Policies with the sequence ,. can be created but not deleted with the Vault UI

[sgowie]

Environment:

• Vault Version: 0.10.0
• Operating System/Architecture: Official docker container

Vault Config File:

storage "consul" {
  address = "..."
  scheme = "https"
  token = "..."
  path = "vault/"
  tls_ca_file = "/etc/vault-certs/ca.crt"
  check_timeout = "30s"
  disable_registration = "true"
}
disable_mlock=true
listener "tcp" {
  address = "0.0.0.0:8200"
  tls_cert_file = "/etc/vault-certs/vault.crt"
  tls_key_file = "/etc/vault-certs/vault.key"
}
default_lease_ttl="1h"
max_lease_ttl="48h"
ui=true

Startup Log Output:

n/a

Expected Behavior:
Policies containing ,. in their name should either not be permitted, or should be manipulatable after the fact.

Actual Behavior:
Policies are created but cannot be edited with the UI. Vault CLI can still be used to delete errant policies

Steps to Reproduce:

• Log into vault UI
• Navigate to Policies
• Click 'Create ACL Policy'
• Provide a name containing ,. e.g. symbol,. and maybe other things
• Define any Policy, e.g. path "secret/no/do/not/look" {capabilities = ["create", "read", "delete", "list", "update"]}
• Click Create Policy

Problem manifests in the absence of an edit toggle on the resulting page, or when on the Policy index page the elipsis modal is empty.

Important Factoids:

References:

[meirish]

Thanks for the report!