From cdfc7d6a20b445117f4f40c69f03120d952c067e Mon Sep 17 00:00:00 2001
From: Vasily Marnopolsky <sept0r.com@gmail.com>
Date: Fri, 18 Oct 2024 22:49:03 -0400
Subject: [PATCH] fix(azkv): handle whitespace in Azure Key Vault URLs

### Problem:

The Azure Key Vault key parser would fail when URLs contained leading or trailing whitespace, which commonly occurs when using YAML Block Scalar syntax.

```yaml
creation_rules:
  - azure_keyvault: >-
      https://test.vault.azure.net/keys/test-key/a2a690a4fcc04166b739da342a912c90,
      https://test2.vault.azure.net/keys/another-test-key/cf0021e8b743453bae758e7fbf71b60e
```

This resulted in the error:

```bash
"could not parse " https://test2.vault.azure.net/keys/another-test-key/cf0021e8b743453bae758e7fbf71b60e" into a valid Azure Key Vault MasterKey"
```

### Fix:

- Added `strings.TrimSpace()` to clean the URL before parsing in `NewMasterKeyFromURL()`
- Added test case to verify handling of URLs with leading/trailing spaces

Signed-off-by: Vasily Marnopolsky <sept0r.com@gmail.com>
---
 azkv/keysource.go      |  1 +
 azkv/keysource_test.go | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/azkv/keysource.go b/azkv/keysource.go
index 27e28cca5..11e761026 100644
--- a/azkv/keysource.go
+++ b/azkv/keysource.go
@@ -76,6 +76,7 @@ func NewMasterKey(vaultURL string, keyName string, keyVersion string) *MasterKey
 // NewMasterKeyFromURL takes an Azure Key Vault key URL, and returns a new
 // MasterKey. The URL format is {vaultUrl}/keys/{keyName}/{keyVersion}.
 func NewMasterKeyFromURL(url string) (*MasterKey, error) {
+	url = strings.TrimSpace(url)
 	re := regexp.MustCompile("^(https://[^/]+)/keys/([^/]+)/([^/]+)$")
 	parts := re.FindStringSubmatch(url)
 	if parts == nil || len(parts) < 3 {
diff --git a/azkv/keysource_test.go b/azkv/keysource_test.go
index ef6aa6893..5560e4be6 100644
--- a/azkv/keysource_test.go
+++ b/azkv/keysource_test.go
@@ -88,6 +88,23 @@ func TestMasterKeysFromURLs(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:           "multiple URLs with leading and trailing spaces",
+			urls:           " https://test.vault.azure.net/keys/test-key/a2a690a4fcc04166b739da342a912c90 ,  https://test2.vault.azure.net/keys/another-test-key/cf0021e8b743453bae758e7fbf71b60e  ",
+			expectKeyCount: 2,
+			expectKeys: []MasterKey{
+				{
+					VaultURL: "https://test.vault.azure.net",
+					Name:     "test-key",
+					Version:  "a2a690a4fcc04166b739da342a912c90",
+				},
+				{
+					VaultURL: "https://test2.vault.azure.net",
+					Name:     "another-test-key",
+					Version:  "cf0021e8b743453bae758e7fbf71b60e",
+				},
+			},
+		},
 		{
 			name:      "multiple URLs, one malformed",
 			urls:      "https://test.vault.azure.net/keys/test-key/a2a690a4fcc04166b739da342a912c90,https://test.vault.azure.net/no-keys-here/test-key/a2a690a4fcc04166b739da342a912c90",