Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kv policy verification #72

Merged
merged 40 commits into from
Nov 5, 2024
Merged

Conversation

suprjinx
Copy link
Collaborator

@suprjinx suprjinx commented Nov 4, 2024

Depends on #70

Fixes #56

policies.append(policy_name).uniq!
put_entity(sub, policies, metadata)
put_entity_alias(sub, email, "oidc")
Domain.with_advisory_lock(sub) do
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is unfortunate that this mechanism isn't provided by vault itself, because this won't prevent another user/app from modifying the entity directly

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

out of curiosity, why not just use a ruby mutex: https://ruby-doc.org/core-2.5.1/Mutex.html

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i tried! but there are apparently multiple instances of the server running, which won't share the mutex attribute.

Copy link
Collaborator

@GeorgeJahad GeorgeJahad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@suprjinx suprjinx merged commit 8da7da1 into G-Research:main Nov 5, 2024
2 checks passed
@suprjinx suprjinx deleted the kv_identity_verify branch November 5, 2024 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Astral needs a mechanism for determining whether a supplied token has the rights to perform a read operation
2 participants