Vault: Fix wild card paths for all backends

2025-11-03 03:58:01 +00:00 · 2015-08-21 00:56:13 -07:00
parent cdf2b4895d
commit 41678f18ae
25 changed files with 52 additions and 46 deletions
--- a/builtin/credential/cert/path_certs.go
+++ b/builtin/credential/cert/path_certs.go
@@ -10,7 +10,7 @@ import (
 func pathCerts(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `certs/(?P<name>\w+)`,
+		Pattern: "certs/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/credential/userpass/path_login.go
+++ b/builtin/credential/userpass/path_login.go
@@ -12,7 +12,7 @@ import (
 func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `login/(?P<name>\w+)`,
+		Pattern: "login/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/credential/userpass/path_users.go
+++ b/builtin/credential/userpass/path_users.go
@@ -10,7 +10,7 @@ import (
 func pathUsers(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `users/(?P<name>\w+)`,
+		Pattern: "users/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/aws/path_roles.go
+++ b/builtin/logical/aws/path_roles.go
@@ -11,7 +11,7 @@ import (
 func pathRoles() *framework.Path {
 	return &framework.Path{
-		Pattern: `roles/(?P<name>\w+)`,
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/aws/path_user.go
+++ b/builtin/logical/aws/path_user.go
@@ -12,7 +12,7 @@ import (
 func pathUser(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `creds/(?P<name>\w+)`,
+		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/cassandra/path_creds_create.go
+++ b/builtin/logical/cassandra/path_creds_create.go
@@ -12,7 +12,7 @@ import (
 func pathCredsCreate(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `creds/(?P<name>\w+)`,
+		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/cassandra/path_roles.go
+++ b/builtin/logical/cassandra/path_roles.go
@@ -16,7 +16,7 @@ const (
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/(?P<name>\\w+)",
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/consul/path_roles.go
+++ b/builtin/logical/consul/path_roles.go
@@ -11,7 +11,7 @@ import (
 func pathRoles() *framework.Path {
 	return &framework.Path{
-		Pattern: `roles/(?P<name>\w+)`,
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/consul/path_token.go
+++ b/builtin/logical/consul/path_token.go
@@ -11,7 +11,7 @@ import (
 func pathToken(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `creds/(?P<name>\w+)`,
+		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/jwt/path_issue.go
+++ b/builtin/logical/jwt/path_issue.go
@@ -1,9 +1,9 @@
 package jwt
 import (
 	"encoding/json"
 	"fmt"
 	"time"
 	"encoding/json"
 	jwt "github.com/dgrijalva/jwt-go"
@@ -14,10 +14,10 @@ import (
 func pathIssue(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `issue/(?P<role>\w[\w-]+\w)`,
+		Pattern: "issue/" + framework.GenericNameRegex("role"),
 		Fields: map[string]*framework.FieldSchema{
 			"role": &framework.FieldSchema{
-				Type: framework.TypeString,
+				Type:        framework.TypeString,
 				Description: "The desired role with configuration for this request",
 			},
 			"issuer": &framework.FieldSchema{
@@ -63,7 +63,7 @@ func pathIssue(b *backend) *framework.Path {
 func (b *backend) pathIssueWrite(
 	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	roleName := data.Get("role").(string)
-	
+
 	// Get the role
 	role, err := b.getRole(req.Storage, roleName)
 	if err != nil {
@@ -126,7 +126,7 @@ func (b *backend) pathIssueWrite(
 		if err != nil {
 			return nil, err
 		}
-		
+
 		for k, v := range uc {
 			claims[k] = v
 		}
@@ -144,10 +144,10 @@ func (b *backend) pathIssueWrite(
 	resp := &logical.Response{
 		Data: map[string]interface{}{
-			"jti": claims["jti"].(string),
+			"jti":   claims["jti"].(string),
 			"token": tokenString,
 		},
 	}
-	
+
 	return resp, nil
 }
--- a/builtin/logical/jwt/path_roles.go
+++ b/builtin/logical/jwt/path_roles.go
@@ -1,13 +1,13 @@
 package jwt
 import (
 	"fmt"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
 	"strings"
 	"github.com/fatih/structs"
 	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/fatih/structs"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@@ -15,7 +15,7 @@ import (
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `roles/(?P<name>\w+)`,
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
@@ -106,9 +106,9 @@ func (b *backend) pathRoleRead(
 func (b *backend) pathRoleCreate(
 	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	name := data.Get("name").(string)
-	key  := data.Get("key").(string)
+	key := data.Get("key").(string)
-	alg  := data.Get("algorithm").(string)
+	alg := data.Get("algorithm").(string)
-	
+
 	signingMethod := jwt.GetSigningMethod(data.Get("algorithm").(string))
 	if signingMethod == nil {
 		return nil, fmt.Errorf("Invalid Signing Algorithm")
@@ -148,15 +148,15 @@ func (b *backend) pathRoleCreate(
 	}
 	entry := &roleEntry{
-		Algorithm:    alg,
+		Algorithm: alg,
-		Key:          key,
+		Key:       key,
-		Issuer:       data.Get("default_issuer").(string),
+		Issuer:    data.Get("default_issuer").(string),
-		Subject:      data.Get("default_subject").(string),
+		Subject:   data.Get("default_subject").(string),
-		Audience:     data.Get("default_audience").(string),
+		Audience:  data.Get("default_audience").(string),
 	}
 	// Store it
-	jsonEntry, err := logical.StorageEntryJSON("role/" + name, entry)
+	jsonEntry, err := logical.StorageEntryJSON("role/"+name, entry)
 	if err != nil {
 		return nil, err
 	}
@@ -168,11 +168,11 @@ func (b *backend) pathRoleCreate(
 }
 type roleEntry struct {
-	Algorithm      string        `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"`
+	Algorithm string `json:"algorithm" structs:"algorithm" mapstructure:"algorithm"`
-	Key            string        `json:"key" structs:"key" mapstructure:"key"`
+	Key       string `json:"key" structs:"key" mapstructure:"key"`
-	Issuer         string        `json:"iss" structs:"iss" mapstructure:"iss"`
+	Issuer    string `json:"iss" structs:"iss" mapstructure:"iss"`
-	Subject        string        `json:"sub" structs:"sub" mapstructure:"sub"`
+	Subject   string `json:"sub" structs:"sub" mapstructure:"sub"`
-	Audience       string        `json:"aud" structs:"aud" mapstructure:"aud"`
+	Audience  string `json:"aud" structs:"aud" mapstructure:"aud"`
 }
 const pathRolesHelpSyn = `
--- a/builtin/logical/mysql/path_role_create.go
+++ b/builtin/logical/mysql/path_role_create.go
@@ -12,7 +12,7 @@ import (
 func pathRoleCreate(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `creds/(?P<name>\w+)`,
+		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/mysql/path_roles.go
+++ b/builtin/logical/mysql/path_roles.go
@@ -10,7 +10,7 @@ import (
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/(?P<name>\\w+)",
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/pki/path_issue.go
+++ b/builtin/logical/pki/path_issue.go
@@ -14,7 +14,7 @@ import (
 func pathIssue(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `issue/(?P<role>\w[\w-]+\w)`,
+		Pattern: "issue/" + framework.GenericNameRegex("role"),
 		Fields: map[string]*framework.FieldSchema{
 			"role": &framework.FieldSchema{
 				Type: framework.TypeString,
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -11,7 +11,7 @@ import (
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `roles/(?P<name>\w[\w-]+\w)`,
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/postgresql/path_role_create.go
+++ b/builtin/logical/postgresql/path_role_create.go
@@ -12,7 +12,7 @@ import (
 func pathRoleCreate(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: `creds/(?P<name>\w+)`,
+		Pattern: "creds/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/postgresql/path_roles.go
+++ b/builtin/logical/postgresql/path_roles.go
@@ -10,7 +10,7 @@ import (
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/(?P<name>\\w+)",
+		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/ssh/path_creds_create.go
+++ b/builtin/logical/ssh/path_creds_create.go
@@ -18,7 +18,7 @@ type sshOTP struct {
 func pathCredsCreate(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "creds/(?P<role>[-\\w]+)",
+		Pattern: "creds/" + framework.GenericNameRegex("role"),
 		Fields: map[string]*framework.FieldSchema{
 			"role": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/ssh/path_keys.go
+++ b/builtin/logical/ssh/path_keys.go
@@ -15,7 +15,7 @@ type sshHostKey struct {
 func pathKeys(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "keys/(?P<key_name>[-\\w]+)",
+		Pattern: "keys/" + framework.GenericNameRegex("key_name"),
 		Fields: map[string]*framework.FieldSchema{
 			"key_name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/ssh/path_roles.go
+++ b/builtin/logical/ssh/path_roles.go
@@ -30,7 +30,7 @@ type sshRole struct {
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/(?P<role>[-\\w]+)",
+		Pattern: "roles/" + framework.GenericNameRegex("role"),
 		Fields: map[string]*framework.FieldSchema{
 			"role": &framework.FieldSchema{
 				Type: framework.TypeString,
--- a/builtin/logical/transit/path_decrypt.go
+++ b/builtin/logical/transit/path_decrypt.go
@@ -12,7 +12,7 @@ import (
 func pathDecrypt() *framework.Path {
 	return &framework.Path{
-		Pattern: `decrypt/(?P<name>\w+)`,
+		Pattern: "decrypt/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/transit/path_encrypt.go
+++ b/builtin/logical/transit/path_encrypt.go
@@ -13,7 +13,7 @@ import (
 func pathEncrypt() *framework.Path {
 	return &framework.Path{
-		Pattern: `encrypt/(?P<name>\w+)`,
+		Pattern: "encrypt/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/transit/path_keys.go
+++ b/builtin/logical/transit/path_keys.go
@@ -123,7 +123,7 @@ func generatePolicy(storage logical.Storage, name string, derived bool) (*Policy
 func pathKeys() *framework.Path {
 	return &framework.Path{
-		Pattern: `keys/(?P<name>\w+)`,
+		Pattern: "keys/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/builtin/logical/transit/path_raw.go
+++ b/builtin/logical/transit/path_raw.go
@@ -7,7 +7,7 @@ import (
 func pathRaw() *framework.Path {
 	return &framework.Path{
-		Pattern: `raw/(?P<name>\w+)`,
+		Pattern: "raw/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
--- a/logical/framework/path.go
+++ b/logical/framework/path.go
@@ -8,6 +8,12 @@ import (
 	"github.com/hashicorp/vault/logical"
 )
 // Helper which returns a generic regex string for creating endpoint patterns
 // that are identified by the given name in the backends
 func GenericNameRegex(name string) string {
 	return fmt.Sprintf("(?P<%s>\\w[\\w-]+\\w)", name)
 }
 // PathAppend is a helper for appending lists of paths into a single
 // list.
 func PathAppend(paths ...[]*Path) []*Path {