Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Entity - Alias inconsistency when creating several alias in parallel #4870

Closed
jorgemarey opened this issue Jul 5, 2018 · 0 comments
Closed
Assignees
Milestone

Comments

@jorgemarey
Copy link

Describe the bug
I was developing the identity resources in the vault terraform provider and found a problem when creating aliases to entities. If (like terraform does) several aliases are created at the same time, the entity alias is created correctly but the entity object doesn't reference all of the aliases (it doesn't get updated accordingly). I don't know if this translate into future problems, but I thought it was worth noticing.

To Reproduce

  1. vault server -dev
  2. vault auth list -format=json (get the accessor of any backend, for example token)
  3. create an entity in vault :
    curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{}' ${VAULT_ADDR}/v1/identity/entity and save the ID
  4. lauch in parallel:
for i in $(seq 1 100)                                                                           
do
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{"mount_accessor": "*****ACCESSOR_HERE*****", "canonical_id": "*****ENTITY_ID_HERE*****", "name": "'"$i"'"}' ${VAULT_ADDR}/v1/identity/entity-alias
done
for i in $(seq 101 200)                                                                           
do
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{"mount_accessor": "*****ACCESSOR_HERE*****", "canonical_id": "*****ENTITY_ID_HERE*****", "name": "'"$i"'"}' ${VAULT_ADDR}/v1/identity/entity-alias
done
  1. The entity created previously, if obtained, should have all aliases, but instead some are missing.

I know that 200 aliases are overkill, but I saw this behaviour happen even by creating only 2 aliases in parallel.

Expected behavior
All aliases are tied to the entity.

Environment:

$ vault version
Vault v0.10.3 ('c69ae68faf2bf7fc1d78e3ec62655696a07454c7')

Additional context
I was looking into the code and I think that this is related to that the entity is obtained here
https://github.com/hashicorp/vault/blob/master/vault/identity_store_aliases.go#L215
and saved there
https://github.com/hashicorp/vault/blob/master/vault/identity_store_aliases.go#L356
If another alias creation is started when the first one is not yet saved, the first will get the value from memdb whitout that value, and when upserting it, that value would be lost.

I'm happy to help by providing some more info if needed.

@jorgemarey jorgemarey changed the title Entity - Alias inconsistency when created in parallel Entity - Alias inconsistency when creating several alias in parallel Jul 5, 2018
@jefferai jefferai added this to the 0.10.4 milestone Jul 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants