Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vault: protect against empty Vault secret response #4937

Merged
merged 1 commit into from
Nov 29, 2018
Merged

Conversation

notnoop
Copy link
Contributor

@notnoop notnoop commented Nov 29, 2018

Fixes #4921

Sadly, we don't have proper mechanism to mock Vault client, so not sure how to best test this.

I inspected the Vault client interactions, specially for cases where returned value is nil even if the error is also nil. I believe we covered all correctly now:

if err != nil {
// Try looking up our token directly
self, err = auth.Lookup(v.client.Token())
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The assignment to self here is ineffective - as if this try succeeds, self is stomped by assignment in L646, as @tantra35 identified. Thanks!

Also, fix a case where a successful second attempt of loading token can
cause a panic.
Copy link
Contributor

@preetapan preetapan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@notnoop notnoop merged commit e78c436 into master Nov 29, 2018
@notnoop notnoop deleted the b-vault-panic branch December 5, 2018 00:50
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants