Normalize policy names to lowercase on write. They are not currently

normalized when reading or deleting, for backwards compatibility.

Ping #676.

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## 0.4.0 (Unreleased)
 
+DEPRECATIONS/BREAKING CHANGES:
+
+ * Policy Name Casing: Policy names are now normalized to lower-case on write, helping prevent accidental case mismatches. For backwards compatibility, policy names are not normalized when reading or deleting. [GH-676]
+
 IMPROVEMENTS:
 
  * init: Base64-encoded PGP keys can be used with the CLI for `init` and `rekey` operations [GH-653]

vault/logical_system.go

@@ -783,7 +783,7 @@ func (b *SystemBackend) handlePolicySet(
 	}
 
 	// Override the name
-	parse.Name = name
+	parse.Name = strings.ToLower(name)
 
 	// Update the policy
 	if err := b.Core.policy.SetPolicy(parse); err != nil {

vault/logical_system_test.go

@@ -445,7 +445,7 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
 
 	// Create the policy
 	rules := `path "foo/" { policy = "read" }`
-	req := logical.TestRequest(t, logical.WriteOperation, "policy/foo")
+	req := logical.TestRequest(t, logical.WriteOperation, "policy/Foo")
 	req.Data["rules"] = rules
 	resp, err := b.HandleRequest(req)
 	if err != nil {
@@ -470,6 +470,13 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
 		t.Fatalf("got: %#v expect: %#v", resp.Data, exp)
 	}
 
+	// Read, and make sure that case has been normalized
+	req = logical.TestRequest(t, logical.ReadOperation, "policy/Foo")
+	resp, err = b.HandleRequest(req)
+	if resp != nil {
+		t.Fatalf("err: expected nil response, got %#v", *resp)
+	}
+
 	// List the policies
 	req = logical.TestRequest(t, logical.ReadOperation, "policy")
 	resp, err = b.HandleRequest(req)