open-vault/http
Christopher Swenson 7a977fd6ea
events: Check token and ACLs on request (#19138)
This checks the request against the `read` permission for
`sys/events/subscribe/{eventType}` on the initial subscribe.

Future work includes moving this to its own verb (`subscribe`)
and periodically rechecking the request.

Tested locally by minting a token with the wrong permissions
and verifying that they are rejected as expected, and that
they work if the policy is adjusted to `sys/event/subscribe/*`
(or the specific topic name) with `read` permissions.

I had to change the `core.checkToken()` to be publicly accessible,
as it seems like the easiest way to check the token on the
`logical.Request` against all relevant policies, but without
going into all of the complex logic further in `handleLogical()`.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-10 20:56:00 +00:00
..
web_ui Make web_ui complient with Go's native embedding (#14246) 2022-02-24 09:12:36 -05:00
assets.go update gofumpt to 0.3.1 and reformat the repo (#17055) 2022-09-07 17:31:20 -07:00
assets_stub.go
auth_token_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
cors.go
custom_header_test.go
events.go events: Check token and ACLs on request (#19138) 2023-02-10 20:56:00 +00:00
events_test.go events: Check token and ACLs on request (#19138) 2023-02-10 20:56:00 +00:00
forwarded_for_test.go Create global quotas of each type in every NewTestCluster. (#18038) 2022-11-29 14:38:33 -05:00
forwarding_bench_test.go TestClusterCore's TLSConfig becomes a method and does a Clone. (#18914) 2023-01-31 11:05:16 -05:00
forwarding_test.go TestClusterCore's TLSConfig becomes a method and does a Clone. (#18914) 2023-01-31 11:05:16 -05:00
handler.go events: Allow subscribing to events in namespaces (#19134) 2023-02-10 19:02:42 +00:00
handler_test.go Plugins: Consistently use plugin_version (#17171) 2022-09-20 12:35:50 +01:00
help.go Vault-4010 Unauthenticated panic when processing "help" requests (#14704) 2022-03-24 12:19:14 -07:00
help_test.go Vault-4010 Unauthenticated panic when processing "help" requests (#14704) 2022-03-24 12:19:14 -07:00
http_test.go
logical.go events: Check token and ACLs on request (#19138) 2023-02-10 20:56:00 +00:00
logical_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
plugin_test.go Support version selection for database plugins (#16982) 2022-09-09 17:32:28 +01:00
sys_audit_test.go
sys_auth_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
sys_config_cors_test.go
sys_config_state_test.go Add experiment system + events experiment (#18682) 2023-01-16 16:07:18 +00:00
sys_feature_flags.go
sys_generate_root.go
sys_generate_root_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
sys_health.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
sys_health_test.go
sys_hostinfo_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
sys_in_flight_requests.go
sys_in_flight_requests_test.go
sys_init.go Revert #18683 (#18942) 2023-02-01 13:34:53 -06:00
sys_init_test.go OSS portion of wrapper-v2 (#16811) 2022-08-23 15:37:16 -04:00
sys_internal_test.go
sys_leader.go
sys_leader_test.go
sys_lease_test.go
sys_metrics.go
sys_metrics_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
sys_monitor_test.go Make API not depend on SDK (#18962) 2023-02-06 09:41:56 -05:00
sys_mount_test.go Vault test cluster helper refactorings, mostly audit related (#18928) 2023-02-01 08:33:16 -05:00
sys_mounts_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
sys_policy_test.go
sys_raft.go Use %q for quoted strings where appropriate (#15216) 2022-08-03 12:32:45 -06:00
sys_rekey.go
sys_rekey_test.go
sys_rotate_test.go
sys_seal.go
sys_seal_test.go Move version out of SDK. (#14229) 2022-12-07 13:29:51 -05:00
sys_wrapping_test.go return 403 for wrapping requests when no token provided (#18859) 2023-01-31 13:57:50 -05:00
testing.go Create global quotas of each type in every NewTestCluster. (#18038) 2022-11-29 14:38:33 -05:00
unwrapping_raw_body_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
util.go VAULT-6614 Enable role based quotas for lease-count quotas (OSS) (#16157) 2022-07-05 13:02:00 -04:00