Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Add GET database/config to return list of configuration keys. #4026

Closed
ja391045 opened this issue Feb 22, 2018 · 4 comments
Closed

Feature Request: Add GET database/config to return list of configuration keys. #4026

ja391045 opened this issue Feb 22, 2018 · 4 comments

Comments

@ja391045
Copy link

Feature Request:

Allow config/database to return a list of configuration keys.

I'm writing a puppet module to interface with vault and setup database configurations as part of our automation system. For things like sys/policies or database/roles I can query a list of available keys under each path, and then query each key individually. This is important to puppet, because the vault module can build a set of Puppet::Type resources for each key. That way, if roles or policies are modified outside of a puppet operation, the next puppet run can "see" those changes and take them into account. This is useful, for instance, to allow Puppet to modify a configuration which was originally set up outside of Puppet.

Since I can't query a list of database configurations from this endpoint, I'll have to keep a list of configurations that Puppet has created inside a scratch file on the host, or within a Puppet::Fact. That means future runs of puppet will only "see" those specific database configurations a particular puppet agent has created. If they are changed outside of puppet, or multiple puppet agents create configurations, a specific agent will not see those changes.

Environment:

  • Vault Version: 0.9.3
  • Operating System/Architecture: CentOS 7/x86_64

Expected Behavior:

curl -X GET -k --header "X-Vault-Token=`cat /root/.vault-token`" \
  http://localhost:8200/v1/database/config
{ "keys": ["my-db-config-one", "my-db-config-two"] }

Actual Behavior:

curl -X GET -k --header "X-Vault-Token=`cat /root/.vault-token`" \
  http://localhost:8200/v1/database/config
{"errors":["1 error occurred:\n\n* unsupported operation"]}

Steps to Reproduce:
Run the curl commands.
@ja391045
Copy link
Author

Also to note, for the purposes of the current Puppet Provider model I'm working on, the vault CLI client should be able to retrieve this list of keys as well:

vault read database/config
{ "keys": ["my-db-config-one", "my-db-config-two"]}

@chrishoffman
Copy link
Contributor

You can use the LIST custom HTTP verb or add the parameter ?list=true to the GET request. It looks like it is missing in the documentation. I'll add it shortly.

@chrishoffman
Copy link
Contributor

Additionally, from the CLI, you can issue the following command:

vault list database/config

@chrishoffman chrishoffman mentioned this issue Feb 22, 2018
Merged
@ja391045
Copy link
Author

Outstanding! That works like a champ. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrishoffman @ja391045