Warn on upper case in policy name (#14670)

* Warn on upper case in policy name * Rename name variable to be less confusing * Use more general solution for other string issues * Clarify changelog * Remove unnecessary check * Don't throw CLI warning until after past errors * Add before and after names with quotes to show spacing changes
2022-03-24 13:29:11 -07:00 · 2022-03-24 13:29:11 -07:00 · f9372145dd
parent 7c8e6676c0
commit f9372145dd
3 changed files with 18 additions and 4 deletions
--- a/changelog/14670.txt
+++ b/changelog/14670.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+cli/vault: warn when policy name contains upper-case letter
+```
--- a/command/policy_write.go
+++ b/command/policy_write.go
@ -91,7 +91,8 @@ func (c *PolicyWriteCommand) Run(args []string) int {
 	}

 	// Policies are normalized to lowercase
-	name := strings.TrimSpace(strings.ToLower(args[0]))
+	policyName := args[0]
+	formattedName := strings.TrimSpace(strings.ToLower(policyName))
 	path := strings.TrimSpace(args[1])

 	// Get the policy contents, either from stdin of a file
@ -119,11 +120,15 @@ func (c *PolicyWriteCommand) Run(args []string) int {
 	}
 	rules := buf.String()

-	if err := client.Sys().PutPolicy(name, rules); err != nil {
+	if err := client.Sys().PutPolicy(formattedName, rules); err != nil {
 		c.UI.Error(fmt.Sprintf("Error uploading policy: %s", err))
 		return 2
 	}

-	c.UI.Output(fmt.Sprintf("Success! Uploaded policy: %s", name))
+	if policyName != formattedName {
+		c.UI.Warn(fmt.Sprintf("Policy name was converted from \"%s\" to \"%s\"", policyName, formattedName))
+	}
+
+	c.UI.Output(fmt.Sprintf("Success! Uploaded policy: %s", formattedName))
 	return 0
 }
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -2435,14 +2435,19 @@ func (b *SystemBackend) handlePoliciesSet(policyType PolicyType) framework.Opera
 			return nil, err
 		}

+		name := data.Get("name").(string)
 		policy := &Policy{
-			Name:      strings.ToLower(data.Get("name").(string)),
+			Name:      strings.ToLower(name),
 			Type:      policyType,
 			namespace: ns,
 		}
 		if policy.Name == "" {
 			return logical.ErrorResponse("policy name must be provided in the URL"), nil
 		}
+		if name != policy.Name {
+			resp = &logical.Response{}
+			resp.AddWarning(fmt.Sprintf("policy name was converted to %s", policy.Name))
+		}

 		policy.Raw = data.Get("policy").(string)
 		if policy.Raw == "" && policyType == PolicyTypeACL && strings.HasPrefix(req.Path, "policy") {
@ -2485,6 +2490,7 @@ func (b *SystemBackend) handlePoliciesSet(policyType PolicyType) framework.Opera
 		if err := b.Core.policyStore.SetPolicy(ctx, policy); err != nil {
 			return handleError(err)
 		}
+
 		return resp, nil
 	}
 }