From 036d7adb61d3e5bf3d46d235741a184c5970721f Mon Sep 17 00:00:00 2001 From: David Bond Date: Wed, 18 Sep 2024 17:12:31 +0100 Subject: [PATCH] Fix panic in credential renewal job This commit modifies the credential renewal job to handle a case where the `renewLease` method can return `nil, nil`. Currently, a panic is caused by usage of the `renewedCred` variable in this scenario. This commit adds a nil check and returns an error if the `renewedCred` variable is returned as `nil`. Signed-off-by: David Bond --- internal/credential/vault/jobs.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/credential/vault/jobs.go b/internal/credential/vault/jobs.go index b3670ab7ba..d7e23d9c8c 100644 --- a/internal/credential/vault/jobs.go +++ b/internal/credential/vault/jobs.go @@ -604,6 +604,9 @@ func (r *CredentialRenewalJob) renewCred(ctx context.Context, c *privateCredenti if err != nil { return errors.Wrap(ctx, err, op, errors.WithMsg("unable to renew credential")) } + if renewedCred == nil { + return errors.New(ctx, errors.Unknown, op, "vault returned empty credential") + } cred.expiration = time.Duration(renewedCred.LeaseDuration) * time.Second query, values := cred.updateExpirationQuery()