Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix aspects of auth/token/create request parsing #18556

Merged
merged 6 commits into from
Jul 10, 2023
Merged

Fix aspects of auth/token/create request parsing #18556

merged 6 commits into from
Jul 10, 2023

Conversation

maxb
Copy link
Contributor

@maxb maxb commented Dec 26, 2022

Fixes #18550

Currently, the auth/token/create family of APIs (create, create-orphan, create/{role}) does non-standard parsing of requests, by directly using mapstructure.WeakDecode(request.Data, ...) instead of using the standard framework.FieldData abstraction.

Furthermore, the fields declared for these APIs are incorrect, leading to inappropriate OpenAPI generation, and inappropriate warnings about ignored parameters.

Detailed changes:

  • Factor out triplicated definitions of common fields across these three APIs.

  • Remove incorrect role_name field from create-orphan.

  • Add missing lease deprecated field.

  • Rename incorrectly named metadata field to meta, and change from TypeMap to TypeKVPairs to reflect actual underlying Go type is map[string]string.

  • Remove entirely incorrect format field.

  • Add declarative Default: true to renewable field, to match behaviour currently implemented in code.

  • Having fixed the field definitions to match current usage, remove the secondary decoding of the request via mapstructure inside handleCreateCommon, and migrate to using FieldData APIs like a normal operation function.

maxb added 2 commits December 26, 2022 18:02
@maxb
Fix aspects of auth/token/create request parsing
383a373 
Fixes hashicorp#18550

Currently, the `auth/token/create` family of APIs (`create`,
`create-orphan`, `create/{role}`) does non-standard parsing of requests,
by directly using `mapstructure.WeakDecode(request.Data, ...)` instead
of using the standard `framework.FieldData` abstraction.

Furthermore, the fields declared for these APIs are incorrect, leading
to inappropriate OpenAPI generation, and inappropriate warnings about
ignored parameters.

Detailed changes:

* Factor out triplicated definitions of common fields across these three
  APIs.

* Remove incorrect `role_name` field from `create-orphan`.

* Add missing `lease` deprecated field.

* Rename incorrectly named `metadata` field to `meta`, and change from
  `TypeMap` to `TypeKVPairs` to reflect actual underlying Go type is
  `map[string]string`.

* Remove entirely incorrect `format` field.

* Add declarative `Default: true` to `renewable` field, to match
  behaviour currently implemented in code.

* Having fixed the field definitions to match current usage, remove the
  secondary decoding of the request via `mapstructure` inside
  `handleCreateCommon`, and migrate to using `FieldData` APIs like
  a normal operation function.
@maxb
Add changelog
468f66b
@heatherezell heatherezell added core/openapi bug Used to indicate a potential bug core/token labels Jan 4, 2023
@maxb maxb mentioned this pull request Jan 6, 2023
Merged
@maxb
Copy link
Contributor Author

maxb commented Apr 27, 2023

Hi @averche ,

As this PR relates to fixing field definitions that will affect OpenAPI correctness, and so the correctness of the new generated client libraries, I wonder if it is something you might be interested in looking into?

@hghaf099
Copy link
Contributor

hghaf099 commented May 4, 2023

@maxb This is a great PR and I would like to make it ready to be merged in. Would you please rebase with main such that the failing tests are fixed?

@maxb
Copy link
Contributor Author

maxb commented May 5, 2023

I've updated the branch, but it looks like there are quite a few new PR checks which don't work for community PRs, due to credentials limited to branches within the main repo.

@maxb
Copy link
Contributor Author

maxb commented May 26, 2023

@hghaf099 Thanks for your interest in my PR, what needs to happen next?

averche
averche approved these changes Jul 4, 2023
View reviewed changes
Copy link
Contributor

@averche averche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @maxb!

Sorry did not see the tag till today. This PR is great both for the OpenAPI correctness and for bringing the code in line with the current Vault conventions! I left a couple of nit comments. Otherwise, LGTM!

vault/token_store.go Outdated Show resolved Hide resolved
vault/token_store.go Show resolved Hide resolved
@averche averche added this to the 1.15 milestone Jul 10, 2023
@averche averche merged commit 3bf1299 into hashicorp:main Jul 10, 2023
Merged
@maxb maxb deleted the fix-auth-token-create-parsing branch July 10, 2023 16:18
This was referenced Jul 11, 2023
Merged
Merged
averche pushed a commit to hashicorp/vault-client-go that referenced this pull request Jul 11, 2023
@maxb
Sync OpenAPI; fixes to token create methods (#192)
21d51ea 
From hashicorp/vault#18556

Changes auth methods:
- TokenCreate
- TokenCreateAgainstRole
- TokenCreateOrphan
averche pushed a commit to hashicorp/vault-client-dotnet that referenced this pull request Jul 11, 2023
@maxb
Sync OpenAPI; fixes to token create methods (#141)
2b4fa3a 
From hashicorp/vault#18556

Changes auth methods:
- TokenCreate
- TokenCreateAgainstRole
- TokenCreateOrphan
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@averche averche averche approved these changes

Assignees
No one assigned
Labels
bug Used to indicate a potential bug core/openapi core/token
Projects
None yet
Milestone
1.15.0-rc1
Development

Successfully merging this pull request may close these issues.

vault /auth/token/create returns ignoring unrecognized parameters [meta] when creating token
4 participants
@maxb @hghaf099 @averche @heatherezell