Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deduplicate policies prior to generating ACL on request #17914

Merged
merged 3 commits into from Nov 16, 2022
Merged

Deduplicate policies prior to generating ACL on request #17914

merged 3 commits into from Nov 16, 2022

Conversation

davidadeleon
Copy link
Contributor

This PR solves an issue where a token can have duplicate policies as part of its policy set when using external groups. This scenario is encountered when an external group policy mapping is created in Vault containing duplicate policies to those defined by the authentication method.

mpalmi
mpalmi reviewed Nov 11, 2022
View reviewed changes
Copy link
Contributor

@mpalmi mpalmi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be a good idea to add a go test for this to ensure the behavior doesn't regress?

jasonodonnell
jasonodonnell approved these changes Nov 14, 2022
View reviewed changes
Copy link
Contributor

@jasonodonnell jasonodonnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but we should try to figure out a way to add a test for this. We can sync on this.

@hghaf099
Copy link
Contributor

This PR probably needs to get backported to previous versions.

@hghaf099
Copy link
Contributor

hghaf099 commented Nov 14, 2022
edited

Also, I am wondering if we could go back to 1.10, and before the fix for that escalation. Apply this change, and see if we could reproduce the escalated issue. It would be a good test IMHO.

@davidadeleon davidadeleon merged commit 8a6bac1 into main Nov 16, 2022
@davidadeleon davidadeleon deleted the davidadeleon/fix-duplicate-policies-with-external-groups branch November 16, 2022 22:43
This was referenced Nov 16, 2022
Merged
Merged
Merged
jayant07-yb pushed a commit to jayant07-yb/hashicorp-vault-integrations that referenced this pull request Mar 15, 2023
@davidadeleon
Deduplicate policies prior to generating ACL on request (hashicorp#17914
2bd2c89 
)

* Deduplicate policies prior to generating ACL on request

* add changelog

* edit changelog entry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpalmi mpalmi mpalmi left review comments

@jasonodonnell jasonodonnell jasonodonnell approved these changes

@ncabatoff ncabatoff ncabatoff approved these changes

@hghaf099 hghaf099 hghaf099 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@davidadeleon @hghaf099 @jasonodonnell @ncabatoff @mpalmi