Unhelpful raft unseal error and outdated documentation

[mishak87]

Describe the bug
Vault starts but on last unseal key vault returns 500 and confusing error message because of raft configuration error.

{"errors":["strconv.Atoi: parsing \"1\\n\": invalid syntax"]}

To Reproduce
Steps to reproduce the behavior:

1. Start vault 1.4.0 cluster with raft storage
2. Change node configuration performance_multiplier to 1 (integer not string)
3. Restart vault node
4. Try to unseal

Expected behavior
Helpful error message or behavior according to documentation.

Additional context

Documentation refers to performance_multiplier as int https://www.vaultproject.io/docs/configuration/storage/raft#performance_multiplier
Tests use string and strconv.Atoi

vault/physical/raft/raft_test.go

Line 386 in 5299537

"performance_multiplier": "5",

Environment:

#deploy> docker stack deploy -c ${file} vault
version: "3.7"
services:
  vault-a: &service
    image: vault:1.4.0
    command: server
    environment: &environment
      #
      # NODE settings
      #
      VAULT_API_ADDR: "http://vault-a:8200"
      VAULT_CLUSTER_ADDR: https://vault-a:8201
      VAULT_RAFT_NODE_ID: vault-raft-a
      #
      # GLOBAL settings
      #
      # disable setcap in entrypoint cap_add is not supported by docker swarm
      # see: https://docs.docker.com/compose/compose-file/#cap_add-cap_drop
      SKIP_SETCAP: "1"
      # enable vault UI
      VAULT_UI: "1"
      VAULT_RAFT_PATH: /vault/file
      # !!! fix is to pass performance_multiplier value as a string "1" !!!
      VAULT_LOCAL_CONFIG: |
        {
            "listener": [{"tcp": {
                "address": "0.0.0.0:8200",
                "tls_disable": true,
                "cluster_address": "0.0.0.0:8201"
            }}],
            "disable_mlock": true,
            "storage": [{"raft": {
                "path": "/vault/file",
                "performance_multiplier": !!! 1 !!!,
                "retry_join": [
                    { "leader_api_addr": "http://vault-a:8200" },
                    { "leader_api_addr": "http://vault-b:8200" },
                    { "leader_api_addr": "http://vault-c:8200" }
                ]
            }}]
        }

  vault-b:
    <<: *service
    environment:
      <<: *environment
      VAULT_API_ADDR: "http://vault-b:8200"
      VAULT_CLUSTER_ADDR: https://vault-b:8201
      VAULT_RAFT_NODE_ID: vault-raft-b
    volumes:
      - vault-b-data:/vault/file

  vault-c:
    <<: *service
    environment:
      <<: *environment
      VAULT_API_ADDR: "http://vault-c:8200"
      VAULT_CLUSTER_ADDR: https://vault-c:8201
      VAULT_RAFT_NODE_ID: vault-raft-c
    volumes:
      - vault-c-data:/vault/file

volumes:
  vault-a-data: {}
  vault-b-data: {}
  vault-c-data: {}

[calvn]

Thanks for the report! I was able to reproduce the issue. It seems that it only occurs if a JSON-formatted config file is provided. If you provide an integer value on an HCL-formatted config file, it works fine.

[calvn]

This seems to come from the fact that json.Encode, which gets called when we're parsing the config map, appends a newline to the resulting value, which is why strconv.Atoi ends up complaining when trying to do the conversion.

[raskchanky]

In doing some further testing on this, it looks like the error in question gets thrown regardless of file format. I can reproduce the problem with both HCL and JSON formatted config files. Additionally, it seems like the error in question happens not just for integer values, but boolean values as well.