mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-18 04:27:02 +02:00
ca55573d38
* Strip empty strings from database revocation stmts
It's technically valid to give empty strings as statements to run on
most databases. However, in the case of revocation statements, it's not
only generally inadvisable but can lead to lack of revocations when you
expect them. This strips empty strings from the array of revocation
statements.
It also makes two other changes:
* Return statements on read as empty but valid arrays rather than nulls,
so that typing information is inferred (this is more in line with the
rest of Vault these days)
* Changes field data for TypeStringSlice and TypeCommaStringSlice such
that a client-supplied value of `""` doesn't turn into `[]string{""}`
but rather `[]string{}`.
The latter and the explicit revocation statement changes are related,
and defense in depth.
|
||
|---|---|---|
| .. | ||
| aws | ||
| cassandra | ||
| consul | ||
| database | ||
| mongodb | ||
| mssql | ||
| mysql | ||
| nomad | ||
| pki | ||
| postgresql | ||
| rabbitmq | ||
| ssh | ||
| totp | ||
| transit | ||