From 0b3d7fdf105ffab0ac6ad50e98c97cc1d5bb6955 Mon Sep 17 00:00:00 2001 From: Violet Hynes Date: Tue, 23 Aug 2022 08:51:23 -0400 Subject: [PATCH] VAULT-7698 Fix ignored parameter warnings for endpoint arbitrary data options (#16794) * VAULT-7698 Fix warnings for endpoint arbitrary data options * VAULT-7698 Add changelog --- changelog/16794.txt | 3 +++ http/sys_wrapping_test.go | 15 +++++++++++++++ sdk/framework/backend.go | 2 +- sdk/framework/path.go | 6 ++++++ vault/logical_system_paths.go | 2 ++ 5 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 changelog/16794.txt diff --git a/changelog/16794.txt b/changelog/16794.txt new file mode 100644 index 000000000..0f78cf00a --- /dev/null +++ b/changelog/16794.txt @@ -0,0 +1,3 @@ +```release-note:bug +api: Fixed erroneous warnings of unrecognized parameters when unwrapping data. +``` diff --git a/http/sys_wrapping_test.go b/http/sys_wrapping_test.go index ab82b927c..17520e78c 100644 --- a/http/sys_wrapping_test.go +++ b/http/sys_wrapping_test.go @@ -146,6 +146,9 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } if secret == nil || secret.Data == nil { t.Fatal("secret or secret data is nil") } @@ -222,6 +225,9 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } ret4 := secret // Should be expired and fail _, err = client.Logical().Unwrap(wrapInfo.Token) @@ -286,10 +292,16 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } secret, err = client.Logical().Unwrap(secret.WrapInfo.Token) if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } if !reflect.DeepEqual(data, secret.Data) { t.Fatalf("custom wrap did not match expected: %#v", secret.Data) } @@ -320,6 +332,9 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } // Check for correct Creation path after rewrap if wrapInfo.CreationPath != "secret/foo" { diff --git a/sdk/framework/backend.go b/sdk/framework/backend.go index 0efb798b9..3fe74fa19 100644 --- a/sdk/framework/backend.go +++ b/sdk/framework/backend.go @@ -221,7 +221,7 @@ func (b *Backend) HandleRequest(ctx context.Context, req *logical.Request) (*log var ignored []string for k, v := range req.Data { raw[k] = v - if path.Fields[k] == nil { + if !path.TakesArbitraryInput && path.Fields[k] == nil { ignored = append(ignored, k) } } diff --git a/sdk/framework/path.go b/sdk/framework/path.go index 07ce84c97..8a8b1c758 100644 --- a/sdk/framework/path.go +++ b/sdk/framework/path.go @@ -116,6 +116,12 @@ type Path struct { // DisplayAttrs provides hints for UI and documentation generators. They // will be included in OpenAPI output if set. DisplayAttrs *DisplayAttributes + + // TakesArbitraryInput is used for endpoints that take arbitrary input, instead + // of or as well as their Fields. This is taken into account when printing + // warnings about ignored fields. If this is set, we will not warn when data is + // provided that is not part of the Fields declaration. + TakesArbitraryInput bool } // OperationHandler defines and describes a specific operation handler. diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index f004d3dfa..8d4e5bdab 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -1795,6 +1795,8 @@ func (b *SystemBackend) wrappingPaths() []*framework.Path { HelpSynopsis: strings.TrimSpace(sysHelp["wrap"][0]), HelpDescription: strings.TrimSpace(sysHelp["wrap"][1]), + + TakesArbitraryInput: true, }, {