scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 12:07:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create more granular ACL capabilities.

Browse Source 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
This commit is contained in:
Jeff Mitchell
2016-01-07 15:10:05 -05:00
parent 45e32756ea
commit f3ef23318d
25 changed files with 655 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
logical/framework/path.go
View File

@@ -53,6 +53,14 @@ type Path struct {
// callback will be called.
Callbacks map[logical.Operation]OperationFunc
// ExistenceCheck, if implemented, is used to query whether a given
// resource exists or not. This is used for ACL purposes: if an Update
// action is specified, and the existence check returns false, the action
// is not allowed since the resource must first be created. The reverse is
// also true. If not specified, the Update action is forced and the user
// must have UpdateCapability on the path.
ExistenceCheck func(*logical.Request, *FieldData) (bool, error)
// Help is text describing how to use this path. This will be used
// to auto-generate the help operation. The Path will automatically
// generate a parameter listing and URL structure based on the