You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I was developing the identity resources in the vault terraform provider and found a problem when creating aliases to entities. If (like terraform does) several aliases are created at the same time, the entity alias is created correctly but the entity object doesn't reference all of the aliases (it doesn't get updated accordingly). I don't know if this translate into future problems, but I thought it was worth noticing.
To Reproduce
vault server -dev
vault auth list -format=json (get the accessor of any backend, for example token)
create an entity in vault : curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{}' ${VAULT_ADDR}/v1/identity/entity and save the ID
lauch in parallel:
for i in $(seq 1 100)
do
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{"mount_accessor": "*****ACCESSOR_HERE*****", "canonical_id": "*****ENTITY_ID_HERE*****", "name": "'"$i"'"}' ${VAULT_ADDR}/v1/identity/entity-alias
done
for i in $(seq 101 200)
do
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{"mount_accessor": "*****ACCESSOR_HERE*****", "canonical_id": "*****ENTITY_ID_HERE*****", "name": "'"$i"'"}' ${VAULT_ADDR}/v1/identity/entity-alias
done
The entity created previously, if obtained, should have all aliases, but instead some are missing.
I know that 200 aliases are overkill, but I saw this behaviour happen even by creating only 2 aliases in parallel.
Expected behavior
All aliases are tied to the entity.
Environment:
$ vault version
Vault v0.10.3 ('c69ae68faf2bf7fc1d78e3ec62655696a07454c7')
I'm happy to help by providing some more info if needed.
The text was updated successfully, but these errors were encountered:
jorgemarey
changed the title
Entity - Alias inconsistency when created in parallel
Entity - Alias inconsistency when creating several alias in parallel
Jul 5, 2018
Describe the bug
I was developing the identity resources in the vault terraform provider and found a problem when creating aliases to entities. If (like terraform does) several aliases are created at the same time, the entity alias is created correctly but the entity object doesn't reference all of the aliases (it doesn't get updated accordingly). I don't know if this translate into future problems, but I thought it was worth noticing.
To Reproduce
vault server -dev
vault auth list -format=json
(get the accessor of any backend, for example token)curl -H "X-Vault-Token: ${VAULT_TOKEN}" -k -X POST -d '{}' ${VAULT_ADDR}/v1/identity/entity
and save the IDI know that 200 aliases are overkill, but I saw this behaviour happen even by creating only 2 aliases in parallel.
Expected behavior
All aliases are tied to the entity.
Environment:
Additional context
I was looking into the code and I think that this is related to that the entity is obtained here
https://github.com/hashicorp/vault/blob/master/vault/identity_store_aliases.go#L215
and saved there
https://github.com/hashicorp/vault/blob/master/vault/identity_store_aliases.go#L356
If another alias creation is started when the first one is not yet saved, the first will get the value from memdb whitout that value, and when upserting it, that value would be lost.
I'm happy to help by providing some more info if needed.
The text was updated successfully, but these errors were encountered: