luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

backport of commit e0472d4059decd4a5801e027c34d38b80e038a32 (#21590) 

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-07-05 15:29:29 -04:00 committed by GitHub
parent df1fb2c868
commit 946329b29d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/21563.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
openapi: Better mount points for kv-v1 and kv-v2 in openapi.json
```

4
helper/builtinplugins/registry_test.go
View File

@ -242,10 +242,10 @@ func Test_RegistryMatchesGenOpenapi(t *testing.T) {
var (
credentialBackends []string
credentialBackendsRe = regexp.MustCompile(`^vault auth enable (?:"([a-zA-Z]+)"|([a-zA-Z]+))$`)
credentialBackendsRe = regexp.MustCompile(`^vault auth enable (?:-.+ )*(?:"([a-zA-Z]+)"|([a-zA-Z]+))$`)
secretsBackends []string
secretsBackendsRe = regexp.MustCompile(`^vault secrets enable (?:"([a-zA-Z]+)"|([a-zA-Z]+))$`)
secretsBackendsRe = regexp.MustCompile(`^vault secrets enable (?:-.+ )*(?:"([a-zA-Z]+)"|([a-zA-Z]+))$`)
)
scanner := bufio.NewScanner(f)

11
scripts/gen_openapi.sh
View File

@ -37,7 +37,13 @@ trap defer_stop_vault INT TERM EXIT
export VAULT_ADDR=http://127.0.0.1:8200
echo "Mounting all builtin plugins..."
echo "Unmounting the default kv-v2 secrets engine ..."
# Unmount the default kv-v2 engine so that we can remount it at 'kv_v2/' later.
# The mount path will be reflected in the resultant OpenAPI document.
vault secrets disable "secret/"
echo "Mounting all builtin plugins ..."
# Enable auth plugins
vault auth enable "alicloud"
@ -67,7 +73,8 @@ vault secrets enable "database"
vault secrets enable "gcp"
vault secrets enable "gcpkms"
vault secrets enable "kubernetes"
vault secrets enable "kv"
vault secrets enable -path="kv-v1/" -version=1 "kv"
vault secrets enable -path="kv-v2/" -version=2 "kv"
vault secrets enable "ldap"
vault secrets enable "mongodbatlas"
vault secrets enable "nomad"

4
vault/logical_system.go
View File

@ -4541,7 +4541,7 @@ func (b *SystemBackend) pathInternalOpenAPI(ctx context.Context, req *logical.Re
// Generic mount paths will primarily be used for code generation purposes.
// This will result in parameterized mount paths being returned instead of
// hardcoded actual paths. For example /auth/my-auth-method/login would be
// replaced with /auth/{my-auth-method_mount_path}/login.
// replaced with /auth/{my_auth_method_mount_path}/login.
//
// Note that for this to actually be useful, you have to be using it with
// a Vault instance in which you have mounted one of each secrets engine
@ -4615,7 +4615,7 @@ func (b *SystemBackend) pathInternalOpenAPI(ctx context.Context, req *logical.Re
(pluginType == "system" || pluginType == "identity" || pluginType == "cubbyhole"))
if !isSingletonMount {
mountPathParameterName = strings.TrimRight(mount, "/") + "_mount_path"
mountPathParameterName = strings.TrimRight(strings.ReplaceAll(mount, "-", "_"), "/") + "_mount_path"
}
}