Commit graph

26 commits

Author SHA1 Message Date
mwoolsey 907e735541 Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow. 2016-12-06 18:14:15 -08:00
ChaseLEngel 2ea4caeffb Update acl and policy tests to use Permissions. 2016-10-21 23:45:39 -07:00
mwoolsey ed982675a1 permissions structure now holds a map of strings to empty structs. Modified acl.go to acommidate these changes 2016-10-21 19:35:55 -07:00
ChaseLEngel c6b63b5312 Implemented AllowOperation parameter permission checking for request data. 2016-10-21 18:38:05 -07:00
ChaseLEngel c2b512cf46 Changed AllowOperation to take logical.Request 2016-10-16 16:29:52 -07:00
ChaseLEngel bd7711bebf Merge allowed and disallowed parameters maps. 2016-10-16 15:24:32 -07:00
mwoolsey 93bb52b733 policy now includes whether a certain parameter can be updated 2016-10-15 16:44:57 -07:00
mwoolsey 231d3e7758 policy now includes whether a certain parameter can be updated 2016-10-15 16:43:55 -07:00
ChaseLEngel 119dd9653e Adding permissions to hcl config and decoding it. 2016-10-14 14:24:45 -07:00
ChaseLEngel bd5235960c Fixed permission conflicts 2016-10-14 10:33:12 -07:00
ChaseLEngel d480df7141 Fixed Policy Permissions intergration and spelling. 2016-10-14 10:22:00 -07:00
mwoolsey eb8b8a1def created structure for permissions and modified parsePaths in policy.go and newAcl/AllowOperation in acl.go 2016-10-14 10:17:25 -07:00
mwoolsey 6aa9a1d165 updated policy.go to include an expanded structure to add the ability to track allowed and disallowed params in the PathCapabilities structure. Updating Acl.go to interface with the updated PathCapabilites structure 2016-10-09 15:39:58 -07:00
Seth Vargo f6adea85ce Preserve pointer 2016-03-10 15:55:47 -05:00
Seth Vargo ad7049eed1 Parse policy HCL syntax and keys 2016-03-10 15:25:25 -05:00
vishalnayak 9946a2d8b5 refactoring changes due to acl.Capabilities 2016-03-04 18:55:48 -05:00
Jeff Mitchell 9717ca5931 Strip leading paths in policies.
It appears to be a common mistake, but they won't ever match.

Fixes #1167
2016-03-03 11:32:48 -05:00
Jeff Mitchell 87fba5dad0 Convert map to bitmap 2016-01-12 17:08:10 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities.
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jesse Szwedko 6ef455af89 Fix warnings returned by make vet
$GOPATH/src/github.com/hashicorp/vault/vault/policy.go:69: unreachable code
$GOPATH/src/github.com/hashicorp/vault/vault/policy_store_test.go:139: github.com/hashicorp/vault/logical.StorageEntry composite literal uses unkeyed fields
2015-09-26 21:17:39 -07:00
Armon Dadgar eda88c18ff vault: Adding precedence logic for conflicting policy 2015-07-05 17:30:19 -06:00
Armon Dadgar 27d01270c8 vault: look for glob character in policy 2015-07-05 14:58:38 -07:00
Armon Dadgar f40ed182c4 vault: Support policy CRUD 2015-03-23 14:43:31 -07:00
Armon Dadgar 061b6b24f1 vault: Refactor to use CollectKeys 2015-03-18 12:06:18 -07:00
Armon Dadgar 99abc11ec5 vault: Adding ACL representation 2015-03-17 18:31:20 -07:00
Armon Dadgar ddab671bf4 vault: Adding policy parsing 2015-03-17 15:53:29 -07:00