-
Notifications
You must be signed in to change notification settings - Fork 782
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes Namespace Concat Bug for KV2 secrets #1921
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments so far
3d06361
to
4a6cb66
Compare
p := strings.TrimPrefix(rawPath, mountPath) | ||
|
||
// Canonicalize the client namespace path to always having a '/' suffix | ||
if !strings.HasSuffix(clientNamespace, "/") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of scope for this PR, but maybe we should expose namespace.Canonicalize
in our SDK for this kind of thing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can probably canonicalize it in Agent when we set the template config value
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, though I like keeping it in consul-template
too for anything else that happens to be using it. Like I said, out of scope for this PR, but it seems like we have a need for external repos to be able to use the Canonicalize logic without repeating it. Food for thought!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work! This is a really well-thought out fix for a tricky bug. Good job!
Pushing this first:
Vault-ent tests that test this new functionality: https://github.com/hashicorp/vault-enterprise/pull/5811 (Note, these will not pass in CI, until this pr is pushed a new consul-template version is used)
After pushing this PR: