Fix parsing of seal stanzas that have an array for `purpose` (#9589)

Hexadecimal integers will be converted to decimal, which is unfortunate but shouldn't have any negative effects other than perhaps confusion in the `vault debug` output.
This commit is contained in:
ncabatoff 2020-07-27 16:28:52 -04:00 committed by GitHub
parent 003bccd16e
commit b491c6d72a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 55 additions and 37 deletions

View File

@ -757,8 +757,8 @@ func testParseSeals(t *testing.T) {
"slot": "0.0",
"pin": "XXXXXXXX",
"key_label": "HASHICORP",
"mechanism": "0x1082",
"hmac_mechanism": "0x0251",
"mechanism": "4226",
"hmac_mechanism": "593",
"hmac_key_label": "vault-hsm-hmac-key",
"default_hmac_key_label": "vault-hsm-hmac-key",
"generate_key": "true",

View File

@ -68,10 +68,6 @@ func parseKMS(result *[]*KMS, list *ast.ObjectList, blockName string, maxKMS int
key = item.Keys[0].Token.Value().(string)
}
var disabled bool
var purpose []string
var err error
{
// We first decode into a map[string]interface{} because purpose isn't
// necessarily a string. Then we migrate everything else over to
// map[string]string and error if it doesn't work.
@ -80,6 +76,8 @@ func parseKMS(result *[]*KMS, list *ast.ObjectList, blockName string, maxKMS int
return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
}
var purpose []string
var err error
if v, ok := m["purpose"]; ok {
if purpose, err = parseutil.ParseCommaStringSlice(v); err != nil {
return multierror.Prefix(fmt.Errorf("unable to parse 'purpose' in kms type %q: %w", key, err), fmt.Sprintf("%s.%s:", blockName, key))
@ -87,30 +85,34 @@ func parseKMS(result *[]*KMS, list *ast.ObjectList, blockName string, maxKMS int
for i, p := range purpose {
purpose[i] = strings.ToLower(p)
}
delete(m, "purpose")
}
var disabled bool
if v, ok := m["disabled"]; ok {
disabled, err = parseutil.ParseBool(v)
if err != nil {
return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
}
}
delete(m, "disabled")
}
var cfg map[string]string
if err := hcl.DecodeObject(&cfg, item.Val); err != nil {
strMap := make(map[string]string, len(m))
for k, v := range m {
s, err := parseutil.ParseString(v)
if err != nil {
return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
}
delete(cfg, "purpose")
delete(cfg, "disabled")
strMap[k] = s
}
seal := &KMS{
Type: strings.ToLower(key),
Purpose: purpose,
Disabled: disabled,
}
if len(cfg) > 0 {
seal.Config = cfg
if len(strMap) > 0 {
seal.Config = strMap
}
seals = append(seals, seal)
}

View File

@ -112,6 +112,14 @@ func ParseBool(in interface{}) (bool, error) {
return result, nil
}
func ParseString(in interface{}) (string, error) {
var result string
if err := mapstructure.WeakDecode(in, &result); err != nil {
return "", err
}
return result, nil
}
func ParseCommaStringSlice(in interface{}) ([]string, error) {
rawString, ok := in.(string)
if ok && rawString == "" {

View File

@ -112,6 +112,14 @@ func ParseBool(in interface{}) (bool, error) {
return result, nil
}
func ParseString(in interface{}) (string, error) {
var result string
if err := mapstructure.WeakDecode(in, &result); err != nil {
return "", err
}
return result, nil
}
func ParseCommaStringSlice(in interface{}) ([]string, error) {
rawString, ok := in.(string)
if ok && rawString == "" {