Brian Kassouf
303c2aee7c
Run a more strict formatter over the code ( #11312 )
...
* Update tooling
* Run gofumpt
* go mod vendor
2021-04-08 09:43:39 -07:00
Jeff Mitchell
aa6fafced9
Fix hasMountPath for segment wildcard mounts; introduce priority order ( #6532 )
...
* Add prioritization when multiple segment/glob rules can match.
* Disallow ambiguous "+*" in policy paths.
2019-04-10 17:46:17 -04:00
Jeff Mitchell
3dfa30acb4
Add ability to use path wildcard segments ( #6164 )
...
* Path globbing
* Add glob support at the beginning
* Ensure when evaluating an ACL that our path never has a leading slash. This already happens in the normal request path but not in tests; putting it here provides it for tests and extra safety in case the request path changes
* Simplify the algorithm, we don't really need to validate the prefix first as glob won't apply if it doesn't
* Add path segment wildcarding
* Disable path globbing for now
* Remove now-unneeded test
* Remove commented out globbing bits
* Remove more holdover glob bits
* Rename k var to something more clear
2019-02-14 18:31:43 -08:00
Jeff Mitchell
6d22f3fc2e
minor linting change
2019-01-23 17:19:06 -05:00
Jeff Mitchell
c5d8391c38
Prefix path rename ( #6089 )
...
* Rename Prefix -> Path in internal struct
* Update test
2019-01-23 15:04:49 -05:00
Jeff Mitchell
a11f2a3ba2
Rename glob -> prefix in ACL internals ( #6086 )
...
Really, it's a prefix
2019-01-23 13:55:40 -05:00
vishalnayak
c6faa3ee28
Add a comment to retain misspelling
2018-11-13 13:30:42 -05:00
vishalnayak
a96641c86f
Fix TestPolicy_ParseBadPath
2018-11-13 13:22:56 -05:00
Vishal Nayak
b4836575fb
Test for issue 5729 ( #5750 )
...
* Test for 5729
* Remove unneeded space
Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 11:16:10 -05:00
Jeff Mitchell
919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
Calvin Leung Huang
fb81016252
Fix output-related tests ( #4288 )
...
* Fix command tests
* More test fixes
* Use backticks to escape quoted strings
* More test fixes
* Fix mismatched error output failures
* Fix mismatched error output failures
2018-04-05 20:43:29 -04:00
Chris Hoffman
3d8d887676
Add ability to require parameters in ACLs ( #3510 )
2017-11-02 07:18:49 -04:00
Jeff Mitchell
47dae8ffc7
Sync
2017-10-23 14:59:37 -04:00
Jeff Mitchell
7f0a99e8eb
Add max/min wrapping TTL ACL statements ( #2411 )
2017-02-27 14:42:00 -05:00
Jeff Mitchell
da9e62bc24
Remove "permissions" from ACL
2017-02-15 21:12:26 -05:00
Brian Kassouf
1580296ae5
Update tests to check parsing of types
2017-01-19 18:13:39 -08:00
Brian Kassouf
f3870061ee
fix some of the tests and rename allowed/dissallowed paramaters
2017-01-19 16:40:19 -08:00
mwoolsey
907e735541
Permissions were changed from a structure to and array of interfaces. Code optimization for acl.go. Fixed bug where multiple parameters would allow if second or following parameters were denied and there was a wildcard in allow.
2016-12-06 18:14:15 -08:00
mwoolsey
bcd0618623
updated testing on a policy to cover parameters in the policy
2016-10-28 10:18:31 -07:00
ChaseLEngel
2ea4caeffb
Update acl and policy tests to use Permissions.
2016-10-21 23:45:39 -07:00
Seth Vargo
ad7049eed1
Parse policy HCL syntax and keys
2016-03-10 15:25:25 -05:00
Jeff Mitchell
9717ca5931
Strip leading paths in policies.
...
It appears to be a common mistake, but they won't ever match.
Fixes #1167
2016-03-03 11:32:48 -05:00
Jeff Mitchell
87fba5dad0
Convert map to bitmap
2016-01-12 17:08:10 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Armon Dadgar
eda88c18ff
vault: Adding precedence logic for conflicting policy
2015-07-05 17:30:19 -06:00
Armon Dadgar
27d01270c8
vault: look for glob character in policy
2015-07-05 14:58:38 -07:00
Armon Dadgar
ddab671bf4
vault: Adding policy parsing
2015-03-17 15:53:29 -07:00