Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clone policy permissions and then use existing values rather than policy values for modifications #2826

Merged
merged 1 commit into from
Jun 7, 2017
Merged

Clone policy permissions and then use existing values rather than policy values for modifications #2826

merged 1 commit into from
Jun 7, 2017

Conversation

jefferai
Copy link
Member

@jefferai jefferai commented Jun 7, 2017
edited
Loading

Should fix #2804

Note: this may have some performance impact, although how much will depend on whether there is allowed_parameters/denied_parameters. We may be able to speed that up, but at the moment I'm preferring correctness over speed.

@jefferai jefferai changed the title Clone policy permissions and then use existing values rather than policy Clone policy permissions and then use existing values rather than policy values for modifications Jun 7, 2017
@jefferai jefferai added this to the 0.7.3 milestone Jun 7, 2017
vishalnayak
vishalnayak reviewed Jun 7, 2017
View reviewed changes
vault/policy.go
}

switch {
case p.AllowedParameters == nil:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jeff why do we need both a nil check and a len == 0 check, Can you please add a comment to help understand it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sure that the clone is an exact clone. A map of length 0 is an empty map, but not the same as a nil (unallocated) map.

briankassouf
briankassouf reviewed Jun 7, 2017
View reviewed changes
vault/policy.go
case len(p.AllowedParameters) == 0:
ret.AllowedParameters = make(map[string][]interface{})
default:
clonedAllowed, err := copystructure.Copy(p.AllowedParameters)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy structure might cover the above case as well?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, just doing this for efficiency rather than call into it!

briankassouf
briankassouf approved these changes Jun 7, 2017
View reviewed changes
Copy link
Member

@briankassouf briankassouf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just that one comment, otherwise looks great!

vishalnayak
vishalnayak approved these changes Jun 7, 2017
View reviewed changes
Copy link
Member

@vishalnayak vishalnayak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jefferai jefferai merged commit 42973f3 into master Jun 7, 2017
@jefferai jefferai deleted the issue-2804 branch June 7, 2017 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briankassouf briankassouf briankassouf approved these changes

@vishalnayak vishalnayak vishalnayak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.7.3
Development

Successfully merging this pull request may close these issues.

vault panics due to concurrent map writes
3 participants
@jefferai @briankassouf @vishalnayak