Hashicorp Vault - using BulkGetSecret (through asp.net core) always return 404 Not Found

[Banchio]

Expected Behavior

Thanks to 1.2 release, I was able to configure this component inside a K8s cluster. Now I expect my asp.net core app, when using configBuilder.AddDaprSecretStore("mysecretstore", client); to load all the secret in my kv.

Actual Behavior

DAPR sidecar always get a 404 when trying to LIST in Hashicorp
I believe this depends on the fact that the sidecar issues a LIST to <vault>/secret/metadata/**dapr** Note this last part is configurable but it cannot set to empty string or it will assume default value.
I tried with the api explorer and I'm able to do a LIST on <vault>/secret/metadata/ (I have created a KV named secret for this purpose) so I believe that forcing the last part of the url when issuing a bulk request is wrong.

Steps to Reproduce the Problem

Create a component like the following:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: mysecretstore
  namespace: mynamespace
spec:
  type: secretstores.hashicorp.vault
  version: v1
  metadata:
  - name: vaultAddr
    value: https://10.9.5.138:8200 
  - name: skipVerify # Optional. Default: false
    value : "true"
  - name: vaultToken # Required. Path to token file.
    value : "omitted"
  - name: vaultKVPrefix # Optional. Default: "dapr"
    value : "dapr"

Then run an ASP.Net app with the configBuilder.AddDaprSecretStore("mysecretstore", client); code to try to add all the secrets to the configuration. DAPR sidecar gives following error:
daprsecrettest-bcbd674dc-sjrq8:daprd time="2021-06-07T13:27:08.120418428Z" level=debug msg="rpc error: code = Internal desc = failed getting secrets from secret store mysecretstore: couldn't get successful response: &http.Response{Status:\"404 Not Found\", StatusCode:404, Proto:\"HTTP/2.0\", ProtoMajor:2, ProtoMinor:0, Header:http.Header{\"Cache-Control\":[]string{\"no-store\"}, \"Content-Length\":[]string{\"14\"}, \"Content-Type\":[]string{\"application/json\"}, \"Date\":[]string{\"Mon, 07 Jun 2021 13:27:08 GMT\"}}, Body:http2.transportResponseBody{cs:(*http2.clientStream)(0xc0004ce2c0)}, ContentLength:14, TransferEncoding:[]string(nil), Close:false, Uncompressed:false, Trailer:http.Header(nil), Request:(*http.Request)(0xc00069c200), TLS:(*tls.ConnectionState)(0xc00097c0b0)}, {\"errors\":[]}\n" app_id=daprsecrettest instance=daprsecrettest-bcbd674dc-sjrq8 scope=dapr.runtime.grpc.api type=log ver=1.2.0

Release Note

RELEASE NOTE:

[Banchio]

Update here: I setup an environment in which I could test the modification. Unfortunately if I modify the invocation in the BulkGetSecret method subsequent calls fails because the KVPrefix is always appended to the URL. Please see this screenshot:

I have a secret kv with a dapr entry (which contains two keys). removing the kvprefix works in the first call but then the prefix is appended whenever the code try to read every entry.
In my test env I changed the Init method to retain an empty value and it worked:

I can make a PR but not sure how to handle this. Maybe introducing a boolean to explicitly saying that I do not want any prefix?
Thanks!

edit: maybe @artursouza you can re-evaluate the tag since I think this is an actual bug with the current implementation? thanks

[Banchio]

@artursouza did the pull request, let me know if I missed something, thanks!

[artursouza]

@Banchio Thanks for opening a PR for code and docs. We will review and close those. Please, follow up on the comments.