Merge pull request #163 from jfrog/fix-and-prepare-for-release

Fix code formatting issues from PR

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.5.0 (March 13, 2023)
+
+IMPROVEMENTS:
+
+* Add `allow_scope_override` field to `config/admin` path. This allows override of `scope` field when generating new admin scope token using `artifactory/roles/<name>` path. Issue: [#134](https://github.com/jfrog/artifactory-secrets-plugin/issues/134) PR: [#147](https://github.com/jfrog/artifactory-secrets-plugin/pull/147), [#163](https://github.com/jfrog/artifactory-secrets-plugin/pull/163)
+
 ## 1.4.0 (March 11, 2023)
 
 IMPROVEMENTS:

README.md

@@ -267,8 +267,8 @@ vault write artifactory/config/admin \
 
 #### Enable Scoped down Tokens
 
-[!WARNING]
-In order to decouple Artifactory Group maintenance from Vault plugin configuration, you can configure a single role to request Access Tokens for specific groups. This option should be used with extreme care to ensure that your Vault policies are restricting which groups it can request tokens on behalf of.
+> [!WARNING]
+> In order to decouple Artifactory Group maintenance from Vault plugin configuration, you can configure a single role to request Access Tokens for specific groups. This option should be used with extreme care to ensure that your Vault policies are restricting which groups it can request tokens on behalf of.
 
 ```sh
 vault write artifactory/config/admin \
@@ -340,8 +340,8 @@ username           v-jenkins-x4mohTA8
 
 ### Scoped Access Tokens
 
-[!IMPORTANT]
-In order to use this functionality, you must enable `allow_scope_override` when configuring the plugin, see [Enable Scoped down Tokens](#Use-scoped-down-tokens)
+> [!IMPORTANT]
+> In order to use this functionality, you must enable `allow_scope_override` when configuring the plugin, see [Enable Scoped down Tokens](#Use-scoped-down-tokens)
 
 Create a role (scope for artifactory >= 7.21.1)
 
@@ -482,6 +482,7 @@ No renewals or new tokens will be issued if the backend configuration (config/ad
 * `use_expiring_tokens` (boolean) - Optional. If Artifactory version >= 7.50.3, set `expires_in` to `max_ttl` (admin token) or `ttl` (user token) and `force_revocable = true`. Default to `false`.
 * `bypass_artifactory_tls_verification` (boolean) - Optional. Bypass certification verification for TLS connection with Artifactory. Default to `false`.
 * `revoke_on_delete` (boolean) - Optional. Revoke Administrator access token when this configuration is deleted. Default to `false`. Will be set to `true` if token is rotated.
+* `allow_scope_override` (boolean) - Optional. Determine if scoped tokens should be allowed. This is an advanced configuration option. Default to `false`.
 
 #### Example
 

path_config.go

@@ -44,6 +44,7 @@ func (b *backend) pathConfig() *framework.Path {
 				Type:        framework.TypeBool,
 				Default:     false,
 				Description: "Optional. Determine if scoped tokens should be allowed. This is an advanced configuration option. Default to `false`.",
+			},
 			"revoke_on_delete": {
 				Type:        framework.TypeBool,
 				Default:     false,
@@ -159,7 +160,8 @@ func (b *backend) pathConfigUpdate(ctx context.Context, req *logical.Request, da
 
 	if val, ok := data.GetOk("allow_scope_override"); ok {
 		config.AllowScopeOverride = val.(bool)
-
+	}
+
 	if val, ok := data.GetOk("revoke_on_delete"); ok {
 		config.RevokeOnDelete = val.(bool)
 	}

path_token_create.go

@@ -142,20 +142,20 @@ func (b *backend) pathTokenCreatePerform(ctx context.Context, req *logical.Reque
 	}
 
 	if config.AllowScopeOverride {
-	  scope := data.Get("scope").(string)
-	  if len(scope) != 0 {
+		scope := data.Get("scope").(string)
+		if len(scope) != 0 {
 			re, err := regexp.Compile(`^applied-permissions\/groups:.+$`)
 			if err != nil {
 				return nil, err
 			}
-	    match := re.MatchString(scope)
-
-	    if !match {
-	      return logical.ErrorResponse("provided scope is invalid"), errors.New("provided scope is invalid")
-	    }
-	    //use the overridden scope rather than role default
-	    role.Scope = scope
-	  }
+			match := re.MatchString(scope)
+
+			if !match {
+				return logical.ErrorResponse("provided scope is invalid"), errors.New("provided scope is invalid")
+			}
+			//use the overridden scope rather than role default
+			role.Scope = scope
+		}
 	}
 
 	resp, err := b.CreateToken(config.baseConfiguration, *role)

test_utils.go

@@ -112,8 +112,8 @@ func (e *accTestEnv) revokeTestToken(t *testing.T, accessToken string, tokenID s
 
 func (e *accTestEnv) UpdatePathConfig(t *testing.T) {
 	e.UpdateConfigAdmin(t, testData{
-		"access_token":        e.AccessToken,
-		"url":                 e.URL,
+		"access_token":         e.AccessToken,
+		"url":                  e.URL,
 		"allow_scope_override": true,
 	})
 }