919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
4761209331
Fix build
2018-08-27 19:59:59 -04:00
b44b25d816
Allow fallback to non /-suffixed path for list acling ( #5197 )
...
This works around a very, very common error where people write policies
to affect listing but forget the slash at the end. If there is no exact
rule with a slash at the end when doing a list, we look to see if there
is a rule without it, and if so, use those capabilities.
Fixes #mass-user-confusion
2018-08-27 16:44:07 -07:00
ee07e6ae59
Checks for assigning root policy ( #5152 )
...
* Fail if other policies present along with root
* disallow entity/group to contain root policy
2018-08-21 16:12:23 -04:00
4798af88f9
Fix some cases where unauthorized calls could return 400 ( #5083 )
2018-08-10 08:59:58 -05:00
575a606db7
Move TokenEntry into logical. ( #4729 )
...
This allows the HTTP logicalAuth handler to cache the value in the
logical.Request, avoiding a lookup later when performing acl
checks/counting a use.
2018-06-08 17:24:27 -04:00
6b345ccdef
Use copystructure when assigning allowed/denied params from nil check ( #4585 )
...
Fixes #4582
2018-05-18 13:33:49 -07:00
c683315b67
Check allowed/denied/required params on read calls. ( #4579 )
...
We added support a bit ago for some read operations to take in
parameters, so we should now apply these checks against them.
2018-05-16 11:28:46 -04:00
73b1fde82f
Spelling ( #4119 )
2018-03-20 14:54:10 -04:00
0f7e3bb79b
Add context to performPolicyChecks
2018-01-19 02:43:39 -05:00
3d8d887676
Add ability to require parameters in ACLs ( #3510 )
2017-11-02 07:18:49 -04:00
d38a699c32
Make compile
2017-10-23 17:15:56 -04:00
c144f95be0
Sync over
2017-10-23 16:43:07 -04:00
ab5014534e
Clone policy permissions and then use existing values rather than policy values for modifications ( #2826 )
...
Should fix #2804
2017-06-07 13:49:51 -04:00
e62f5dbc31
Allowed/Denied parameters support for globs ( #2438 )
...
* Add check for globbed strings
* Add tests for the acl globbing
* Fix bad test case
2017-03-03 14:50:55 -08:00
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
9a9b89f16f
Update confusing comment
2017-02-21 16:06:00 -08:00
a25132cec4
On merge favor values that have additive privileges
2017-02-21 15:53:27 -08:00
9ec8dd3d17
PR feedback
2017-02-21 15:02:39 -08:00
07799f665d
Simplify the merging of two policies
2017-02-16 16:30:08 -08:00
136730cb01
Update logic to fix a few edge cases:
2017-02-16 15:20:11 -08:00
f1d5b60b97
s/has/has been/
2017-02-15 22:19:35 -08:00
c80593387c
Remove unnecessary else condition
2017-02-15 22:18:20 -08:00
24d8710233
Fix the issue of returning on the first paramater check. Added tests for this case.
2017-02-15 22:13:18 -08:00
e1424c631e
Add logic to merge the two arrays and refactor the test around merging
2017-01-20 11:16:46 -08:00
090736d4df
Clean up logic a bit and add some comments
2017-01-19 18:41:15 -08:00
be10ef9d42
Use deepequals and write tests for the allow/disallow values
2017-01-17 16:40:21 -08:00
1d3cae860b
Start to check the values with allowed/dissallowed lists in policy.
2017-01-16 17:48:22 -08:00
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
e349d64dbc
Finished merge testing.
2016-11-06 15:16:08 -08:00
42e0ecb0b8
narrowed the problem to: the Permissions struct in the TestPolicyMerge method is not being initialized
2016-11-06 13:38:25 -08:00
2add5dbf3a
Started the testing on merged pathCapabilites
2016-11-01 21:27:33 -07:00
b5669d73db
Had to change what a wildcard value in a parameter mapped to, from a nil value to an empty struct
2016-10-28 12:54:37 -07:00
3a0e01a5d7
Added the merging of wildcards to allowed and denied parameters.
2016-10-28 12:33:50 -07:00
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
353241e328
Fixing type assertions.
2016-10-21 21:12:02 -07:00
ed982675a1
permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes
2016-10-21 19:35:55 -07:00
c6b63b5312
Implemented AllowOperation parameter permission checking for request data.
2016-10-21 18:38:05 -07:00
c2b512cf46
Changed AllowOperation to take logical.Request
2016-10-16 16:29:52 -07:00
bd7711bebf
Merge allowed and disallowed parameters maps.
2016-10-16 15:24:32 -07:00
d480df7141
Fixed Policy Permissions intergration and spelling.
2016-10-14 10:22:00 -07:00
4582f2268c
working on modifying AllowOperation in acl.go
2016-10-10 11:21:25 -07:00
6aa9a1d165
updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure
2016-10-09 15:39:58 -07:00
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
9217c49184
Adding acl.Capabilities to do the path matching
2016-03-04 12:04:26 -05:00
7394f97439
Fix out-of-date comment
2016-03-03 13:37:51 -05:00
f9bbe0fb04
Use logical operations instead of strings for comparison
2016-01-12 21:16:31 -05:00
4253299dfe
Store uint32s in radix
2016-01-12 17:24:01 -05:00
e58705b34c
Cleanup
2016-01-12 17:10:48 -05:00
Jeff Mitchell