luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/sdk
History
Max Bowsher 4c5f583f39
OpenAPI `generic_mount_paths` follow-up (#18663) 
* OpenAPI `generic_mount_paths` follow-up

An incremental improvement within larger context discussed in #18560.

* Following the revert in #18617, re-introduce the change from
  `{mountPath}` to `{<path-of-mount>_mount_path}`; this is needed, as
  otherwise paths from multiple plugins would clash - e.g. almost every
  auth method would provide a conflicting definition for
  `auth/{mountPath}/login`, and the last one written into the map would
  win.

* Move the half of the functionality that was in `sdk/framework/` to
  `vault/logical_system.go` with the rest; this is needed, as
  `sdk/framework/` gets compiled in to externally built plugins, and
  therefore there may be version skew between it and the Vault main
  code. Implementing the `generic_mount_paths` feature entirely on one
  side of this boundary frees us from problems caused by this.

* Update the special exception that recognizes `system` and `identity`
  as singleton mounts to also include the other two singleton mounts,
  `cubbyhole` and `auth/token`.

* Include a comment that documents to restricted circumstances in which
  the `generic_mount_paths` option makes sense to use:

	    // Note that for this to actually be useful, you have to be using it with
	    // a Vault instance in which you have mounted one of each secrets engine
	    // and auth method of types you are interested in, at paths which identify
	    // their type, and for the KV secrets engine you will probably want to
	    // mount separate kv-v1 and kv-v2 mounts to include the documentation for
	    // each of those APIs.

* Fix tests

Also remove comment "// TODO update after kv repo update" which was
added 4 years ago in #5687 - the implied update has not happened.

* Add changelog

* Update 18663.txt
 		2023-01-17 23:07:11 -05:00
..
database Link OSS (#18228) 2022-12-08 15:02:18 -05:00
framework OpenAPI `generic_mount_paths` follow-up (#18663) 2023-01-17 23:07:11 -05:00
helper Add AppRole response schema validation tests (#18636) 2023-01-13 15:23:36 -05:00
logical Add basic event bus broker stub (#18640) 2023-01-17 13:34:37 -08:00
physical
plugin Link OSS (#18228) 2022-12-08 15:02:18 -05:00
queue
version
README.md
go.mod Add logic to generate openapi response structures (#18192) 2022-12-05 11:11:06 -05:00
go.sum Add cached OCSP client support to Cert Auth (#17093) 2022-11-21 10:39:24 -06:00

README.md

Vault SDK libs

This package provides the sdk package which contains code useful for developing Vault plugins.

Although we try not to break functionality, we reserve the right to reorganize the code at will and may occasionally cause breaks if they are warranted. As such we expect the tag of this module will stay less than v1.0.0.

For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.