Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth/ldap: add resp warning if userfilter doesn't consider userattr #14095

Merged
merged 2 commits into from
Feb 18, 2022

Conversation

calvn
Copy link
Contributor

@calvn calvn commented Feb 16, 2022

This PR adds a response warning to config read and write endpoints if we detect that a non-empty userfilter does not consider userattr.

The default userfilter config value contains the templated {{.UserAttr}} value which should take care of not issuing this warning for any config updates where this is not provided explicitly.

However, a config may have an empty userfilter if users are upgrading existing Vault installations from 1.8 to 1.9, which is when userfilter was introduced. In order to avoid spamming the logs, a server-side log is only printed on config reads and writes if userfilter is non-empty. Thankfully the rendered search filter will default to a filter that references userattr if the config userfilter is empty, which in turn handles the upgrade case gracefully.

Related to #11000

@calvn calvn added this to the 1.10-rc1 milestone Feb 16, 2022
@calvn calvn requested a review from a team February 16, 2022 00:57
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 16, 2022 01:01 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 16, 2022 01:01 Inactive
@calvn calvn merged commit fb819a3 into main Feb 18, 2022
@calvn calvn deleted the ldap-userfilter-resp-warning branch February 18, 2022 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants