Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't use Capitalized Policy Name to display policy even it is created using Capitalized name #3187

Closed
lauradiane opened this issue Aug 16, 2017 · 0 comments
Closed

Can't use Capitalized Policy Name to display policy even it is created using Capitalized name #3187

lauradiane opened this issue Aug 16, 2017 · 0 comments
Milestone
0.8.2

Comments

@lauradiane
Copy link
Contributor

Policy names in general work in a case-insensitive way. However, when you try to read a specific policy name that you've created with Capital Letters, nothing is returned. This contradicts Vault's normal behavior which is to just automatically translate it into the lower-case version.

Example:

// Write a policy with Capital Letters in the name

$ vault policy-write CapPolicy policy.hcl 
Policy 'CapPolicy' written.

// List policies and the new policy shows up converted into lowercase

$ vault policies
cappolicy
default
root

// Create a new token using any mixture of CAPS and lowercase and it will translate into the lowercase version of the policy

$ vault token-create -policy=CapPolicy
Key            	Value
---            	-----
token          	4316f873-bb06-f1bd-6b3a-ee4e148f7f09
token_accessor 	643b78bb-1866-6520-7d2a-40f44bd69d65
token_duration 	768h0m0s
token_renewable	true
token_policies 	[cappolicy default]

// Bug: Try listing the policy by name using the Capitalized version and nothing is returned (doesn't map back to lowercase version as it did for other Vault commands)

$ vault policies CapPolicy
<blank output>

Environment:

  • Vault Version: 0.8.0
  • Operating System/Architecture: macOS 10.12.6

Vault Config File:
cluster_name = "vaultron"

storage "consul" {
address = "172.17.0.5:8500"
path = "vault/"
disable_clustering = "false"
service_tags = "vaultron"
}

listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "1"
}
@jefferai jefferai modified the milestones: next-release, 0.8.2 Aug 16, 2017
jefferai added a commit that referenced this issue Aug 18, 2017
@jefferai
Properly lowercase policy names.
f838c6a 
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
@jefferai jefferai mentioned this issue Aug 18, 2017
Merged
jefferai added a commit that referenced this issue Aug 18, 2017
@jefferai
Properly lowercase policy names. (#3210)
88e9d19 
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.8.2
Development

No branches or pull requests
2 participants
@jefferai @lauradiane