diff --git a/api/sys_capabilities.go b/api/sys_capabilities.go index 0618891e7a..a047cc54a5 100644 --- a/api/sys_capabilities.go +++ b/api/sys_capabilities.go @@ -1,7 +1,5 @@ package api -import "log" - func (c *Sys) CapabilitiesSelf(path string) ([]string, error) { body := map[string]string{ "path": path, @@ -18,10 +16,17 @@ func (c *Sys) CapabilitiesSelf(path string) ([]string, error) { } defer resp.Body.Close() - log.Printf("capabilities self: resp: %#v\n", resp.Body) - var result CapabilitiesResponse + var result map[string]interface{} err = resp.DecodeJSON(&result) - return result.Capabilities, err + if err != nil { + return nil, err + } + var capabilities []string + capabilitiesRaw := result["data"].(map[string]interface{})["capabilities"].([]interface{}) + for _, capability := range capabilitiesRaw { + capabilities = append(capabilities, capability.(string)) + } + return capabilities, nil } func (c *Sys) Capabilities(token, path string) ([]string, error) { @@ -41,12 +46,15 @@ func (c *Sys) Capabilities(token, path string) ([]string, error) { } defer resp.Body.Close() - log.Printf("capabilities: resp: %#v\n", resp.Body) - var result CapabilitiesResponse + var result map[string]interface{} err = resp.DecodeJSON(&result) - return result.Capabilities, err -} - -type CapabilitiesResponse struct { - Capabilities []string `json:"capabilities"` + if err != nil { + return nil, err + } + var capabilities []string + capabilitiesRaw := result["data"].(map[string]interface{})["capabilities"].([]interface{}) + for _, capability := range capabilitiesRaw { + capabilities = append(capabilities, capability.(string)) + } + return capabilities, nil } diff --git a/http/sys_capabilities.go b/http/sys_capabilities.go index 66776715e5..c64928bdfd 100644 --- a/http/sys_capabilities.go +++ b/http/sys_capabilities.go @@ -1,6 +1,7 @@ package http import ( + "log" "net/http" "strings" @@ -98,21 +99,8 @@ func handleSysCapabilities(core *vault.Core) http.Handler { return } + log.Printf("http: response: %#v\n", resp) respondLogical(w, r, path, false, resp) }) } - -type capabilitiesResponse struct { - Capabilities []string `json:"capabilities"` -} - -type capabilitiesRequest struct { - Token string `json:"token"` - Path string `json:"path"` -} - -type capabilitiesAccessorRequest struct { - Accessor string `json:"accessor"` - Path string `json:"path"` -} diff --git a/vault/logical_system.go b/vault/logical_system.go index f206636e56..6ed0af8283 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -2,7 +2,6 @@ package vault import ( "fmt" - "log" "strings" "time" @@ -459,8 +458,8 @@ type SystemBackend struct { Backend *framework.Backend } +// handleCapabilitiesreturns the ACL capabilities of the token for a given path func (b *SystemBackend) handleCapabilities(req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - log.Printf("handleCapabilities: request: %#v\n data:%#v\n", req, d) capabilities, err := b.Core.Capabilities(d.Get("token").(string), d.Get("path").(string)) if err != nil { return nil, err @@ -473,8 +472,9 @@ func (b *SystemBackend) handleCapabilities(req *logical.Request, d *framework.Fi }, nil } +// handleCapabilitiesAccessor returns the ACL capabilities of the token associted +// with the given accessor for a given path. func (b *SystemBackend) handleCapabilitiesAccessor(req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - log.Printf("handleCapabilitiesAccessor: request: %#v\n data:%#v\n", req, d) accessor := d.Get("accessor").(string) if accessor == "" { return nil, &StatusBadRequest{Err: "missing accessor"}