Jeff Mitchell
654e7d92ac
Properly lowercase policy names. ( #3210 )
...
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.
Fixes #3187
2017-08-18 19:47:23 -04:00
Jeff Mitchell
ab5014534e
Clone policy permissions and then use existing values rather than policy values for modifications ( #2826 )
...
Should fix #2804
2017-06-07 13:49:51 -04:00
Brian Kassouf
e62f5dbc31
Allowed/Denied parameters support for globs ( #2438 )
...
* Add check for globbed strings
* Add tests for the acl globbing
* Fix bad test case
2017-03-03 14:50:55 -08:00
Jeff Mitchell
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
Brian Kassouf
dd5b541db6
Added test for the empty values array case
2017-02-21 16:02:00 -08:00
Brian Kassouf
9ec8dd3d17
PR feedback
2017-02-21 15:02:39 -08:00
Brian Kassouf
1c5264c66c
ToLower parameter strings
2017-02-16 17:50:10 -08:00
Brian Kassouf
07799f665d
Simplify the merging of two policies
2017-02-16 16:30:08 -08:00
Brian Kassouf
7229bdfd38
Remove debug code
2017-02-16 16:14:30 -08:00
Brian Kassouf
136730cb01
Update logic to fix a few edge cases:
2017-02-16 15:20:11 -08:00
Brian Kassouf
8d880f5181
Remove duplicate test case
2017-02-15 22:38:33 -08:00
Brian Kassouf
24d8710233
Fix the issue of returning on the first paramater check. Added tests for this case.
2017-02-15 22:13:18 -08:00
Jeff Mitchell
da9e62bc24
Remove "permissions" from ACL
2017-02-15 21:12:26 -05:00
Brian Kassouf
e1424c631e
Add logic to merge the two arrays and refactor the test around merging
2017-01-20 11:16:46 -08:00
Brian Kassouf
1580296ae5
Update tests to check parsing of types
2017-01-19 18:13:39 -08:00
Brian Kassouf
5ccb3e052b
Add tests for boolean values
2017-01-19 17:41:02 -08:00
Brian Kassouf
f3870061ee
fix some of the tests and rename allowed/dissallowed paramaters
2017-01-19 16:40:19 -08:00
Brian Kassouf
25b49b8bae
Add test cases for map and integer types
2017-01-18 17:11:25 -08:00
Brian Kassouf
be10ef9d42
Use deepequals and write tests for the allow/disallow values
2017-01-17 16:40:21 -08:00
mwoolsey
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
lemondrank
c63d9e9f24
added AllowOperation tests
2016-11-07 12:28:41 -08:00
ChaseLEngel
a847caa4ae
Moved Operations out of test cases variable.
2016-11-07 12:08:17 -08:00
ChaseLEngel
e349d64dbc
Finished merge testing.
2016-11-06 15:16:08 -08:00
mwoolsey
42e0ecb0b8
narrowed the problem to: the Permissions struct in the TestPolicyMerge method is not being initialized
2016-11-06 13:38:25 -08:00
mwoolsey
2add5dbf3a
Started the testing on merged pathCapabilites
2016-11-01 21:27:33 -07:00
ChaseLEngel
482ed0a659
Add merge testcases
2016-11-01 19:48:00 -07:00
lemondrank
975ac72822
started acl_test updates
2016-10-30 15:09:45 -07:00
ChaseLEngel
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
vishalnayak
9947b33498
Added tests for disallowed_policies
2016-08-02 15:21:15 -04:00
vishalnayak
aab24113b0
test cases for capabilities endpoint
2016-03-05 00:03:55 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Armon Dadgar
3d2fa8818e
vault: adding another ACL test
2015-07-05 17:34:34 -06:00
Armon Dadgar
05b3fa836e
vault: Handle exact vs glob match, deny has highest precedence
2015-07-05 17:31:30 -06:00
Armon Dadgar
51ce336753
vault: Adding PolicyStore
2015-03-18 12:17:03 -07:00
Armon Dadgar
99abc11ec5
vault: Adding ACL representation
2015-03-17 18:31:20 -07:00