From f788761c3dbb6a73b53200c74bc964d5fcb9a3d8 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Tue, 23 Aug 2022 16:23:50 -0400 Subject: [PATCH] backport of commit bab106359351d060e8691b8b7ebd1a21b72bdfbe (#16841) Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> --- vault/identity_store.go | 2 +- vault/identity_store_test.go | 49 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/vault/identity_store.go b/vault/identity_store.go index 8caa57212869..72568f9abc8b 100644 --- a/vault/identity_store.go +++ b/vault/identity_store.go @@ -850,7 +850,7 @@ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical. // names match or no metadata is different, -1 is returned. func changedAliasIndex(entity *identity.Entity, alias *logical.Alias) int { for i, a := range entity.Aliases { - if a.Name == alias.Name && !strutil.EqualStringMaps(a.Metadata, alias.Metadata) { + if a.Name == alias.Name && a.MountAccessor == alias.MountAccessor && !strutil.EqualStringMaps(a.Metadata, alias.Metadata) { return i } } diff --git a/vault/identity_store_test.go b/vault/identity_store_test.go index 751c5d8ee973..bf20a239a093 100644 --- a/vault/identity_store_test.go +++ b/vault/identity_store_test.go @@ -807,3 +807,52 @@ func TestIdentityStore_NewEntityCounter(t *testing.T) { expectSingleCount(t, sink, "identity.entity.creation") } + +func TestIdentityStore_UpdateAliasMetadataPerAccessor(t *testing.T) { + entity := &identity.Entity{ + ID: "testEntityID", + Name: "testEntityName", + Policies: []string{"foo", "bar"}, + Aliases: []*identity.Alias{ + { + ID: "testAliasID1", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor", + Name: "sameAliasName", + }, + { + ID: "testAliasID2", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor2", + Name: "sameAliasName", + }, + }, + NamespaceID: namespace.RootNamespaceID, + } + + login := &logical.Alias{ + MountType: "testMountType", + MountAccessor: "testMountAccessor", + Name: "sameAliasName", + ID: "testAliasID", + Metadata: map[string]string{"foo": "bar"}, + } + + if i := changedAliasIndex(entity, login); i != 0 { + t.Fatalf("wrong alias index changed. Expected 0, got %d", i) + } + + login2 := &logical.Alias{ + MountType: "testMountType", + MountAccessor: "testMountAccessor2", + Name: "sameAliasName", + ID: "testAliasID2", + Metadata: map[string]string{"bar": "foo"}, + } + + if i := changedAliasIndex(entity, login2); i != 1 { + t.Fatalf("wrong alias index changed. Expected 1, got %d", i) + } +}