Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kv2/metadata: ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint #337

Merged
merged 3 commits into from
Sep 8, 2024
Merged

kv2/metadata: ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint #337

merged 3 commits into from
Sep 8, 2024

Conversation

konidev20
Copy link
Collaborator

@konidev20 konidev20 commented Nov 22, 2023
edited
Loading

In the implementation of

public async Task<Secret<ListInfo>> ReadSecretPathsAsync(string path, string mountPoint = null, string wrapTimeToLive = null)

the path is required which was built referencing -> https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#list-secrets

However, as reported in gh-334, it seems like path can be empty, if you want to list all the secrets on the mount point.

I tried this with Vault v1.15.2, below are the results of my test.

Sample Request

curl --header "X-Vault-Token: …” --request LIST http://127.0.0.1:8200/v1/secret/metadata

Response

{
  "request_id": "34a153dc-0fef-b717-25da-1f54e77ab581",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "keys": [
      "bye",
      "hello/",
      "world"
    ]
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

considering the above results, I felt removing the strict null check and adding a simple guard rail would be a better solution.

fixes #334

@konidev20 konidev20 changed the title remove null check for path, in list secrets API ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint Nov 22, 2023
@konidev20 konidev20 changed the title ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint kv2/metadata: ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint Nov 22, 2023
rajanadar
rajanadar approved these changes Sep 8, 2024
View reviewed changes
Copy link
Owner

@rajanadar rajanadar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

rajanadar
rajanadar requested changes Sep 8, 2024
View reviewed changes
Copy link
Owner

@rajanadar rajanadar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

conflicts

@konidev20
remove null check for path, in list secrets API
14a3d73 
the path is required in the API documentation of vault
but if you manually run the API like
curl --header "X-Vault-Token: …” --request LIST http://127.0.0.1:8200/v1/secret/metadata
it would work

therefore, removing the strict null check and adding a simple guard rail
@konidev20
update IKeyValueSecretsEngineV2 documentation
6da4de7
@konidev20
update CHANGELOG.md
428bbee
@rajanadar rajanadar merged commit 5e568b6 into rajanadar:master Sep 8, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajanadar rajanadar rajanadar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Metadata LIST
2 participants
@konidev20 @rajanadar