vault kv list fails when a path component has a trailing white space

Created on 12 Feb 2019  路  3Comments  路  Source: hashicorp/vault

Describe the bug
vault kv list fails to retrieve metadata when a trailing white space is found in a component of the path

To Reproduce
Steps to reproduce the behavior:

  1. vault server -dev -dev-root-token-id=mytoken &
  2. export VAULT_TOKEN=mytoken ; export VAULT_ADDR=http://127.0.0.1:8200
  3. vault kv put 'secret/1 /2' 3=4
  4. vault kv list 'secret/1 /'
No value found at secret/metadata/1

Expected behavior

  1. vault kv list 'secret/1 /'
Keys
----
2

Environment:

  • Vault Server Version Vault v1.0.2
  • Vault CLI Version Vault v1.0.2 ('37a1dc9c477c1c68c022d2084550f25bf20cac33')
  • Server Operating System/Architecture: Debian GNU/Linux stretch amd64

Vault server configuration file(s):

  • /vault server -dev -dev-root-token-id=mytoken
bug corcli versio1.0.x
Source
picture singuliere
👍3

Most helpful comment

The bug seems to be right at https://github.com/hashicorp/vault/blob/master/command/kv_list.go#L76 - it sanitizes the path by trimming (does nothing), then removing leading slash (does nothing), then removes ending slash (causes our string to have a trailing whitespace). Then ensureTrailingSlash is called which trims our needed whitespace.

Should be a quick fix...

picture UmanShahzad on 12 Feb 2019
👍2

All 3 comments

The bug seems to be right at https://github.com/hashicorp/vault/blob/master/command/kv_list.go#L76 - it sanitizes the path by trimming (does nothing), then removing leading slash (does nothing), then removes ending slash (causes our string to have a trailing whitespace). Then ensureTrailingSlash is called which trims our needed whitespace.

Should be a quick fix...

UmanShahzad picture UmanShahzad on 12 Feb 2019
👍2

https://github.com/hashicorp/vault/pull/6214

UmanShahzad picture UmanShahzad on 12 Feb 2019

I think the API / curl may be the best approach & using percent-encoding for spaces (%20) - I've tried the following using 1.5.0 which works well:

vault kv put 'kv/1 /2' 3=4
  # Key              Value
  # ---              -----
  # created_time     2020-08-09T22:25:33.552447789Z
  # deletion_time    n/a
  # destroyed        false
  # version          1

vault kv list kv/
  # Keys
  # ----
  # 1 /
  # test

curl -s -H "X-Vault-Token: $VAULT_TOKEN" ${VAULT_ADDR}/v1/kv/metadata/1%20/?list=true | jq -r '.data.keys'
  # [
  #  "2"
  # ]

vault kv get 'kv/1 /2'
  # ====== Metadata ======
  # Key              Value
  # ---              -----
  # created_time     2020-08-09T22:25:33.552447789Z
  # deletion_time    n/a
  # destroyed        false
  # version          1
  # 
  # == Data ==
  # Key    Value
  # ---    -----
  # 3      4

Is this issue still applicable?

aphorise picture aphorise on 10 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jasonmcintosh picture jasonmcintosh  路  3Comments
passwordleak picture passwordleak  路  3Comments
tustvold picture tustvold  路  3Comments
ngunia picture ngunia  路  3Comments
pbolle picture pbolle  路  3Comments