svidstore: ParseMetadata to handle ':' in values

It's possible that the metadata stored in entry selectors for the SvidStore plugins will contain ':'. For example the AWS secret manager one can specify an arn, which can include ':'. Modify the parsing to take this into account Signed-off-by: Sorin Dumitru <sdumitru@bloomberg.net>
spiffe · Jan 2, 2025 · bfe6922 · bfe6922
1 parent 6928ff1
commit bfe6922
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/pkg/agent/plugin/svidstore/utils.go b/pkg/agent/plugin/svidstore/utils.go
@@ -64,7 +64,7 @@ func SecretFromProto(req *svidstorev1.PutX509SVIDRequest) (*Data, error) {
 func ParseMetadata(metaData []string) (map[string]string, error) {
 	data := make(map[string]string)
 	for _, s := range metaData {
-		value := strings.Split(s, ":")
+		value := strings.SplitN(s, ":", 2)
 		if len(value) < 2 {
 			return nil, fmt.Errorf("metadata does not contain a colon: %q", s)
 		}

diff --git a/pkg/agent/plugin/svidstore/utils_test.go b/pkg/agent/plugin/svidstore/utils_test.go
@@ -81,6 +81,17 @@ func TestParseMetadata(t *testing.T) {
 				"c": "3",
 			},
 		},
+		{
+			name: "multiples selectors",
+			secretData: []string{
+				"a:b:c",
+				"d:e-f:g-h",
+			},
+			expect: map[string]string{
+				"a": "b:c",
+				"d": "e-f:g-h",
+			},
+		},
 		{
 			name:       "no data",
 			secretData: []string{},