consul icon indicating copy to clipboard operation
consul copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

auto_encrypt: Fix parsing of IPv6 addresses from retry_join

Open maxb opened this issue 2 years ago • 6 comments

Fixes #11847

Owing to confusion between hosts, and addresses (hosts with an optional colon-separated port), Go's net.SplitHostPort was being called twice on the contents of retry_join. This is doomed to failure with IPv6 addresses as they must be enclosed in square brackets when part of a host-port string.

Testing & Reproduction steps

Attempt to start a Consul client agent with

auto_encrypt {
  tls = true
}

retry_join = [
  "[fe80::]:1234",
]

(You don't actually need any working server agent to reproduce this.)

Logs show:

2023-04-15T18:40:56.391+0100 [WARN]  agent.auto_config: error splitting host address into IP and port: address=fe80:: error="address fe80::: too many colons in address"
2023-04-15T18:40:56.391+0100 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request

This is incorrect - the address was appropriately enclosed in the config file.

With the fix applied, you get a valid attempt to actually connect to the specified IP address:

2023-04-15T23:05:46.901+0100 [ERROR] agent.auto_config: AutoEncrypt.Sign RPC failed: addr=[fe80::]:8300 error="rpcinsecure: error establishing connection: dial tcp <nil>->[fe80::]:8300: connect: invalid argument"

Links

https://discuss.hashicorp.com/t/ipv6-agent-auto-config-error-splitting-host-address-into-ip-and-port-address-x-error-address-x-too-many-colons-in-address/52754

PR Checklist

  • [x] updated test coverage
  • N/A external facing docs updated
  • [ ] appropriate backport labels added
  • [x] not a security concern

maxb avatar Apr 15 '23 22:04 maxb

This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions.

github-actions[bot] avatar Jun 16 '23 01:06 github-actions[bot]

@hsimon-hashicorp Hello, I'm reaching out to you since you have helped with some of my Vault PRs and I'm not sure who else to turn to, to try to get this PR some attention.

Would you be able to see if you can find someone to review it?

I've tried posting in https://discuss.hashicorp.com/t/how-can-i-get-a-consul-pr-reviewed-it-has-been-open-for-6-weeks-with-no-feedback/54281 without success, and github-actions is now threatening to close the PR for inactivity!

maxb avatar Jun 16 '23 05:06 maxb

This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions.

github-actions[bot] avatar Aug 17 '23 01:08 github-actions[bot]

It's still here sitting waiting for a reviewer :-(

maxb avatar Aug 17 '23 04:08 maxb

Would be really nice to have this pr merged upvote

Jhoysbou avatar Sep 20 '23 21:09 Jhoysbou

This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions.

github-actions[bot] avatar Jun 03 '24 01:06 github-actions[bot]

Closing due to inactivity. If you feel this was a mistake or you wish to re-open at any time in the future, please leave a comment and it will be re-surfaced for the maintainers to review.

github-actions[bot] avatar Jul 04 '24 01:07 github-actions[bot]