Use ParseStringSlice on PKI organization/organizational unit. (#2561)

After, separately dedup and use new flag to not lowercase value.

Fixes #2555

builtin/credential/ldap/backend.go

@@ -165,11 +165,11 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 			policies = append(policies, group.Policies...)
 		}
 	}
-	if user !=nil && user.Policies != nil {
+	if user != nil && user.Policies != nil {
 		policies = append(policies, user.Policies...)
 	}
 	// Policies from each group may overlap
-	policies = strutil.RemoveDuplicates(policies)
+	policies = strutil.RemoveDuplicates(policies, true)
 
 	if len(policies) == 0 {
 		errStr := "user is not a member of any authorized group"

builtin/logical/pki/cert_util.go

@@ -665,15 +665,15 @@ func generateCreationBundle(b *backend,
 	ou := []string{}
 	{
 		if role.OU != "" {
-			ou = strutil.ParseDedupAndSortStrings(role.OU, ",")
+			ou = strutil.RemoveDuplicates(strutil.ParseStringSlice(role.OU, ","), false)
 		}
 	}
 
 	// Set O (organization) values if specified in the role
 	organization := []string{}
 	{
 		if role.Organization != "" {
-			organization = strutil.ParseDedupAndSortStrings(role.Organization, ",")
+			organization = strutil.RemoveDuplicates(strutil.ParseStringSlice(role.Organization, ","), false)
 		}
 	}
 

helper/policyutil/policyutil.go

@@ -61,7 +61,7 @@ func SanitizePolicies(policies []string, addDefault bool) []string {
 		policies = append(policies, "default")
 	}
 
-	return strutil.RemoveDuplicates(policies)
+	return strutil.RemoveDuplicates(policies, true)
 }
 
 // EquivalentPolicies checks whether the given policy sets are equivalent, as in,

helper/strutil/strutil.go

@@ -39,7 +39,7 @@ func ParseDedupAndSortStrings(input string, sep string) []string {
 		// Don't return nil
 		return parsed
 	}
-	return RemoveDuplicates(strings.Split(input, sep))
+	return RemoveDuplicates(strings.Split(input, sep), true)
 }
 
 // Parses a comma separated list of `<key>=<value>` tuples into a
@@ -174,19 +174,21 @@ func ParseArbitraryStringSlice(input string, sep string) []string {
 	return ret
 }
 
-// Removes duplicate and empty elements from a slice of strings.
-// This also converts the items in the slice to lower case and
-// returns a sorted slice.
-func RemoveDuplicates(items []string) []string {
+// Removes duplicate and empty elements from a slice of strings. This also may
+// convert the items in the slice to lower case and returns a sorted slice.
+func RemoveDuplicates(items []string, lowercase bool) []string {
 	itemsMap := map[string]bool{}
 	for _, item := range items {
-		item = strings.ToLower(strings.TrimSpace(item))
+		item = strings.TrimSpace(item)
+		if lowercase {
+			item = strings.ToLower(item)
+		}
 		if item == "" {
 			continue
 		}
 		itemsMap[item] = true
 	}
-	items = []string{}
+	items = make([]string, 0, len(itemsMap))
 	for item, _ := range itemsMap {
 		items = append(items, item)
 	}

vault/token_store.go

@@ -10,9 +10,9 @@ import (
 	"github.com/armon/go-metrics"
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/go-uuid"
-	"github.com/hashicorp/vault/helper/parseutil"
 	"github.com/hashicorp/vault/helper/jsonutil"
 	"github.com/hashicorp/vault/helper/locksutil"
+	"github.com/hashicorp/vault/helper/parseutil"
 	"github.com/hashicorp/vault/helper/policyutil"
 	"github.com/hashicorp/vault/helper/salt"
 	"github.com/hashicorp/vault/helper/strutil"
@@ -1468,7 +1468,7 @@ func (ts *TokenStore) handleCreateCommon(
 
 		if len(role.DisallowedPolicies) > 0 {
 			// We don't add the default here because we only want to disallow it if it's explicitly set
-			sanitizedRolePolicies = strutil.RemoveDuplicates(role.DisallowedPolicies)
+			sanitizedRolePolicies = strutil.RemoveDuplicates(role.DisallowedPolicies, true)
 
 			for _, finalPolicy := range finalPolicies {
 				if strutil.StrListContains(sanitizedRolePolicies, finalPolicy) {