Update error text to make it more obvious what the issue is when valid principals aren't found

2025-11-28 06:01:08 +01:00 · 2017-03-02 15:56:08 -05:00 · 2017-03-02 15:56:08 -05:00 · 1c821e448d
commit 1c821e448d
parent db29bde264
1 changed files with 5 additions and 8 deletions
--- a/builtin/logical/ssh/path_sign.go
+++ b/builtin/logical/ssh/path_sign.go
@ -198,20 +198,17 @@ func (b *backend) pathSignCertificate(req *logical.Request, data *framework.Fiel
 }

 func (b *backend) calculateValidPrincipals(data *framework.FieldData, defaultPrincipal, principalsAllowedByRole string, validatePrincipal func([]string, string) bool) ([]string, error) {
+	if principalsAllowedByRole == "" {
+		return nil, fmt.Errorf(`"role is not configured to allow any principles`)
+	}
+
 	validPrincipals := data.Get("valid_principals").(string)
 	if validPrincipals == "" {
 		if defaultPrincipal != "" {
 			return []string{defaultPrincipal}, nil
 		}
-		if principalsAllowedByRole == "" {
-			return []string{}, nil
-		}

-		return nil, fmt.Errorf(`"valid_principals" value required by role`)
-	}
-
-	if principalsAllowedByRole == "" {
-		return nil, fmt.Errorf(`"valid_principals" not in allowed list`)
+		return nil, fmt.Errorf(`"valid_principals" not supplied and no default set in the role`)
 	}

 	parsedPrincipals := strings.Split(validPrincipals, ",")