Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

golang vault client always validates config vars, even if passed config struct #11865

Closed
tigerquoll opened this issue Jun 15, 2021 · 3 comments · Fixed by #11904
Closed

golang vault client always validates config vars, even if passed config struct #11865

tigerquoll opened this issue Jun 15, 2021 · 3 comments · Fixed by #11904
Labels
bug Used to indicate a potential bug

Comments

@tigerquoll
Copy link

tigerquoll commented Jun 15, 2021
edited
Loading

The golang vault client construction code at

vault/api/client.go

Line 413 in 438e9cb

func NewClient(c *Config) (*Client, error) {

has descriptive comments of:
If the configuration is nil, Vault will use configuration from DefaultConfig(), which is the recommended starting configuration.

But even if the client configuration is non-nil, the code still validates environment variables, and will terminate client construction if any of these environment variables are invalid, regardless if they are being used for client initialisation or not.
@marcboudreau
Copy link
Contributor

This problem looks pretty straightforward to fix, I'll take a stab at it.

@marcboudreau marcboudreau mentioned this issue Jun 21, 2021
Merged
@ncabatoff
Copy link
Collaborator

This problem looks pretty straightforward to fix, I'll take a stab at it.

I recommend that you leave DefaultConfig's current behaviour intact for backward compatibility reasons. One way to address the issue would be to factor out a new helper (DefaultConfigNoReadEnv?) which doesn't look at environment variables.

@vishalnayak vishalnayak added the bug Used to indicate a potential bug label Jun 22, 2021
@heatherezell
Copy link
Contributor

Hi @marcboudreau - any updates on this, or questions for @ncabatoff's feedback? Please let us know if we can help, or if your PR is ready for review and merging. Thanks! (Since the PR has been open for a while, you may wish to rebase it.)

@raskchanky raskchanky linked a pull request Jun 14, 2022 that will close this issue
Improving Handling of Unix Domain Socket Addresses #11904
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improving Handling of Unix Domain Socket Addresses marcboudreau/vault
5 participants
@vishalnayak @ncabatoff @marcboudreau @tigerquoll @heatherezell