Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use custom serialization of rabbitmq role #224

Merged
merged 1 commit into from
Mar 20, 2024
Merged

Use custom serialization of rabbitmq role #224

merged 1 commit into from
Mar 20, 2024

Conversation

cipherboy
Copy link
Member

As reported by @mr-miles, the rabbitmq plugin can cause the audit subsystem to crash, due bad response serialization:

2024-03-19T18:50:37.610-0400 [ERROR] TestBackend_RoleReadCrash.core0.audit: panic during logging: request_path=rabbitmq/roles/newrole error="reflect: reflect.Value.Set using unaddressable value"
... output elided ...
  | github.com/openbao/openbao/audit.HashResponse(0xc000739c00, 0xc000ccc6e0, 0x0, {0x0, 0x0, 0x0}, 0x0)
  | \t/home/cipherboy/GitHub/cipherboy/openbao/audit/hashstructure.go:148 +0x311
  | github.com/openbao/openbao/audit.(*AuditFormatter).FormatResponse(0xc000760130, {0x33d9068, 0xc0011be210}, {0x33b2b40, 0xc0011be8a0}, {0x0?, 0x0?, 0x0?, 0x0?}, 0xc000304b60)

This occurs because the output type of the response is bad and includes nested private types (rabbitmq.vhostTopicPermission):

response from structs: map[string]interface{}
 {"tags":"administrator",
  "vhost_topics":map[string]map[string]rabbitmq.vhostTopicPermission
  {"/":map[string]rabbitmq.vhostTopicPermission{
   "amq.topic":rabbitmq.vhostTopicPermission{Write:".*", Read:".*"}}},
  "vhosts":map[string]interface{}{
   "/":map[string]interface{}{
    "configure":".*", "read":".*", "write":".*"}}}

Fixing this requires custom serialization of the response, in line with other plugins (e.g., PKI).

Resolves: #97

@cipherboy @naphelps
Use custom serialization of rabbitmq role
d951e83 
As reported by @mr-miles, the rabbitmq plugin can cause the audit
subsystem to crash, due bad response serialization:

> 2024-03-19T18:50:37.610-0400 [ERROR] TestBackend_RoleReadCrash.core0.audit: panic during logging: request_path=rabbitmq/roles/newrole error="reflect: reflect.Value.Set using unaddressable value"
> ... output elided ...
>   | github.com/openbao/openbao/audit.HashResponse(0xc000739c00, 0xc000ccc6e0, 0x0, {0x0, 0x0, 0x0}, 0x0)
>   | \t/home/cipherboy/GitHub/cipherboy/openbao/audit/hashstructure.go:148 +0x311
>   | github.com/openbao/openbao/audit.(*AuditFormatter).FormatResponse(0xc000760130, {0x33d9068, 0xc0011be210}, {0x33b2b40, 0xc0011be8a0}, {0x0?, 0x0?, 0x0?, 0x0?}, 0xc000304b60)

This occurs because the output type of the response is bad and includes
nested private types (rabbitmq.vhostTopicPermission):

> response from structs: map[string]interface{}
>  {"tags":"administrator",
>   "vhost_topics":map[string]map[string]rabbitmq.vhostTopicPermission
>   {"/":map[string]rabbitmq.vhostTopicPermission{
>    "amq.topic":rabbitmq.vhostTopicPermission{Write:".*", Read:".*"}}},
>   "vhosts":map[string]interface{}{
>    "/":map[string]interface{}{
>     "configure":".*", "read":".*", "write":".*"}}}

Fixing this requires custom serialization of the response, in line with
other plugins (e.g., PKI).

Resolves: openbao#97

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
@naphelps naphelps self-requested a review March 19, 2024 23:48
@naphelps naphelps merged commit a9b60c4 into openbao:main Mar 20, 2024
73 of 74 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@naphelps naphelps naphelps approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug - Rabbitmq secret engine crashes vault on role read
2 participants
@cipherboy @naphelps