Policy Permit Privileges without brackets doesn't produce an error

[jvanderhoof]

Summary

This issue arose from a customer call. The customer had created a Permit in the following form:

- !permit
  role: !group bar-reader
  privileges: read, execute
  resource: !variable bar

instead of the correct form:

- !permit
  role: !group bar-reader
  privileges: [ read, execute ]
  resource: !variable bar

When the customer attempted to retrieve the variable value, they received an error that the host did not have execute permission.

Steps to Reproduce

These steps were run using the conjurdemos/dap-intro project.

1. Start a DAP instance: bin/dap --provision-master.
2. Navigate to the Conjur UI using Firefox (Chrome blocks the ability to accept unknown certificates).
3. Create a bad policy file:

   # policy/malformed-permission-list/bad-policy.yml
   - !policy
     id: default
     body: 
       - !host foo
       - !variable bar
       - !group bar-reader
       - !permit
         role: !group bar-reader
         privileges: read, execute
         resource: !variable bar
       - !grant
         member: !host foo
         role: !group bar-reader

4. Load the Policy into Conjur:

   bin/cli conjur policy load root policy/malformed-permission-list/bad-policy.yml

5. Copy the created API key for the default/foo host and save it for future use.
6. Navigate to the Variable bar in the UI: https://localhost/ui/secrets/default%2Fbar
7. Note that the Group default/bar-reader appears to have read/execute permission, which means members of that group (including the default/foo host) should be able to see and view the value of default/bar:
   
8. Logout of the UI
9. Login to the UI using the username host/default/foo, and the API key captured above.
10. Try to view the variable default/bar in the UI: https://localhost/ui/secrets/default%2Fbar.
11. Notice that the page is white. Looking at the docker logs for the leader, not the following line:

    Completed 403 Forbidden
    

12. Create a good version of the policy file:

    # policy/malformed-permission-list/good-policy.yml
    - !policy
      id: default
      body: 
        - !host foo
        - !variable bar
        - !group bar-reader
        - !permit
          role: !group bar-reader
          privileges: [ read, execute ]
          resource: !variable bar
        - !grant
          member: !host foo
          role: !group bar-reader

13. Load the fixed file:

    bin/cli conjur policy load  root policy/malformed-permission-list/good-policy.yml
    

14. Reload the Variable page in Firefox, and note that the page loads as expected.

Expected Results

Privileges in policy are technically allowed to be anything. We use the strings read, execute, and update to define permissions enable a variable to be shown, see the variable value, and update a value.

Setting the privileges to a string instead of an array is technically permitted, but feels at odds with the intended outcome. I propose the following change:

• privileges values must be provided as an array.
• privilege (if supported) must be provide as a string.
• privileges/privilege values only support non-accented alphabetic characters.

Actual Results

A clear and concise description of what actually did happen. Include logs and
screens shots, whenever possible

Reproducible

• Always
• Sometimes
• Non-Reproducible

Version/Tag number

What version of the product are you running? Any version info that you can
share is helpful. For example, you might give the version from Docker logs,
the Docker tag, a specific download URL, the output of the /info route, etc.

Environment setup

• Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud?
• Which cloud provider? Which container orchestrator (including version)?
• The more info you can share about your runtime environment, the better we may be able to reproduce the issue.

Additional Information

Add any other context about the problem here.