Fixed capabilities API to receive logical response

2026-05-05 20:36:26 +02:00 · 2016-03-17 15:14:17 -04:00 · 2016-03-17 15:14:17 -04:00 · aa0cef3564
commit aa0cef3564
parent b812ea1203
3 changed files with 25 additions and 29 deletions
--- a/api/sys_capabilities.go
+++ b/api/sys_capabilities.go
@ -1,7 +1,5 @@
 package api

-import "log"
-
 func (c *Sys) CapabilitiesSelf(path string) ([]string, error) {
 	body := map[string]string{
 		"path": path,
@ -18,10 +16,17 @@ func (c *Sys) CapabilitiesSelf(path string) ([]string, error) {
 	}
 	defer resp.Body.Close()

-	log.Printf("capabilities self: resp: %#v\n", resp.Body)
-	var result CapabilitiesResponse
+	var result map[string]interface{}
 	err = resp.DecodeJSON(&result)
-	return result.Capabilities, err
+	if err != nil {
+		return nil, err
+	}
+	var capabilities []string
+	capabilitiesRaw := result["data"].(map[string]interface{})["capabilities"].([]interface{})
+	for _, capability := range capabilitiesRaw {
+		capabilities = append(capabilities, capability.(string))
+	}
+	return capabilities, nil
 }

 func (c *Sys) Capabilities(token, path string) ([]string, error) {
@ -41,12 +46,15 @@ func (c *Sys) Capabilities(token, path string) ([]string, error) {
 	}
 	defer resp.Body.Close()

-	log.Printf("capabilities: resp: %#v\n", resp.Body)
-	var result CapabilitiesResponse
+	var result map[string]interface{}
 	err = resp.DecodeJSON(&result)
-	return result.Capabilities, err
-}
-
-type CapabilitiesResponse struct {
-	Capabilities []string `json:"capabilities"`
+	if err != nil {
+		return nil, err
+	}
+	var capabilities []string
+	capabilitiesRaw := result["data"].(map[string]interface{})["capabilities"].([]interface{})
+	for _, capability := range capabilitiesRaw {
+		capabilities = append(capabilities, capability.(string))
+	}
+	return capabilities, nil
 }
--- a/http/sys_capabilities.go
+++ b/http/sys_capabilities.go
@ -1,6 +1,7 @@
 package http

 import (
+	"log"
 	"net/http"
 	"strings"

@ -98,21 +99,8 @@ func handleSysCapabilities(core *vault.Core) http.Handler {
 			return
 		}

+		log.Printf("http: response: %#v\n", resp)
 		respondLogical(w, r, path, false, resp)
 	})

 }
-
-type capabilitiesResponse struct {
-	Capabilities []string `json:"capabilities"`
-}
-
-type capabilitiesRequest struct {
-	Token string `json:"token"`
-	Path  string `json:"path"`
-}
-
-type capabilitiesAccessorRequest struct {
-	Accessor string `json:"accessor"`
-	Path     string `json:"path"`
-}
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -2,7 +2,6 @@ package vault

 import (
 	"fmt"
-	"log"
 	"strings"
 	"time"

@ -459,8 +458,8 @@ type SystemBackend struct {
 	Backend *framework.Backend
 }

+// handleCapabilitiesreturns the ACL capabilities of the token for a given path
 func (b *SystemBackend) handleCapabilities(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
-	log.Printf("handleCapabilities: request: %#v\n data:%#v\n", req, d)
 	capabilities, err := b.Core.Capabilities(d.Get("token").(string), d.Get("path").(string))
 	if err != nil {
 		return nil, err
@ -473,8 +472,9 @@ func (b *SystemBackend) handleCapabilities(req *logical.Request, d *framework.Fi
 	}, nil
 }

+// handleCapabilitiesAccessor returns the ACL capabilities of the token associted
+// with the given accessor for a given path.
 func (b *SystemBackend) handleCapabilitiesAccessor(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
-	log.Printf("handleCapabilitiesAccessor: request: %#v\n data:%#v\n", req, d)
 	accessor := d.Get("accessor").(string)
 	if accessor == "" {
 		return nil, &StatusBadRequest{Err: "missing accessor"}