Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(vault): reference ending with slash when parsed should not return a key #13504

Merged
merged 2 commits into from
Aug 21, 2024
Merged

fix(vault): reference ending with slash when parsed should not return a key #13504

merged 2 commits into from
Aug 21, 2024

Conversation

bungle
Copy link
Member

@bungle bungle commented Aug 16, 2024
edited
Loading

Summary

Our docs state here:
https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/reference-format/#secret-key

If secret key ends with /, then it is not considered as a Secret Key but as a part of Secret Id.
The difference between Secret Key and Secret Id is that only the Secret Id is sent to vault API,
and the Secret Key is only used when processing

The logic was not working correctly because it was incorrectly assuming what
require("socket.url").parse_path did, that is:

parse_path("/a")
-- { "a", is_absolute = 1 }
parse_path("/a/")
-- { "a", is_absolute = 1, is_directory = 1 }
parse_path("/a/b")
-- { "a", "b", is_absolute = 1 }
parse_path("/a/b/")
-- { "a", "b", is_absolute = 1, is_directory = 1}

This fixes it.

KAG-5181

Checklist

  • The Pull Request has tests
  • A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
  • There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

@github-actions github-actions bot added core/pdk cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee labels Aug 16, 2024
@bungle bungle force-pushed the fix/vault-reference-endslash branch from fd53ac8 to bd614d1 Compare August 16, 2024 08:38
@bungle bungle changed the title Fix/vault reference endslash fix(vault): reference path ending with slash should not have a key Aug 16, 2024
@bungle bungle changed the title fix(vault): reference path ending with slash should not have a key fix(vault): reference ending with slash when parsed should not return a key Aug 16, 2024
@bungle bungle force-pushed the fix/vault-reference-endslash branch from bd614d1 to a222cf2 Compare August 16, 2024 08:41
@bungle bungle marked this pull request as ready for review August 16, 2024 08:41
@bungle bungle force-pushed the fix/vault-reference-endslash branch 2 times, most recently from 2f9e567 to e702139 Compare August 16, 2024 08:47
@bungle
fix(vault): reference ending with slash when parsed should not return…
008e67f 
… a key

### Summary

Our docs state here:
https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/reference-format/#secret-key

> If secret key ends with /, then it is not considered as a Secret Key but as a part of Secret Id.
> The difference between Secret Key and Secret Id is that only the Secret Id is sent to vault API,
> and the Secret Key is only used when processing

The logic was not working correctly because it was incorrectly assuming what
`require("socket.url").parse_path` did, that is:

```lua
parse_path("/a")
-- { "a", is_absolute = 1 }
```
```lua
parse_path("/a/")
-- { "a", is_absolute = 1, is_directory = 1 }
```
```lua
parse_path("/a/b")
-- { "a", "b", is_absolute = 1 }
```
```lua
> parse_path("/a/b/")
-- { "a", "b", is_absolute = 1, is_directory = 1}
```

This fixes it.

Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
@bungle
chore(vault): do not create substring in is_reference
f1859d7 
### Summary

Less pressure to garbage collector.

Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
@bungle bungle force-pushed the fix/vault-reference-endslash branch from e702139 to f1859d7 Compare August 16, 2024 09:22
@bungle bungle added this to the 3.8.0 milestone Aug 19, 2024
@bungle bungle merged commit 38727ba into master Aug 21, 2024
33 checks passed
@bungle bungle deleted the fix/vault-reference-endslash branch August 21, 2024 19:51
@team-gateway-bot team-gateway-bot mentioned this pull request Aug 21, 2024
Merged
3 tasks
@team-gateway-bot
Copy link
Collaborator

Successfully created backport PR for release/3.8.x:

@team-gateway-bot
Copy link
Collaborator

Successfully created cherry-pick PR for master:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samugi samugi samugi approved these changes

@jschmid1 jschmid1 jschmid1 approved these changes

Assignees

@bungle bungle

Labels
backport release/3.8.x cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/pdk size/M
Projects
None yet
Milestone
3.8.0
Development

Successfully merging this pull request may close these issues.
5 participants
@bungle @team-gateway-bot @samugi @jschmid1 @AndyZhang0707