enable hierarchical path for library sets (#105)

* adds poc with nested role listing

* add make configure

* update regex to honor previous contraints

* refactor static role tests

* add tests for static role read and list

* enable hierarchical path for static-cred endpoint

* enable hierarchical path for rotate-role endpoint

* address review comments

* update makefile and test checks

* enable hierarchical path for dynamic roles and creds

* use unexported regex helper name

* update test name

* lib set, check in, check out

* comment on tests that need attention

* add tests for regex

---------

Co-authored-by: Austin Gebauer <[email protected]>

backend.go

@@ -51,17 +51,26 @@ func Backend(client ldapClient) *backend {
 			},
 		},
 		Paths: framework.PathAppend(
-			b.pathListStaticRoles(),
+			// These paths must be at the top of the list since their regex
+			// Patterns are the most specific. Otherwise, a more generic regex
+			// will swallow the request because role and set names can contain
+			// arbitrary numbers of slashes.
+			// For example, a request to `library/:set_name/check-in` could be
+			// swallowed by the regex for `library/:set_name`.
+			b.pathSetManageCheckIn(),
+			b.pathSetCheckIn(),
+			b.pathSetCheckOut(),
+			b.pathSetStatus(),
+
+			// These paths are more generic than the above. They must be
+			// appended last.
 			b.pathConfig(),
 			b.pathDynamicRoles(),
 			b.pathDynamicCredsCreate(),
 			b.pathStaticRoles(),
 			b.pathStaticCredsCreate(),
+			b.pathListStaticRoles(),
 			b.pathRotateCredentials(),
-			b.pathSetCheckIn(),
-			b.pathSetManageCheckIn(),
-			b.pathSetCheckOut(),
-			b.pathSetStatus(),
 			b.pathSets(),
 			b.pathListSets(),
 		),

path_checkout_sets.go

@@ -6,6 +6,7 @@ package openldap
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/go-secure-stdlib/strutil"
@@ -14,7 +15,10 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
-const libraryPrefix = "library/"
+const (
+	libraryPrefix       = "library/"
+	libraryManagePrefix = "library/manage/"
+)
 
 type librarySet struct {
 	ServiceAccountNames       []string      `json:"service_account_names"`
@@ -45,7 +49,7 @@ func (l *librarySet) Validate() error {
 func (b *backend) pathListSets() []*framework.Path {
 	return []*framework.Path{
 		{
-			Pattern: libraryPrefix + "?$",
+			Pattern: strings.TrimSuffix(libraryPrefix, "/") + optionalGenericNameWithForwardSlashListRegex("path"),
 			DisplayAttrs: &framework.DisplayAttributes{
 				OperationPrefix: operationPrefixLDAPLibrary,
 				OperationVerb:   "list",
@@ -55,14 +59,21 @@ func (b *backend) pathListSets() []*framework.Path {
 					Callback: b.listSetsOperation,
 				},
 			},
+			Fields: map[string]*framework.FieldSchema{
+				"path": {
+					Type:        framework.TypeLowerCaseString,
+					Description: "Path of sets to list",
+				},
+			},
 			HelpSynopsis:    pathListSetsHelpSyn,
 			HelpDescription: pathListSetsHelpDesc,
 		},
 	}
 }
 
-func (b *backend) listSetsOperation(ctx context.Context, req *logical.Request, _ *framework.FieldData) (*logical.Response, error) {
-	keys, err := req.Storage.List(ctx, libraryPrefix)
+func (b *backend) listSetsOperation(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+	setPath := data.Get("path").(string)
+	keys, err := req.Storage.List(ctx, libraryPrefix+setPath)
 	if err != nil {
 		return nil, err
 	}
@@ -72,7 +83,7 @@ func (b *backend) listSetsOperation(ctx context.Context, req *logical.Request, _
 func (b *backend) pathSets() []*framework.Path {
 	return []*framework.Path{
 		{
-			Pattern: libraryPrefix + framework.GenericNameRegex("name"),
+			Pattern: strings.TrimSuffix(libraryPrefix, "/") + genericNameWithForwardSlashRegex("name"),
 			DisplayAttrs: &framework.DisplayAttributes{
 				OperationPrefix: operationPrefixLDAPLibrary,
 			},