Only add distinct policies to identity group (#15638)

* Only add distinct policies to identity group

changelog/15638.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+vault: Fix a bug where duplicate policies could be added to an identity group.
+```

vault/identity_store_groups.go

@@ -181,7 +181,7 @@ func (i *IdentityStore) handleGroupUpdateCommon(ctx context.Context, req *logica
 	// Update the policies if supplied
 	policiesRaw, ok := d.GetOk("policies")
 	if ok {
-		group.Policies = policiesRaw.([]string)
+		group.Policies = strutil.RemoveDuplicatesStable(policiesRaw.([]string), true)
 	}
 
 	if strutil.StrListContains(group.Policies, "root") {

vault/identity_store_groups_test.go

@@ -677,7 +677,7 @@ func TestIdentityStore_GroupsCreateUpdate(t *testing.T) {
 
 	// Create a group with the above created 2 entities as its members
 	groupData := map[string]interface{}{
-		"policies":          "testpolicy1,testpolicy2",
+		"policies":          "testpolicy1,testPolicy1 , testpolicy2",
 		"metadata":          []string{"testkey1=testvalue1", "testkey2=testvalue2"},
 		"member_entity_ids": []string{entityID1, entityID2},
 	}