mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 14:11:10 +01:00
Code Issues Projects Releases Wiki Activity

Use TypeCommaStringSlice for SSH zeroaddress roles (#5528)

Browse Source 
Fixes #5527
This commit is contained in:
Jeff Mitchell 2018-10-17 02:33:12 -04:00 committed by Brian Kassouf
parent bc33dbd13d
commit 13d8f7b02e
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
builtin/logical/ssh/path_config_zeroaddress.go
View File

@ -3,7 +3,6 @@ package ssh
import ( import (
"context" "context"
"fmt" "fmt"
"strings"
"github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework" "github.com/hashicorp/vault/logical/framework"
@ -19,7 +18,7 @@ func pathConfigZeroAddress(b *backend) *framework.Path {
Pattern: "config/zeroaddress", Pattern: "config/zeroaddress",
Fields: map[string]*framework.FieldSchema{ Fields: map[string]*framework.FieldSchema{
"roles": &framework.FieldSchema{ "roles": &framework.FieldSchema{
Type: framework.TypeString, Type: framework.TypeCommaStringSlice,
Description: `[Required] Comma separated list of role names which Description: `[Required] Comma separated list of role names which
allows credentials to be requested for any IP address. CIDR blocks allows credentials to be requested for any IP address. CIDR blocks
previously registered under these roles will be ignored.`, previously registered under these roles will be ignored.`,
@ -60,13 +59,12 @@ func (b *backend) pathConfigZeroAddressRead(ctx context.Context, req *logical.Re
} }
func (b *backend) pathConfigZeroAddressWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { func (b *backend) pathConfigZeroAddressWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
roleNames := d.Get("roles").(string) roles := d.Get("roles").([]string)
if roleNames == "" { if len(roles) == 0 {
return logical.ErrorResponse("Missing roles"), nil return logical.ErrorResponse("Missing roles"), nil
} }
// Check if the roles listed actually exist in the backend // Check if the roles listed actually exist in the backend
roles := strings.Split(roleNames, ",")
for _, item := range roles { for _, item := range roles {
role, err := b.getRole(ctx, req.Storage, item) role, err := b.getRole(ctx, req.Storage, item)
if err != nil { if err != nil {