Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Entities may have duplicate policies #10847

Closed
tionebsalocin opened this issue Feb 5, 2021 · 0 comments · Fixed by #12812
Closed

Entities may have duplicate policies #10847

tionebsalocin opened this issue Feb 5, 2021 · 0 comments · Fixed by #12812
Labels
bug Used to indicate a potential bug core/identity

Comments

@tionebsalocin
Copy link
Contributor

Describe the bug
Entities may have duplicate policies

To Reproduce
Steps to reproduce the behavior:
This can be reproduced in dev mode: vault server -dev

  1. Create an entity and assign several times the same policy:
curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data '{"metadata": {"organization": "hashicorp","team": "vault"}, "policies": ["policies-ro", "policies-ro", "policies-ro", "policies-ro", "policies-ro", "policies-ro"]}' \
    http://127.0.0.1:8200/v1/identity/entity

Output:
{"request_id":"...","lease_id":"","renewable":false,"lease_duration":0,"data":{"aliases":null,"id":"...","name":"entity_67584b4f"},"wrap_info":null,"warnings":null,"auth":null}
2. Display the entity info and notice that duplicate policies are assigned

curl \
    --header "X-Vault-Token: vaultdev" \
    http://127.0.0.1:8200/v1/identity/entity/name/entity_67584b4f | jq .

Output:

{
  "request_id": "...",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "aliases": [],
    "creation_time": "2021-02-05T16:19:54.987245149Z",
    "direct_group_ids": [],
    "disabled": false,
    "group_ids": [],
    "id": "...",
    "inherited_group_ids": [],
    "last_update_time": "2021-02-05T16:19:54.987245149Z",
    "merged_entity_ids": null,
    "metadata": {
      "organization": "hashicorp",
      "team": "vault"
    },
    "name": "entity_67584b4f",
    "namespace_id": "root",
    "policies": [
      "policies-ro",
      "policies-ro",
      "policies-ro",
      "policies-ro",
      "policies-ro",
      "policies-ro"
    ]
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

Expected behavior
Either remove duplicate during the entity creation or send a "duplicate policy" error

Environment:

  • Vault Server Version (retrieve with vault status): 1.5.7
  • Vault CLI Version (retrieve with vault version): 1.5.7
  • Server Operating System/Architecture: CentOS 7 5.4.93-1.el7.x86_64

Additional context
As we use consul as backend this can lead to data exceeding the maximum size of the kv
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug core/identity
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Entities may have duplicate policies hashicorp/vault
4 participants
@HridoyRoy @tionebsalocin @hghaf099 @hsimon-hashicorp