approle: Include role_name in alias metadata (#9529) (#10166)

This change allows people who are using templated policies to use the role_name in their templates through {{ identity.entity.aliases.approle.metadata.role_name }}. Co-authored-by: Calvin Leung Huang <[email protected]> Co-authored-by: Danielle <[email protected]>
hashicorp · Oct 16, 2020 · 88b53ef · 88b53ef
1 parent dfc2cfe
commit 88b53ef
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go
@@ -287,7 +287,8 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
 		},
 		Metadata: metadata,
 		Alias: &logical.Alias{
-			Name: role.RoleID,
+			Name:     role.RoleID,
+			Metadata: metadata,
 		},
 	}
 	role.PopulateTokenAuth(auth)

diff --git a/builtin/credential/approle/path_login_test.go b/builtin/credential/approle/path_login_test.go
@@ -171,6 +171,22 @@ func TestAppRole_RoleLogin(t *testing.T) {
 		t.Fatalf("expected a non-nil auth object in the response")
 	}
 
+	if loginResp.Auth.Metadata == nil {
+		t.Fatalf("expected a non-nil metadata object in the response")
+	}
+
+	if val := loginResp.Auth.Metadata["role_name"]; val != "role1" {
+		t.Fatalf("expected metadata.role_name to equal 'role1', got: %v", val)
+	}
+
+	if loginResp.Auth.Alias.Metadata == nil {
+		t.Fatalf("expected a non-nil alias metadata object in the response")
+	}
+
+	if val := loginResp.Auth.Alias.Metadata["role_name"]; val != "role1" {
+		t.Fatalf("expected metadata.alias.role_name to equal 'role1', got: %v", val)
+	}
+
 	// Test renewal
 	renewReq := generateRenewRequest(storage, loginResp.Auth)