luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

allowed/disallowed_policies as TypeCommaStringSlice (#3641) 

Our docs apparently claim that this is a list, but the code is
string-only. This fixes that discrepancy.
This commit is contained in:
Jeff Mitchell 2017-12-04 12:47:05 -05:00 committed by GitHub
parent 892a0cb5e0
commit 8f159b12b1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@ -1,7 +1,17 @@
## 0.9.1 (Unreleased)
DEPRECATIONS/CHANGES:
* Token Auth Backend Roles parameter types: For `allowed_policies` and
`disallowed_policies` in role definitions in the token auth backend, input
can now be a comma-separated string or an array of strings. Reading a role
will now return arrays for these parameters.
IMPROVEMENTS:
* auth/token: `allowed_policies` and `disallowed_policies` can now be
specified as a comma-separated string or an array of strings
BUG FIXES:
* database/mysql: Allow the creation statement to use commands that are not

18
vault/token_store.go
View File

@ -178,14 +178,12 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
},
"allowed_policies": &framework.FieldSchema{
Type: framework.TypeString,
Default: "",
Type: framework.TypeCommaStringSlice,
Description: tokenAllowedPoliciesHelp,
},
"disallowed_policies": &framework.FieldSchema{
Type: framework.TypeString,
Default: "",
Type: framework.TypeCommaStringSlice,
Description: tokenDisallowedPoliciesHelp,
},
@ -2465,18 +2463,18 @@ func (ts *TokenStore) tokenStoreRoleCreateUpdate(
return logical.ErrorResponse(fmt.Sprintf("error registering path suffix: %s", consts.ErrPathContainsParentReferences)), nil
}
allowedPoliciesStr, ok := data.GetOk("allowed_policies")
allowedPoliciesRaw, ok := data.GetOk("allowed_policies")
if ok {
entry.AllowedPolicies = policyutil.SanitizePolicies(strings.Split(allowedPoliciesStr.(string), ","), policyutil.DoNotAddDefaultPolicy)
entry.AllowedPolicies = policyutil.SanitizePolicies(allowedPoliciesRaw.([]string), policyutil.DoNotAddDefaultPolicy)
} else if req.Operation == logical.CreateOperation {
entry.AllowedPolicies = policyutil.SanitizePolicies(strings.Split(data.Get("allowed_policies").(string), ","), policyutil.DoNotAddDefaultPolicy)
entry.AllowedPolicies = policyutil.SanitizePolicies(data.Get("allowed_policies").([]string), policyutil.DoNotAddDefaultPolicy)
}
disallowedPoliciesStr, ok := data.GetOk("disallowed_policies")
disallowedPoliciesRaw, ok := data.GetOk("disallowed_policies")
if ok {
entry.DisallowedPolicies = strutil.ParseDedupLowercaseAndSortStrings(disallowedPoliciesStr.(string), ",")
entry.DisallowedPolicies = strutil.RemoveDuplicates(disallowedPoliciesRaw.([]string), true)
} else if req.Operation == logical.CreateOperation {
entry.DisallowedPolicies = strutil.ParseDedupLowercaseAndSortStrings(data.Get("disallowed_policies").(string), ",")
entry.DisallowedPolicies = strutil.RemoveDuplicates(data.Get("disallowed_policies").([]string), true)
}
// Store it