scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit b19562db9a (#24026)

Browse Source 
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-11-06 08:50:02 -05:00
committed by GitHub
parent 15a5a45183
commit 31ad3413c8
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vault/policy_store.go
View File

@@ -467,7 +467,7 @@ func (ps *PolicyStore) GetNonEGPPolicyType(nsID string, name string) (*PolicyTyp
pt, ok := ps.policyTypeMap.Load(index)
if !ok {
// Doesn't exist
return nil, fmt.Errorf("policy does not exist in type map: %v", index)
return nil, ErrPolicyNotExistInTypeMap
}
policyType, ok := pt.(PolicyType)

4
vault/policy_store_test.go
View File

@@ -394,7 +394,7 @@ func TestPolicyStore_GetNonEGPPolicyType(t *testing.T) {
paramNamespace: "1AbcD",
paramPolicyName: "policy1",
isErrorExpected: true,
expectedErrorMessage: "policy does not exist in type map: 1AbcD/policy1",
expectedErrorMessage: "policy does not exist in type map",
},
"not-in-map-rgp": {
policyStoreKey: "2WxyZ/policy2",
@@ -402,7 +402,7 @@ func TestPolicyStore_GetNonEGPPolicyType(t *testing.T) {
paramNamespace: "1AbcD",
paramPolicyName: "policy1",
isErrorExpected: true,
expectedErrorMessage: "policy does not exist in type map: 1AbcD/policy1",
expectedErrorMessage: "policy does not exist in type map",
},
"unknown-policy-type": {
policyStoreKey: "1AbcD/policy1",

10
vault/request_handling.go
View File

@@ -52,7 +52,8 @@ var (
// to complete, unless overridden on a per-handler basis
DefaultMaxRequestDuration = 90 * time.Second
ErrNoApplicablePolicies = errors.New("no applicable policies")
ErrNoApplicablePolicies = errors.New("no applicable policies")
ErrPolicyNotExistInTypeMap = errors.New("policy does not exist in type map")
egpDebugLogging bool
@@ -180,6 +181,13 @@ func (c *Core) getApplicableGroupPolicies(ctx context.Context, tokenNS *namespac
for _, policyName := range nsPolicies {
t, err := c.policyStore.GetNonEGPPolicyType(policyNS.ID, policyName)
if err != nil && errors.Is(err, ErrPolicyNotExistInTypeMap) {
// When we attempt to get a non-EGP policy type, and receive an
// explicit error that it doesn't exist (in the type map) we log the
// ns/policy and continue without error.
c.Logger().Debug(fmt.Errorf("%w: %v/%v", err, policyNS.ID, policyName).Error())
continue
}
if err != nil || t == nil {
return nil, fmt.Errorf("failed to look up type of policy: %w", err)
}