From 693ba0eddc33bd219b73bb6465666e4399c8d5d3 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Tue, 19 Sep 2023 15:54:42 -0400 Subject: [PATCH] backport of commit c73eacbaf6ae6b5860e1ad9a3b6ce930c093a105 (#23174) Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com> --- changelog/23155.txt | 3 ++ vault/logical_system.go | 6 ++-- vault/logical_system_test.go | 60 ++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 changelog/23155.txt diff --git a/changelog/23155.txt b/changelog/23155.txt new file mode 100644 index 000000000..0c6914a78 --- /dev/null +++ b/changelog/23155.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: Fixes list password policy to include those with names containing / characters. +``` \ No newline at end of file diff --git a/vault/logical_system.go b/vault/logical_system.go index a332276b9..02be0a986 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -3003,11 +3003,13 @@ const ( // handlePoliciesPasswordList returns the list of password policies func (*SystemBackend) handlePoliciesPasswordList(ctx context.Context, req *logical.Request, data *framework.FieldData) (resp *logical.Response, err error) { - keys, err := req.Storage.List(ctx, "password_policy/") + keys, err := logical.CollectKeysWithPrefix(ctx, req.Storage, "password_policy/") if err != nil { return nil, err } - + for i := range keys { + keys[i] = strings.TrimPrefix(keys[i], "password_policy/") + } return logical.ListResponse(keys), nil } diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index fcb441a56..e84794c37 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -4671,6 +4671,66 @@ func TestHandlePoliciesPasswordList(t *testing.T) { }, }, }, + "policy with /": { + storage: makeStorage(t, + &logical.StorageEntry{ + Key: getPasswordPolicyKey("testpolicy/testpolicy1"), + Value: toJson(t, + passwordPolicyConfig{ + HCLPolicy: "length = 18\n" + + "rule \"charset\" {\n" + + " charset=\"ABCDEFGHIJ\"\n" + + "}", + }), + }, + ), + + expectedResp: &logical.Response{ + Data: map[string]interface{}{ + "keys": []string{"testpolicy/testpolicy1"}, + }, + }, + }, + "list path/to/policy": { + storage: makeStorage(t, + &logical.StorageEntry{ + Key: getPasswordPolicyKey("path/to/policy"), + Value: toJson(t, + passwordPolicyConfig{ + HCLPolicy: "length = 18\n" + + "rule \"charset\" {\n" + + " charset=\"ABCDEFGHIJ\"\n" + + "}", + }), + }, + ), + + expectedResp: &logical.Response{ + Data: map[string]interface{}{ + "keys": []string{"path/to/policy"}, + }, + }, + }, + "policy ending with /": { + storage: makeStorage(t, + &logical.StorageEntry{ + Key: getPasswordPolicyKey("path/to/policy/"), + Value: toJson(t, + passwordPolicyConfig{ + HCLPolicy: "length = 18\n" + + "rule \"charset\" {\n" + + " charset=\"ABCDEFGHIJ\"\n" + + "}", + }), + }, + ), + + expectedResp: &logical.Response{ + Data: map[string]interface{}{ + "keys": []string{"path/to/policy/"}, + }, + }, + }, "storage failure": { storage: new(logical.InmemStorage).FailList(true),