Commit graph

28 commits

Author SHA1 Message Date
Jeff Mitchell cb1a686e3b
Strip empty strings from database revocation stmts (#5955)
* Strip empty strings from database revocation stmts

It's technically valid to give empty strings as statements to run on
most databases. However, in the case of revocation statements, it's not
only generally inadvisable but can lead to lack of revocations when you
expect them. This strips empty strings from the array of revocation
statements.

It also makes two other changes:

* Return statements on read as empty but valid arrays rather than nulls,
so that typing information is inferred (this is more in line with the
rest of Vault these days)

* Changes field data for TypeStringSlice and TypeCommaStringSlice such
that a client-supplied value of `""` doesn't turn into `[]string{""}`
but rather `[]string{}`.

The latter and the explicit revocation statement changes are related,
and defense in depth.
2018-12-14 09:12:26 -05:00
Calvin Leung Huang 37c0b83669
Add denylist check when filtering passthrough headers (#5436)
* Add denylist check when filtering passthrough headers

* Minor comment update
2018-10-01 12:20:31 -07:00
Jeff Mitchell 2ed2e696a7
Merge Identity Entities if two claim the same alias (#5075)
* Merge Identity Entities if two claim the same alias

Past bugs/race conditions meant two entities could be created each
claiming the same alias. There are planned longer term fixes for this
(outside of the race condition being fixed in 0.10.4) that involve
changing the data model, but this is an immediate workaround that has
the same net effect: if two entities claim the same alias, assume they
were created due to this race condition and merge them.

In this situation, also automatically merge policies so we don't lose
e.g. RGPs.
2018-08-09 15:37:36 -05:00
Jim Kalafut 70d516b34d
Update ParseStringSlice and address lint/vet warnings (#5069) 2018-08-09 11:13:37 -07:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252)
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
2018-04-05 11:49:21 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell f33563f667 Some vet fixes 2018-02-04 20:37:57 -05:00
Chris Hoffman 5b2b168e97
Converting OU and Organization role fields to CommaStringSlice (#3804) 2018-01-17 11:53:49 -05:00
Brian Kassouf 7fed43c035
Add the ability to glob allowed roles in the Database Backend (#3387)
* Add the ability to glob allowed roles in the Database Backend

* Make the error messages better

* Switch to the go-glob repo
2017-10-30 13:24:25 -07:00
Dan Everton 32add0809e More efficient s3 paging (#2780) 2017-06-16 11:09:15 -04:00
vishalnayak 07704fa81c Fix index out of range bug in ParseKeyValues 2017-05-17 21:47:13 -04:00
Brian Kassouf 2ab159569d Use the same TLS cert for the server and client 2017-04-19 15:46:07 -07:00
Chris Hoffman 847c86f788 Rename ParseDedupAndSortStrings to ParseDedupLowercaseAndSortStrings (#2614) 2017-04-19 10:39:07 -04:00
Chris Hoffman 6afcf2aa7d List Handling in API and CLI (#2584) 2017-04-18 16:02:31 -04:00
Jeff Mitchell 709389dd36 Use ParseStringSlice on PKI organization/organizational unit. (#2561)
After, separately dedup and use new flag to not lowercase value.

Fixes #2555
2017-04-04 08:54:18 -07:00
Brian Kassouf e62f5dbc31 Allowed/Denied parameters support for globs (#2438)
* Add check for globbed strings

* Add tests for the acl globbing

* Fix bad test case
2017-03-03 14:50:55 -08:00
vishalnayak c9bd2a37f8 Don't sanitize disallowed_policies on token role 2017-01-17 21:34:14 -05:00
Félix Cantournet 103b7ceab2 all: test: Fix govet warnings
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Vishal Nayak 8400b87473 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
Jeff Mitchell 6ffdce7f40 Fix bugs and add test case for arbitrary string slice 2016-08-03 14:57:36 -04:00
Jeff Mitchell 9e204bd88c Add arbitrary string slice parsing.
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.

Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
Jeff Mitchell c025b292b5 Cleanup 2016-08-03 13:09:12 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
vishalnayak 8dc3a830dc Address review feedback 2016-07-22 10:21:45 -04:00
vishalnayak 58bd985551 Address review feedback from @jefferai 2016-07-22 08:44:16 -04:00
vishalnayak 765d131b47 Added service-tags config option to provide additional tags to registered service 2016-07-22 04:41:48 -04:00
vishalnayak 314a1f9406 Updates to policy and string helpers 2016-05-05 10:22:28 -04:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00