From 714a30516ac9d5c5477a8de549464d5a8aabd9b9 Mon Sep 17 00:00:00 2001 From: Lauren Voswinkel Date: Tue, 10 Aug 2021 17:23:24 -0700 Subject: [PATCH] Add ability to specify a name for a cert to check for auth#tls (#256) * Add ability to specify a name for a cert to check for auth#tls * add @param comment for name Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com> --- lib/vault/api/auth.rb | 9 +++++++-- spec/integration/api/auth_spec.rb | 7 +++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/vault/api/auth.rb b/lib/vault/api/auth.rb index 156c1945..472d1444 100644 --- a/lib/vault/api/auth.rb +++ b/lib/vault/api/auth.rb @@ -286,12 +286,17 @@ def gcp(role, jwt, path = 'gcp') # @param [String] path (default: 'cert') # The path to the auth backend to use for the login procedure. # + # @param [String] name optional + # The named certificate role provided to the login request. + # # @return [Secret] - def tls(pem = nil, path = 'cert') + def tls(pem = nil, path = 'cert', name: nil) new_client = client.dup new_client.ssl_pem_contents = pem if !pem.nil? - json = new_client.post("/v1/auth/#{CGI.escape(path)}/login") + opts = {} + opts[:name] = name if name + json = new_client.post("/v1/auth/#{CGI.escape(path)}/login", opts) secret = Secret.decode(json) client.token = secret.auth.client_token return secret diff --git a/spec/integration/api/auth_spec.rb b/spec/integration/api/auth_spec.rb index 168931d4..c18eeaac 100644 --- a/spec/integration/api/auth_spec.rb +++ b/spec/integration/api/auth_spec.rb @@ -202,6 +202,13 @@ module Vault expect(subject.token).to eq(result.auth.client_token) end + it "returns nil if a certificate name is provided that doesn't exist" do + pending "dev server does not support tls" + secret = subject.auth.tls(auth_cert, name: "not_here") + + expect(secret).to_be nil + end + it "raises an error if the authentication is bad", vault: "> 0.6.1" do subject.sys.disable_auth("cert")