Policy parsing bug in 0.11.0 #5219
Comments
|
I also found this when I restarted my docker-based install and it upgraded. Pushed back the tag to 0.10.4 until it's fixed! |
|
@chrishoffman @jefferai Is the fix available in 0.11.0 image ? Or will be it in 0.11.1 ? We are still getting "Error failed to validate policy templating: unbalanced templating characters" exception when posting base64 encoded ACL policy. {"path":{"secret/":{"capabilities":["read"]}}} |
|
There will be a 0.11.1 shortly to address this issue. You can also build from master right now to see if it addresses the issue. |
|
@chrishoffman Thanks for the update. I couldn't find the master tag in the Vault docker hub.
|
|
@gowthamsubbu That's exactly my issue - using docker means we're reliant on a build being produced and pushed to Docker Hub. I'm content to know it's fixed and incoming. Thanks for the update @chrishoffman! |
|
I meant from source. We don't publish master docker images. |
|
I have to use HCL format to compose my policy strings instead of json format to bypass this bug in vault 0.11. |
* Add .get("data") on /sys/<route>
* remove ["data"] from list_auth_backcends()
* remove .get("data") from unwrap()
* modify mock_response on test_read_lease
* remove .get("data") from read_lease()
* Re add ['data'] field on read_lease_response
* Add conditional logic
* Update new system backend tests for new method bits
* Change policy to HCL format to work around Vault v0.11.0 bug
See: hashicorp/vault#5219
* Make v0.11.0 test successes required
* undo accidentally line removal
* Tweak list_policies updates
* Tweak key_status update
* tweak list_secret_backends update
* tweak get_secret_backend_tuning update
* tweak list_audit_backends update
* tweak audit_hash update
* tweak list_auth_backends update
Describe the bug
Policy syntax is not accepted anymore by the latest version.
To Reproduce
Create new policy with this content :
{"path":{"secret/*":{"capabilities":["read"]}}}Return :
"Error failed to validate policy templating: unbalanced templating characters"
To be accepted I must use this syntax :
{"path":{"secret/*":{"capabilities":["read"]} } }Expected behavior
Accept valid json regardless of space character like 0.10.4 version
Environment:
vault status): 0.11.0Additional context
The text was updated successfully, but these errors were encountered: