Skip to content

Commit

Permalink
Revert "Backport of Vault 3992 ToB Config and Plugins Permissions int…
Browse files Browse the repository at this point in the history 
…o release/1.10.x (#14881)" (#14915)

This reverts commit a43b8ee.
  • Loading branch information
@akshya96
akshya96 committed Apr 5, 2022
1 parent 4e98cfc commit d077b4f
Show file tree
Hide file tree
Showing 19 changed files with 12 additions and 443 deletions.
3 changes: 0 additions & 3 deletions changelog/14817.txt
View file

This file was deleted.

3 changes: 0 additions & 3 deletions command/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2518,8 +2518,6 @@ func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.
ClusterName: config.ClusterName,
CacheSize: config.CacheSize,
PluginDirectory: config.PluginDirectory,
PluginFileUid: config.PluginFileUid,
PluginFilePermissions: config.PluginFilePermissions,
EnableUI: config.EnableUI,
EnableRaw: config.EnableRawEndpoint,
DisableSealWrap: config.DisableSealWrap,
Expand All @@ -2537,7 +2535,6 @@ func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.
LicensePath: config.LicensePath,
DisableSSCTokens: config.DisableSSCTokens,
}

if c.flagDev {
coreConfig.EnableRaw = true
coreConfig.DevToken = c.flagDevRootTokenID
Expand Down
57 changes: 1 addition & 56 deletions command/server/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,7 @@ import (
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/vault/helper/osutil"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/sdk/helper/consts"
)

var entConfigValidate = func(_ *Config, _ string) []configutil.ConfigError {
Expand Down Expand Up @@ -56,11 +54,6 @@ type Config struct {

PluginDirectory string `hcl:"plugin_directory"`

PluginFileUid int `hcl:"plugin_file_uid"`

PluginFilePermissions int `hcl:"-"`
PluginFilePermissionsRaw interface{} `hcl:"plugin_file_permissions,alias:PluginFilePermissions"`

EnableRawEndpoint bool `hcl:"-"`
EnableRawEndpointRaw interface{} `hcl:"raw_storage_endpoint,alias:EnableRawEndpoint"`

Expand Down Expand Up @@ -134,6 +127,7 @@ telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
}
enable_raw_endpoint = true
storage "%s" {
Expand Down Expand Up @@ -282,17 +276,6 @@ func (c *Config) Merge(c2 *Config) *Config {
result.PluginDirectory = c2.PluginDirectory
}

result.PluginFileUid = c.PluginFileUid
if c2.PluginFileUid != 0 {
result.PluginFileUid = c2.PluginFileUid
}

result.PluginFilePermissions = c.PluginFilePermissions
if c2.PluginFilePermissionsRaw != nil {
result.PluginFilePermissions = c2.PluginFilePermissions
result.PluginFilePermissionsRaw = c2.PluginFilePermissionsRaw
}

result.DisablePerformanceStandby = c.DisablePerformanceStandby
if c2.DisablePerformanceStandby {
result.DisablePerformanceStandby = c2.DisablePerformanceStandby
Expand Down Expand Up @@ -367,13 +350,6 @@ func LoadConfig(path string) (*Config, error) {
}

if fi.IsDir() {
// check permissions on the config directory
if os.Getenv(consts.VaultDisableFilePermissionsCheckEnv) != "true" {
err = osutil.OwnerPermissionsMatch(path, 0, 0)
if err != nil {
return nil, err
}
}
return CheckConfig(LoadConfigDir(path))
}
return CheckConfig(LoadConfigFile(path))
Expand Down Expand Up @@ -409,21 +385,6 @@ func LoadConfigFile(path string) (*Config, error) {
return nil, err
}

if os.Getenv(consts.VaultDisableFilePermissionsCheckEnv) != "true" {
// check permissions of the config file
err = osutil.OwnerPermissionsMatch(path, 0, 0)
if err != nil {
return nil, err
}
// check permissions of the plugin directory
if conf.PluginDirectory != "" {

err = osutil.OwnerPermissionsMatch(conf.PluginDirectory, conf.PluginFileUid, conf.PluginFilePermissions)
if err != nil {
return nil, err
}
}
}
return conf, nil
}

Expand Down Expand Up @@ -498,18 +459,6 @@ func ParseConfig(d, source string) (*Config, error) {
}
}

if result.PluginFilePermissionsRaw != nil {
octalPermissionsString, err := parseutil.ParseString(result.PluginFilePermissionsRaw)
if err != nil {
return nil, err
}
pluginFilePermissions, err := strconv.ParseInt(octalPermissionsString, 8, 64)
if err != nil {
return nil, err
}
result.PluginFilePermissions = int(pluginFilePermissions)
}

if result.DisableSentinelTraceRaw != nil {
if result.DisableSentinelTrace, err = parseutil.ParseBool(result.DisableSentinelTraceRaw); err != nil {
return nil, err
Expand Down Expand Up @@ -889,10 +838,6 @@ func (c *Config) Sanitized() map[string]interface{} {

"plugin_directory": c.PluginDirectory,

"plugin_file_uid": c.PluginFileUid,

"plugin_file_permissions": c.PluginFilePermissions,

"raw_storage_endpoint": c.EnableRawEndpoint,

"api_addr": c.APIAddr,
Expand Down
3 changes: 0 additions & 3 deletions command/server/config_test_helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -694,8 +694,6 @@ func testConfig_Sanitized(t *testing.T) {
"disable_indexing": false,
"disable_mlock": true,
"disable_performance_standby": false,
"plugin_file_uid": 0,
"plugin_file_permissions": 0,
"disable_printable_check": false,
"disable_sealwrap": true,
"raw_storage_endpoint": true,
Expand Down Expand Up @@ -857,7 +855,6 @@ func testParseSockaddrTemplate(t *testing.T) {
api_addr = <<EOF
{{- GetAllInterfaces | include "flags" "loopback" | include "type" "ipv4" | attr "address" -}}
EOF
listener "tcp" {
address = <<EOF
{{- GetAllInterfaces | include "flags" "loopback" | include "type" "ipv4" | attr "address" -}}:443
Expand Down
66 changes: 0 additions & 66 deletions helper/osutil/fileinfo.go
View file

This file was deleted.

84 changes: 0 additions & 84 deletions helper/osutil/fileinfo_test.go
View file

This file was deleted.

53 changes: 0 additions & 53 deletions helper/osutil/fileinfo_unix.go
View file

This file was deleted.

Loading

0 comments on commit d077b4f

Please sign in to comment.