From a1e93dddf21f0629a870eb889da66febb4302dbd Mon Sep 17 00:00:00 2001 From: Justin Field Date: Tue, 4 Apr 2017 10:11:21 -0700 Subject: [PATCH] Set is admin to be explicitly false when not true Update IAM principal meta data to have is_admin = false rather than having be missing when it does not have admin permissions. --- .../java/com/nike/cerberus/service/AuthenticationService.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/nike/cerberus/service/AuthenticationService.java b/src/main/java/com/nike/cerberus/service/AuthenticationService.java index d9106c0c1..538f1890d 100644 --- a/src/main/java/com/nike/cerberus/service/AuthenticationService.java +++ b/src/main/java/com/nike/cerberus/service/AuthenticationService.java @@ -217,6 +217,8 @@ public IamRoleAuthResponse authenticate(IamRoleCredentialsV2 credentials) { if (getAdminRoleArnSet().contains(iamRoleArn)) { meta.put(VaultAuthPrincipal.METADATA_KEY_IS_ADMIN, Boolean.toString(true)); groups.add("admin-iam-principals"); + } else { + meta.put(VaultAuthPrincipal.METADATA_KEY_IS_ADMIN, Boolean.toString(false)); } meta.put(VaultAuthPrincipal.METADATA_KEY_GROUPS, StringUtils.join(groups, ','));