Merge remote-tracking branch 'remotes/from/ce/main'

Author: hc-github-team-secure-vault-core

builtin/logical/pki/path_roles.go

@@ -373,7 +373,7 @@ non-Hostname, non-Email address CNs.`,
 			Type: framework.TypeCommaStringSlice,
 			Description: `A comma-separated string or list of policy OIDs, or a JSON list of qualified policy
 information, which must include an oid, and may include a notice and/or cps url, using the form 
-[{"oid"="1.3.6.1.4.1.7.8","notice"="I am a user Notice"}, {"oid"="1.3.6.1.4.1.44947.1.2.4 ","cps"="https://example.com"}].`,
+[{"oid"="1.3.6.1.4.1.7.8","notice"="I am a user Notice"}, {"oid"="1.3.6.1.4.1.32473.1.2.4","cps"="https://example.com"}].`,
 		},
 
 		"basic_constraints_valid_for_non_ca": {
@@ -801,7 +801,7 @@ non-Hostname, non-Email address CNs.`,
 				Type: framework.TypeCommaStringSlice,
 				Description: `A comma-separated string or list of policy OIDs, or a JSON list of qualified policy
 information, which must include an oid, and may include a notice and/or cps url, using the form 
-[{"oid"="1.3.6.1.4.1.7.8","notice"="I am a user Notice"}, {"oid"="1.3.6.1.4.1.44947.1.2.4 ","cps"="https://example.com"}].`,
+[{"oid"="1.3.6.1.4.1.7.8","notice"="I am a user Notice"}, {"oid"="1.3.6.1.4.1.32473.1.2.4","cps"="https://example.com"}].`,
 			},
 
 			"basic_constraints_valid_for_non_ca": {

builtin/logical/pki/path_roles_test.go

@@ -1031,8 +1031,8 @@ func TestPki_RolePatch(t *testing.T) {
 func TestPKI_RolePolicyInformation_Flat(t *testing.T) {
 	t.Parallel()
 	type TestCase struct {
-		Input   interface{}
-		ASN     interface{}
+		Input   string
+		ASN     string
 		OidList []string
 	}
 
@@ -1051,9 +1051,9 @@ func TestPKI_RolePolicyInformation_Flat(t *testing.T) {
 			OidList: expectedSimpleOidList,
 		},
 		{
-			Input:   "[{\"oid\":\"1.3.6.1.4.1.7.8\",\"notice\":\"I am a user Notice\"},{\"oid\":\"1.3.6.1.44947.1.2.4\",\"cps\":\"https://example.com\"}]",
-			ASN:     "MF8wLQYHKwYBBAEHCDAiMCAGCCsGAQUFBwICMBQMEkkgYW0gYSB1c2VyIE5vdGljZTAuBgkrBgGC3xMBAgQwITAfBggrBgEFBQcCARYTaHR0cHM6Ly9leGFtcGxlLmNvbQ==",
-			OidList: append(*new([]string), "1.3.6.1.4.1.7.8", "1.3.6.1.44947.1.2.4"),
+			Input:   "[{\"oid\":\"1.3.6.1.4.1.7.8\",\"notice\":\"I am a user Notice\"},{\"oid\":\"1.3.6.1.32473.1.2.4\",\"cps\":\"https://example.com\"}]",
+			ASN:     "MF8wLQYHKwYBBAEHCDAiMCAGCCsGAQUFBwICMBQMEkkgYW0gYSB1c2VyIE5vdGljZTAuBgkrBgGB/VkBAgQwITAfBggrBgEFBQcCARYTaHR0cHM6Ly9leGFtcGxlLmNvbQ==",
+			OidList: append(*new([]string), "1.3.6.1.4.1.7.8", "1.3.6.1.32473.1.2.4"),
 		},
 	}
 
@@ -1076,10 +1076,6 @@ func TestPKI_RolePolicyInformation_Flat(t *testing.T) {
 	}
 
 	for index, testCase := range testCases {
-		var roleResp *logical.Response
-		var issueResp *logical.Response
-		var err error
-
 		// Create/update the role
 		roleData := map[string]interface{}{}
 		roleData[policyIdentifiersParam] = testCase.Input
@@ -1091,15 +1087,16 @@ func TestPKI_RolePolicyInformation_Flat(t *testing.T) {
 			Data:      roleData,
 		}
 
-		roleResp, err = b.HandleRequest(context.Background(), roleReq)
+		roleResp, err := b.HandleRequest(context.Background(), roleReq)
 		if err != nil || (roleResp != nil && roleResp.IsError()) {
 			t.Fatalf("bad [%d], setting policy identifier %v err: %v resp: %#v", index, testCase.Input, err, roleResp)
 		}
 
 		// Issue Using this role
-		issueData := map[string]interface{}{}
-		issueData["common_name"] = "localhost"
-		issueData["ttl"] = "2s"
+		issueData := map[string]interface{}{
+			"common_name": "localhost",
+			"ttl":         "2s",
+		}
 
 		issueReq := &logical.Request{
 			Operation: logical.UpdateOperation,
@@ -1108,10 +1105,13 @@ func TestPKI_RolePolicyInformation_Flat(t *testing.T) {
 			Data:      issueData,
 		}
 
-		issueResp, err = b.HandleRequest(context.Background(), issueReq)
+		issueResp, err := b.HandleRequest(context.Background(), issueReq)
 		if err != nil || (issueResp != nil && issueResp.IsError()) {
 			t.Fatalf("bad [%d], setting policy identifier %v err: %v resp: %#v", index, testCase.Input, err, issueResp)
 		}
+		if issueResp == nil || issueResp.Data == nil {
+			t.Fatalf("bad [%d], setting policy identifier %v no response", index, testCase.Input)
+		}
 
 		// Validate the OIDs
 		policyIdentifiers, err := getPolicyIdentifiersOffCertificate(*issueResp)
@@ -1131,10 +1131,8 @@ func TestPKI_RolePolicyInformation_Flat(t *testing.T) {
 		if err != nil {
 			t.Fatalf("bad [%d], getting extension from %v err: %v resp: %#v", index, testCase.Input, err, issueResp)
 		}
-		certificateB64 := make([]byte, len(certificateAsn)*2)
-		base64.StdEncoding.Encode(certificateB64, certificateAsn)
-		certificateString := string(certificateB64[:])
-		assert.Contains(t, certificateString, testCase.ASN)
+		certificateString := base64.StdEncoding.EncodeToString(certificateAsn)
+		assert.Equal(t, certificateString, testCase.ASN)
 	}
 }
 

changelog/_9306.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+secrets/pki (enterprise): add integrations/guardium configuration endpoint.
+```