diff --git a/vault/acl_test.go b/vault/acl_test.go index 65ec5c223..4fdb2eda7 100644 --- a/vault/acl_test.go +++ b/vault/acl_test.go @@ -335,14 +335,14 @@ func TestACL_ValuePermissions(t *testing.T) { {"foo/bar", []string{"deny"}, []interface{}{"bad"}, false}, {"foo/bar", []string{"deny"}, []interface{}{"good"}, true}, {"foo/bar", []string{"allow"}, []interface{}{"good"}, true}, - {"foo/baz", []string{"allow"}, []interface{}{"good"}, true}, + {"foo/baz", []string{"aLLow"}, []interface{}{"good"}, true}, {"foo/baz", []string{"deny"}, []interface{}{"bad"}, false}, {"foo/baz", []string{"deny"}, []interface{}{"good"}, false}, {"foo/baz", []string{"allow", "deny"}, []interface{}{"good", "bad"}, false}, {"foo/baz", []string{"deny", "allow"}, []interface{}{"good", "bad"}, false}, - {"foo/baz", []string{"deny", "allow"}, []interface{}{"bad", "good"}, false}, - {"foo/baz", []string{"allow"}, []interface{}{"bad"}, false}, - {"foo/baz", []string{"neither"}, []interface{}{"bad"}, false}, + {"foo/baz", []string{"deNy", "allow"}, []interface{}{"bad", "good"}, false}, + {"foo/baz", []string{"aLLow"}, []interface{}{"bad"}, false}, + {"foo/baz", []string{"Neither"}, []interface{}{"bad"}, false}, {"fizz/buzz", []string{"allow_multi"}, []interface{}{"good"}, true}, {"fizz/buzz", []string{"allow_multi"}, []interface{}{"good1"}, true}, {"fizz/buzz", []string{"allow_multi"}, []interface{}{"good2"}, true}, @@ -630,10 +630,10 @@ path "foo/bar" { path "foo/baz" { policy = "write" allowed_parameters = { - "allow" = ["good"] + "ALLOW" = ["good"] } denied_parameters = { - "deny" = ["bad"] + "dEny" = ["bad"] } } path "fizz/buzz" { diff --git a/vault/policy.go b/vault/policy.go index 6a3cbeb17..ab06c70b1 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -187,8 +187,19 @@ func parsePaths(result *Policy, list *ast.ObjectList) error { } } - pc.Permissions.AllowedParameters = pc.AllowedParametersHCL - pc.Permissions.DeniedParameters = pc.DeniedParametersHCL + if pc.AllowedParametersHCL != nil { + pc.Permissions.AllowedParameters = make(map[string][]interface{}, len(pc.AllowedParametersHCL)) + for key, val := range pc.AllowedParametersHCL { + pc.Permissions.AllowedParameters[strings.ToLower(key)] = val + } + } + if pc.DeniedParametersHCL != nil { + pc.Permissions.DeniedParameters = make(map[string][]interface{}, len(pc.DeniedParametersHCL)) + + for key, val := range pc.DeniedParametersHCL { + pc.Permissions.DeniedParameters[strings.ToLower(key)] = val + } + } PathFinished: paths = append(paths, &pc)