etSpark
commented
3 years ago So, I am not exactly sure if this is a bug. But if this behavior can be changed in the vault config, then the behavior should also be configurable in this vault plugin.
The vault I want access to, needs the path to be provided like
/a(1)/a(2)/../a(n-1)/data/a(n)
But the gocd-vault-secret-plugin-1.1.0-31.jar creates paths like
/a(1)/data/../a(n)
I found no workaround. Namespaces could be a workaround but those are only supported in the Enterprise Edition of Vault and seem to not be usable with the free Version of Vault.
One also can't just append /a(1)/../a(n-2) to the VaultUrl and provide a(n-1)/a(n) as the VaultPath. So..
A feature to flag that the configured VaultPath should be taken "as is" (and has the "data/" string in it) would be nice and'd be no breaking change if that flag is default disabled.
Where in the code does this "data/" insert into the VaultPath happen? Assume its happening in the used BetterCloud/vault-java-driver ?
It seems that this plugin creates a request from a given VaultPath "a/b/c" like so:
"path": "a/data/b/c"which seems wrong, the "data/" should be inserted not after the first slash but after the last one, like:
"path": "a/b/data/c"