From 09762c23b4144ad0765533503b1d151d7d0f9b16 Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Wed, 22 Apr 2020 11:19:55 -0400 Subject: [PATCH] The new okta library doesn't prepend /api/v1 to our URL paths like the old one does (we still use the old one in the absence of an API token, since the new one doesn't support that.) Make our shim prepend /api/v1 to manual requests for the new library like the old library does, and remove explicit /api/v1 from our request paths. --- builtin/credential/okta/backend.go | 2 +- builtin/credential/okta/backend_test.go | 9 +++++++++ builtin/credential/okta/path_config.go | 4 ++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index 6d75a61883abe..441443cf3a31c 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -100,7 +100,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri StateToken string `json:"stateToken"` } - authReq, err := shim.NewRequest("POST", "/api/v1/authn", map[string]interface{}{ + authReq, err := shim.NewRequest("POST", "authn", map[string]interface{}{ "username": username, "password": password, }) diff --git a/builtin/credential/okta/backend_test.go b/builtin/credential/okta/backend_test.go index 9a6b20d9e130f..0794ea9081fc5 100644 --- a/builtin/credential/okta/backend_test.go +++ b/builtin/credential/okta/backend_test.go @@ -15,6 +15,15 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) +// To run this test, set the following env variables: +// VAULT_ACC=1 +// OKTA_ORG=dev-219337 +// OKTA_API_TOKEN= +// OKTA_USERNAME=test2@example.com +// OKTA_PASSWORD= +// +// You will need to install the Okta client app on your mobile device and +// setup MFA. func TestBackend_Config(t *testing.T) { defaultLeaseTTLVal := time.Hour * 12 maxLeaseTTLVal := time.Hour * 24 diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index 32d8b3d959f65..7faede370a897 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-cleanhttp" "net/http" "net/url" + "strings" "time" oktaold "github.com/chrismalek/oktasdk-go/okta" @@ -282,6 +283,9 @@ func (new *oktaShimNew) Client() *oktanew.Client { } func (new *oktaShimNew) NewRequest(method string, url string, body interface{}) (*http.Request, error) { + if !strings.HasPrefix(url, "/") { + url = "/api/v1/" + url + } return new.client.GetRequestExecutor().NewRequest(method, url, body) }