Skip to content

Allow parsing boolean in lists #741

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 1.0.x-vault
Choose a base branch
from
Open

Allow parsing boolean in lists #741

wants to merge 1 commit into from
+5 −3

Conversation

@cipherboy
Copy link

@cipherboy cipherboy commented Mar 20, 2025

This is tested in Vault's vault.TestPolicy_Parse:

path "test/types" {
    capabilities = ["create", "sudo"]
    allowed_parameters = {
        "map" = [{"good" = "one"}]
        "int" = [1, 2]
    }
    denied_parameters = {
        "string" = ["test"]
        "bool" = [false]
    }
}

Creating the equivalent in JSON fails because HCLv1 silently fails to parse this value:

"test/types": {
  "capabilities": ["create", "sudo"],
  "allowed_parameters": {
    "map": [{"good": "one"}],
    "int": [1, 2]
  },
  "denied_parameters": {
    "string": ["test"],
    "bool": [false]
  }
}

Resolves: #740

cipherboy added a commit to cipherboy/openbao that referenced this pull request Mar 20, 2025
@cipherboy
Validate policies can contain comments, be JSON
fd1cacc 
Uncommenting the JSON test fails presently:

    --- FAIL: TestPolicy_Parse (0.00s)
        --- FAIL: TestPolicy_Parse/JSON (0.00s)
            policy_test.go:247: value: &vault.PathRules{Path:"test/types", Policy:"", Permissions:(*vault.ACLPermissions)(0xc000467570), IsPrefix:false, HasSegmentWildcards:false, Capabilities:[]string{"create", "sudo"}, MinWrappingTTLHCL:interface {}(nil), MaxWrappingTTLHCL:interface {}(nil), AllowedParametersHCL:map[string][]interface {}{"int":[]interface {}{1, 2}, "map":[]interface {}{map[string]interface {}{"good":"one"}}}, DeniedParametersHCL:map[string][]interface {}{"bool":[]interface {}{}, "string":[]interface {}{"test"}}, RequiredParametersHCL:[]string(nil), MFAMethodsHCL:[]string(nil), PaginationLimitHCL:0}
            policy_test.go:494: [slice[8].Permissions.DeniedParameters.map[bool].slice[0]: <no value> != false slice[8].DeniedParametersHCL.map[bool].slice[0]: <no value> != false]
    FAIL
    FAIL	github.com/openbao/openbao/vault	0.021s
    FAIL

See also: hashicorp/hcl#740
See also: hashicorp/hcl#741

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy mentioned this pull request Mar 20, 2025
Merged
@cipherboy
Allow parsing boolean in lists
ae3cb7f 
This is tested in Vault's vault.TestPolicy_Parse:

    path "test/types" {
        capabilities = ["create", "sudo"]
        allowed_parameters = {
            "map" = [{"good" = "one"}]
            "int" = [1, 2]
        }
        denied_parameters = {
            "string" = ["test"]
            "bool" = [false]
        }
    }

Creating the equivalent in JSON fails because HCLv1 silently fails to
parse this value:

    "test/types": {
      "capabilities": ["create", "sudo"],
      "allowed_parameters": {
        "map": [{"good": "one"}],
        "int": [1, 2]
      },
      "denied_parameters": {
        "string": ["test"],
        "bool": [false]
      }
    }

Resolves: hashicorp#740

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy force-pushed the fix-bool-in-list-json-hclv1 branch from 6fd4c90 to ae3cb7f Compare March 20, 2025 03:22
cipherboy added a commit to openbao/openbao that referenced this pull request Mar 20, 2025
@cipherboy
Validate policies can contain comments, be JSON (#1134)
ba55784 
* Validate policies can contain comments, be JSON

Uncommenting the JSON test fails presently:

    --- FAIL: TestPolicy_Parse (0.00s)
        --- FAIL: TestPolicy_Parse/JSON (0.00s)
            policy_test.go:247: value: &vault.PathRules{Path:"test/types", Policy:"", Permissions:(*vault.ACLPermissions)(0xc000467570), IsPrefix:false, HasSegmentWildcards:false, Capabilities:[]string{"create", "sudo"}, MinWrappingTTLHCL:interface {}(nil), MaxWrappingTTLHCL:interface {}(nil), AllowedParametersHCL:map[string][]interface {}{"int":[]interface {}{1, 2}, "map":[]interface {}{map[string]interface {}{"good":"one"}}}, DeniedParametersHCL:map[string][]interface {}{"bool":[]interface {}{}, "string":[]interface {}{"test"}}, RequiredParametersHCL:[]string(nil), MFAMethodsHCL:[]string(nil), PaginationLimitHCL:0}
            policy_test.go:494: [slice[8].Permissions.DeniedParameters.map[bool].slice[0]: <no value> != false slice[8].DeniedParametersHCL.map[bool].slice[0]: <no value> != false]
    FAIL
    FAIL	github.com/openbao/openbao/vault	0.021s
    FAIL

See also: hashicorp/hcl#740
See also: hashicorp/hcl#741

Signed-off-by: Alexander Scheel <[email protected]>

* Add comment and JSON form to policy docs

Signed-off-by: Alexander Scheel <[email protected]>

---------

Signed-off-by: Alexander Scheel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cipherboy