynopsis: strings.TrimSpace(quotasHelp["quotas-config"][0]), @@ -47,6 +72,17 @@ func (b *SystemBackend) quotasPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.ListOperation: &framework.PathOperation{ Callback: b.handleRateLimitQuotasList(), + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "keys": { + Type: framework.TypeStringSlice, + Required: true, + }, + }, + }}, + }, }, }, HelpSynopsis: strings.TrimSpace(quotasHelp["rate-limit-list"][0]), @@ -92,12 +128,58 @@ from any further requests until after the 'block_interval' has elapsed.`, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleRateLimitQuotasUpdate(), + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, }, logical.ReadOperation: &framework.PathOperation{ Callback: b.handleRateLimitQuotasRead(), + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "type": { + Type: framework.TypeString, + Required: true, + }, + "name": { + Type: framework.TypeString, + Required: true, + }, + "path": { + Type: framework.TypeString, + Required: true, + }, + "role": { + Type: framework.TypeString, + Required: true, + }, + "rate": { + Type: framework.TypeFloat, + Required: true, + }, + "interval": { + Type: framework.TypeInt, + Required: true, + }, + "block_interval": { + + Type: framework.TypeInt, + Required: true, + }, + }, + }}, + }, }, logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRateLimitQuotasDelete(), + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, }, }, HelpSynopsis: strings.TrimSpace(quotasHelp["rate-limit"][0]), From d2ac32d81cbd21d84d28998f7191cd0a2b138bb1 Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 10 Jan 2023 09:16:23 -0500 Subject: [PATCH 02/15] Update vault/logical_system_paths.go Co-authored-by: Daniel Huckins --- vault/logical_system_paths.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index 708edf2c2fc2..b5591397e3f6 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -419,7 +419,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRekeyDeleteBarrier, Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http. StatusNoContent: {{ Description: "OK", }}, }, From 383ee4bf4636187bd8b5f27d906ccd5f9994d88a Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 10 Jan 2023 09:16:33 -0500 Subject: [PATCH 03/15] Update vault/logical_raw.go Co-authored-by: Daniel Huckins --- vault/logical_raw.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_raw.go b/vault/logical_raw.go index bd4417938f79..e444acea3d5b 100644 --- a/vault/logical_raw.go +++ b/vault/logical_raw.go @@ -350,7 +350,7 @@ func rawPaths(prefix string, r *RawBackend) []*framework.Path { logical.DeleteOperation: &framework.PathOperation{ Callback: r.handleRawDelete, Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, From e98af93e1c37f708f9a428ec69334fbe8ee0e4d2 Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 10 Jan 2023 09:16:58 -0500 Subject: [PATCH 04/15] Update vault/logical_system_paths.go Co-authored-by: Daniel Huckins --- vault/logical_system_paths.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index b5591397e3f6..9197d9f1a6c7 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -462,7 +462,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRekeyDeleteRecovery, Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http. StatusNoContent: {{ Description: "OK", }}, }, From 38da7da412451bc5570a212f7e3701b2495d2491 Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 10 Jan 2023 09:17:13 -0500 Subject: [PATCH 05/15] Update vault/logical_system_quotas.go Co-authored-by: Daniel Huckins --- vault/logical_system_quotas.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_quotas.go b/vault/logical_system_quotas.go index b96cba0c0a70..35bc890ef82a 100644 --- a/vault/logical_system_quotas.go +++ b/vault/logical_system_quotas.go @@ -36,7 +36,7 @@ func (b *SystemBackend) quotasPaths() []*framework.Path { logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleQuotasConfigUpdate(), Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, From 641fdb5946a6b435aceba075498bf02f5376d043 Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 10 Jan 2023 09:17:22 -0500 Subject: [PATCH 06/15] Update vault/logical_system_quotas.go Co-authored-by: Daniel Huckins --- vault/logical_system_quotas.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_quotas.go b/vault/logical_system_quotas.go index 35bc890ef82a..db756847bf44 100644 --- a/vault/logical_system_quotas.go +++ b/vault/logical_system_quotas.go @@ -176,7 +176,7 @@ from any further requests until after the 'block_interval' has elapsed.`, logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRateLimitQuotasDelete(), Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, From 7ab4ea1d5c16a250a93b117bef0896a41eedda03 Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 10 Jan 2023 09:17:35 -0500 Subject: [PATCH 07/15] Update vault/logical_system_quotas.go Co-authored-by: Daniel Huckins --- vault/logical_system_quotas.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_quotas.go b/vault/logical_system_quotas.go index db756847bf44..b6e0a97a004b 100644 --- a/vault/logical_system_quotas.go +++ b/vault/logical_system_quotas.go @@ -129,7 +129,7 @@ from any further requests until after the 'block_interval' has elapsed.`, logical.UpdateOperation: &framework.PathOperation{ Callback: b.handleRateLimitQuotasUpdate(), Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, From 69de4d142a3cfff21322dd65e9b1b1edc91f8ed2 Mon Sep 17 00:00:00 2001 From: lursu Date: Mon, 30 Jan 2023 12:33:14 -0500 Subject: [PATCH 08/15] add tests and update based on reviews --- vault/logical_raw.go | 2 +- vault/logical_system_paths.go | 181 +++++++++++++++++++++++++++++++++- vault/logical_system_test.go | 17 ++++ 3 files changed, 195 insertions(+), 5 deletions(-) diff --git a/vault/logical_raw.go b/vault/logical_raw.go index e444acea3d5b..9694df21f444 100644 --- a/vault/logical_raw.go +++ b/vault/logical_raw.go @@ -341,7 +341,7 @@ func rawPaths(prefix string, r *RawBackend) []*framework.Path { logical.CreateOperation: &framework.PathOperation{ Callback: r.handleRawWrite, Responses: map[int][]framework.Response{ - http.StatusOK: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index dea437cde583..3facc0de2ec7 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -345,6 +345,47 @@ func (b *SystemBackend) configPaths() []*framework.Path { } func (b *SystemBackend) rekeyPaths() []*framework.Path { + respFields := map[string]*framework.FieldSchema{ + "nounce": { + Type: framework.TypeString, + Required: true, + }, + "started": { + Type: framework.TypeString, + Required: true, + }, + "t": { + Type: framework.TypeInt, + Required: true, + }, + "n": { + Type: framework.TypeInt, + Required: true, + }, + "progress": { + Type: framework.TypeInt, + Required: true, + }, + "required": { + Type: framework.TypeInt, + Required: true, + }, + "verification_required": { + Type: framework.TypeBool, + Required: true, + }, + "verification_nonce": { + Type: framework.TypeString, + Required: true, + }, + "backup": { + Type: framework.TypeBool, + }, + "pgp_fingerprints": { + Type: framework.TypeCommaStringSlice, + }, + } + return []*framework.Path{ { Pattern: "rekey/init", @@ -372,16 +413,32 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { }, }, - // TODO not sure what to do for this as there are no callbacks Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: respFields, + }}, + }, Summary: "Reads the configuration and progress of the current rekey attempt.", }, logical.UpdateOperation: &framework.PathOperation{ + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: respFields, + }}, + }, Summary: "Initializes a new rekey attempt.", Description: "Only a single rekey attempt can take place at a time, and changing the parameters of a rekey requires canceling and starting a new rekey, which will also provide a new nonce.", }, logical.DeleteOperation: &framework.PathOperation{ + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + }}, + }, Summary: "Cancels any in-progress rekey.", Description: "This clears the rekey settings as well as any progress made. This must be called to change the parameters of the rekey. Note: verification is still a part of a rekey. If rekeying is canceled during the verification flow, the current unseal keys remain valid.", }, @@ -419,7 +476,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRekeyDeleteBarrier, Responses: map[int][]framework.Response{ - http. StatusNoContent: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, @@ -462,7 +519,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { logical.DeleteOperation: &framework.PathOperation{ Callback: b.handleRekeyDeleteRecovery, Responses: map[int][]framework.Response{ - http. StatusNoContent: {{ + http.StatusNoContent: {{ Description: "OK", }}, }, @@ -488,7 +545,55 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ - // TODO what to do with no callback + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "nounce": { + Type: framework.TypeString, + Required: true, + }, + "complete": { + Type: framework.TypeBool, + }, + "started": { + Type: framework.TypeString, + }, + "t": { + Type: framework.TypeInt, + }, + "n": { + Type: framework.TypeInt, + }, + "progress": { + Type: framework.TypeInt, + }, + "required": { + Type: framework.TypeInt, + }, + "keys": { + Type: framework.TypeCommaStringSlice, + }, + "keys_base64": { + Type: framework.TypeCommaStringSlice, + }, + "verification_required": { + Type: framework.TypeBool, + Required: true, + }, + "verification_nonce": { + Type: framework.TypeString, + Required: true, + }, + "backup": { + Type: framework.TypeBool, + }, + "pgp_fingerprints": { + Type: framework.TypeCommaStringSlice, + }, + }, + }}, + }, Summary: "Enter a single unseal key share to progress the rekey of the Vault.", }, }, @@ -510,13 +615,81 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { // TODO no callbacks here as well Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "nounce": { + Type: framework.TypeString, + Required: true, + }, + "started": { + Type: framework.TypeString, + Required: true, + }, + "t": { + Type: framework.TypeInt, + Required: true, + }, + "n": { + Type: framework.TypeInt, + Required: true, + }, + "progress": { + Type: framework.TypeInt, + Required: true, + }, + }, + }}, + }, Summary: "Read the configuration and progress of the current rekey verification attempt.", }, logical.DeleteOperation: &framework.PathOperation{ + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "nounce": { + Type: framework.TypeString, + Required: true, + }, + "started": { + Type: framework.TypeString, + Required: true, + }, + "t": { + Type: framework.TypeInt, + Required: true, + }, + "n": { + Type: framework.TypeInt, + Required: true, + }, + "progress": { + Type: framework.TypeInt, + Required: true, + }, + }, + }}, + }, Summary: "Cancel any in-progress rekey verification operation.", Description: "This clears any progress made and resets the nonce. Unlike a `DELETE` against `sys/rekey/init`, this only resets the current verification operation, not the entire rekey atttempt.", }, logical.UpdateOperation: &framework.PathOperation{ + Responses: map[int][]framework.Response{ + http.StatusOK: {{ + Description: "OK", + Fields: map[string]*framework.FieldSchema{ + "nounce": { + Type: framework.TypeString, + Required: true, + }, + "complete": { + Type: framework.TypeBool, + }, + }, + }}, + }, Summary: "Enter a single new key share to progress the rekey verification operation.", }, }, diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index 7903ad67fb60..6afb8e5773b1 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -742,12 +742,29 @@ func TestSystemBackend_remount_auth(t *testing.T) { req.Data["config"] = structs.Map(MountConfig{}) resp, err := b.HandleRequest(namespace.RootContext(nil), req) + // validate the response structure for remount named read + schema.ValidateResponse( + t, + schema.FindResponseSchema(t, b.(*SystemBackend).remountPaths(), 0, logical.ReadOperation), + resp, + true, + ) + RetryUntil(t, 5*time.Second, func() error { req = logical.TestRequest(t, logical.ReadOperation, fmt.Sprintf("remount/status/%s", resp.Data["migration_id"])) resp, err = b.HandleRequest(namespace.RootContext(nil), req) if err != nil { t.Fatalf("err: %v", err) } + + // validate the response structure for remount status read + schema.ValidateResponse( + t, + schema.FindResponseSchema(t, b.(*SystemBackend).remountPaths(), 1, logical.ReadOperation), + resp, + true, + ) + migrationInfo := resp.Data["migration_info"].(*MountMigrationInfo) if migrationInfo.MigrationStatus != MigrationSuccessStatus.String() { return fmt.Errorf("Expected migration status to be successful, got %q", migrationInfo.MigrationStatus) From a5a8a0232ce92b7109d8d5aa9cad70d7bed18704 Mon Sep 17 00:00:00 2001 From: lursu Date: Tue, 31 Jan 2023 13:41:07 -0500 Subject: [PATCH 09/15] added changelog file --- changelog/18633.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/18633.txt diff --git a/changelog/18633.txt b/changelog/18633.txt new file mode 100644 index 000000000000..2048c46d914e --- /dev/null +++ b/changelog/18633.txt @@ -0,0 +1,3 @@ +```release-note:improvement +openapi: Add openapi response definitions to /sys defined endpoints. +``` \ No newline at end of file From 395f40d92032129b7f7e9fd8f56fa5d34649f8aa Mon Sep 17 00:00:00 2001 From: lursu Date: Tue, 31 Jan 2023 13:57:47 -0500 Subject: [PATCH 10/15] finally got make fmt to work... --- vault/logical_system_quotas.go | 1 - 1 file changed, 1 deletion(-) diff --git a/vault/logical_system_quotas.go b/vault/logical_system_quotas.go index b6e0a97a004b..f260a1969a18 100644 --- a/vault/logical_system_quotas.go +++ b/vault/logical_system_quotas.go @@ -165,7 +165,6 @@ from any further requests until after the 'block_interval' has elapsed.`, Required: true, }, "block_interval": { - Type: framework.TypeInt, Required: true, }, From 7a2003ddc1031640d108d6b6db5c4055802c84ef Mon Sep 17 00:00:00 2001 From: lursu Date: Wed, 1 Feb 2023 09:50:45 -0500 Subject: [PATCH 11/15] fixed copy pasta test case --- vault/logical_system_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index 6afb8e5773b1..fe5f9256c0d3 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -745,7 +745,7 @@ func TestSystemBackend_remount_auth(t *testing.T) { // validate the response structure for remount named read schema.ValidateResponse( t, - schema.FindResponseSchema(t, b.(*SystemBackend).remountPaths(), 0, logical.ReadOperation), + schema.FindResponseSchema(t, b.(*SystemBackend).remountPaths(), 0, logical.UpdateOperation), resp, true, ) From d3f0d2f463d8d0d118496f0485f1f3cd211bb4cc Mon Sep 17 00:00:00 2001 From: lursu Date: Wed, 1 Feb 2023 15:57:23 -0500 Subject: [PATCH 12/15] updated based on review --- vault/logical_raw.go | 2 +- vault/logical_system_paths.go | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/vault/logical_raw.go b/vault/logical_raw.go index 9694df21f444..827a77c6b9c6 100644 --- a/vault/logical_raw.go +++ b/vault/logical_raw.go @@ -321,7 +321,7 @@ func rawPaths(prefix string, r *RawBackend) []*framework.Path { Description: "OK", Fields: map[string]*framework.FieldSchema{ "value": { - Type: framework.TypeString, // TODO not sure how to represent as this is an interface with type of string/[]byte + Type: framework.TypeString, Required: true, }, }, diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index 3facc0de2ec7..b478b725cbc9 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -612,7 +612,6 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path { }, }, - // TODO no callbacks here as well Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ Responses: map[int][]framework.Response{ From 9ddb70bf7f46237c146d59f26cdcead8ce837dd4 Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Thu, 2 Feb 2023 16:02:14 -0500 Subject: [PATCH 13/15] Update vault/logical_system_quotas.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> --- vault/logical_system_quotas.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_quotas.go b/vault/logical_system_quotas.go index f260a1969a18..3795a026e8f4 100644 --- a/vault/logical_system_quotas.go +++ b/vault/logical_system_quotas.go @@ -130,7 +130,7 @@ from any further requests until after the 'block_interval' has elapsed.`, Callback: b.handleRateLimitQuotasUpdate(), Responses: map[int][]framework.Response{ http.StatusNoContent: {{ - Description: "OK", + Description: http.StatusText(http.StatusNoContent), }}, }, }, From cfd01df18c1d6a6e26877009bec70ee26900174f Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 7 Feb 2023 16:27:39 -0500 Subject: [PATCH 14/15] Update vault/logical_system_test.go Co-authored-by: Daniel Huckins --- vault/logical_system_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index 032edd9ed8fe..7f28b70b7e85 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -743,7 +743,7 @@ func TestSystemBackend_remount_auth(t *testing.T) { // validate the response structure for remount named read schema.ValidateResponse( t, - schema.FindResponseSchema(t, b.(*SystemBackend).remountPaths(), 0, logical.UpdateOperation), + schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation), resp, true, ) From 764d93bb7a75756b250d1a38cf7c9e37a8ec3fbd Mon Sep 17 00:00:00 2001 From: Leland Ursu Date: Tue, 7 Feb 2023 16:27:54 -0500 Subject: [PATCH 15/15] Update vault/logical_system_test.go Co-authored-by: Daniel Huckins --- vault/logical_system_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index 7f28b70b7e85..6f53d55cecf9 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -758,7 +758,7 @@ func TestSystemBackend_remount_auth(t *testing.T) { // validate the response structure for remount status read schema.ValidateResponse( t, - schema.FindResponseSchema(t, b.(*SystemBackend).remountPaths(), 1, logical.ReadOperation), + schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation), resp, true, )