Case Insensitive Match

[sims-security]

Description

The following pull request corrects an issue where pulling secrets from Vault fails due to case-sensitive key referencing. At a high level, this issue means that an attempt by Drone to pull "username" when the key in Vault is "Username" will result in a "secret key not found" error.

Use Case

Lets assume we are attempting to pull a secret in vault which has the key "FOO" and value "BAR".

• Example pipeline yaml pulling secret "foo"

---

kind: secret
name: foo
get:
    path: example/data/credentials
    name: foo

• Currently, the plugin will processes this request and make a found/not found decision based on the line of code here. This operation does not account for mismatched case. Searching the params map for "foo" will yield no results (actual key in Vault stored as "FOO"), and as such the pipeline will return "secret key not found".

How To Fix This Issue

This issue can be fixed by performing a case-insensitive key lookup when querying the secret value from the "params" go map. The code changes proposed successfully mitigate this issue.

For testing purposes I have included a new unit test uppercase_secret.json which tests successfully pulling a secret when drone requests the value for key="USERNAME" and Vault includes a record where key="Username".

Additional Considerations

I could not think of any example/reason where a request for "USERNAME" when Vault is storing the key as "Username" would cause unintended consequences or impact. A secret in the form of a key/value pair should be represented with a unique key, therefor IMO "username" and "Username" should not be treated as separate values.

[CLAassistant]

All committers have signed the CLA.

[sims-security]

Thanks for the quick response and approval, @tboerger
Please let me know if I can address any additional concerns or provide more detail!

[tboerger]

It's up to @bradrydzewski to give another review and merging the change.

[sims-security]

Just following up on this; I know you have a lot on your plate @bradrydzewski and this is probably not super high on your list of "to-dos" to keep everything running :)

[sims-security]

bumping @bradrydzewski