diff options
| author | Dave Henderson <dhenderson@gmail.com> | 2024-12-16 14:01:49 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-16 14:01:49 -0500 |
| commit | a69bb645210bd335e2ce3cece1b54af3a286db7a (patch) | |
| tree | 1e87078887fd3febec574f62b8f9cf1320b85619 /internal | |
| parent | 66fd58bff457fa2042109356ed897b3615f731e9 (diff) | |
fix(datasources): Fix aws+sm bug when reading secrets not starting with slash (#2284)
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/datafs/fsurl.go | 9 | ||||
| -rw-r--r-- | internal/datafs/fsurl_test.go | 20 | ||||
| -rw-r--r-- | internal/datafs/fsys.go | 2 | ||||
| -rw-r--r-- | internal/datafs/reader.go | 4 |
4 files changed, 33 insertions, 2 deletions
diff --git a/internal/datafs/fsurl.go b/internal/datafs/fsurl.go index a1cf5cbc..f34324a0 100644 --- a/internal/datafs/fsurl.go +++ b/internal/datafs/fsurl.go @@ -21,6 +21,15 @@ func SplitFSMuxURL(in *url.URL) (*url.URL, string) { } return &u, base + case "aws+sm": + // An aws+sm URL can either be opaque or have a path with a leading + // slash. If it's opaque, the URL must not contain a leading slash. If + // it has a path, the URL must begin with a slash. + if u.Opaque != "" { + return &url.URL{Scheme: u.Scheme}, u.Opaque + } else { + return &url.URL{Scheme: u.Scheme, Path: "/"}, strings.TrimLeft(u.Path, "/") + } } // trim leading and trailing slashes - they are not part of a valid path diff --git a/internal/datafs/fsurl_test.go b/internal/datafs/fsurl_test.go index 00bba69b..bcfa3c86 100644 --- a/internal/datafs/fsurl_test.go +++ b/internal/datafs/fsurl_test.go @@ -95,6 +95,26 @@ func TestSplitFSMuxURL(t *testing.T) { "merge:///", "vault:///foo/bar|foo|git+ssh://git@github.com/hairyhenderson/go-which.git//a/b/c/d", }, + { + "aws+sm:foo", + "aws+sm:", + "foo", + }, + { + "aws+sm:foo/bar", + "aws+sm:", + "foo/bar", + }, + { + "aws+sm:/foo/bar", + "aws+sm:///", + "foo/bar", + }, + { + "aws+sm:/foo", + "aws+sm:///", + "foo", + }, } for _, d := range testdata { diff --git a/internal/datafs/fsys.go b/internal/datafs/fsys.go index 03abdf6d..1102fb8a 100644 --- a/internal/datafs/fsys.go +++ b/internal/datafs/fsys.go @@ -55,6 +55,8 @@ func FSysForPath(ctx context.Context, path string) (fs.FS, error) { switch u.Scheme { case "git+http", "git+https", "git+ssh", "git": // no-op, these are handled + case "aws+sm": + // An aws+sm URL can be opaque, best not disturb it case "", "file", "git+file": // default to "/" so we have a rooted filesystem for all schemes, but also // support volumes on Windows diff --git a/internal/datafs/reader.go b/internal/datafs/reader.go index 68d5d37f..52ebefe1 100644 --- a/internal/datafs/reader.go +++ b/internal/datafs/reader.go @@ -122,13 +122,13 @@ func (d *dsReader) readFileContent(ctx context.Context, u *url.URL, hdr http.Hea // leaking into the filesystem layer u = removeQueryParam(u, overrideType) + u, fname := SplitFSMuxURL(u) + fsys, err := FSysForPath(ctx, u.String()) if err != nil { return nil, fmt.Errorf("fsys for path %v: %w", u, err) } - u, fname := SplitFSMuxURL(u) - // need to support absolute paths on local filesystem too // TODO: this is a hack, probably fix this? if u.Scheme == "file" && runtime.GOOS != "windows" { |