Allow issuer/:issuer_ref/sign-verbatim/:role, add error on missing role (#15543)
* Allow role-based sign-verbatim with chosen issuer Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add warning with missing requested verbatim role Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Update builtin/logical/pki/backend.go Co-authored-by: Steven Clark <steven.clark@hashicorp.com> Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
This commit is contained in:
parent
36c981bfe4
commit
3166d1ff78
|
@ -267,7 +267,7 @@ func (b *backend) metricsWrap(callType string, roleMode int, ofunc roleOperation
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if role == nil && roleMode == roleRequired {
|
if role == nil && (roleMode == roleRequired || len(roleName) > 0) {
|
||||||
return logical.ErrorResponse(fmt.Sprintf("unknown role: %s", roleName)), nil
|
return logical.ErrorResponse(fmt.Sprintf("unknown role: %s", roleName)), nil
|
||||||
}
|
}
|
||||||
labels = []metrics.Label{{"role", roleName}}
|
labels = []metrics.Label{{"role", roleName}}
|
||||||
|
|
|
@ -79,7 +79,7 @@ func buildPathSign(b *backend, pattern string) *framework.Path {
|
||||||
}
|
}
|
||||||
|
|
||||||
func pathIssuerSignVerbatim(b *backend) *framework.Path {
|
func pathIssuerSignVerbatim(b *backend) *framework.Path {
|
||||||
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-verbatim"
|
pattern := "issuer/" + framework.GenericNameRegex(issuerRefParam) + "/sign-verbatim" + framework.OptionalParamRegex("role")
|
||||||
return buildPathIssuerSignVerbatim(b, pattern)
|
return buildPathIssuerSignVerbatim(b, pattern)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:change
|
||||||
|
secrets/pki: Err on unknown role during sign-verbatim.
|
||||||
|
```
|
Loading…
Reference in New Issue