Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli/policies: removing a policy subject adds the subject Instead #662

Closed
jamesnicolas opened this issue Nov 24, 2017 · 3 comments
Closed

cli/policies: removing a policy subject adds the subject Instead #662

jamesnicolas opened this issue Nov 24, 2017 · 3 comments
Labels
bug Something is not working.
Milestone
0.10.0

Comments

@jamesnicolas
Copy link
Contributor

When I do hydra policies subject remove <policy> <subject>, it doesn't remove it, it adds it.

Steps to Reproduce:

Step 0, start from a fresh hydra instance, with migrations and hydra connect already done, and the connecting client has permissions to manage policies.

1. Create a new policy

$ hydra policies create --skip-tls-verify \
    --actions only,get,stronger \
    --allow \
    --description "eventually, everyone was given access" \
    --id unkillable \
    --resources the:whole:universe \
    --subjects justme

Created policy unkillable.

2. Try to remove justme

$ hydra policies subjects remove justme
Removed subjects from policy unkillable

3. Check if it was removed

$ hydra policies get unkillable

{
        "actions": [
                "stronger",
                "get",
                "only"
        ],
        "description": "eventually, everyone was given access",
        "effect": "allow",
        "id": "unkillable",
        "resources": [
                "the:whole:universe"
        ],
        "subjects": [
                "justme"
        ]
}

4. Try to remove the-solar-system (which didn't exist previously)

$ hydra policies subjects remove the-solar-system
Removed subjects from policy unkillable

5. See that non-existent the-solar-system subject is now existent.

$ hydra policies get unkillable
{
        "actions": [
                "stronger",
                "get",
                "only"
        ],
        "description": "eventually everyone was given access",
        "effect": "allow",
        "id": "unkillable",
        "resources": [
                "the:whole:universe"
        ],
        "subjects": [
                "justme",
                "the-solar-system"
        ]
}

Also, I noticed these two lines in hydra/cmd/cli/handler_policy.go:RemoveSubjectFromPolicy, as of tag: v0.10.0-alpha.18

186     p.Subjects = subjects
187     p.Subjects = append(p.Subjects, args[1:]...)

So maybe line 187 is causing this.
@aeneasr
Copy link
Member

aeneasr commented Nov 26, 2017

Indeed, nice catch! If you have the time, I would welcome a PR!

@aeneasr aeneasr added the bug Something is not working. label Nov 26, 2017
@aeneasr aeneasr added this to the 0.10.0 milestone Nov 26, 2017
@jamesnicolas
Copy link
Contributor Author

Cool, created #665, should fix it.

@aeneasr
Copy link
Member

aeneasr commented Nov 28, 2017

Merged

@aeneasr aeneasr closed this as completed Nov 28, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
0.10.0
Development

No branches or pull requests
2 participants
@jamesnicolas @aeneasr