search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.2k stars 4.22k forks source link

API: Read AppRole secret ID returns 2xx with empty body when not found #24019

Closed Hansanto closed 1 year ago

Hansanto commented 1 year ago

Describe the bug The endpoint Read Secret ID will return an empty body with a status 2xx if the secret ID was not generated by the endpoint the Generate Secret ID and therefore, not found.

However, for other endpoints (for AppRole), when an element is not found (Read Role, Read Secret ID Accessor, List, etc.), the API will return a 4xx status code and not a 2xx with empty body.

To Reproduce

Expected behavior The Read secret ID should return 4xx if the value is not found (consistency with other endpoints)

Environment:

Key Value
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.15.1
Build Date 2023-10-20T19:16:11Z
Storage Type inmem
Cluster Name vault-cluster-ddafadb2
Cluster ID 2eba8a69-566e-05d8-a2f9-a3e76d591c3a
HA Enabled false

Vault server configuration file(s):

# docker-compose
version: "3.8"

services:
  vault:
    image: hashicorp/vault:1.15.1
    container_name: vault
    ports:
      - "8200:8200"
    environment:
      - VAULT_DEV_ROOT_TOKEN_ID=root
      - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
    cap_add:
      - IPC_LOCK

Additional context

ccapurso commented 1 year ago

Hi, @Hansanto! Thank you for your feedback and desire to improve Vault. At this time, Vault does not have API versioning that would enable the introduction of backward incompatible changes while preventing negatively impacting users that might depend on existing functionality. With that said, we will not be able to resolve this issue at this time. I have labeled it accordingly, however, so that we can reference it it later if/when proper API versioning is introduced to Vault.