Add ability to specify a name for a cert to check for auth#tls (#256)

* Add ability to specify a name for a cert to check for auth#tls * add @param comment for name Co-authored-by: Calvin Leung Huang <[email protected]>
hashicorp · Aug 11, 2021 · 714a305 · 714a305
1 parent 44d180d
commit 714a305
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/lib/vault/api/auth.rb b/lib/vault/api/auth.rb
@@ -286,12 +286,17 @@ def gcp(role, jwt, path = 'gcp')
     # @param [String] path (default: 'cert')
     #   The path to the auth backend to use for the login procedure.
     #
+    # @param [String] name optional
+    #   The named certificate role provided to the login request. 
+    #
     # @return [Secret]
-    def tls(pem = nil, path = 'cert')
+    def tls(pem = nil, path = 'cert', name: nil)
       new_client = client.dup
       new_client.ssl_pem_contents = pem if !pem.nil?
 
-      json = new_client.post("/v1/auth/#{CGI.escape(path)}/login")
+      opts = {}
+      opts[:name] = name if name
+      json = new_client.post("/v1/auth/#{CGI.escape(path)}/login", opts)
       secret = Secret.decode(json)
       client.token = secret.auth.client_token
       return secret

diff --git a/spec/integration/api/auth_spec.rb b/spec/integration/api/auth_spec.rb
@@ -202,6 +202,13 @@ module Vault
         expect(subject.token).to eq(result.auth.client_token)
       end
 
+      it "returns nil if a certificate name is provided that doesn't exist" do
+        pending "dev server does not support tls"
+        secret = subject.auth.tls(auth_cert, name: "not_here")
+
+        expect(secret).to_be nil
+      end
+
       it "raises an error if the authentication is bad", vault: "> 0.6.1" do
         subject.sys.disable_auth("cert")