Unable to write to KVv2 #1252
Comments
|
Reproduced this with just a template containing... And ... |
|
@eikenb Thanks for looking into it. I debugged it a little further. It seems though as the Vault api expects the format, However, what consul-template attempts to push is |
|
@eikenb if it helps was able to patch it locally on my end with, |
|
Thanks for reporting it and helping out. Your change fixes it. I just want to write up a test for this then I'll get a PR pushed. Though feel free to speak up if you'd like to do it. |
|
@eikenb nope go ahead. Im happy to test your changes once you cut a release. |
|
There was a twist. KVv1 vs KVv2... the old syntax works for KVv1 where KVv2 needs the update. Still OK, just means it will take a bit more time to make sure it works for both. |
|
Ahh. I had not tested KVv1. Totally forgot that only v2 requires to be wrapped around |
|
@eikenb Also will need to consider secrets backend plugins that may depend on this. |
|
I think we found a corner of the app that doesn't see a lot of use. This secrets writing functionality has been broken for a while. For KVv1 it panics due to a nil pointer deref and KVv2 does nothing except that error. The write tests that use/check it write against the function and call with a data structure already setup for KVv2 when needed, where the template secret write call doesn't do this. Anyways... so I have the code fixed and those tests fixed, but there is no test yet for the template itself (which I want, to make sure the template's use of the back-end is tested). I don't think this would impact plugins. This only changes the behavior of the one internal function to send the data to vault in the correct format for that version. The only external ramification I can see is that writes to KVv1 stores don't reply with the data as KVv2 ones do, so using |
|
Is there an expected time frame for the fix to be available. Thanks for all your efforts. |
|
@rckjacobs1 I'm hoping to have it ready in the next couple days. Having it in a release will take a while longer. |
Specifically to reproduce GH-1252 in a test.
Writing to a Vault KV v1 and v2 were both broken.
V1 had a nil pointer dereference panic in Fetch where it tried to access
variables on the replied Secret which is always nil with V1.
V2 didn't get the sent in data structure correct as it didn't have the
additional map[string]interface{"data":...} wrapping around the values
that is required by V2.
Fixes #1252
Writing to a Vault KV v1 and v2 were both broken.
V1 had a nil pointer dereference panic in Fetch where it tried to access
variables on the replied Secret which is always nil with V1.
V2 didn't get the sent in data structure correct as it didn't have the
additional map[string]interface{"data":...} wrapping around the values
that is required by V2.
Fixes #1252
|
Downloaded the 3 updated files vault_read_test.go, vault_write.go, vault_write_test.go Question: is there any other action required besides downloading and deloyng the 3 files? |
|
Hey @rckjacobs1. Theoretically yes... the changes were in those 3 files. Why did you download just the 3 files? Are you trying to merge the change into an older version? If so, which version? Seems like it must be something with the version in use as, |
|
Used the current master as you recommended and it works fine. Thanks for your quick response. |
Using
consul-template v0.21.0 (0d999b32)I have the following consul-template configuration following the doc.
However, it keeps throwing the error as if there is no request body.
I thought the format is
{{ secret "<PATH>" "<DATA>" }}but is it not the case ?Just as a suggestion it would be good to have an example in the doc too.
The text was updated successfully, but these errors were encountered: