Merge pull request #2648 from hashicorp/b-vault-panic

Fix Vault Client panic when given nonexistant role
2017-05-16 13:01:50 -04:00 · 2017-05-16 13:01:50 -04:00 · 316bed0fcb
parent d5c0f9dc8b d3012f1447
commit 316bed0fcb
2 changed files with 42 additions and 0 deletions
--- a/nomad/vault.go
+++ b/nomad/vault.go
@ -782,6 +782,9 @@ func (v *vaultClient) validateRole(role string) error {
 	if err != nil {
 		return fmt.Errorf("failed to lookup role %q: %v", role, err)
 	}
+	if rsecret == nil {
+		return fmt.Errorf("Role %q does not exist", role)
+	}

 	// Read and parse the fields
 	var data struct {
--- a/nomad/vault_test.go
+++ b/nomad/vault_test.go
@ -247,6 +247,45 @@ func TestVaultClient_ValidateRole(t *testing.T) {
 	}
 }

+func TestVaultClient_ValidateRole_NonExistant(t *testing.T) {
+	v := testutil.NewTestVault(t).Start()
+	defer v.Stop()
+
+	v.Config.Token = defaultTestVaultWhitelistRoleAndToken(v, t, 5)
+	v.Config.Token = v.RootToken
+	logger := log.New(os.Stderr, "", log.LstdFlags)
+	v.Config.ConnectionRetryIntv = 100 * time.Millisecond
+	v.Config.Role = "test-nonexistant"
+	client, err := NewVaultClient(v.Config, logger, nil)
+	if err != nil {
+		t.Fatalf("failed to build vault client: %v", err)
+	}
+	defer client.Stop()
+
+	// Wait for an error
+	var conn bool
+	var connErr error
+	testutil.WaitForResult(func() (bool, error) {
+		conn, connErr = client.ConnectionEstablished()
+		if conn {
+			return false, fmt.Errorf("Should not connect")
+		}
+
+		if connErr == nil {
+			return false, fmt.Errorf("expect an error")
+		}
+
+		return true, nil
+	}, func(err error) {
+		t.Fatalf("bad: %v", err)
+	})
+
+	errStr := connErr.Error()
+	if !strings.Contains(errStr, "does not exist") {
+		t.Fatalf("Expect orphan error")
+	}
+}
+
 func TestVaultClient_ValidateToken(t *testing.T) {
 	v := testutil.NewTestVault(t).Start()
 	defer v.Stop()