Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vault UI Changes my JSON during secret creation #5153

Closed
jsirianni opened this issue Aug 21, 2018 · 4 comments
Closed

Vault UI Changes my JSON during secret creation #5153

jsirianni opened this issue Aug 21, 2018 · 4 comments
Labels

Comments

@jsirianni
Copy link

jsirianni commented Aug 21, 2018

Describe the bug
When using the Vault UI, I can create secrets. I select the json option, and paste raw json into the text box. Vault replaces my array with objects.

To Reproduce
Steps to reproduce the behavior:

  1. Log into vault UI
  2. Create a secret with the json toggle enabled
  3. Paste this into the text box
[
  {
    "name": "connection-1",
    "default": true,
    "connection_args": {
      "private_key_json": "redacted",
      "projects": "*"
    }
  },
  {
    "name": "connection-2",
    "default": false,
    "connection_args": {
      "private_key_json": "redacted",
      "projects": "project-alpha"
    }
  },
  {
    "name": "connection-3",
    "default": false,
    "connection_args": {
      "private_key_json": "redacted",
      "projects": "project-abc"
    }
  }
]
  1. Notice that vault has replaced the array with objects:
{
  "0": {
    "connection_args": {
      "private_key_json": "redacted",
      "projects": "*"
    },
    "default": true,
    "name": "connection-1"
  },
  "1": {
    "connection_args": {
      "private_key_json": "redacted",
      "projects": "project-alpha"
    },
    "default": false,
    "name": "connection-2"
  },
  "2": {
    "connection_args": {
      "private_key_json": "redacted",
      "projects": "project-abc"
    },
    "default": false,
    "name": "connection-3"
  }
}

Expected behavior
I expect vault to either reject my json if it is not compatible or malformed, or accept it without modification.

Environment:

  • Vault Server Version (retrieve with vault status): 0.10.4
  • Vault CLI Version (retrieve with vault version): 0.10.4
  • Server Operating System/Architecture: CentOS 7.5 64 bit

Vault server configuration file(s):

ui = "true"

listener "tcp" {
  address          = "0.0.0.0:8200"
  cluster_address  = "0.0.0.0:8201"

  // TLS options
  tls_disable     = "false"
  tls_cert_file   = "/path/vault.crt"
  tls_key_file    = "/path/vault.key"
  tls_min_version = "tls12"
}

api_addr =  "http://vault.mydomain.com:8200"
cluster_addr = "http://vault.mydomain.com:8201"

storage "consul" {
  address = "127.0.0.1:8500"
  path    = "vault/"
  token   = "faketoken"
}

Additional context
I understand that my json may not be compatible (starting with an array), however, I would expect an error to be returned, not a modification. Is this documented? My apologies if it is.

@jefferai jefferai added the ui label Aug 23, 2018
@jefferai
Copy link
Member

@meirish the input is malformed JSON, but it does seem like it would be nice to error if possible

@jsirianni
Copy link
Author

I had a typo in my input json, there should not have been a --- at the top, it has been removed.

Yes, my concern is not the fact that the input could be malformed, it is that there is no warning when vault changes my input. The first time I ran into this, I did not notice the change.

I am not sure if this happens when communicating directly with the vault api or with the cli.

@jefferai
Copy link
Member

The CLI won't accept it because all input to Vault is via JSON objects, not arrays, so it errors out appropriately. It seems like the UI is instead converting to an object.

@meirish
Copy link
Contributor

meirish commented Aug 23, 2018

Yeah @jefferai is correct, it assumes it's an object, and we have auto-formatting for the editor - I didn't realize it would transform the value so much when the top level is an array. Will look into disabling that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants