Skip to content

fix(provider): handle null parameters map in auth_login #2455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(provider): handle null parameters map in auth_login #2455

wants to merge 1 commit into from

Conversation

7d4b9
Copy link

@7d4b9 7d4b9 commented Apr 21, 2025

Description

This PR fixes a crash in the auth_login block of the Vault provider when the parameters block is explicitly null.

Context

When the parameters block is set to null, Terraform crashes with:

panic: assignment to entry in nil map

The crash occurs in auth.go line 254 because the map params is not initialized before writing to it.

This PR ensures the map is initialized using make(map[string]interface{}) if parameters is nil.

Root Cause

The current implementation assumes that when .getOk("parameters") succeeds, the value is always a non-nil map. This assumption is incorrect if the user writes:

auth_login {
  method     = "gcp"
  path       = "auth/gcp/login"
  parameters = null
}

This pattern is used when switching between local and cluster-based login methods and caused us to crash in both local and remote terraform apply.

Reproducer

provider "vault" {
  address = var.vault_addr

  auth_login {
    method = "gcp"
    path   = "auth/gcp/login"
    parameters = null
  }
}

Fix

Initialize params with make(map[string]interface{}) when parameters is nil.

Checklist
	•	Added [CHANGELOG](https://github.com/hashicorp/terraform-provider-vault/blob/master/CHANGELOG.md) entry (user-facing crash fix)
	•	Acceptance tests were run against Vault OSS 1.15.0

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccProvider_authLogin*'

--- PASS: TestAccProvider_authLogin_parameters_nil (0.51s)
--- PASS: TestAccProvider_authLogin_parameters_non_nil (0.68s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/internal/provider   1.234s



⸻

Community Note
	•	Please do not leave “+1” comments, they generate extra noise for pull request followers and do not help prioritize the request

@7d4b9
fix(auth): prevent panic when 'auth_login.parameters' is set to null
1a51faa 
This commit resolves an issue where the application could panic if `auth_login.parameters` was explicitly set to `null`.

Changes were made to `auth.go` to verify whether a map[string]interface{} instance retrieved via v.(map[string]interface{}) is nil before assigning it to 'params'. If it's found to be null, 'params' will now default to an empty map instead of null.

The test file `auth_test.go` has also been updated with a new test case 'TestAuthLogin_Init_nilParameters', in order to validate that this fix works as intended by simulating a situation where 'parameters' is explicitly set to null.

These changes should help improve the overall reliability of the application by preventing unexpected crashes due to null 'parameters'.
@7d4b9 7d4b9 requested a review from a team as a code owner April 21, 2025 00:33
@7d4b9 7d4b9 requested a review from AnPucel April 21, 2025 00:33
@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Apr 21, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hashicorp-cla-app HashiCorp CLA App
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AnPucel AnPucel Awaiting requested review from AnPucel AnPucel is a code owner automatically assigned from hashicorp/vault

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@7d4b9