-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add -mount
flag to kv list command
#19378
Conversation
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
c.UI.Error(err.Error()) | ||
return 2 | ||
} | ||
// If true, we're working with "-mount=secret foo" syntax. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic is the same as in kv put
https://github.com/hashicorp/vault/blob/d35be2d0de3d1c036248570c538c2051c4c1dc57/command/kv_put.go#L144C2-L176
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One question about test coverage but otherwise LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple small nits, otherwise looks good.
path and secret path, with /data/ automatically appended between KV | ||
v2 secrets.`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
path and secret path, with /data/ automatically appended between KV | |
v2 secrets.`, | |
path and secret path, with /data/ automatically inserted between the two | |
paths for KV-v2 secrets.`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is copied from kv get
Lines 72 to 76 in e4e9612
Usage: `Specifies the path where the KV backend is mounted. If specified, | |
the next argument will be interpreted as the secret path. If this flag is | |
not specified, the next argument will be interpreted as the combined mount | |
path and secret path, with /data/ automatically appended between KV | |
v2 secrets.`, |
so going to leave for now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps adjusting both descriptions for clarity would help.
// v1 | ||
if mountFlagSyntax { | ||
fullPath = path.Join(mountPath, partialPath) | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a bit hard to follow these if blocks, perhaps they can be rearranged a bit for clarity? In particular we are doing path.Join(...)
for kv-v1 here yet for kv-v2 in the previous if
block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just copied the logic from kv put
each command in kv ...
does this a little differently, going to look to consolidate the logic in a subsequent ticket
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for taking a look at this! The reason that I didn't have a -mount
flag for this command is not that I forgot it so much as it behaved a little differently from the others so I just kinda skipped it, but I think it's tripped up a few people so it's definitely worth adding.
Here's the thing about this command: the kv list
command is the only one that lets you pass just the mount path itself with no secret path at all. When you do this, it shows all the secrets at that mount path, and indeed I think this is a common use case for the command.
For example, let's say I have some secrets I've created inside the secret
mount path.
If I run your code with the traditional way of passing the path:
$ vault kv list secret
Keys
----
foo
bar
vs with the -mount flag:
$ vault kv list -mount=secret
Not enough arguments (expected 1, got 0)
So basically, if you can fix it so that version of the command doesn't throw an error, and instead returns the same thing as the version without the flag, then I think this will be good to go!
@digivava
Lets see if there's a way to pull that off, thank you! |
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Would it be reasonable to require a "/" or a "." parameter to be provided for this edge case: vault kv list -mount=secret / |
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
{ | ||
// this is behavior that should be tested | ||
// `kv` here is an explicit mount | ||
// `my-prefix` is not | ||
// the current kv code will ignore `my-prefix` | ||
name: "ignore_multi_part_mounts", | ||
args: []string{"-mount", "kv/my-prefix"}, | ||
outStrings: []string{"my-prefix"}, | ||
code: 0, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@digivava when you have a moment, can you give this PR another pass please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to work as expected now! Thank you!
resolves #17399