search

segmentio / chamber

CLI for managing secrets
MIT License
2.48k stars 170 forks source link

Chamber crashes looking up AMIs #509

Open Nuru opened 5 months ago

Nuru commented 5 months ago 
$ aws ssm get-parameter --name /aws/service/bottlerocket/aws-k8s-1.29/x86_64/latest/image_id
{
    "Parameter": {
        "Name": "/aws/service/bottlerocket/aws-k8s-1.29/x86_64/latest/image_id",
        "Type": "String",
        "Value": "ami-062fa347e1a1f9fca",
        "Version": 9,
        "LastModifiedDate": "2024-06-06T19:38:22.153000+00:00",
        "ARN": "arn:aws:ssm:us-east-1::parameter/aws/service/bottlerocket/aws-k8s-1.29/x86_64/latest/image_id",
        "DataType": "text"
    }
}
$ chamber read aws/service/bottlerocket/aws-k8s-1.29/x86_64/latest image_id
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x6b6420]

goroutine 1 [running]:
github.com/segmentio/chamber/v2/store.parameterMetaToSecretMeta(0x400090a440?)
    github.com/segmentio/chamber/v2/store/ssmstore.go:560 +0x80
github.com/segmentio/chamber/v2/store.(*SSMStore).readLatest(0x400000c4b0, {{0xffffe26aa570?, 0xa?}, {0xffffe26aa5a4?, 0x1dcd6500?}})
    github.com/segmentio/chamber/v2/store/ssmstore.go:254 +0x550
github.com/segmentio/chamber/v2/store.(*SSMStore).Read(0xffffe26aa5a4?, {{0xffffe26aa570?, 0x0?}, {0xffffe26aa5a4?, 0x0?}}, 0x0?)
    github.com/segmentio/chamber/v2/store/ssmstore.go:130 +0x48
github.com/segmentio/chamber/v2/cmd.read(0x40003b8900?, {0x400007b840, 0x2, 0x9436e1?})
    github.com/segmentio/chamber/v2/cmd/read.go:67 +0x40c
github.com/spf13/cobra.(*Command).execute(0x14244e0, {0x400007b800, 0x2, 0x2})
    github.com/spf13/cobra@v1.8.0/command.go:983 +0x840
github.com/spf13/cobra.(*Command).ExecuteC(0x1422820)
    github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/segmentio/chamber/v2/cmd.Execute({0xe13c40?, 0x4d140?}, {0xe1387c?, 0x40000021c0?})
    github.com/segmentio/chamber/v2/cmd/root.go:99 +0x8c
main.main()
    github.com/segmentio/chamber/v2/main.go:14 +0x3c
$ chamber version
chamber v2.14.1 
$ file `which chamber`
/usr/bin/chamber: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=hnyw45ALAVsS6t20ZShh/JJhaNGNCwCFxPfj7MZa2/cNWPQyxo0iACiHGNCX3Q/zX1gVVMGuBCZPTwL1OdA, with debug_info, not stripped
$ #  Debian 12 linux/arm64
bhavanki commented 5 months ago

Root cause appears to be that AWS returns parameter metadata that is missing a LastModifiedUser value.

This might be verifiable by running this command, which is what chamber uses to get parameter metadata.

aws ssm describe-parameters --parameter-filters Key=Path,Option=OneLevel,Values=/aws/service/bottlerocket/aws-k8s-1.29/x86_64/latest

Side note: This bug doesn't relate to looking up AMIs in particular.