backport of commit b19562db9a8c1b65ea660ed0d51aaf9498a9887d (#24025)

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-11-06 08:51:52 -05:00 committed by GitHub
parent 03294624da
commit 2bf61de125
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 4 deletions

View file

@ -467,7 +467,7 @@ func (ps *PolicyStore) GetNonEGPPolicyType(nsID string, name string) (*PolicyTyp
pt, ok := ps.policyTypeMap.Load(index) pt, ok := ps.policyTypeMap.Load(index)
if !ok { if !ok {
// Doesn't exist // Doesn't exist
return nil, fmt.Errorf("policy does not exist in type map: %v", index) return nil, ErrPolicyNotExistInTypeMap
} }
policyType, ok := pt.(PolicyType) policyType, ok := pt.(PolicyType)

View file

@ -360,7 +360,7 @@ func TestPolicyStore_GetNonEGPPolicyType(t *testing.T) {
paramNamespace: "1AbcD", paramNamespace: "1AbcD",
paramPolicyName: "policy1", paramPolicyName: "policy1",
isErrorExpected: true, isErrorExpected: true,
expectedErrorMessage: "policy does not exist in type map: 1AbcD/policy1", expectedErrorMessage: "policy does not exist in type map",
}, },
"not-in-map-rgp": { "not-in-map-rgp": {
policyStoreKey: "2WxyZ/policy2", policyStoreKey: "2WxyZ/policy2",
@ -368,7 +368,7 @@ func TestPolicyStore_GetNonEGPPolicyType(t *testing.T) {
paramNamespace: "1AbcD", paramNamespace: "1AbcD",
paramPolicyName: "policy1", paramPolicyName: "policy1",
isErrorExpected: true, isErrorExpected: true,
expectedErrorMessage: "policy does not exist in type map: 1AbcD/policy1", expectedErrorMessage: "policy does not exist in type map",
}, },
"unknown-policy-type": { "unknown-policy-type": {
policyStoreKey: "1AbcD/policy1", policyStoreKey: "1AbcD/policy1",

View file

@ -52,7 +52,8 @@ var (
// to complete, unless overridden on a per-handler basis // to complete, unless overridden on a per-handler basis
DefaultMaxRequestDuration = 90 * time.Second DefaultMaxRequestDuration = 90 * time.Second
ErrNoApplicablePolicies = errors.New("no applicable policies") ErrNoApplicablePolicies = errors.New("no applicable policies")
ErrPolicyNotExistInTypeMap = errors.New("policy does not exist in type map")
egpDebugLogging bool egpDebugLogging bool
@ -180,6 +181,13 @@ func (c *Core) getApplicableGroupPolicies(ctx context.Context, tokenNS *namespac
for _, policyName := range nsPolicies { for _, policyName := range nsPolicies {
t, err := c.policyStore.GetNonEGPPolicyType(policyNS.ID, policyName) t, err := c.policyStore.GetNonEGPPolicyType(policyNS.ID, policyName)
if err != nil && errors.Is(err, ErrPolicyNotExistInTypeMap) {
// When we attempt to get a non-EGP policy type, and receive an
// explicit error that it doesn't exist (in the type map) we log the
// ns/policy and continue without error.
c.Logger().Debug(fmt.Errorf("%w: %v/%v", err, policyNS.ID, policyName).Error())
continue
}
if err != nil || t == nil { if err != nil || t == nil {
return nil, fmt.Errorf("failed to look up type of policy: %w", err) return nil, fmt.Errorf("failed to look up type of policy: %w", err)
} }