Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity: check NextSigningKey existence during key rotation #13298

Merged
merged 3 commits into from
Nov 29, 2021
Merged

Identity: check NextSigningKey existence during key rotation #13298

merged 3 commits into from
Nov 29, 2021

Conversation

fairclothjm
Copy link
Contributor

Description

Fix a panic in the OIDC key rotation due to a missing nil check.

Fixes: #13223

Background

Vault 1.9 introduced a feature to pre-publish signing keys. When keys are generated in Vault 1.8 and rotated with Vault 1.9 a panic will occur due to a missing nil check.

To reproduce the issue:

  • create keys/roles with Vault 1.8.4
  • upgrade vault to 1.9.0
  • manually rotate the key or wait for an auto rotation
  • once key rotation triggers, the panic will occur

@vercel vercel bot temporarily deployed to Preview – vault November 29, 2021 20:25 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 29, 2021 20:25 Inactive
@fairclothjm fairclothjm merged commit 8b72c3e into main Nov 29, 2021
@fairclothjm fairclothjm deleted the oidc-fix-key-rotation-panic branch November 29, 2021 21:11
fairclothjm added a commit that referenced this pull request Nov 29, 2021
@fairclothjm
Identity: check NextSigningKey existence during key rotation (#13298)
ed202d0 
* oidc: fix key rotation panic

* refactor and update unit tests

* add changelog
@fairclothjm fairclothjm mentioned this pull request Nov 29, 2021
Closed
@fairclothjm fairclothjm added this to the 1.9.1 milestone Nov 29, 2021
fairclothjm added a commit that referenced this pull request Nov 29, 2021
@fairclothjm
Identity: check NextSigningKey existence during key rotation (#13298)
1952e30 
* oidc: fix key rotation panic

* refactor and update unit tests

* add changelog
@fairclothjm fairclothjm mentioned this pull request Nov 29, 2021
Merged
fairclothjm added a commit that referenced this pull request Nov 29, 2021
@fairclothjm
Identity: check NextSigningKey existence during key rotation (#13298) (
5f98886 
…#13303)

* oidc: fix key rotation panic

* refactor and update unit tests

* add changelog
@kalafut kalafut mentioned this pull request Dec 2, 2021
Closed
@braunsonm braunsonm mentioned this pull request Dec 16, 2021
Closed
@fairclothjm fairclothjm mentioned this pull request Jan 19, 2022
Merged
Merged
qk4l pushed a commit to qk4l/vault that referenced this pull request Feb 4, 2022
@fairclothjm
Identity: check NextSigningKey existence during key rotation (hashico…
fcf2452 
…rp#13298)

* oidc: fix key rotation panic

* refactor and update unit tests

* add changelog
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@austingebauer austingebauer austingebauer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.9.1
Development

Successfully merging this pull request may close these issues.

Panic when vault attempts to rotate a corrupt/missing OIDC Key
3 participants
@fairclothjm @calvn @austingebauer