Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly distinguish empty issuer names in PKI #18466

Merged
merged 3 commits into from
Jan 10, 2023
Merged

Correctly distinguish empty issuer names in PKI #18466

merged 3 commits into from
Jan 10, 2023

Conversation

cipherboy
Copy link
Contributor

@cipherboy cipherboy commented Dec 19, 2022
edited
Loading

When using client.Logical().JSONMergePatch(...) with an empty issuer name, patch incorrectly reports:

issuer name contained invalid characters

In this case, both the error in getIssuerName(...) is incorrect and patch should allow setting an empty issuer name explicitly.

Signed-off-by: Alexander Scheel <[email protected]>

Notably, while this also affects vault write, the new error message should be clearer and users can simply elide the issuer_name parameter (with empty value) and the the same behavior (clearing the name). However, for vault patch there is no equivalent and thus they have to have this bug fix.

@cipherboy
Correctly distinguish empty issuer names
946a27a 
When using client.Logical().JSONMergePatch(...) with an empty issuer
name, patch incorrectly reports:

> issuer name contained invalid characters

In this case, both the error in getIssuerName(...) is incorrect and
patch should allow setting an empty issuer name explicitly.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy added bug Used to indicate a potential bug secret/pki labels Dec 19, 2022
@cipherboy cipherboy added this to the 1.13.0-rc1 milestone Dec 19, 2022
@cipherboy cipherboy requested review from kitography, stevendpclark and a team December 19, 2022 16:18
@cipherboy
Add changelog
58a5a6a 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Add tests
118f829 
Signed-off-by: Alexander Scheel <[email protected]>
@stevendpclark
Copy link
Contributor

I completely agree with the new patch behaviour.

Could you expand a bit though on why we want to keep the POST behaviour different, feels a bit odd that if an end-user wants to blank out an issuer name that it must be done through a PATCH command only? Is this just a way to force people to use PATCH semantics for updates?

@cipherboy
Copy link
Contributor Author

@stevendpclark On POST/vault write, they can simply elide the parameter and get the desired behavior (unsetting the value) since it is the default (and POST starts fresh). On PATCH, there is no such workaround. I don't think most users intend to set an empty issuer with vault write, but I could add that behavior if desired.

Up to you :)

stevendpclark
stevendpclark approved these changes Jan 10, 2023
View reviewed changes
Copy link
Contributor

@stevendpclark stevendpclark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup you are correct, pretty sure I was thinking of how we treat unset params for the various config POST requests.

@cipherboy cipherboy merged commit 1e356c9 into main Jan 10, 2023
@cipherboy
Copy link
Contributor Author

Thank you!

This was referenced Jan 10, 2023
Merged
Merged
AnPucel pushed a commit that referenced this pull request Jan 14, 2023
@cipherboy @AnPucel
Correctly distinguish empty issuer names in PKI (#18466)
0ac5d87 
* Correctly distinguish empty issuer names

When using client.Logical().JSONMergePatch(...) with an empty issuer
name, patch incorrectly reports:

> issuer name contained invalid characters

In this case, both the error in getIssuerName(...) is incorrect and
patch should allow setting an empty issuer name explicitly.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog

Signed-off-by: Alexander Scheel <[email protected]>

* Add tests

Signed-off-by: Alexander Scheel <[email protected]>

Signed-off-by: Alexander Scheel <[email protected]>
AnPucel pushed a commit that referenced this pull request Feb 3, 2023
@cipherboy @AnPucel
Correctly distinguish empty issuer names in PKI (#18466)
b626f28 
* Correctly distinguish empty issuer names

When using client.Logical().JSONMergePatch(...) with an empty issuer
name, patch incorrectly reports:

> issuer name contained invalid characters

In this case, both the error in getIssuerName(...) is incorrect and
patch should allow setting an empty issuer name explicitly.

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog

Signed-off-by: Alexander Scheel <[email protected]>

* Add tests

Signed-off-by: Alexander Scheel <[email protected]>

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy deleted the cipherboy-fix-name-on-empty-but-provided-issuer-name branch April 21, 2023 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

@kitography kitography Awaiting requested review from kitography

Assignees
No one assigned
Labels
bug Used to indicate a potential bug secret/pki
Projects
None yet
Milestone
1.13.0-rc1
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @stevendpclark