There are certain backends that have endpoints that don't return the standard JSON format with a data key, or even JSON at all. For example the PKI module's CA retrieval method returns the certificate bare as seen here. This causes the plugin to error out with a message like:
An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.ValueError'>, original message: No JSON object could be decoded
The plugin tries to preemptively interpret the response from the API as JSON here, then get the data field here.
I think it would make sense to inspect the content type of the response and if it's not application/json (eg. it's application/pkix-cert in case of the CA retrieval) return it without any processing. The hardcoded data lookup could also be relaxed as it looks like backends can return arbitrary data, not only the Vault standard response.
There are certain backends that have endpoints that don't return the standard JSON format with a
data
key, or even JSON at all. For example the PKI module's CA retrieval method returns the certificate bare as seen here. This causes the plugin to error out with a message like:An unhandled exception occurred while running the lookup plugin 'vault'. Error was a <type 'exceptions.ValueError'>, original message: No JSON object could be decoded
The plugin tries to preemptively interpret the response from the API as JSON here, then get the
data
field here.I think it would make sense to inspect the content type of the response and if it's not
application/json
(eg. it'sapplication/pkix-cert
in case of the CA retrieval) return it without any processing. The hardcodeddata
lookup could also be relaxed as it looks like backends can return arbitrary data, not only the Vault standard response.