scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Require special privileges to list irrevocable leases (#11888)

Browse Source 
* add leases path to sudo required set

* update TestSystemBackend_RootPaths with new special privilege paths

* note that list-leases requires sudo

* minor typo fixes
This commit is contained in:
swayne275
2021-06-28 16:51:47 -06:00
committed by GitHub
parent ed33ed1a0a
commit b9899c5d36
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
sdk/framework/backend.go
View File

@@ -61,9 +61,9 @@ type Backend struct {
// periodic timer of RollbackManager ticks. This can be used by // periodic timer of RollbackManager ticks. This can be used by
// backends to do anything it wishes to do periodically. // backends to do anything it wishes to do periodically.
// //
// PeriodicFunc can be invoked to, say to periodically delete stale // PeriodicFunc can be invoked to, say periodically delete stale
// entries in backend's storage, while the backend is still being used. // entries in backend's storage, while the backend is still being used.
// (Note the different of this action from what `Clean` does, which is // (Note the difference between this action and `Clean`, which is
// invoked just before the backend is unmounted). // invoked just before the backend is unmounted).
PeriodicFunc periodicFunc PeriodicFunc periodicFunc
@@ -80,7 +80,7 @@ type Backend struct {
// to the backend, if required. // to the backend, if required.
Clean CleanupFunc Clean CleanupFunc
// Invalidate is called when a keys is modified if required // Invalidate is called when a key is modified, if required.
Invalidate InvalidateFunc Invalidate InvalidateFunc
// AuthRenew is the callback to call when a RenewRequest for an // AuthRenew is the callback to call when a RenewRequest for an
@@ -88,7 +88,7 @@ type Backend struct {
// See the built-in AuthRenew helpers in lease.go for common callbacks. // See the built-in AuthRenew helpers in lease.go for common callbacks.
AuthRenew OperationFunc AuthRenew OperationFunc
// Type is the logical.BackendType for the backend implementation // BackendType is the logical.BackendType for the backend implementation
BackendType logical.BackendType BackendType logical.BackendType
logger log.Logger logger log.Logger

4
vault/logical_system.go
View File

@@ -106,6 +106,8 @@ func NewSystemBackend(core *Core, logger log.Logger) *SystemBackend {
"leases/revoke-force/*", "leases/revoke-force/*",
"leases/lookup/*", "leases/lookup/*",
"storage/raft/snapshot-auto/config/*", "storage/raft/snapshot-auto/config/*",
"leases",
"leases/",
}, },
Unauthenticated: []string{ Unauthenticated: []string{
@@ -4787,6 +4789,6 @@ This path responds to the following HTTP methods.
}, },
"list-leases": { "list-leases": {
"List leases associated with this Vault cluster", "List leases associated with this Vault cluster",
"List leases associated with this Vault cluster", "Requires sudo capability. List leases associated with this Vault cluster",
}, },
} }

2
vault/logical_system_test.go
View File

@@ -57,6 +57,8 @@ func TestSystemBackend_RootPaths(t *testing.T) {
"leases/revoke-force/*", "leases/revoke-force/*",
"leases/lookup/*", "leases/lookup/*",
"storage/raft/snapshot-auto/config/*", "storage/raft/snapshot-auto/config/*",
"leases",
"leases/",
} }
b := testSystemBackend(t) b := testSystemBackend(t)