From da367a6cb3a0966b3d73037a56957a87748ee061 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeff@hashicorp.com>
Date: Wed, 16 May 2018 11:28:46 -0400
Subject: [PATCH] Check allowed/denied/required params on read calls. (#4579)

We added support a bit ago for some read operations to take in
parameters, so we should now apply these checks against them.
---
 vault/acl.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vault/acl.go b/vault/acl.go
index e5ab0aecfc..e7a3a23fb9 100644
--- a/vault/acl.go
+++ b/vault/acl.go
@@ -334,7 +334,7 @@ CHECK:
 
 	// Only check parameter permissions for operations that can modify
 	// parameters.
-	if op == logical.UpdateOperation || op == logical.CreateOperation {
+	if op == logical.ReadOperation || op == logical.UpdateOperation || op == logical.CreateOperation {
 		for _, parameter := range permissions.RequiredParameters {
 			if _, ok := req.Data[strings.ToLower(parameter)]; !ok {
 				return