Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of treat logical.ErrRelativePath as 400 instead of 500 into release/1.9.x #14778

Merged
merged 5 commits into from
Mar 30, 2022
Merged

Backport of treat logical.ErrRelativePath as 400 instead of 500 into release/1.9.x #14778

merged 5 commits into from
Mar 30, 2022

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #14328 to be assessed for backporting due to the inclusion of the label backport/1.9.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

The below text is copied from the body of the original PR.

The userpass auth backend may return a 500 Internal Server Error to attempts to read or write usernames that contain ... The underlying cause is a check performed in StorageView. SanityCheck. It is theoretically possible for other endpoints to result in a 500 response for a path that contains ... The policies endpoints, for example sys/policies/acl/:path, have their own error handling which results in returning a 400 for various errors:

❯ bin/vault read sys/policies/acl/foo..bar
Error reading sys/policies/acl/foo..bar: Error making API request.

URL: GET http://127.0.0.1:8200/v1/sys/policies/acl/foo..bar
Code: 400. Errors:

* failed to read policy: relative paths not supported

The proposed fix is to treat logical.ErrRelativePath as a 400. Rather than do this directly within the userpass logic, it is done at a higher level in the request handling logic so that it has broad coverage across any backend.

❯ bin/vault read auth/userpass/users/foo..bar
Error reading auth/userpass/users/foo..bar: Error making API request.

URL: GET http://127.0.0.1:8200/v1/auth/userpass/users/foo..bar
Code: 400. Errors:

* 1 error occurred:
        * relative paths not supported

@hashicorp-cla
Copy link

hashicorp-cla commented Mar 30, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@vercel vercel bot temporarily deployed to Preview – vault-storybook March 30, 2022 13:08 Inactive
@vercel vercel bot temporarily deployed to Preview – vault March 30, 2022 13:08 Inactive
@vercel vercel bot temporarily deployed to Preview – vault March 30, 2022 13:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 30, 2022 13:27 Inactive
@ccapurso ccapurso requested review from a team and removed request for a team March 30, 2022 13:27
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 30, 2022 16:22 Inactive
@vercel vercel bot temporarily deployed to Preview – vault March 30, 2022 16:22 Inactive
@ccapurso ccapurso force-pushed the backport/vault-4243/fully-artistic-doe branch from f975839 to e8e0921 Compare March 30, 2022 18:06
@vercel vercel bot temporarily deployed to Preview – vault March 30, 2022 18:06 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 30, 2022 18:06 Inactive
@ccapurso ccapurso merged commit 60a4e6f into release/1.9.x Mar 30, 2022
@ccapurso ccapurso deleted the backport/vault-4243/fully-artistic-doe branch March 30, 2022 18:37
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swayne275 swayne275 swayne275 approved these changes

@hghaf099 hghaf099 hghaf099 approved these changes

@ccapurso ccapurso Awaiting requested review from ccapurso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hc-github-team-secure-vault-core @hashicorp-cla @swayne275 @hghaf099 @ccapurso