mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 12:26:34 +02:00
Code Issues Projects Releases Wiki Activity

Check allowed/denied/required params on read calls. (#4579)

Browse Source 
We added support a bit ago for some read operations to take in
parameters, so we should now apply these checks against them.
This commit is contained in:
Jeff Mitchell 2018-05-16 11:28:46 -04:00 committed by GitHub
parent 36f3f61ac5
commit da367a6cb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vault/acl.go
View File

@ -334,7 +334,7 @@ CHECK:
// Only check parameter permissions for operations that can modify
// parameters.
if op == logical.UpdateOperation || op == logical.CreateOperation {
if op == logical.ReadOperation || op == logical.UpdateOperation || op == logical.CreateOperation {
for _, parameter := range permissions.RequiredParameters {
if _, ok := req.Data[strings.ToLower(parameter)]; !ok {
return