Fix parsing of seal stanzas that have an array for `purpose` (#9589)
Hexadecimal integers will be converted to decimal, which is unfortunate but shouldn't have any negative effects other than perhaps confusion in the `vault debug` output.
This commit is contained in:
parent
003bccd16e
commit
b491c6d72a
|
@ -757,8 +757,8 @@ func testParseSeals(t *testing.T) {
|
|||
"slot": "0.0",
|
||||
"pin": "XXXXXXXX",
|
||||
"key_label": "HASHICORP",
|
||||
"mechanism": "0x1082",
|
||||
"hmac_mechanism": "0x0251",
|
||||
"mechanism": "4226",
|
||||
"hmac_mechanism": "593",
|
||||
"hmac_key_label": "vault-hsm-hmac-key",
|
||||
"default_hmac_key_label": "vault-hsm-hmac-key",
|
||||
"generate_key": "true",
|
||||
|
|
|
@ -68,10 +68,6 @@ func parseKMS(result *[]*KMS, list *ast.ObjectList, blockName string, maxKMS int
|
|||
key = item.Keys[0].Token.Value().(string)
|
||||
}
|
||||
|
||||
var disabled bool
|
||||
var purpose []string
|
||||
var err error
|
||||
{
|
||||
// We first decode into a map[string]interface{} because purpose isn't
|
||||
// necessarily a string. Then we migrate everything else over to
|
||||
// map[string]string and error if it doesn't work.
|
||||
|
@ -80,6 +76,8 @@ func parseKMS(result *[]*KMS, list *ast.ObjectList, blockName string, maxKMS int
|
|||
return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
|
||||
}
|
||||
|
||||
var purpose []string
|
||||
var err error
|
||||
if v, ok := m["purpose"]; ok {
|
||||
if purpose, err = parseutil.ParseCommaStringSlice(v); err != nil {
|
||||
return multierror.Prefix(fmt.Errorf("unable to parse 'purpose' in kms type %q: %w", key, err), fmt.Sprintf("%s.%s:", blockName, key))
|
||||
|
@ -87,30 +85,34 @@ func parseKMS(result *[]*KMS, list *ast.ObjectList, blockName string, maxKMS int
|
|||
for i, p := range purpose {
|
||||
purpose[i] = strings.ToLower(p)
|
||||
}
|
||||
delete(m, "purpose")
|
||||
}
|
||||
|
||||
var disabled bool
|
||||
if v, ok := m["disabled"]; ok {
|
||||
disabled, err = parseutil.ParseBool(v)
|
||||
if err != nil {
|
||||
return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
|
||||
}
|
||||
}
|
||||
delete(m, "disabled")
|
||||
}
|
||||
|
||||
var cfg map[string]string
|
||||
if err := hcl.DecodeObject(&cfg, item.Val); err != nil {
|
||||
strMap := make(map[string]string, len(m))
|
||||
for k, v := range m {
|
||||
s, err := parseutil.ParseString(v)
|
||||
if err != nil {
|
||||
return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
|
||||
}
|
||||
delete(cfg, "purpose")
|
||||
delete(cfg, "disabled")
|
||||
strMap[k] = s
|
||||
}
|
||||
|
||||
seal := &KMS{
|
||||
Type: strings.ToLower(key),
|
||||
Purpose: purpose,
|
||||
Disabled: disabled,
|
||||
}
|
||||
if len(cfg) > 0 {
|
||||
seal.Config = cfg
|
||||
if len(strMap) > 0 {
|
||||
seal.Config = strMap
|
||||
}
|
||||
seals = append(seals, seal)
|
||||
}
|
||||
|
|
|
@ -112,6 +112,14 @@ func ParseBool(in interface{}) (bool, error) {
|
|||
return result, nil
|
||||
}
|
||||
|
||||
func ParseString(in interface{}) (string, error) {
|
||||
var result string
|
||||
if err := mapstructure.WeakDecode(in, &result); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func ParseCommaStringSlice(in interface{}) ([]string, error) {
|
||||
rawString, ok := in.(string)
|
||||
if ok && rawString == "" {
|
||||
|
|
|
@ -112,6 +112,14 @@ func ParseBool(in interface{}) (bool, error) {
|
|||
return result, nil
|
||||
}
|
||||
|
||||
func ParseString(in interface{}) (string, error) {
|
||||
var result string
|
||||
if err := mapstructure.WeakDecode(in, &result); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func ParseCommaStringSlice(in interface{}) ([]string, error) {
|
||||
rawString, ok := in.(string)
|
||||
if ok && rawString == "" {
|
||||
|
|
Loading…
Reference in New Issue