From 8e177a1ba8f6572f9b94f7cbab3e8fe5eaf55a4b Mon Sep 17 00:00:00 2001 From: Nicolas Humbert Date: Tue, 31 Mar 2026 11:26:27 +0200 Subject: [PATCH 1/2] S3UTILS-227: replace util.parseArgs with manual argv parsing Problem: fix-missing-replication-permissions.js uses util.parseArgs which requires Node 16.17+. The vault container ships Node 16.13.2 on all S3C versions up to 9.5.0.x, causing "parseArgs is not a function" at runtime. Fix: Replace util.parseArgs with manual process.argv parsing. No other dependency changes. There is no risk with other dependencies: vaultclient, aws-sdk v2, and process.argv all work on Node 16.13.2+. Testing: Existing functional tests in fixMissingReplicationPermissions.js run the script as a child process through its CLI interface (positionals, --iam-port, --https, --dry-run). Since the CLI contract is unchanged, passing tests confirm the new parsing logic is equivalent. --- .../fix-missing-replication-permissions.js | 35 ++++++++++++------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/replicationAudit/fix-missing-replication-permissions.js b/replicationAudit/fix-missing-replication-permissions.js index 3e8d19e5..ea6b10f8 100644 --- a/replicationAudit/fix-missing-replication-permissions.js +++ b/replicationAudit/fix-missing-replication-permissions.js @@ -30,7 +30,6 @@ const fs = require('fs'); const http = require('http'); const https = require('https'); -const { parseArgs } = require('util'); const { Client: VaultClient } = require('vaultclient'); const AWS = require('aws-sdk'); @@ -49,17 +48,27 @@ function log(message) { } // =========================================================================== -// Argument parsing (Node.js 22+ built-in util.parseArgs) +// Argument parsing (manual process.argv for Node 16+ compatibility) // =========================================================================== function getConfig() { - const { values, positionals } = parseArgs({ - allowPositionals: true, - options: { - 'iam-port': { type: 'string', default: '8600' }, - 'https': { type: 'boolean', default: false }, - 'dry-run': { type: 'boolean', default: false }, - }, - }); + const args = process.argv.slice(2); + + const positionals = []; + let iamPort = 8600; + let useHttps = false; + let dryRun = false; + + for (let i = 0; i < args.length; i++) { + if (args[i] === '--iam-port') { + iamPort = parseInt(args[++i], 10); + } else if (args[i] === '--https') { + useHttps = true; + } else if (args[i] === '--dry-run') { + dryRun = true; + } else { + positionals.push(args[i]); + } + } if (positionals.length < 3) { log('Usage: node fix-missing-replication-permissions.js' @@ -72,11 +81,11 @@ function getConfig() { return { inputFile, vaultHost, - iamPort: parseInt(values['iam-port'], 10), + iamPort, adminConfig, - useHttps: values.https, + useHttps, outputFile: outputFile || 'replication-fix-results.json', - dryRun: values['dry-run'], + dryRun, }; } From ec544810cca0ac2324e5271d9a3d315327ab6c84 Mon Sep 17 00:00:00 2001 From: Nicolas Humbert Date: Tue, 31 Mar 2026 12:18:32 +0200 Subject: [PATCH 2/2] S3UTILS-227: guard --iam-port against missing value Add bounds check before consuming the next argument so that passing --iam-port as the last argument throws instead of silently setting the port to NaN. --- replicationAudit/fix-missing-replication-permissions.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/replicationAudit/fix-missing-replication-permissions.js b/replicationAudit/fix-missing-replication-permissions.js index ea6b10f8..36d3a60e 100644 --- a/replicationAudit/fix-missing-replication-permissions.js +++ b/replicationAudit/fix-missing-replication-permissions.js @@ -60,6 +60,9 @@ function getConfig() { for (let i = 0; i < args.length; i++) { if (args[i] === '--iam-port') { + if (i + 1 >= args.length) { + throw new Error('Missing value for --iam-port'); + } iamPort = parseInt(args[++i], 10); } else if (args[i] === '--https') { useHttps = true;