open-vault/builtin
Jeff Mitchell cb1a686e3b
Strip empty strings from database revocation stmts (#5955)
* Strip empty strings from database revocation stmts

It's technically valid to give empty strings as statements to run on
most databases. However, in the case of revocation statements, it's not
only generally inadvisable but can lead to lack of revocations when you
expect them. This strips empty strings from the array of revocation
statements.

It also makes two other changes:

* Return statements on read as empty but valid arrays rather than nulls,
so that typing information is inferred (this is more in line with the
rest of Vault these days)

* Changes field data for TypeStringSlice and TypeCommaStringSlice such
that a client-supplied value of `""` doesn't turn into `[]string{""}`
but rather `[]string{}`.

The latter and the explicit revocation statement changes are related,
and defense in depth.
2018-12-14 09:12:26 -05:00
..
audit Switch to strings.EqualFold (#5284) 2018-09-11 16:22:29 -07:00
credential Update path_role.go (#5820) 2018-11-19 13:40:36 -08:00
logical Strip empty strings from database revocation stmts (#5955) 2018-12-14 09:12:26 -05:00
plugin Run all builtins as plugins (#5536) 2018-11-06 17:21:24 -08:00