Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault token capabilities fails when passed multiple paths #4552

Closed
lucymhdavies opened this issue May 11, 2018 · 0 comments
Closed

vault token capabilities fails when passed multiple paths #4552

lucymhdavies opened this issue May 11, 2018 · 0 comments

Comments

@lucymhdavies
Copy link
Contributor

Environment:

  • Vault Version: v0.9.6 (can replicate with v0.10.1)
  • Operating System/Architecture: darwin/amd64

Expected Behavior:

With a single path, display capabilities

With multiple paths, display capabilities for each path

Actual Behavior:

With a single path, everything is fine:

$ vault token capabilities secret/foo
create, delete, list, read, update

With multiple paths, we hit the panic:

$ vault token capabilities secret/foo,secret/bar
panic: interface conversion: interface {} is nil, not []interface {}

goroutine 1 [running]:
github.com/hashicorp/vault/api.(*Sys).Capabilities(0xc4204f1c70, 0xc42001803c, 0x24, 0x7fff948f5ef7, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/api/sys_capabilities.go:38 +0x6ce
github.com/hashicorp/vault/api.(*Sys).CapabilitiesSelf(0xc4204f1c70, 0x7fff948f5ef7, 0x15, 0x0, 0x0, 0x0, 0x1, 0xc420028800)
	/gopath/src/github.com/hashicorp/vault/api/sys_capabilities.go:6 +0x54
github.com/hashicorp/vault/command.(*TokenCapabilitiesCommand).Run(0xc4201be040, 0xc42000e0b0, 0x1, 0x1, 0xc42023d200)
	/gopath/src/github.com/hashicorp/vault/command/token_capabilities.go:88 +0x145
github.com/hashicorp/vault/vendor/github.com/mitchellh/cli.(*CLI).Run(0xc42047d900, 0xc42047d900, 0xc42023d6a0, 0xc42015eb40)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/mitchellh/cli/cli.go:255 +0x1eb
github.com/hashicorp/vault/command.RunCustom(0xc42000e090, 0x3, 0x3, 0xc420197580, 0xc4204f4e10)
	/gopath/src/github.com/hashicorp/vault/command/main.go:178 +0x6ab
github.com/hashicorp/vault/command.Run(0xc42000e090, 0x3, 0x3, 0x1c2eb49)
	/gopath/src/github.com/hashicorp/vault/command/main.go:92 +0x48
main.main()
	/gopath/src/github.com/hashicorp/vault/main.go:10 +0x63
FATA[0002] Vault client terminated with non-zero exit status

Steps to Reproduce:

With a valid Vault token, run:

vault token capabilities secret/foo,secret/bar

You can also trigger the same issue with Go, which is how I discovered it in the first place:

/ client is a github.com/hashicorp/vault/api Client
// it has a valid Vault token
client.Sys().CapabilitiesSelf("secret/foo","secret/bar")

Important Factoids:

I have the beginnings of a fix, on my fork, for api/sys_capabilities.go

I have not yet written the corresponding fix for command/token_capabilities.go, but I should have that ready soon.

References:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lucymhdavies