Merge pull request #64 from shwuandwing/master

Path copy stops copying error value for soft deleted secrets

go.sum

@@ -152,10 +152,12 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=

vaku/path_copy.go

@@ -35,6 +35,11 @@ func (c *CopyClient) PathCopy(s *PathInput, t *PathInput) error {
 		return fmt.Errorf("failed to read data at %s: %w", s.Path, err)
 	}
 
+	// Do not copy KV v2 secrets that are deleted
+	if s.mountVersion == "2" && d["VAKU_STATUS"] == "SECRET_HAS_BEEN_DELETED" {
+		return nil
+	}
+
 	// Write the data to the new path
 	err = c.Target.PathWrite(t, d)
 	if err != nil {

vaku/path_copy_test.go

@@ -111,3 +111,65 @@ func TestCopyClientPathCopy(t *testing.T) {
 		}
 	}
 }
+
+type TestPathCopyDeletedData struct {
+	inputSource *vaku.PathInput
+	inputTarget *vaku.PathInput
+	copyErr     bool
+	oppath      string
+}
+
+func TestCopyClientPathDeleted(t *testing.T) {
+	c := copyClientInitForTests(t)
+
+	tests := map[int]TestPathCopyDeletedData{
+		1: {
+			inputSource: vaku.NewPathInput("secretv1/copydeleted/test"),
+			inputTarget: vaku.NewPathInput("secretv1/copydeleted/test"),
+			copyErr:     true,
+			oppath:      "delete",
+		},
+		2: {
+			inputSource: vaku.NewPathInput("secretv2/copydeleted/test"),
+			inputTarget: vaku.NewPathInput("secretv2/copydeleted/test"),
+			copyErr:     false,
+			oppath:      "delete",
+		},
+		3: {
+			inputSource: vaku.NewPathInput("secretv2/copydestroyed/test"),
+			inputTarget: vaku.NewPathInput("secretv2/copydestroyed/test"),
+			copyErr:     true,
+			oppath:      "destroy",
+		},
+	}
+
+	for _, d := range tests {
+		secret := map[string]interface{}{
+			"Eg5ljS7t": "6F1B5nBg",
+			"quqr32S5": "81iY4HAN",
+			"r6R0JUzX": "rs1mCRB5",
+		}
+
+		err := c.Source.PathWrite(d.inputSource, secret)
+		assert.NoError(t, err)
+
+		if d.oppath == "delete" {
+			err = c.Source.PathDelete(d.inputSource)
+			assert.NoError(t, err)
+		} else if d.oppath == "destroy" {
+			err = c.Source.PathDestroy(d.inputSource)
+			assert.NoError(t, err)
+		}
+
+		copyErr := c.PathCopy(d.inputSource, d.inputTarget)
+		tr, readTargetErr := c.Target.PathRead(d.inputTarget)
+		if d.copyErr {
+			assert.Error(t, copyErr)
+			assert.Error(t, readTargetErr)
+		} else {
+			assert.NoError(t, copyErr)
+			assert.Nil(t, tr)
+			assert.Error(t, readTargetErr)
+		}
+	}
+}