Allow scoped tokens to read session status
This commit is contained in:
@@ -100,7 +100,7 @@ func TestVaultServiceRejectsUnauthorizedEntryAccess(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestVaultServiceRejectsUnauthorizedVaultManagement(t *testing.T) {
|
||||
func TestVaultServiceAllowsSessionStatusWithoutManageVault(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
client, _, cleanup := newTestClientForModel(t, vault.Model{
|
||||
@@ -112,9 +112,12 @@ func TestVaultServiceRejectsUnauthorizedVaultManagement(t *testing.T) {
|
||||
})
|
||||
defer cleanup()
|
||||
|
||||
_, err := client.GetSessionStatus(tokenContext(defaultTestTokenSecret), &keepassgov1.GetSessionStatusRequest{})
|
||||
if status.Code(err) != codes.PermissionDenied {
|
||||
t.Fatalf("GetSessionStatus() code = %v, want %v", status.Code(err), codes.PermissionDenied)
|
||||
resp, err := client.GetSessionStatus(tokenContext(defaultTestTokenSecret), &keepassgov1.GetSessionStatusRequest{})
|
||||
if err != nil {
|
||||
t.Fatalf("GetSessionStatus() error = %v", err)
|
||||
}
|
||||
if resp.GetLocked() {
|
||||
t.Fatal("GetSessionStatus().Locked = true, want false")
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user