From 2069b2efd9ca9ea55c19ecebe7fac301e26626bc Mon Sep 17 00:00:00 2001
From: rerorero <nato9598@hotmail.co.jp>
Date: Tue, 18 May 2021 00:06:13 +0900
Subject: [PATCH] fix(secret/transit): #10232 Transit encrypt batch does not
 honor key_version

---
 builtin/logical/transit/path_encrypt.go      | 9 +++++++++
 builtin/logical/transit/path_encrypt_test.go | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/builtin/logical/transit/path_encrypt.go b/builtin/logical/transit/path_encrypt.go
index e0168504bc23..321e92099894 100644
--- a/builtin/logical/transit/path_encrypt.go
+++ b/builtin/logical/transit/path_encrypt.go
@@ -3,6 +3,7 @@ package transit
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"reflect"
 
@@ -193,6 +194,14 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
 			if !reflect.ValueOf(v).IsValid() {
 			} else if casted, ok := v.(int); ok {
 				(*dst)[i].KeyVersion = casted
+			} else if js, ok := v.(json.Number); ok {
+				// https://github.com/hashicorp/vault/issues/10232
+				// Because API server parses json request with UseNumber=true, logical.Request.Data can include json.Number for a number field.
+				if casted, err := js.Int64(); err == nil {
+					(*dst)[i].KeyVersion = int(casted)
+				} else {
+					errs.Errors = append(errs.Errors, fmt.Sprintf(`error decoding %T into [%d].key_version: strconv.ParseInt: parsing "%s": invalid syntax`, v, i, v))
+				}
 			} else {
 				errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].key_version' expected type 'int', got unconvertible type '%T'", i, item["key_version"]))
 			}
diff --git a/builtin/logical/transit/path_encrypt_test.go b/builtin/logical/transit/path_encrypt_test.go
index b81112f0e5d4..b6a772a0a6d9 100644
--- a/builtin/logical/transit/path_encrypt_test.go
+++ b/builtin/logical/transit/path_encrypt_test.go
@@ -2,6 +2,7 @@ package transit
 
 import (
 	"context"
+	"encoding/json"
 	"reflect"
 	"testing"
 
@@ -634,6 +635,11 @@ func TestTransit_decodeBatchRequestItems(t *testing.T) {
 			src:  []interface{}{map[string]interface{}{"key_version": "666"}},
 			dest: []BatchRequestItem{},
 		},
+		{
+			name: "src_key_version_invalid-number-dest",
+			src:  []interface{}{map[string]interface{}{"plaintext": "dGhlIHF1aWNrIGJyb3duIGZveA==", "key_version": json.Number("1.1")}},
+			dest: []BatchRequestItem{},
+		},
 		{
 			name: "src_nonce-dest",
 			src:  []interface{}{map[string]interface{}{"nonce": "dGVzdGNvbnRleHQ="}},