Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of treat logical.ErrRelativePath as 400 instead of 500 into release/1.10.x #14780

Merged
merged 3 commits into from Mar 30, 2022
Merged

Backport of treat logical.ErrRelativePath as 400 instead of 500 into release/1.10.x #14780

merged 3 commits into from Mar 30, 2022

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #14328 to be assessed for backporting due to the inclusion of the label backport/1.10.x.

The below text is copied from the body of the original PR.

The userpass auth backend may return a 500 Internal Server Error to attempts to read or write usernames that contain ... The underlying cause is a check performed in StorageView. SanityCheck. It is theoretically possible for other endpoints to result in a 500 response for a path that contains ... The policies endpoints, for example sys/policies/acl/:path, have their own error handling which results in returning a 400 for various errors:

❯ bin/vault read sys/policies/acl/foo..bar
Error reading sys/policies/acl/foo..bar: Error making API request.

URL: GET http://127.0.0.1:8200/v1/sys/policies/acl/foo..bar
Code: 400. Errors:

* failed to read policy: relative paths not supported

The proposed fix is to treat logical.ErrRelativePath as a 400. Rather than do this directly within the userpass logic, it is done at a higher level in the request handling logic so that it has broad coverage across any backend.

❯ bin/vault read auth/userpass/users/foo..bar
Error reading auth/userpass/users/foo..bar: Error making API request.

URL: GET http://127.0.0.1:8200/v1/auth/userpass/users/foo..bar
Code: 400. Errors:

* 1 error occurred:
        * relative paths not supported

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/vault-4243/adequately-promoted-sunbeam branch from 5c63448 to 67dd630 Compare March 30, 2022 13:08
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 30, 2022 13:08 Inactive
@vercel vercel bot temporarily deployed to Preview – vault March 30, 2022 13:11 Inactive
@ccapurso ccapurso requested review from a team March 30, 2022 13:27
@ccapurso ccapurso merged commit 589ba4b into release/1.10.x Mar 30, 2022
@ccapurso ccapurso deleted the backport/vault-4243/adequately-promoted-sunbeam branch March 30, 2022 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swayne275 swayne275 swayne275 approved these changes

@ccapurso ccapurso Awaiting requested review from ccapurso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hc-github-team-secure-vault-core @swayne275 @ccapurso