Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependency: fix kv2 data path prefix checking #1341

Merged
merged 1 commit into from
Mar 2, 2020
Merged

dependency: fix kv2 data path prefix checking #1341

merged 1 commit into from
Mar 2, 2020

Conversation

findkim
Copy link
Contributor

@findkim findkim commented Feb 21, 2020

The implicit /data/ path prefix for kv2 secrets were not properly prepended for secret paths matching /data*.

Fixes #1340

lornasong
lornasong approved these changes Feb 21, 2020
View reviewed changes
Copy link
Member

@lornasong lornasong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me!

eikenb
eikenb reviewed Feb 28, 2020
View reviewed changes
dependency/vault_common.go Outdated
@@ -333,14 +333,15 @@ func isKVv2(client *api.Client, path string) (string, bool, error) {
return mountPath, false, nil
}

func addPrefixToVKVPath(p, mountPath, apiPrefix string) string {
func addPrefixToVKVPath(p, mountPath, apiPrefixRaw string) string {
apiPrefix := path.Clean(apiPrefixRaw)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why Clean() here? The KV prefixes have a path like structure, they don't follow all the rules. Seems like it might have some unintended side effect.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the context on the prefix structure and good point, updated changes to make it more explicit on the trailing / check

@findkim findkim requested a review from eikenb March 2, 2020 15:45
@findkim findkim mentioned this pull request Mar 2, 2020
Closed
eikenb
eikenb approved these changes Mar 2, 2020
View reviewed changes
Copy link
Contributor

@eikenb eikenb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@findkim findkim merged commit 1c62401 into hashicorp:master Mar 2, 2020
@findkim findkim deleted the fix-kv2-secret-path branch March 2, 2020 20:22
@findkim findkim mentioned this pull request Mar 2, 2020
Merged
@eikenb eikenb added this to the 0.25.0 milestone Apr 24, 2020
@eikenb eikenb added the bug label Apr 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eikenb eikenb eikenb approved these changes

@lornasong lornasong lornasong approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
0.25.0
Development

Successfully merging this pull request may close these issues.

fail when kv2 secret path starts with "data"
3 participants
@findkim @eikenb @lornasong