You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using the CLI or cURL to establish a new set of root database credentials, the remote authorization fails when there is an exclamation point in the password. The character cannot be escaped or URL-encoded successfully. An identical password without the exclamation point works without issues.
To Reproduce
Both CLI and cURL clients fail with a 1045 error:
# vault write -tls-skip-verify \> database/config/proddb \
> plugin_name=mysql-rds-database-plugin \
> connection_url="{{username}}:{{password}}@tcp(remote-host:1521)/" \
> allowed_roles="*" \
> username="dbmaster" \
> password="abcdef!"
Error writing data to database/config/aurciprd: Error making API request.
URL: PUT https://127.0.0.1:8200/v1/database/config/proddb
Code: 400. Errors:
* error creating database object: error verifying connection: Error 1045: Access denied for user 'dbmaster'@'10.255.192.128' (using password: YES)
Expected behavior
I was able to get this to succeed by using the same password without an exclamation point on the end. Unfortunately, I do not have a say what this password should be, so it must support special characters.
Environment:
Vault Server Version (retrieve with vault status):
# vault status -tls-skip-verify
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 5
Threshold 3
Version 1.2.2
Cluster Name vault-cluster-d0923a5b
Cluster ID 5c500923-7810-4647-ae61-2685eba150c9
HA Enabled true
HA Cluster https://10.255.192.128:8201
HA Mode active
Vault CLI Version (retrieve with vault version):
# vault version -tls-skip-verify
Vault v1.2.2
Server Operating System/Architecture:
# uname -a
Linux ldvltv01 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Additional context
Like I said, I'm unable to escape the password using backslashes or single quotes or $(cat password.txt) or any other bash tricks, and url-encoding the exclamation in cURL doesn't help either. This command works when resetting the database password to abcdef and stops working again when using abcdef!
This is not a firewall issue, I'm getting login failures in the RDS console logs, and it's working otherwise.
I am also able to get the original password to work in a python script:
# python3
Python 3.6.8 (default, Apr 8 2019, 18:17:52)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import mysql.connector
>>> cnx = mysql.connector.connect(user='dbmaster', password='abcdef!', host='remote-host', port=1521, database='proddb')
>>> cur = cnx.cursor()
>>> cur.execute('SELECT 1;')
>>> cur.fetchall()
[(1,)]
The text was updated successfully, but these errors were encountered:
@michelvocks#6752 did seem related, but the solution to that thread (url encoding) did not seem to work. Perhaps I am doing the encoding wrong, could you provide an example?
It occurred to me that it may also be possible to use base64 encoding for these values. Does Vault support base64 for transport? Can it auto-detect and decode on the back end?
Describe the bug
When using the CLI or cURL to establish a new set of root database credentials, the remote authorization fails when there is an exclamation point in the password. The character cannot be escaped or URL-encoded successfully. An identical password without the exclamation point works without issues.
To Reproduce
Both CLI and cURL clients fail with a 1045 error:
Expected behavior
I was able to get this to succeed by using the same password without an exclamation point on the end. Unfortunately, I do not have a say what this password should be, so it must support special characters.
Environment:
vault status
):vault version
):# vault version -tls-skip-verify Vault v1.2.2
Vault server configuration file(s):
Additional context
Like I said, I'm unable to escape the password using backslashes or single quotes or
$(cat password.txt)
or any other bash tricks, and url-encoding the exclamation in cURL doesn't help either. This command works when resetting the database password toabcdef
and stops working again when usingabcdef!
This is not a firewall issue, I'm getting login failures in the RDS console logs, and it's working otherwise.
I am also able to get the original password to work in a python script:
The text was updated successfully, but these errors were encountered: