Bad format string in AppRole error message

[candlerb]

Describe the bug
This is only a minor bug, but I think there's a bad Print/Printf somewhere.

When I login using an AppRole / Secret, but the source address is not in the cidr_list for the secret, the error message contains a funky token %!w(<nil>)

Error writing data to auth/approle/login: Error making API request.

URL: PUT https://..../v1/auth/approle/login
Code: 400. Errors:

* source address "2001:db8::2" unauthorized through CIDR restrictions on the secret ID: %!w(<nil>)

To Reproduce
Steps to reproduce the behavior:

1. Create an AppRole
2. Create a secret ID bound to a particular CIDR address

   vault write auth/approle/role/totp-validate/secret-id cidr_list="192.0.2.1/32,2001:db8::1/128"
   

3. Try to login using the AppRole and secret ID from a different IP address

   vault read auth/approle/role/<rolename>/role-id
   vault write auth/approle/login role_id=<role_id> secret_id=<secret_id>
   

Expected behavior
Clean error message.

Environment:

• Vault Server Version (retrieve with vault status): 1.9.3
• Vault CLI Version (retrieve with vault version): 1.9.3
• Server Operating System/Architecture: Ubuntu 20.04 x86_64

[heatherezell]

Looks like it's here:

vault/builtin/credential/approle/path_login.go

Line 183 in 861454e

"source address %q unauthorized through CIDR restrictions on the secret ID: %w",

[ccapurso]

Hi, @candlerb. Thank you for bringing this to our attention! As @hsimon-hashicorp has mentioned, this is a fairly straightforward fix. PR #14107 has been opened to addressed this issue.