New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nested secrets handling fix for zookeeper and file based backend. #1964
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,7 @@ import ( | |
"io" | ||
"os" | ||
"path/filepath" | ||
"strings" | ||
"sync" | ||
|
||
log "github.com/mgutz/logxi/v1" | ||
|
@@ -39,48 +40,52 @@ func newFileBackend(conf map[string]string, logger log.Logger) (Backend, error) | |
}, nil | ||
} | ||
|
||
func (b *FileBackend) Delete(k string) error { | ||
func (b *FileBackend) Delete(path string) error { | ||
b.l.Lock() | ||
defer b.l.Unlock() | ||
|
||
path, key := b.path(k) | ||
fullPath := filepath.Join(path, key) | ||
basePath, key := b.path(path) | ||
fullPath := filepath.Join(basePath, key) | ||
|
||
// If the path doesn't exist return success; this is in line with Vault's | ||
// expected behavior and we don't want to check for an empty directory if | ||
// we couldn't even find the path in the first place. | ||
err := os.Remove(fullPath) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return nil | ||
} else { | ||
return err | ||
} | ||
if err != nil && !os.IsNotExist(err) { | ||
return fmt.Errorf("Failed to remove `%s`: %v", fullPath, err) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👍 |
||
} | ||
|
||
// Check for the directory being empty and remove if so, with another | ||
// additional guard for the path not existing | ||
dir, err := os.Open(path) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return nil | ||
} else { | ||
return err | ||
} | ||
} | ||
err = b.cleanupLogicalPath(path) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we make it There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would it be a problem if I leave it as-is ? Two things: What do you think ? |
||
|
||
list, err := dir.Readdir(1) | ||
dir.Close() | ||
if err != nil && err != io.EOF { | ||
return err | ||
} | ||
return err | ||
} | ||
|
||
// If we have no entries, it's an empty directory; remove it | ||
if err == io.EOF || list == nil || len(list) == 0 { | ||
err = os.Remove(path) | ||
// cleanupLogicalPath is used to remove all empty nodes, begining with deepest | ||
// one, aborting on first non-empty one, up to top-level node. | ||
func (b *FileBackend) cleanupLogicalPath(path string) error { | ||
nodes := strings.Split(path, "/") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. True :) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we check for There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am not sure I understand - if |
||
for i := len(nodes) - 1; i > 0; i-- { | ||
fullPath := b.Path + "/" + strings.Join(nodes[:i], "/") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we employ a combination of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👍 |
||
|
||
dir, err := os.Open(fullPath) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return nil | ||
} else { | ||
return err | ||
} | ||
} | ||
|
||
list, err := dir.Readdir(1) | ||
dir.Close() | ||
if err != nil && err != io.EOF { | ||
return err | ||
} | ||
|
||
// If we have no entries, it's an empty directory; remove it | ||
if err == io.EOF || list == nil || len(list) == 0 { | ||
err = os.Remove(fullPath) | ||
if err != nil { | ||
return err | ||
} | ||
} | ||
} | ||
|
||
return nil | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we check if
path
is empty here andreturn nil
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍