-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop using deprecated hashicorp/vault/api RawRequest functions #6601
Conversation
da2b78c
to
5d5cab7
Compare
Signed-off-by: Richard Wall <richard.wall@venafi.com>
1c97e88
to
5074209
Compare
Signed-off-by: Richard Wall <richard.wall@venafi.com>
secretId, err := v.callVault("POST", url, "secret_id", map[string]string{}) | ||
// TODO: Should use Auth.AppRoleWriteSecretId instead of raw write here, | ||
// but it's currently broken. See: | ||
// https://github.com/hashicorp/vault-client-go/issues/249 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are the all important changes but GitHub seems to be folding them. Unfold this file when reviewing.
// # read the secret-id | ||
url = path.Join(baseUrl, "secret-id") | ||
secretId, err := v.callVault("POST", url, "secret_id", map[string]string{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Notice that the original comment is misleading. These lines are writing (POSTing) to the secret-id endpoint.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, good catch. Vault seems to use POST-as-GET, it seems that's what is going on here. Maybe the comment should say:
// # read the secret-id (POST-as-GET)
Note that the error message just below also refers to "reading":
fmt.Errorf("error reading secret_id: %s", ...)
Signed-off-by: Richard Wall <richard.wall@venafi.com>
Signed-off-by: Richard Wall <richard.wall@venafi.com>
ctx := context.Background() | ||
// TODO: Should use Secrets.PkiWriteRole here, | ||
// but it is broken. See: | ||
// https://github.com/hashicorp/vault-client-go/issues/195 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey, I went thought the changes, I didn't spot anything strange. I haven't performed ad-hoc tests, nor did I run the end-to-end tests locally, I am confident CI will have caught anything off (I hope). It must have taken some work to get there! Great work, I appreciate the self-review and the comments you added in code. /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: maelvls The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixed the following staticcheck warnings:
The RawRequest function was deprecated in:
So in this PR I've unhidden the deprecation warning and updated the E2E test code to use https://github.com/hashicorp/vault-client-go instead of the vault/api module.
- https://github.com/cert-manager/cert-manager/actions/runs/7412656898?pr=6601
Testing
I ran the Vault E2E tests locally as follows:
/kind cleanup