You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug Namespace documentation states that namespace can be treated as part of the path. This works fine with HTTP API, but CLI makes request to incorrect URL when namespace is both provided as argument and part of the path.
To Reproduce
# Setup
vault namespace create dev
vault namespace create -namespace=dev myapp
vault secrets enable -version=2 -namespace=/dev/myapp -path=secrets kv
vault kv put -namespace=/dev/myapp secrets/examplePath foo=APPsecret
# Check that HTTP API works; all below requests return the same result
export VAULT_ADDR=...
export VAULT_TOKEN=...
curl -H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Namespace: " -X GET $VAULT_ADDR/v1/dev/myapp/secrets/data/examplePath
curl -H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Namespace: dev" -X GET $VAULT_ADDR/v1/myapp/secrets/data/examplePath
curl -H "X-Vault-Token: $VAULT_TOKEN" -H "X-Vault-Namespace: dev/myapp" -X GET $VAULT_ADDR/v1/secrets/data/examplePath
# Check CLI
vault kv get -field foo -namespace= dev/myapp/secrets/examplePath # APPsecret
vault kv get -field foo -namespace=/dev myapp/secrets/examplePath # No value found at dev/myapp/secrets/data/myapp/secrets/examplePath
vault kv get -field foo -namespace=/dev/myapp secrets/examplePath # APPsecret
Expected behavior
Command vault kv get -field foo -namespace=/dev myapp/secrets/examplePath should work and return the secret. That is, CLI should call dev/myapp/secrets/data/examplePath instead of dev/myapp/secrets/data/myapp/secrets/examplePath.
Environment:
Vault Server Version (retrieve with vault status): 1.8.2+ent
Vault CLI Version (retrieve with vault version): v1.8.2+ent (bf22e1eb262e59f08bb8a1374dc726ab93830178)
Server Operating System/Architecture: Windows 10 / 5.4.72-microsoft-standard-WSL2
Vault server configuration file(s):
(empty)
Additional context
n/a
The text was updated successfully, but these errors were encountered:
* CLI makes request to incorrect URL when namespace is both provided as argument and part of the path
fixes#12675
* adding change log
* removing a switch and addressing a possibility of out of bound index
qk4l
pushed a commit
to qk4l/vault
that referenced
this issue
Feb 4, 2022
…corp#12720)
* CLI makes request to incorrect URL when namespace is both provided as argument and part of the path
fixeshashicorp#12675
* adding change log
* removing a switch and addressing a possibility of out of bound index
Describe the bug
Namespace documentation states that namespace can be treated as part of the path. This works fine with HTTP API, but CLI makes request to incorrect URL when namespace is both provided as argument and part of the path.
To Reproduce
Expected behavior
Command
vault kv get -field foo -namespace=/dev myapp/secrets/examplePath
should work and return the secret. That is, CLI should calldev/myapp/secrets/data/examplePath
instead ofdev/myapp/secrets/data/myapp/secrets/examplePath
.Environment:
vault status
): 1.8.2+entvault version
): v1.8.2+ent (bf22e1eb262e59f08bb8a1374dc726ab93830178)Vault server configuration file(s):
(empty)
Additional context
n/a
The text was updated successfully, but these errors were encountered: