diff --git a/changelog/16443.txt b/changelog/16443.txt new file mode 100644 index 000000000..86b43c684 --- /dev/null +++ b/changelog/16443.txt @@ -0,0 +1,3 @@ +```release-note:bug +secrets/kv: Fix `kv get` issue preventing the ability to read a secret when providing a leading slash +``` diff --git a/command/kv_get.go b/command/kv_get.go index ce4f60a76..3aca29d20 100644 --- a/command/kv_get.go +++ b/command/kv_get.go @@ -116,16 +116,16 @@ func (c *KVGetCommand) Run(args []string) int { mountFlagSyntax := (c.flagMount != "") var ( - mountPath string - partialPath string - v2 bool + mountPath string + v2 bool ) + // Ignore leading slash + partialPath := strings.TrimPrefix(args[0], "/") + // Parse the paths and grab the KV version if mountFlagSyntax { // In this case, this arg is the secret path (e.g. "foo"). - partialPath = args[0] - mountPath = sanitizePath(c.flagMount) _, v2, err = isKVv2(mountPath, client) if err != nil { @@ -135,8 +135,6 @@ func (c *KVGetCommand) Run(args []string) int { } else { // In this case, this arg is a path-like combination of mountPath/secretPath. // (e.g. "secret/foo") - partialPath = args[0] - mountPath, v2, err = isKVv2(partialPath, client) if err != nil { c.UI.Error(err.Error()) diff --git a/command/kv_test.go b/command/kv_test.go index 21df402a9..d3b131d43 100644 --- a/command/kv_test.go +++ b/command/kv_test.go @@ -458,6 +458,12 @@ func TestKVGetCommand(t *testing.T) { append(baseV2ExpectedFields, "foo"), 0, }, + { + "v2_mount_flag_syntax_leading_slash", + []string{"-mount", "kv", "/read/foo"}, + append(baseV2ExpectedFields, "foo"), + 0, + }, { "v2_not_found", []string{"kv/nope/not/once/never"}, @@ -470,6 +476,12 @@ func TestKVGetCommand(t *testing.T) { append(baseV2ExpectedFields, "foo"), 0, }, + { + "v2_read_leading_slash", + []string{"/kv/read/foo"}, + append(baseV2ExpectedFields, "foo"), + 0, + }, { "v2_read_version", []string{"--version", "1", "kv/read/foo"},