Fixed Policy Permissions intergration and spelling.
This commit is contained in:
parent
12342c1d05
commit
d480df7141
12
vault/acl.go
12
vault/acl.go
|
@ -60,13 +60,13 @@ func NewACL(policies []*Policy) (*ACL, error) {
|
|||
|
||||
case pc.Permissions.CapabilitiesBitmap&DenyCapabilityInt > 0:
|
||||
// If this new policy explicitly denies, only save the deny value
|
||||
pc.Permissions.CapabilitesBitmap = DenyCapabilityInt
|
||||
pc.Permissions.CapabilitiesBitmap = DenyCapabilityInt
|
||||
tree.Insert(pc.Prefix, pc.Permissions)
|
||||
|
||||
default:
|
||||
// Insert the capabilities in this new policy into the existing
|
||||
// value
|
||||
pc.Permissions.CapabilitesBitmap = existing | pc.Permissions.CapabilitesBitmap
|
||||
pc.Permissions.CapabilitiesBitmap = existing | pc.Permissions.CapabilitiesBitmap
|
||||
tree.Insert(pc.Prefix, pc.Permissions)
|
||||
}
|
||||
}
|
||||
|
@ -86,7 +86,7 @@ func (a *ACL) Capabilities(path string) (pathCapabilities []string) {
|
|||
|
||||
if ok {
|
||||
perm := raw.(Permissions)
|
||||
capbilities := perm.CapabilitiesBitmap
|
||||
capabilities = perm.CapabilitiesBitmap
|
||||
goto CHECK
|
||||
}
|
||||
|
||||
|
@ -96,7 +96,7 @@ func (a *ACL) Capabilities(path string) (pathCapabilities []string) {
|
|||
return []string{DenyCapability}
|
||||
} else {
|
||||
perm := raw.(Permissions)
|
||||
capbilities := perm.CapabilitiesBitmap
|
||||
capabilities = perm.CapabilitiesBitmap
|
||||
}
|
||||
|
||||
CHECK:
|
||||
|
@ -143,8 +143,8 @@ func (a *ACL) AllowOperation(op logical.Operation, path string) (allowed bool, s
|
|||
///////////////////////////////////////////////////////////////////////////////////
|
||||
// Parse Request and set variables to check on
|
||||
///////////////////////////////////////////////////////////////////////////////////
|
||||
op := req.Operation
|
||||
path := req.Path
|
||||
//op = req.Operation
|
||||
//path = req.Path
|
||||
|
||||
// Help is always allowed
|
||||
if op == logical.HelpOperation {
|
||||
|
|
|
@ -56,11 +56,6 @@ type Policy struct {
|
|||
Raw string
|
||||
}
|
||||
|
||||
type Permissions struct {
|
||||
CapabilitiesBitmap uint32 `hcl:"-"`
|
||||
AllowedParams map[string]bool
|
||||
DisallowedParams map[string]bool
|
||||
}
|
||||
|
||||
/*
|
||||
*/
|
||||
|
@ -69,11 +64,16 @@ type PathCapabilities struct {
|
|||
Prefix string
|
||||
Policy string
|
||||
Capabilities []string
|
||||
//CapabilitiesBitmap uint32 `hcl:"-"`
|
||||
AclCapabilites *Permissions
|
||||
Permissions *Permissions
|
||||
Glob bool
|
||||
}
|
||||
|
||||
type Permissions struct {
|
||||
CapabilitiesBitmap uint32 `hcl:"-"`
|
||||
AllowedParams map[string]bool
|
||||
DisallowedParams map[string]bool
|
||||
}
|
||||
|
||||
// Parse is used to parse the specified ACL rules into an
|
||||
// intermediary set of policies, before being compiled into
|
||||
// the ACL
|
||||
|
@ -118,6 +118,7 @@ func Parse(rules string) (*Policy, error) {
|
|||
func parsePaths(result *Policy, list *ast.ObjectList) error {
|
||||
// specifically how can we access the key value pairs for
|
||||
// permissions
|
||||
fmt.Println(list);
|
||||
paths := make([]*PathCapabilities, 0, len(list.Items))
|
||||
for _, item := range list.Items {
|
||||
key := "path"
|
||||
|
@ -167,6 +168,8 @@ func parsePaths(result *Policy, list *ast.ObjectList) error {
|
|||
}
|
||||
}
|
||||
|
||||
pc.Permissions = new(Permissions)
|
||||
|
||||
// Initialize the map
|
||||
pc.Permissions.CapabilitiesBitmap = 0
|
||||
for _, cap := range pc.Capabilities {
|
||||
|
|
Loading…
Reference in New Issue