Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global flag that outputs minimum policy HCL required for an operation #14899

Merged
merged 42 commits into from
Apr 27, 2022
Merged

Global flag that outputs minimum policy HCL required for an operation #14899

merged 42 commits into from
Apr 27, 2022

Conversation

digivava
Copy link
Collaborator

@digivava digivava commented Apr 4, 2022

Implementation of an idea that was added to the KV path discrepancy discussions by @tomhjp !

This is implemented in the same way as-output-curl-string, except instead of producing a curl example, it produces an example of the minimum policy HCL needed to run that command.

The "sudo" capability is determined by querying the OpenAPI spec endpoint for paths that have "x-vault-sudo" set to true.

@digivava digivava added this to the 1.11.0-rc1 milestone Apr 4, 2022
@digivava digivava requested review from tomhjp and a team April 4, 2022 22:21
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 4, 2022 22:31 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 4, 2022 22:31 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 5, 2022 17:21 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 5, 2022 17:21 Inactive
VinnyHC
VinnyHC reviewed Apr 5, 2022
View reviewed changes
Copy link
Contributor

@VinnyHC VinnyHC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome! Some notes/questions in a few areas. Resolving the sudo permission is an interesting problem to solve!

api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 5, 2022 19:07 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 5, 2022 19:07 Inactive
averche
averche reviewed Apr 5, 2022
View reviewed changes
api/client.go Outdated Show resolved Hide resolved
api/output_policy.go Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
api/output_policy.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault April 5, 2022 23:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 5, 2022 23:58 Inactive
tomhjp
tomhjp reviewed Apr 6, 2022
View reviewed changes
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome! And works great. Thanks for the cc :) just a few suggestions, mainly focussed around the UX for errors/incorrect usage.

command/kv_patch.go Outdated Show resolved Hide resolved
api/output_policy_test.go Outdated Show resolved Hide resolved
command/main.go Outdated Show resolved Hide resolved
command/main.go Outdated Show resolved Hide resolved
command/main.go Outdated Show resolved Hide resolved
command/main.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook April 6, 2022 15:44 Inactive
@vercel vercel bot temporarily deployed to Preview – vault April 6, 2022 15:44 Inactive
@digivava digivava requested a review from averche April 20, 2022 15:24
VinnyHC
VinnyHC reviewed Apr 21, 2022
View reviewed changes
api/output_policy.go Outdated Show resolved Hide resolved
averche
averche reviewed Apr 21, 2022
View reviewed changes
api/output_policy_test.go Outdated Show resolved Hide resolved
command/kv_helpers.go Outdated Show resolved Hide resolved
command/main.go Show resolved Hide resolved
command/main.go Outdated Show resolved Hide resolved
@digivava
Remove commented out code
987c0b6
@digivava
Remove legacy MFA paths
e685dbb
@digivava
Merge branch 'digivava/output-policy' into digivava/output-policy-sta…
6fc4b6a 
…tic-list
@digivava
Remove unnecessary use of client
2293944
@digivava
Move sudo paths map to plugin helper
cc43942
@digivava
Remove unused error return
42c4025
@digivava
Add explanatory comment
32fe843
@digivava
Remove need to pass in address
d44f61f
@digivava
Make {name} regex less greedy
7327e9e
@digivava
Use method and path instead of info from retryablerequest
47f0b05
@digivava
Add test for IsSudoPaths, use more idiomatic naming
6107c62
@digivava
Use precompiled regexes and move OpenAPI call to tests (#15170)
384e2e8 
* Use precompiled regexes and move OpenAPI call to tests

* Remove commented out code

* Remove legacy MFA paths

* Remove unnecessary use of client

* Move sudo paths map to plugin helper

* Remove unused error return

* Add explanatory comment

* Remove need to pass in address

* Make {name} regex less greedy

* Use method and path instead of info from retryablerequest

* Add test for IsSudoPaths, use more idiomatic naming
VinnyHC
VinnyHC approved these changes Apr 26, 2022
View reviewed changes
Copy link
Contributor

@VinnyHC VinnyHC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fantastic stuff, really nice work piecing all of this together!

averche
averche approved these changes Apr 27, 2022
View reviewed changes
Copy link
Contributor

@averche averche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job, this will be an awesome feature! 👍

@digivava digivava merged commit 7089487 into main Apr 27, 2022
@digivava digivava deleted the digivava/output-policy branch April 27, 2022 23:35
@aphorise aphorise mentioned this pull request Sep 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@averche averche averche approved these changes

@VinnyHC VinnyHC VinnyHC approved these changes

@tomhjp tomhjp Awaiting requested review from tomhjp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.11.0-rc1
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@digivava @tomhjp @averche @VinnyHC