upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-04 22:32:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Use role's allowed policies if none are given

Browse source
This commit is contained in:
Jeff Mitchell 2016-03-09 10:42:04 -05:00
parent 6a01943755
commit 12f58773fe
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
vault/token_store.go
View file

@ -749,8 +749,12 @@ func (ts *TokenStore) handleCreateCommon(
// If we have a role, we don't even consider parent policies; the role
// allowed policies trumps all
case role != nil:
if !strListSubset(role.AllowedPolicies, data.Policies) {
return logical.ErrorResponse("token policies must be subset of the role's allowed policies"), logical.ErrInvalidRequest
if len(data.Policies) == 0 {
data.Policies = role.AllowedPolicies
} else {
if !strListSubset(role.AllowedPolicies, data.Policies) {
return logical.ErrorResponse("token policies must be subset of the role's allowed policies"), logical.ErrInvalidRequest
}
}
case len(data.Policies) == 0: