[Bug 1788375] Re: API changes in vault 0.10.0 causes test to fail.

James Page james.page at ubuntu.com
Wed Oct 10 16:16:35 UTC 2018 

** Also affects: python-castellan (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: python-castellan (Ubuntu)
       Status: New => Triaged

** Changed in: python-castellan (Ubuntu)
     Assignee: (unassigned) => James Page (james-page)

** Changed in: python-castellan (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-castellan in Ubuntu.
https://bugs.launchpad.net/bugs/1788375

Title:
  API changes in vault 0.10.0 causes test to fail.

Status in castellan:
  Fix Committed
Status in python-castellan package in Ubuntu:
  Triaged

Bug description:
  Since Vault 0.10.0 the K/V engine is versioned by default and returns
  the following warning:

  Invalid path for a versioned K/V secrets engine. See the API docs for
  the appropriate API endpoints to use. If using the Vault CLI, use
  'vault kv put' for this operation.

  The warning can be seen at:

  $ curl \
      --header "X-Vault-Token: $VAULT_TOKEN" \
      --request POST \                          
      --data '{"value": "bar"}' \
      http://127.0.0.1:8200/v1/secret/foo

  ### Formatted JSON Data returned by curl
  {  
    "request_id":"48b76803-c396-8f71-0d98-b5949478de2c",
    "lease_id":"",
    "renewable":false,
    "lease_duration":0,
    "data":null,
    "wrap_info":null,
    "warnings":[  
      "Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."
    ],
    "auth":null
  }

  ---

  The VaultKeyManager._store_key_value method doesn't care for the
  "warnings" value and just returns the key_id, but the data was
  actually not stored.

  The required fixes are in the url (add 'data/' after secret/) and the
  request data is now {"data":{...}} instead of just {...}.

  $ curl \
      --header "X-Vault-Token: $VAULT_TOKEN" \
      --request POST \
      --data '{"data":{"value": "bar"}}' \ 
      http://127.0.0.1:8200/v1/secret/data/foo

  ### Formatted JSON Data returned by curl
  {
    "request_id":"087e314a-c2aa-7261-f004-99f07783e14f",
    "lease_id":"",
    "renewable":false,
    "lease_duration":0,
    "data":{  
      "created_time":"2018-08-22T09:58:47.245643874Z",
      "deletion_time":"",
      "destroyed":false,
      "version":1
    },
    "wrap_info":null,
    "warnings":null,
    "auth":null
  }

  The equivalent fixes are also required in VaultKeyManager.get().

To manage notifications about this bug go to:
https://bugs.launchpad.net/castellan/+bug/1788375/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list