search

jonasvinther / medusa

A cli tool for importing and exporting Hashicorp Vault secrets
MIT License
483 stars 62 forks source link

Unable to export a KV path due to a `segmentation violation` #74

Closed nikita-petko closed 2 years ago

nikita-petko commented 2 years ago

When attempting export a specific path on vault, it will throw the following error:

[sudo] password for robloxadmin:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x98 pc=0x8ad3d2]

goroutine 1 [running]:
github.com/jonasvinther/medusa/pkg/vaultengine.(*Client).SecretRead(0xc0000d1d08, 0xc0000831c0, 0x3f, 0xc00024f800)
        /home/runner/work/medusa/medusa/pkg/vaultengine/secret_read.go:54 +0x2b2
github.com/jonasvinther/medusa/pkg/vaultengine.(*Client).PathReader(0xc0000d1d08, 0xc0000d1b28, 0xc0000e2780, 0x2d, 0x0, 0x0)
        /home/runner/work/medusa/medusa/pkg/vaultengine/folder_export.go:79 +0x1c5
github.com/jonasvinther/medusa/pkg/vaultengine.(*Client).FolderExport(0xc0000d1d08, 0xc0000e2780, 0x2d, 0x10, 0xc0000e2780, 0x2d)
        /home/runner/work/medusa/medusa/pkg/vaultengine/folder_export.go:16 +0x69
github.com/jonasvinther/medusa/cmd.glob..func3(0xd375a0, 0xc0000dfa40, 0x1, 0x7, 0x0, 0x0)
        /home/runner/work/medusa/medusa/cmd/export.go:42 +0x3fe
github.com/spf13/cobra.(*Command).execute(0xd375a0, 0xc0000df9d0, 0x7, 0x7, 0xd375a0, 0xc0000df9d0)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:850 +0x47c
github.com/spf13/cobra.(*Command).ExecuteC(0xd37060, 0xc00003a778, 0xc0000d1f78, 0x4062c5)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:958 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.1.1/command.go:895
github.com/jonasvinther/medusa/cmd.Execute(...)
        /home/runner/work/medusa/medusa/cmd/cmd.go:59
main.main()
        /home/runner/work/medusa/medusa/main.go:10 +0x32

There are 2 paths that have data in them /secret/teams/neteng/grid-service-v2/release -- throws /secret/teams/neteng/grid-service-v2/debug -- can be exported, despite it having the same KV layout

The export command is as follows: ./medusa export secret/teams/neteng/grid-service-v2/release --address="https://chi1-vault.simulprod.com" --token="s.token" --format="json" --insecure

It can export /debug but no /release

If you need any more information, please ask

jonasvinther commented 2 years ago

Hi @nkpetko Can you post the structure of the secret that doesn't work? Please remember to anonymize any values :) I would expext that the secrets on both release and debug looks equal in structure but contains different values.

nikita-petko commented 2 years ago

It's a KV of the following for both:

KEY -------- VALUE GroupName -> String Name -> String Updated -> String (In date-time format)

If anything else is needed please ask

liyaka commented 2 years ago

I get this error as well for many secrets, for example:

xxx:
 apikey-auth:
    zzzzz:
    {
      "API Address": null,
      "Header 1": "asd",
      "Header 2": null,
      "Header 3": null,
      "Value 1": "asd",
      "Value 2": null,
      "Value 3": null
    }

maybe null value is the problem?

nikita-petko commented 2 years ago

@liyaka I figured it may have been a null value issue, I have a few KVs in the release side that are null but none in the debug side.

I will look into it a bit more.

liyaka commented 2 years ago

@nkpetko is there a chance it will be fixed any time soon?

nikita-petko commented 2 years ago

@nkpetko is there a chance it will be fixed any time soon?

@liyaka if I can find the root issue, and also @jonasvinther pulls a PR I make then soon

jonasvinther commented 2 years ago

If we can verify that the issue is a null value, then It would make it much easier to make a fix for it. @liyaka I will try to import your datastructure today or tomorrow and see if I can reproduce the error. A fix should be easy to implement if that's the case.

liyaka commented 2 years ago

@jonasvinther i did more tests, it is definitely the null issue - in all cases when i had at least one secret that had a null inside, i got this error. An example for a secret with null: { "Name": "hhh", "Value": null }

jonasvinther commented 2 years ago

@liyaka and @nkpetko please give release 0.3.3 a spin. I think I have managed to handle the nil values now. At least it works for my test cases.

liyaka commented 2 years ago

@jonasvinther Thank you! will test it later today

liyaka commented 2 years ago

@jonasvinther Works like charm! Thanks again :)