From 1f7999ed97f046f4738c846df7da68ae2e716338 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Wed, 15 Sep 2021 13:51:15 -0400
Subject: [PATCH] Add authorized collection actions output for credential
 stores (#1530)

Add authorized collection actions output for credential stores
---
 CHANGELOG.md                                  |  5 +-
 .../controller/auth/authorized_actions.go     |  2 +-
 .../credentialstore_service.go                |  3 ++
 .../credentialstore_service_test.go           | 52 ++++++++++++-------
 internal/types/resource/resource.go           |  9 ++++
 5 files changed, 48 insertions(+), 23 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ebff305f2c..6c7764fd95 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,6 @@
 
 Canonical reference for changes, improvements, and bugfixes for Boundary.
 
-## Next
-
-
 ## 0.6.1 (2021/09/14)
 
 ### Bug Fixes
@@ -15,6 +12,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
   project scope output. ([PR](https://github.com/hashicorp/boundary/pull/1524))
 * actions: Fix `sessions` collection actions not being visible when reading a
   scope ([PR](https://github.com/hashicorp/boundary/pull/1527))
+* credential stores: Fix credential stores not showing authorized collection
+  actions ([PR](https://github.com/hashicorp/boundary/pull/1530))
 
 ## 0.6.0 (2021/09/03)
 
diff --git a/internal/servers/controller/auth/authorized_actions.go b/internal/servers/controller/auth/authorized_actions.go
index d7e935fb04..4e67ede4b5 100644
--- a/internal/servers/controller/auth/authorized_actions.go
+++ b/internal/servers/controller/auth/authorized_actions.go
@@ -38,7 +38,7 @@ func CalculateAuthorizedCollectionActions(ctx context.Context,
 			if err != nil {
 				return nil, err
 			}
-			ret[k.String()+"s"] = lv
+			ret[k.PluralString()] = lv
 		}
 	}
 	return ret, nil
diff --git a/internal/servers/controller/handlers/credentialstores/credentialstore_service.go b/internal/servers/controller/handlers/credentialstores/credentialstore_service.go
index 072f1b5a06..d35ccba258 100644
--- a/internal/servers/controller/handlers/credentialstores/credentialstore_service.go
+++ b/internal/servers/controller/handlers/credentialstores/credentialstore_service.go
@@ -501,6 +501,9 @@ func toProto(in credential.Store, opt ...handlers.Option) (*pb.CredentialStore,
 	if outputFields.Has(globals.AuthorizedActionsField) {
 		out.AuthorizedActions = opts.WithAuthorizedActions
 	}
+	if outputFields.Has(globals.AuthorizedCollectionActionsField) {
+		out.AuthorizedCollectionActions = opts.WithAuthorizedCollectionActions
+	}
 	if outputFields.Has(globals.AttributesField) {
 		switch credential.SubtypeFromId(in.GetPublicId()) {
 		case vault.Subtype:
diff --git a/internal/servers/controller/handlers/credentialstores/credentialstore_service_test.go b/internal/servers/controller/handlers/credentialstores/credentialstore_service_test.go
index 041ffcc638..9e087bd462 100644
--- a/internal/servers/controller/handlers/credentialstores/credentialstore_service_test.go
+++ b/internal/servers/controller/handlers/credentialstores/credentialstore_service_test.go
@@ -34,7 +34,17 @@ import (
 	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
-var testAuthorizedActions = []string{"no-op", "read", "update", "delete"}
+var (
+	testAuthorizedActions           = []string{"no-op", "read", "update", "delete"}
+	testAuthorizedCollectionActions = map[string]*structpb.ListValue{
+		"credential-libraries": {
+			Values: []*structpb.Value{
+				structpb.NewStringValue("create"),
+				structpb.NewStringValue("list"),
+			},
+		},
+	}
+)
 
 func TestList(t *testing.T) {
 	conn, _ := db.TestSetup(t, "postgres")
@@ -57,14 +67,15 @@ func TestList(t *testing.T) {
 	var wantStores []*pb.CredentialStore
 	for _, s := range vault.TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), 10) {
 		wantStores = append(wantStores, &pb.CredentialStore{
-			Id:                s.GetPublicId(),
-			ScopeId:           prj.GetPublicId(),
-			Scope:             &scopepb.ScopeInfo{Id: prj.GetPublicId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
-			CreatedTime:       s.GetCreateTime().GetTimestamp(),
-			UpdatedTime:       s.GetUpdateTime().GetTimestamp(),
-			Version:           s.GetVersion(),
-			Type:              vault.Subtype.String(),
-			AuthorizedActions: testAuthorizedActions,
+			Id:                          s.GetPublicId(),
+			ScopeId:                     prj.GetPublicId(),
+			Scope:                       &scopepb.ScopeInfo{Id: prj.GetPublicId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
+			CreatedTime:                 s.GetCreateTime().GetTimestamp(),
+			UpdatedTime:                 s.GetUpdateTime().GetTimestamp(),
+			Version:                     s.GetVersion(),
+			Type:                        vault.Subtype.String(),
+			AuthorizedActions:           testAuthorizedActions,
+			AuthorizedCollectionActions: testAuthorizedCollectionActions,
 			Attributes: func() *structpb.Struct {
 				attrs, err := handlers.ProtoToStruct(&pb.VaultCredentialStoreAttributes{
 					Address:                  wrapperspb.String(s.GetVaultAddress()),
@@ -451,7 +462,8 @@ func TestCreate(t *testing.T) {
 						require.NoError(t, err)
 						return attrs
 					}(),
-					AuthorizedActions: testAuthorizedActions,
+					AuthorizedActions:           testAuthorizedActions,
+					AuthorizedCollectionActions: testAuthorizedCollectionActions,
 				},
 			},
 		},
@@ -495,7 +507,8 @@ func TestCreate(t *testing.T) {
 						require.NoError(t, err)
 						return attrs
 					}(),
-					AuthorizedActions: testAuthorizedActions,
+					AuthorizedActions:           testAuthorizedActions,
+					AuthorizedCollectionActions: testAuthorizedCollectionActions,
 				},
 			},
 		},
@@ -580,14 +593,15 @@ func TestGet(t *testing.T) {
 			id:   store.GetPublicId(),
 			res: &pbs.GetCredentialStoreResponse{
 				Item: &pb.CredentialStore{
-					Id:                store.GetPublicId(),
-					ScopeId:           store.GetScopeId(),
-					Scope:             &scopepb.ScopeInfo{Id: store.GetScopeId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
-					Type:              vault.Subtype.String(),
-					AuthorizedActions: testAuthorizedActions,
-					CreatedTime:       store.CreateTime.GetTimestamp(),
-					UpdatedTime:       store.UpdateTime.GetTimestamp(),
-					Version:           1,
+					Id:                          store.GetPublicId(),
+					ScopeId:                     store.GetScopeId(),
+					Scope:                       &scopepb.ScopeInfo{Id: store.GetScopeId(), Type: scope.Project.String(), ParentScopeId: prj.GetParentId()},
+					Type:                        vault.Subtype.String(),
+					AuthorizedActions:           testAuthorizedActions,
+					AuthorizedCollectionActions: testAuthorizedCollectionActions,
+					CreatedTime:                 store.CreateTime.GetTimestamp(),
+					UpdatedTime:                 store.UpdateTime.GetTimestamp(),
+					Version:                     1,
 					Attributes: func() *structpb.Struct {
 						attrs, err := handlers.ProtoToStruct(&pb.VaultCredentialStoreAttributes{
 							Address:                  wrapperspb.String(store.GetVaultAddress()),
diff --git a/internal/types/resource/resource.go b/internal/types/resource/resource.go
index 46c67ef862..45edab66f5 100644
--- a/internal/types/resource/resource.go
+++ b/internal/types/resource/resource.go
@@ -60,6 +60,15 @@ func (r Type) String() string {
 	}[r]
 }
 
+func (r Type) PluralString() string {
+	switch r {
+	case CredentialLibrary:
+		return "credential-libraries"
+	default:
+		return r.String() + "s"
+	}
+}
+
 var Map = map[string]Type{
 	Unknown.String():           Unknown,
 	All.String():               All,