-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TDF Policy Data Attributes are case sensitive #1359
Comments
Verified that we have a test in the policy so we can focus on GetDecision or the SubjectMapping https://github.com/opentdf/platform/blob/main/service/integration/attribute_fqns_test.go#L136-L159 |
Need to update these to use strings.EqualFold() Code: platform/service/internal/access/pdp.go Line 372 in e6c76ee
|
This was referenced Aug 22, 2024
jakedoublev
added a commit
to opentdf/otdfctl
that referenced
this issue
Aug 23, 2024
github-merge-queue bot
pushed a commit
that referenced
this issue
Aug 23, 2024
🤖 I have created a release *beep* *boop* --- ## [0.4.21](service/v0.4.20...service/v0.4.21) (2024-08-23) ### Features * **core:** KID in NanoTDF KAS ResourceLocator borrowed from Protocol ([#1222](#1222)) ([e5ee4ef](e5ee4ef)) ### Bug Fixes * **authz:** entitlements fqn casing ([#1446](#1446)) ([2ffc66b](2ffc66b)), closes [#1359](#1359) * **core:** Autobump service ([#1417](#1417)) ([e6db378](e6db378)) * **core:** Autobump service ([#1441](#1441)) ([e17deab](e17deab)) * **core:** Autobump service ([#1449](#1449)) ([7e443da](7e443da)) * **core:** case sensitivity in AccessPDP ([#1439](#1439)) ([aed7633](aed7633)), closes [#1359](#1359) * **core:** policy db should use pool connection hook to set search_path ([#1443](#1443)) ([8501ff5](8501ff5)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TDF Policy Data Attributes seem to be case sensitive and do not get normalized to lower case when doing a keyRewrap, and authorization of getDecision.
If the TDF Policy Data Attributes is created with cases (example being:
https://example.com/attr/Caps/value/Bad
), the request will get denied even if the user is entitled withhttps://example.com/attr/caps/value/bad
.Steps to Reproduce:
https://example.com/attr/Caps/value/Bad
.The request should be a denied by Platform.
The text was updated successfully, but these errors were encountered: