luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Warn on upper case in policy name (#14670) 

* Warn on upper case in policy name

* Rename name variable to be less confusing

* Use more general solution for other string issues

* Clarify changelog

* Remove unnecessary check

* Don't throw CLI warning until after past errors

* Add before and after names with quotes to show spacing changes
This commit is contained in:
VAL 2022-03-24 13:29:11 -07:00 committed by GitHub
parent 7c8e6676c0
commit f9372145dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/14670.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
cli/vault: warn when policy name contains upper-case letter
```

11
command/policy_write.go
View File

@ -91,7 +91,8 @@ func (c *PolicyWriteCommand) Run(args []string) int {
} }
// Policies are normalized to lowercase // Policies are normalized to lowercase
name := strings.TrimSpace(strings.ToLower(args[0])) policyName := args[0]
formattedName := strings.TrimSpace(strings.ToLower(policyName))
path := strings.TrimSpace(args[1]) path := strings.TrimSpace(args[1])
// Get the policy contents, either from stdin of a file // Get the policy contents, either from stdin of a file
@ -119,11 +120,15 @@ func (c *PolicyWriteCommand) Run(args []string) int {
} }
rules := buf.String() rules := buf.String()
if err := client.Sys().PutPolicy(name, rules); err != nil { if err := client.Sys().PutPolicy(formattedName, rules); err != nil {
c.UI.Error(fmt.Sprintf("Error uploading policy: %s", err)) c.UI.Error(fmt.Sprintf("Error uploading policy: %s", err))
return 2 return 2
} }
c.UI.Output(fmt.Sprintf("Success! Uploaded policy: %s", name)) if policyName != formattedName {
c.UI.Warn(fmt.Sprintf("Policy name was converted from \"%s\" to \"%s\"", policyName, formattedName))
}
c.UI.Output(fmt.Sprintf("Success! Uploaded policy: %s", formattedName))
return 0 return 0
} }

8
vault/logical_system.go
View File

@ -2435,14 +2435,19 @@ func (b *SystemBackend) handlePoliciesSet(policyType PolicyType) framework.Opera
return nil, err return nil, err
} }
name := data.Get("name").(string)
policy := &Policy{ policy := &Policy{
Name: strings.ToLower(data.Get("name").(string)), Name: strings.ToLower(name),
Type: policyType, Type: policyType,
namespace: ns, namespace: ns,
} }
if policy.Name == "" { if policy.Name == "" {
return logical.ErrorResponse("policy name must be provided in the URL"), nil return logical.ErrorResponse("policy name must be provided in the URL"), nil
} }
if name != policy.Name {
resp = &logical.Response{}
resp.AddWarning(fmt.Sprintf("policy name was converted to %s", policy.Name))
}
policy.Raw = data.Get("policy").(string) policy.Raw = data.Get("policy").(string)
if policy.Raw == "" && policyType == PolicyTypeACL && strings.HasPrefix(req.Path, "policy") { if policy.Raw == "" && policyType == PolicyTypeACL && strings.HasPrefix(req.Path, "policy") {
@ -2485,6 +2490,7 @@ func (b *SystemBackend) handlePoliciesSet(policyType PolicyType) framework.Opera
if err := b.Core.policyStore.SetPolicy(ctx, policy); err != nil { if err := b.Core.policyStore.SetPolicy(ctx, policy); err != nil {
return handleError(err) return handleError(err)
} }
return resp, nil return resp, nil
} }
} }