Skip to content

Commit

Permalink
fix(secret/transit): hashicorp#10232 Transit encrypt batch does not h…
Browse files Browse the repository at this point in the history
…onor key_version
  • Loading branch information
rerorero committed May 17, 2021
1 parent a71eebe commit 2069b2e
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
9 changes: 9 additions & 0 deletions builtin/logical/transit/path_encrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package transit
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
"reflect"

Expand Down Expand Up @@ -193,6 +194,14 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(int); ok {
(*dst)[i].KeyVersion = casted
} else if js, ok := v.(json.Number); ok {
// https://github.com/hashicorp/vault/issues/10232
// Because API server parses json request with UseNumber=true, logical.Request.Data can include json.Number for a number field.
if casted, err := js.Int64(); err == nil {
(*dst)[i].KeyVersion = int(casted)
} else {
errs.Errors = append(errs.Errors, fmt.Sprintf(`error decoding %T into [%d].key_version: strconv.ParseInt: parsing "%s": invalid syntax`, v, i, v))
}
} else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].key_version' expected type 'int', got unconvertible type '%T'", i, item["key_version"]))
}
Expand Down
6 changes: 6 additions & 0 deletions builtin/logical/transit/path_encrypt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package transit

import (
"context"
"encoding/json"
"reflect"
"testing"

Expand Down Expand Up @@ -634,6 +635,11 @@ func TestTransit_decodeBatchRequestItems(t *testing.T) {
src: []interface{}{map[string]interface{}{"key_version": "666"}},
dest: []BatchRequestItem{},
},
{
name: "src_key_version_invalid-number-dest",
src: []interface{}{map[string]interface{}{"plaintext": "dGhlIHF1aWNrIGJyb3duIGZveA==", "key_version": json.Number("1.1")}},
dest: []BatchRequestItem{},
},
{
name: "src_nonce-dest",
src: []interface{}{map[string]interface{}{"nonce": "dGVzdGNvbnRleHQ="}},
Expand Down

0 comments on commit 2069b2e

Please sign in to comment.