Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configured Vault token contains non-printable characters and cannot be used #7288

Closed
tormath1 opened this issue Aug 9, 2019 · 6 comments
Closed

configured Vault token contains non-printable characters and cannot be used #7288

tormath1 opened this issue Aug 9, 2019 · 6 comments
Labels
core/api enhancement

Comments

@tormath1
Copy link

tormath1 commented Aug 9, 2019
edited

Describe the bug
Hi, I am trying to use a Vault token stored in a tmp file:

configured Vault token contains non-printable characters and cannot be used

To Reproduce
Steps to reproduce the behavior:

  1. echo "my-token" >> /tmp/my-token
  2. use ioutil.Readfile to get content of /tmp/token
  3. use SetToken to set the token
  4. perform a request to Vault

Expected behavior
Get my request result

Environment:
github.com/hashicorp/vault/api v1.0.4 // indirect

Additional context

In the source, we run this kind of test:

vault/api/client.go

Lines 755 to 761 in 18aaf01

// Sanity check the token before potentially erroring from the API
idx := strings.IndexFunc(token, func(c rune) bool {
return !unicode.IsPrint(c)
})
if idx != -1 {
return nil, fmt.Errorf("configured Vault token contains non-printable characters and cannot be used")
}

It could be nice to check if the last character is a \n and replace it by an empty character?
jaydhulia added a commit to jaydhulia/vault that referenced this issue Oct 11, 2019
@jaydhulia
fixing issue hashicorp#7288 , so if the last character is newline, it…
766c354 
… trims it
@jaydhulia jaydhulia mentioned this issue Oct 11, 2019
Closed
@catsby
Copy link
Member

catsby commented Nov 19, 2019
edited

Hello there! Would it be possible to trim the trailing characters in your code before attempting to use the token? Something like token = strings.TrimSuffix(token, "\n")?

On the surface, it's really simple to add that to Vault's code and do it for you. At the same time, I'm hesitant to introduce code that modifies a users token input in an attempt to make the token be valid. I would prefer Vault not modify the supplied token value at all. (edited for spelling, wording)

@jefferai
Copy link
Member

Additionally using "echo -n" would work around this in the first place.

@tormath1
Copy link
Author

Hi there,

Yes it totally makes sense to not "modify" the token. However, we could add a more explicit error message ?
The user should not need to lookup in the source code to find out this error trigger :/

@michelvocks
Copy link
Contributor

Hi @tormath1!

What error message would you expect to see? I personally think the current error message explicitly defines the problem, doesn't it?

Cheers,
Michel

@catsby
Copy link
Member

catsby commented Mar 9, 2020

Hello - we haven't heard back in some time, so we're going to close this issue for now. If you have more information please let us know by opening a new issue, and optionally referencing this one. Thanks!

@catsby catsby closed this as completed Mar 9, 2020
@stephmafole
Copy link

@catsby ... your idea was the ultimate solution to my problem.

Thank you very much.

I've trimmed the token before authenticating my Go app on Vault, and it worked like a charm !!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core/api enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixing issue #7288 , so if the last character is newline, it trims it. jaydhulia/vault
7 participants
@jefferai @catsby @chrishoffman @michelvocks @tormath1 @stephmafole @hsimon-hashicorp