Vault 1.15.0 - Browsing kv's via /ui/ is fine but trying to share a listing url returns 404 (So does pressing F5).

[ipaqmaster]

Describe the bug

Can navigate the /ui/ for KV secrets just fine. But hitting F5 or attempting to sharthe URL-bar link results in a 404

To Reproduce
Steps to reproduce the behavior:

1. Log into a vault cluster's /ui/
2. Browse some kv secrets
3. Hit F5 or share the url with someone - In both scenarios vault/ui returns a 404.

Expected behavior
The same list of secrets to draw for visual navigation to continue.

Environment:

• Vault Server Version (retrieve with vault status): 1.15.0
• Vault CLI Version (retrieve with vault version): Vault v1.15.0 (b4d0727), built 2023-09-22T16:53:10Z
• Server Operating System/Architecture: Microsoft Windows 10 Pro 10.0.19045 Build 19045
• Browser and version: Google Chrome Version 116.0.5845.111 (Official Build) (64-bit)

Vault server configuration file(s):

NA (?)

Additional context

Reproducible on this Windows client with vault server -dev on Vault v1.15.0 (b4d07277a6c5318bb50d3b94bbd6135dccb4c601), built 2023-09-22T16:53:10Z. Simply make a new secret under a subdir kv path and hit F5 in the middle subdir secret listing.

Seems to be a minor /ui bug.

[hmalinov]

I have the same issue after upgrading to 1.15.0
Previously URLs looked like secret/kv/prod/servers/directory and now a part of the url and specifically "/" are url encoded secret/kv/prod%2Fservers%2F/directory. If a page is refreshed there is 404 returned.

Double check the url or [go back home ](https://vault url/).

This results in URLs not working.

[marsu-p]

This is still an issue in 1.15.1 (not tested 1.15.2 yet)
Navigating through the UI to a secret leads to encoded parts in the URL:
/ui/vault/secrets/secret/kv/prod%2Fusers%2Fdeploy/details?version=1

Opening the link in a new window/tab or even hitting referesh / F5 leads to a 404:

Not Found

The requested URL /ui/vault/secrets/secret/kv/prod/users/deploy/details was not found on this server.

With vault <1.15.x the url would have looked like this:
/ui/vault/secrets/secret/show/prod/users/deploy
which still works, by the way

[hashishaw]

Hi @marsu-p -- would you mind sharing which browser you're seeing this behavior on? I'm unable to replicate on 1.15.1. Thanks!

[marsu-p]

Thanks for the swift reply.
Please ignore my comment, It's related to our reverse proxy / waf solution. It works just fine when I bypass it. Sorry for that.

[hmalinov]

While the 404 is fixed in 1.15.1 , there is still an issue with the URL link, where it used to work like :
/ui/vault/secrets/hma/kv/applications/foo/details?version=2
now seems to be
/ui/vault/secrets/hma/kv/applications%2Ffoo/details?version=2
and any old links does not work anymore.

[hashishaw]

Hi @hmalinov -- That's correct, we did update the URL structure so that we would minimize the number of times we fetch the underlying secret data. The previous url for details was:
ui/vault/secrets/hma/show/${secretPath}
and now it has changed to:
ui/vault/secrets/hma/kv/${encodedUriComponent(secretPath)}/details
Hope that helps! Would publishing the URL changes somewhere be helpful in your opinion?

[hmalinov]

@hashishaw If the url change is intentional, it is indeed a good idea to be documented.
I would like to challenge this backward incompatibility, as every url link stored somewhere (in documentation for example) will result in failure. Which means this is a breaking change.

[ipaqmaster]

I'm certainly feeling this. All my browser history is sending me to dead URLs leaving me with manually browsing to paths. Then those paths also 404 when I go back to them later. I can't middle-click entries in the kv ui list to open them in new tabs and navigate around like a normal website either - doing that manually by copying the current URL to a new tab 404s.

This UI update feels like a major step back in accessibility and function for F5'ing to 404 your existing page alone. Where's the backwards compatibility with the old URI paths and how was it acceptable for refreshing with this new URI format to 404 in the release?

I had to go around and update a lot of documentation - but a lot of the new paths are 404ing anyway. You cannot hyperlink to salt kv ui dirs which aren't at the top level anymore.