There are certain backends that have endpoints that don't return the standard JSON format with a data key, or even JSON at all. For example the PKI module's CA retrieval method returns the certificate bare as seen here. This causes the plugin to error out with a message like:
An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.ValueError'>, original message: No JSON object could be decoded
The plugin tries to preemptively interpret the response from the API as JSON here, then get the data field here.
I think it would make sense to inspect the content type of the response and if it's not application/json (eg. it's application/pkix-cert in case of the CA retrieval) return it without any processing. The hardcoded data lookup could also be relaxed as it looks like backends can return arbitrary data, not only the Vault standard response.
There are certain backends that have endpoints that don't return the standard JSON format with a
datakey, or even JSON at all. For example the PKI module's CA retrieval method returns the certificate bare as seen here. This causes the plugin to error out with a message like:An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.ValueError'>, original message: No JSON object could be decodedThe plugin tries to preemptively interpret the response from the API as JSON here, then get the
datafield here.I think it would make sense to inspect the content type of the response and if it's not
application/json(eg. it'sapplication/pkix-certin case of the CA retrieval) return it without any processing. The hardcodeddatalookup could also be relaxed as it looks like backends can return arbitrary data, not only the Vault standard response.