open-vault/changelog/14945.txt

```release-note:improvement
cli: Support the -format=raw option, to read non-JSON Vault endpoints and original response bodies.
```
Vault Raw Read Support (CLI & Client) (#14945) * Expose raw request from client.Logical() Not all Vault API endpoints return well-formatted JSON objects. Sometimes, in the case of the PKI secrets engine, they're not even printable (/pki/ca returns a binary (DER-encoded) certificate). While this endpoint isn't authenticated, in general the API caller would either need to use Client.RawRequestWithContext(...) directly (which the docs advise against), or setup their own net/http client and re-create much of Client and/or Client.Logical. Instead, exposing the raw Request (via the new ReadRawWithData(...)) allows callers to directly consume these non-JSON endpoints like they would nearly any other endpoint. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add raw formatter for direct []byte data As mentioned in the previous commit, some API endpoints return non-JSON data. We get as far as fetching this data (via client.Logical().Read), but parsing it as an api.Secret fails (as in this case, it is non-JSON). Given that we intend to update `vault read` to support such endpoints, we'll need a "raw" formatter that accepts []byte-encoded data and simply writes it to the UI. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add support for reading raw API endpoints Some endpoints, such as `pki/ca` and `pki/ca/pem` return non-JSON objects. When calling `vault read` on these endpoints, an error is returned because they cannot be parsed as api.Secret instances: > Error reading pki/ca/pem: invalid character '-' in numeric literal Indeed, we go to all the trouble of (successfully) fetching this value, only to be unable to Unmarshal into a Secrets value. Instead, add support for a new -format=raw option, allowing these endpoints to be consumed by callers of `vault read` directly. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove panic Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> 2022-10-28 13:45:32 +00:00			```release-note:improvement
			`cli: Support the -format=raw option, to read non-JSON Vault endpoints and original response bodies.`
			```