Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config: set default length only if password policy is missing #85

Merged
merged 4 commits into from
Jun 21, 2022
Merged

config: set default length only if password policy is missing #85

merged 4 commits into from
Jun 21, 2022

Conversation

calvn
Copy link
Contributor

@calvn calvn commented Jun 18, 2022
edited
Loading

Overview

This PR fixes an issue in the config endpoint where the default length value is always set regardless of whether password_policy is provided. This leads to configuration errors unless length=0 is explicitly provided. password_policy and length are mutually exclusive, with preferred on password_policy, so the engine should understand that the value is ignored and not necessary if password_policy is provided.

vault write ad/config \
    binddn=vagrant \
    bindpass=vagrant \
    url=ldaps://127.0.0.1 \
    userdn='dc=Marti,dc=com' \
    password_policy=example

Error writing data to ad/config: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/ad/config
Code: 500. Errors:

* 1 error occurred:
* cannot set password_policy and either length or formatter

Design of Change

We now parse the password_policy first, and fallback to fetching length's default value if both the length and password_policy is absent. The change should be backwards compatible.

Contributor Checklist

  • Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
    Note: Docs already describes this behavior, but the engine was not behaving as expected.
  • Backwards compatible

@calvn calvn requested a review from a team June 18, 2022 00:12
austingebauer
austingebauer approved these changes Jun 20, 2022
View reviewed changes
Copy link
Contributor

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

plugin/path_config.go Outdated Show resolved Hide resolved
@calvn calvn merged commit e44e9fa into main Jun 21, 2022
Merged
2 tasks
@calvn calvn mentioned this pull request Jun 24, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@austingebauer austingebauer austingebauer approved these changes

Assignees
No one assigned
Labels
backport/vault-1.11.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@calvn @austingebauer