Alexander Scheel
Alexander Scheel
@fatima2003 Hmm... But does `tlsConfig.RootCAs == nil` break if we've done https://github.com/openbao/openbao/pull/574#discussion_r1783377589 such that we always provision the System CA pool? I think more ideally, if we had a leaf...
@fatima2003 Do you remember what the status of this issue is? I think it is still there, so perhaps we'll fix it later?
> Some Read functions implement now R/O transactions, while some others are unchanged (pathDataRead, for ex.): is there a reason for this? Sorry, can you expand on this @DanGhita ?...
Ah, I didn't think reading the configuration was important to be tracked in the transaction. The issue is the lock acquisition occurs _after_ config read (and we need to open...
Hello @johanneswuerbach -- many thanks for the reproducer! I can confirm this does indeed affect OpenBao as well. I've opened a PR with changes (#560) in case you or @astromechza...
@JanMa I'm fine with `recurse=true` but I think it needs to be combined with a new permission. Otherwise we allow people with `LIST /a` (with recurse) to see `/a/b/c` even...
### Summary Introduce a new ACL capability, `scan`, and operation type, under the `SCAN` HTTP verb or `GET` with `?scan=true`, to safely support recursive listing of entries under a given...
@JanMa @DanGhita In the future, we could implement a proper `Scan(...)` and `ScanPage(...)` operation at the data store level. This does not preclude that work, so I'd consider that a...
@SixTanDev OpenBao does not have namespace support... You're welcome to contribute a RFC towards its implementation if you want this feature!
Cool, re-opening as a feature request then :-) I'd suggest following the RFC template and commenting here (or editing the description and tagging me): https://github.com/openbao/openbao/blob/main/.github/ISSUE_TEMPLATE/rfc.yml