Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backport -> release/3.8.x] fix(vault): reference ending with slash when parsed should not return a key #13538

Merged
merged 2 commits into from
Aug 21, 2024
Merged

[backport -> release/3.8.x] fix(vault): reference ending with slash when parsed should not return a key #13538

merged 2 commits into from
Aug 21, 2024

Conversation

team-gateway-bot
Copy link
Collaborator

Automated backport to release/3.8.x, triggered by a label in #13504.

Original description

Summary

Our docs state here:
https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/reference-format/#secret-key

If secret key ends with /, then it is not considered as a Secret Key but as a part of Secret Id.
The difference between Secret Key and Secret Id is that only the Secret Id is sent to vault API,
and the Secret Key is only used when processing

The logic was not working correctly because it was incorrectly assuming what
require("socket.url").parse_path did, that is:

parse_path("/a")
-- { "a", is_absolute = 1 }
parse_path("/a/")
-- { "a", is_absolute = 1, is_directory = 1 }
parse_path("/a/b")
-- { "a", "b", is_absolute = 1 }
parse_path("/a/b/")
-- { "a", "b", is_absolute = 1, is_directory = 1}

This fixes it.

KAG-5181

Checklist

@bungle @github-actions
fix(vault): reference ending with slash when parsed should not return…
6309fde 
… a key

### Summary

Our docs state here:
https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/reference-format/#secret-key

> If secret key ends with /, then it is not considered as a Secret Key but as a part of Secret Id.
> The difference between Secret Key and Secret Id is that only the Secret Id is sent to vault API,
> and the Secret Key is only used when processing

The logic was not working correctly because it was incorrectly assuming what
`require("socket.url").parse_path` did, that is:

```lua
parse_path("/a")
-- { "a", is_absolute = 1 }
```
```lua
parse_path("/a/")
-- { "a", is_absolute = 1, is_directory = 1 }
```
```lua
parse_path("/a/b")
-- { "a", "b", is_absolute = 1 }
```
```lua
> parse_path("/a/b/")
-- { "a", "b", is_absolute = 1, is_directory = 1}
```

This fixes it.

Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
(cherry picked from commit ab6fad1)
@bungle @github-actions
chore(vault): do not create substring in is_reference
366c36b 
### Summary

Less pressure to garbage collector.

Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
(cherry picked from commit 38727ba)
@team-gateway-bot team-gateway-bot added this to the 3.8.0 milestone Aug 21, 2024
@team-gateway-bot team-gateway-bot added cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/pdk size/M labels Aug 21, 2024
@team-gateway-bot team-gateway-bot mentioned this pull request Aug 21, 2024
Merged
3 tasks
@bungle bungle merged commit efc170c into release/3.8.x Aug 21, 2024
43 checks passed
@bungle bungle deleted the backport-13504-to-release/3.8.x branch August 21, 2024 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samugi samugi samugi approved these changes

@bungle bungle bungle approved these changes

Assignees

@bungle bungle

Labels
cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee core/pdk size/M
Projects
None yet
Milestone
3.8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@team-gateway-bot @bungle @samugi