diff --git a/vault/logical_system_activation_flags.go b/vault/logical_system_activation_flags.go index 596f9e6f128c..09dd2fbb3556 100644 --- a/vault/logical_system_activation_flags.go +++ b/vault/logical_system_activation_flags.go @@ -34,9 +34,11 @@ This path responds to the following HTTP methods. PUT|POST //activate Activates the specified feature. Cannot be undone.` + + activationFlagIdentityCleanup = "force-identity-deduplication" + activationFlagTest = "activation-test" ) -// Register CRUD functions dynamically. // These variables should only be mutated during initialization or server construction. // It is unsafe to modify them once the Vault core is running. var ( @@ -67,7 +69,24 @@ func (b *SystemBackend) activationFlagsPaths() []*framework.Path { HelpDescription: helpDescription, }, { - Pattern: fmt.Sprintf("%s/%s/%s", prefixActivationFlags, "activation-test", verbActivationFlagsActivate), + Pattern: fmt.Sprintf("%s/%s/%s", prefixActivationFlags, activationFlagTest, verbActivationFlagsActivate), + DisplayAttrs: &framework.DisplayAttributes{ + OperationPrefix: prefixActivationFlags, + OperationVerb: verbActivationFlagsActivate, + }, + Operations: map[logical.Operation]framework.OperationHandler{ + logical.UpdateOperation: &framework.PathOperation{ + Callback: b.handleActivationFlagsActivate, + ForwardPerformanceSecondary: true, + ForwardPerformanceStandby: true, + Summary: summaryUpdate, + }, + }, + HelpSynopsis: helpSynopsis, + HelpDescription: helpDescription, + }, + { + Pattern: fmt.Sprintf("%s/%s/%s", prefixActivationFlags, activationFlagIdentityCleanup, verbActivationFlagsActivate), DisplayAttrs: &framework.DisplayAttributes{ OperationPrefix: prefixActivationFlags, OperationVerb: verbActivationFlagsActivate, diff --git a/vault/logical_system_activation_flags_test.go b/vault/logical_system_activation_flags_test.go index aa2e17293f9d..c6065e9c5c93 100644 --- a/vault/logical_system_activation_flags_test.go +++ b/vault/logical_system_activation_flags_test.go @@ -70,18 +70,37 @@ func TestActivationFlags_BadFeatureName(t *testing.T) { // TestActivationFlags_Write tests the write operations for the activation flags func TestActivationFlags_Write(t *testing.T) { - t.Run("given an initial state then read flags and expect all to be unactivated", func(t *testing.T) { + t.Run("given an initial state then write an activation test flag and expect no errors", func(t *testing.T) { core, _, _ := TestCoreUnsealedWithConfig(t, &CoreConfig{}) _, err := core.systemBackend.HandleRequest( context.Background(), &logical.Request{ Operation: logical.UpdateOperation, - Path: fmt.Sprintf("%s/%s/%s", prefixActivationFlags, "activation-test", verbActivationFlagsActivate), + Path: fmt.Sprintf("%s/%s/%s", prefixActivationFlags, activationFlagTest, verbActivationFlagsActivate), + Storage: core.systemBarrierView, + }, + ) + + require.NoError(t, err) + }) + + t.Run("activate identity cleanup flag", func(t *testing.T) { + core, _, _ := TestCoreUnsealedWithConfig(t, &CoreConfig{}) + + resp, err := core.systemBackend.HandleRequest( + context.Background(), + &logical.Request{ + Operation: logical.UpdateOperation, + Path: fmt.Sprintf("%s/%s/%s", prefixActivationFlags, activationFlagIdentityCleanup, verbActivationFlagsActivate), Storage: core.systemBarrierView, }, ) require.NoError(t, err) + require.NotNil(t, resp) + require.NotEmpty(t, resp.Data) + require.NotNil(t, resp.Data["activated"]) + require.Contains(t, resp.Data["activated"], activationFlagIdentityCleanup) }) }