Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix: Transit encrypt batch does not honor key_version #11628

Merged
merged 2 commits into from
May 27, 2021
Merged

Fix: Transit encrypt batch does not honor key_version #11628

merged 2 commits into from
May 27, 2021

Conversation

rerorero
Copy link
Contributor

Fix #10232

This PR fixes the bug where batch encrypt API doesn't work with key_version ( #10232).
Because HTTP server parses a JSON body as a map[string]interface with UseNumber(), logica.Request.Data can include json.Number instead of a primitive number.

This PR fixes the issue by allowing additional json.Number in path_encrypt. I didn't use such as FieldSchema out of respect for this work: #8775

I checked the following queries worked

$ curl --header "X-Vault-Token: dev" --request POST --data '{"batch_input":[{"key_version":1,"plaintext":"dGhlIHF1aWNrIGJyb3duIGZveA=="}]}' http://127.0.0.1:8200/v1/transit/encrypt/key1
{"request_id":"bfd9ae52-2e17-9fb7-24d3-77c52553cf8d","lease_id":"","renewable":false,"lease_duration":0,"data":{"batch_results":[{"ciphertext":"vault:v1:7YPcOIManbq2aW8Zwj1QlFzEM2+9BGyrC8Qu6QF0pRau/KcYiZK74AagVrp6hBs=","key_version":1}]},"wrap_info":null,"warnings":null,"auth":null}

$ curl --header "X-Vault-Token: dev" --request POST --data '{"key_version":1,"plaintext":"dGhlIHF1aWNrIGJyb3duIGZveA=="}' http://127.0.0.1:8200/v1/transit/encrypt/key1
{"request_id":"f786ad53-fcba-b24f-cf87-fab3ec1fecd0","lease_id":"","renewable":false,"lease_duration":0,"data":{"ciphertext":"vault:v1:j31QYZEnhsy8kdq1pM5nXflrFERTD3wY1t3OMUedhR/rRsxTkYuI9XmsH19UIp4=","key_version":1},"wrap_info":null,"warnings":null,"auth":null}

@vercel vercel bot temporarily deployed to Preview – vault May 17, 2021 16:32 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook May 17, 2021 16:32 Inactive
@vercel vercel bot temporarily deployed to Preview – vault May 17, 2021 17:49 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook May 17, 2021 17:49 Inactive
@rerorero rerorero marked this pull request as ready for review May 17, 2021 18:09
sgmiller
sgmiller approved these changes May 27, 2021
View reviewed changes
Copy link
Collaborator

@sgmiller sgmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

@sgmiller sgmiller merged commit b5617e8 into hashicorp:master May 27, 2021
sgmiller pushed a commit that referenced this pull request May 27, 2021
@rerorero @sgmiller
Fix: Transit encrypt batch does not honor key_version (#11628)
5d8e55d 
* fix(secret/transit): #10232 Transit encrypt batch does not honor key_version

* add changelog for 11628
sgmiller pushed a commit that referenced this pull request May 27, 2021
@rerorero @sgmiller
Fix: Transit encrypt batch does not honor key_version (#11628)
f8617f3 
* fix(secret/transit): #10232 Transit encrypt batch does not honor key_version

* add changelog for 11628
@mladlow mladlow added this to the 1.6.6 milestone May 27, 2021
@rerorero rerorero deleted the fix-key-version-schema branch May 28, 2021 10:02
sgmiller added a commit that referenced this pull request Jun 1, 2021
@sgmiller @rerorero
Fix: Transit encrypt batch does not honor key_version (#11628) (#11716)
7031bcd 
* fix(secret/transit): #10232 Transit encrypt batch does not honor key_version

* add changelog for 11628

Co-authored-by: rerorero <nato9598@hotmail.co.jp>
sgmiller added a commit that referenced this pull request Jun 2, 2021
@sgmiller @rerorero @ncabatoff
Backport transit batch key_version fix to 1.7.x (#11718)
b1dfed0 
* Fix: Transit encrypt batch does not honor key_version (#11628)

* fix(secret/transit): #10232 Transit encrypt batch does not honor key_version

* add changelog for 11628

* Try a 5s request timeout

* Pin aerospike container image to a known working tag. (#11677)

Co-authored-by: rerorero <nato9598@hotmail.co.jp>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.6.6
Development

Successfully merging this pull request may close these issues.

Transit encrypt batch does not honor key_version
3 participants
@rerorero @sgmiller @mladlow