Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of events: Check token and ACLs on request into release/1.13.x #19144

Merged
merged 1 commit into from
Feb 10, 2023
Merged

Backport of events: Check token and ACLs on request into release/1.13.x #19144

merged 1 commit into from
Feb 10, 2023

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #19138 to be assessed for backporting due to the inclusion of the label backport/1.13.x.

The below text is copied from the body of the original PR.

This checks the request against the read permission for sys/events/subscribe/{eventType} on the initial subscribe.

Future work includes moving this to its own verb (subscribe) and periodically rechecking the request.

Tested locally by minting a token with the wrong permissions and verifying that they are rejected as expected, and that they work if the policy is adjusted to sys/event/subscribe/* (or the specific topic name) with read permissions.

I had to change the core.checkToken() to be publicly accessible, as it seems like the easiest way to check the token on the logical.Request against all relevant policies, but without going into all of the complex logic further in handleLogical().

Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/vault-12536/events-manual-acls/partly-model-eft branch 2 times, most recently from d1a881b to f4664dc Compare February 10, 2023 20:57
@swenson swenson added this to the 1.13.0-rc1 milestone Feb 10, 2023
@swenson swenson enabled auto-merge (squash) February 10, 2023 21:07
@swenson swenson merged commit 13313d0 into release/1.13.x Feb 10, 2023
@swenson swenson deleted the backport/vault-12536/events-manual-acls/partly-model-eft branch February 10, 2023 21:38
@fopina-ci fopina-ci mentioned this pull request Apr 27, 2023
Closed
@fopina-ci fopina-ci mentioned this pull request Jun 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swenson swenson swenson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.13.0-rc1
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-secure-vault-core @swenson