From e4c4e449cafd8935d7f3d2f146fd7f61953d766e Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Mon, 10 Jan 2022 13:44:21 -0500 Subject: [PATCH 1/2] If we get a 405 doing an HTTP PATCH, assume the server is pre-1.9 and fall back to old readThenWrite approach. --- command/kv_patch.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/command/kv_patch.go b/command/kv_patch.go index d05ff5eed89c..b241cb9b50d1 100644 --- a/command/kv_patch.go +++ b/command/kv_patch.go @@ -281,6 +281,13 @@ func (c *KVPatchCommand) mergePatch(client *api.Client, path string, newData map secret, err := client.Logical().JSONMergePatch(context.Background(), path, data) if err != nil { + // If it's a 405, that probably means the server is running a pre-1.9 + // Vault version that doesn't support the HTTP PATCH method. + // Fall back to the old way of doing it if the user didn't specify a -method. + // If they did, and it was "patch", then just error. + if re, ok := err.(*api.ResponseError); ok && re.StatusCode == 405 && rwFallback { + return c.readThenWrite(client, path, newData) + } // If it's a 403, that probably means they don't have the patch capability in their policy. Fall back to // the old way of doing it if the user didn't specify a -method. If they did, and it was "patch", then just error. if re, ok := err.(*api.ResponseError); ok && re.StatusCode == 403 && rwFallback { From ade3cd4b9a0ac5021040968b9c1fa487bae54589 Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Mon, 10 Jan 2022 13:52:18 -0500 Subject: [PATCH 2/2] Add CL --- changelog/13615.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/13615.txt diff --git a/changelog/13615.txt b/changelog/13615.txt new file mode 100644 index 000000000000..8e9a6780ab7a --- /dev/null +++ b/changelog/13615.txt @@ -0,0 +1,3 @@ +```release-note:bug +cli: Fix using kv patch with older server versions that don't support HTTP PATCH. +``` \ No newline at end of file