Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes Namespace Concat Bug for KV2 secrets #1921

Merged
merged 12 commits into from
May 6, 2024
Merged

Fixes Namespace Concat Bug for KV2 secrets #1921

merged 12 commits into from
May 6, 2024

Conversation

divyaac
Copy link
Contributor

@divyaac divyaac commented May 3, 2024
edited
Loading

Pushing this first:

Vault-ent tests that test this new functionality: https://github.com/hashicorp/vault-enterprise/pull/5811 (Note, these will not pass in CI, until this pr is pushed a new consul-template version is used)

After pushing this PR:

  1. Push new consul-template version (there is a release process that is time consuming)
  2. Modify the consul-template version in the test pr above : https://github.com/hashicorp/vault-enterprise/pull/5811
  3. Tests should pass, version is updated, will push the linked test pr.

@divyaac divyaac requested a review from VioletHynes May 3, 2024 18:45
VioletHynes
VioletHynes reviewed May 3, 2024
View reviewed changes
Copy link
Contributor

@VioletHynes VioletHynes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments so far

dependency/vault_read.go Outdated Show resolved Hide resolved
dependency/vault_read.go Outdated Show resolved Hide resolved
dependency/vault_read.go Outdated Show resolved Hide resolved
VioletHynes
VioletHynes reviewed May 6, 2024
View reviewed changes
dependency/vault_read.go
p := strings.TrimPrefix(rawPath, mountPath)

// Canonicalize the client namespace path to always having a '/' suffix
if !strings.HasSuffix(clientNamespace, "/") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of scope for this PR, but maybe we should expose namespace.Canonicalize in our SDK for this kind of thing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can probably canonicalize it in Agent when we set the template config value

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, though I like keeping it in consul-template too for anything else that happens to be using it. Like I said, out of scope for this PR, but it seems like we have a need for external repos to be able to use the Canonicalize logic without repeating it. Food for thought!

dependency/vault_read.go Show resolved Hide resolved
dependency/vault_read.go Show resolved Hide resolved
VioletHynes
VioletHynes approved these changes May 6, 2024
View reviewed changes
Copy link
Contributor

@VioletHynes VioletHynes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work! This is a really well-thought out fix for a tricky bug. Good job!

@divyaac divyaac merged commit b41578b into main May 6, 2024
54 checks passed
@divyaac divyaac deleted the Namespace_KV2_Concat_Bug branch May 6, 2024 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VioletHynes VioletHynes VioletHynes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@divyaac @VioletHynes