Bug: Cannot execute write operations with valid JSON

Question

Bug: Cannot execute write operations with valid JSON

Closed this issue 3 years ago · 5 comments

Thanks for the awesome tool, it is helping a lot in secret management!

We observed the following bug:

secret/ is a kv key/value secret storage in API version 1.
We create a secret: vault kv put secret/test data=1.
When using VSH to copy or move the secret, we experience a Go panic:

$ vsh -c "cp secret/test secret/test2"
panic: interface conversion: interface {} is string, not map[string]interface {}

goroutine 1 [running]:
github.com/fishi0x01/vsh/client.transformToKV1Secret(...)
	/home/fishi0x01/Workspaces/fishi0x01/vsh/client/util.go:88
github.com/fishi0x01/vsh/client.(*Client).lowLevelWrite(0xc0003fe180, 0xc000130c21, 0xc, 0xc0000a0900, 0x2, 0x0)
	/home/fishi0x01/Workspaces/fishi0x01/vsh/client/write.go:16 +0x3a7
github.com/fishi0x01/vsh/client.(*Client).Write(0xc0003fe180, 0xc000130c20, 0xd, 0xc0000a0900, 0x0, 0x0)
	/home/fishi0x01/Workspaces/fishi0x01/vsh/client/client.go:113 +0x165
github.com/fishi0x01/vsh/cli.(*CopyCommand).copySecret(0xc0003fe200, 0xc000130c10, 0xc, 0xc000130c20, 0xd, 0xd, 0x2)
	/home/fishi0x01/Workspaces/fishi0x01/vsh/cli/cp.go:79 +0xa0
github.com/fishi0x01/vsh/cli.(*CopyCommand).Run(0xc0003fe200, 0x1)
	/home/fishi0x01/Workspaces/fishi0x01/vsh/cli/cp.go:60 +0x140
main.executor(0x7ffeefbff857, 0x1b)
	/home/fishi0x01/Workspaces/fishi0x01/vsh/main.go:77 +0x178
main.main()
	/home/fishi0x01/Workspaces/fishi0x01/vsh/main.go:177 +0x4a2

Other secrets, e.g. as given in the integration tests value=1, work without issues.

System information:

vsh v0.7.2
Vault 1.3.1

Happy to provide further information as needed :)

Answer 1 · 2021-01-26T11:08:42.000Z

Hi Tom 😄 👋

Thx for submission. Looks interesting, because the copy case for KV1 is tested in this suite

From the stacktrace it seems that for some reason secret/test is perceived as a KV2 secret. vsh then tries to convert it to KV1, which fails, because it already is KV1. I will try to reproduce that issue in a test.
What's your permission policy on secret/ and secret/test?

Answer 2 · 2021-01-26T14:03:43.000Z

Was able to reproduce the behavior in a test. (#63)

Answer 3 · 2021-01-26T14:17:16.000Z

Great! The reproduced error looks familiar.
Thanks a lot for the help and we look forward to a fix! 🥇
Should you need further information, we are more than happy to assist.

Answer 4 · 2021-01-27T08:16:54.000Z

@tommartensen Latest master should work with data key. Please let me know if you still witness any issues.

Answer 5 · 2021-01-27T09:07:24.000Z

@fishi0x01 Thanks a lot for the fast fix! I can confirm that latest master works with our system.