Skip to content

Commit

Permalink
Fix kv -mount flag error when mount and secret path are the same (has…
Browse files Browse the repository at this point in the history 
…hicorp#17679)

* fix mount flag behavior for kv subcommands

* fix mount flag behavior for kv metadata subcommands

* add tests

* add changelog entry
  • Loading branch information
@ccapurso
ccapurso authored and jayant07-yb committed Mar 15, 2023
1 parent 17504b3 commit bd1248b
Show file tree
Hide file tree
Showing 12 changed files with 142 additions and 32 deletions.
3 changes: 3 additions & 0 deletions changelog/17679.txt
View file
@@ -0,0 +1,3 @@
```release-note:bug
cli: Fix issue preventing kv commands from executing properly when the mount path provided by `-mount` flag and secret key path are the same.
```
9 changes: 6 additions & 3 deletions command/kv_delete.go
View file
Expand Up @@ -117,7 +117,7 @@ func (c *KVDeleteCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -129,12 +129,15 @@ func (c *KVDeleteCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_destroy.go
View file
Expand Up @@ -2,6 +2,7 @@ package command

import (
"fmt"
"path"
"strings"

"github.com/mitchellh/cli"
Expand Down Expand Up @@ -115,7 +116,7 @@ func (c *KVDestroyCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -127,12 +128,15 @@ func (c *KVDestroyCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
9 changes: 6 additions & 3 deletions command/kv_get.go
View file
Expand Up @@ -113,7 +113,7 @@ func (c *KVGetCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -126,12 +126,15 @@ func (c *KVGetCommand) Run(args []string) int {
// Parse the paths and grab the KV version
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_metadata_delete.go
View file
Expand Up @@ -2,6 +2,7 @@ package command

import (
"fmt"
"path"
"strings"

"github.com/mitchellh/cli"
Expand Down Expand Up @@ -97,7 +98,7 @@ func (c *KVMetadataDeleteCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -109,12 +110,15 @@ func (c *KVMetadataDeleteCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_metadata_get.go
View file
Expand Up @@ -2,6 +2,7 @@ package command

import (
"fmt"
"path"
"sort"
"strconv"
"strings"
Expand Down Expand Up @@ -99,7 +100,7 @@ func (c *KVMetadataGetCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -111,12 +112,15 @@ func (c *KVMetadataGetCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_metadata_patch.go
View file
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"
"io"
"path"
"strings"
"time"

Expand Down Expand Up @@ -159,7 +160,7 @@ func (c *KVMetadataPatchCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -171,12 +172,15 @@ func (c *KVMetadataPatchCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_metadata_put.go
View file
Expand Up @@ -3,6 +3,7 @@ package command
import (
"fmt"
"io"
"path"
"strings"
"time"

Expand Down Expand Up @@ -158,7 +159,7 @@ func (c *KVMetadataPutCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -170,12 +171,15 @@ func (c *KVMetadataPutCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_patch.go
View file
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"io"
"os"
"path"
"strings"

"github.com/hashicorp/vault/api"
Expand Down Expand Up @@ -167,7 +168,7 @@ func (c *KVPatchCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -179,12 +180,15 @@ func (c *KVPatchCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
9 changes: 6 additions & 3 deletions command/kv_put.go
View file
Expand Up @@ -143,7 +143,7 @@ func (c *KVPutCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -155,12 +155,15 @@ func (c *KVPutCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down
10 changes: 7 additions & 3 deletions command/kv_rollback.go
View file
Expand Up @@ -3,6 +3,7 @@ package command
import (
"flag"
"fmt"
"path"
"strings"

"github.com/mitchellh/cli"
Expand Down Expand Up @@ -123,7 +124,7 @@ func (c *KVRollbackCommand) Run(args []string) int {

// If true, we're working with "-mount=secret foo" syntax.
// If false, we're using "secret/foo" syntax.
mountFlagSyntax := (c.flagMount != "")
mountFlagSyntax := c.flagMount != ""

var (
mountPath string
Expand All @@ -135,12 +136,15 @@ func (c *KVRollbackCommand) Run(args []string) int {
if mountFlagSyntax {
// In this case, this arg is the secret path (e.g. "foo").
partialPath = sanitizePath(args[0])
mountPath = sanitizePath(c.flagMount)
_, v2, err = isKVv2(mountPath, client)
mountPath, v2, err = isKVv2(sanitizePath(c.flagMount), client)
if err != nil {
c.UI.Error(err.Error())
return 2
}

if v2 {
partialPath = path.Join(mountPath, partialPath)
}
} else {
// In this case, this arg is a path-like combination of mountPath/secretPath.
// (e.g. "secret/foo")
Expand Down

0 comments on commit bd1248b

Please sign in to comment.