You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
For a valid JWT auth backend configured, listing existing roles via API results in HTTP 404 error code if there are no roles defined. I would expect HTTP 200 with an empty list.
Contrary, using Vault CLI, informative answer is returned:
$ vault list auth/jwt/roles
No value found at auth/jwt/roles/
To Reproduce
Steps to reproduce the behavior:
Run vault auth enable -path=jwt jwt
Setup some indentity provider (not sure if necessary for a reproduction..)
Hi @viralpoetry! This is part of a larger discussion that the engineering team is discussing with regards to evaluating and, as needed, standardizing our HTTP response codes. I'll bring this up with the leadership team to raise awareness. Thanks!
It's not specific to the JWT auth method either, all Vault API collections behave this way.
I think it's unconventional and unhelpful too, and users would be better served (and less surprised) by a 200 OK response containing an empty list - which is what almost any other REST-styled API does in this circumstance.
Describe the bug
For a valid JWT auth backend configured, listing existing roles via API results in HTTP 404 error code if there are no roles defined. I would expect HTTP 200 with an empty list.
Contrary, using Vault CLI, informative answer is returned:
To Reproduce
Steps to reproduce the behavior:
vault auth enable -path=jwt jwt
curl --head --header "X-Vault-Token: " --request LIST http://127.0.0.1:8200/v1/auth/jwt/role/
See the result:
Response content is
{"errors":[]}
Expected behavior
I would expect HTTP 200 with an empty list of roles as I have necessary rights to perform this action.
Environment:
vault status
): 1.7.2vault version
): 1.7.2Vault server configuration file(s):
for example
vault server -dev
The text was updated successfully, but these errors were encountered: