Failing to list secrets with v2 rewrite branch

[ieugen]

I decided to test ou vault v2 branch for a project rewrite. I tried to use it but it seems I can't list kv2 secrets (or I am not using the api right).

(def client (vault/new-client "https://REDACTED"))
  (vault/authenticate! client (vault-token))

  (try
    (kv2/list-secrets client "DocSearch")
    (catch Exception e
      (println e)))

I get:

#error {
 :cause Vault API errors: no handler for route "secret/metadata/DocSearch/". route entry not found.
 :data #:vault.client{:status 404, :headers {:cache-control no-store, :content-length 91, :content-type application/json, :date Thu, 13 Jul 2023 23:40:19 GMT, :strict-transport-security max-age=31536000; includeSubDomains}, :errors [no handler for route "secret/metadata/DocSearch/". route entry not found.]}
 :via
 [{:type clojure.lang.ExceptionInfo
   :message Vault API errors: no handler for route "secret/metadata/DocSearch/". route entry not found.
   :data #:vault.client{:status 404, :headers {:cache-control no-store, :content-length 91, :content-type application/json, :date Thu, 13 Jul 2023 23:40:19 GMT, :strict-transport-security max-age=31536000; includeSubDomains}, :errors [no handler for route "secret/metadata/DocSearch/". route entry not found.]}
   :at [sci.lang.Var invoke lang.cljc 202]}]
 :trace
[[sci.lang.Var invoke lang.cljc 202]
  [sci.impl.analyzer$return_call$reify__4553 eval analyzer.cljc 1407]
  [sci.impl.analyzer$analyze_let_STAR_$reify__4227 eval analyzer.cljc 625]
  [sci.impl.analyzer$analyze_let_STAR_$reify__4233 eval analyzer.cljc 670]
  [sci.impl.fns$fun$arity_3__1177 invoke fns.cljc 109]
  [sci.lang.Var invoke lang.cljc 204]
  [sci.impl.analyzer$return_call$reify__4557 eval analyzer.cljc 1407]
  [sci.impl.analyzer$return_binding_call$reify__4428 eval analyzer.cljc 1325]
  [sci.impl.analyzer$analyze_let_STAR_$reify__4229 eval analyzer.cljc 634]
  [sci.impl.analyzer$return_if$reify__4265 eval analyzer.cljc 856]
  [sci.impl.analyzer$return_if$reify__4265 eval analyzer.cljc 857]
  [sci.impl.analyzer$return_if$reify__4265 eval analyzer.cljc 857]
  [sci.impl.analyzer$return_if$reify__4265 eval analyzer.cljc 857]
  [sci.impl.evaluator$eval_try invokeStatic evaluator.cljc 82]
  [sci.impl.analyzer$analyze_try$reify__4302 eval analyzer.cljc 958]
  [sci.impl.analyzer$analyze_let_STAR_$reify__4233 eval analyzer.cljc 670]
  [sci.impl.analyzer$analyze_let_STAR_$reify__4229 eval analyzer.cljc 636]
  [sci.impl.analyzer$analyze_let_STAR_$reify__4235 eval analyzer.cljc 693]
  [sci.impl.fns$fun$arity_1__1166 invoke fns.cljc 107]
  [sci.lang.Var invoke lang.cljc 200]
  [org.httpkit.client$request$deliver_resp__8709$fn__8710 invoke client.clj 271]
  [org.httpkit.client$request$deliver_resp__8709 invoke client.clj 270]
  [org.httpkit.client$request$reify__8713 onSuccess client.clj 310]
  [org.httpkit.client.Handler run RespListener.java 42]
  [java.util.concurrent.Executors$RunnableAdapter call Executors.java 577]
  [java.util.concurrent.FutureTask run FutureTask.java 317]
  [java.util.concurrent.ThreadPoolExecutor runWorker ThreadPoolExecutor.java 1144]
  [java.util.concurrent.ThreadPoolExecutor$Worker run ThreadPoolExecutor.java 642]
  [java.lang.Thread run Thread.java 1589]
  [com.oracle.svm.core.thread.PlatformThreads threadStartRoutine PlatformThreads.java 775]
  [com.oracle.svm.core.posix.thread.PosixPlatformThreads pthreadStartRoutine PosixPlatformThreads.java 203]]}

[ieugen]

Is there a way to list requests made by vault-clj? I'm trying to debug things:

Looks like you can supply some logging options:

:error-logger       ; (fn [text ex])
:event-logger       ; (fn [event-name])

https://http-kit.github.io/http-kit/org.httpkit.client.html#var-make-client

But those are not supported by request function https://http-kit.github.io/http-kit/org.httpkit.client.html#var-request .

https://github.com/amperity/vault-clj/blob/3e8fb11473ff7cc10f979c9ee43a00b78a6f655c/src/vault/client/http.clj#L121

[ieugen]

I had to switch the code to 1.x branch and it worked.

This is the code that uses vault 1.x and works:

  (def client (vault/new-client "https://REDACTED") )
  (vault/authenticate! client :token (vault-token))
  (try
    (kv2/list-secrets client "DocSearch" "/")
    (catch Exception e
      (println e)))

[greglook]

Is DocSearch the mount for the kv2 secrets engine? If so, then you should use (kv2/with-mount client "DocSearch") before calling kv2/list-secrets on the client.

[ieugen]

Thanks. Using the 2.x release I managed to make it work by using with-mount