[Bug 1788375] Re: API changes in vault 0.10.0 causes test to fail.

Takashi Kajinami 1788375 at bugs.launchpad.net
Tue Mar 19 15:19:57 UTC 2024 

This was fixed by
https://review.opendev.org/c/openstack/castellan/+/595012

** Changed in: castellan
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-castellan in Ubuntu.
https://bugs.launchpad.net/bugs/1788375

Title:
  API changes in vault 0.10.0 causes test to fail.

Status in castellan:
  Fix Released
Status in python-castellan package in Ubuntu:
  Fix Released

Bug description:
  Since Vault 0.10.0 the K/V engine is versioned by default and returns
  the following warning:

  Invalid path for a versioned K/V secrets engine. See the API docs for
  the appropriate API endpoints to use. If using the Vault CLI, use
  'vault kv put' for this operation.

  The warning can be seen at:

  $ curl \
      --header "X-Vault-Token: $VAULT_TOKEN" \
      --request POST \                          
      --data '{"value": "bar"}' \
      http://127.0.0.1:8200/v1/secret/foo

  ### Formatted JSON Data returned by curl
  {  
    "request_id":"48b76803-c396-8f71-0d98-b5949478de2c",
    "lease_id":"",
    "renewable":false,
    "lease_duration":0,
    "data":null,
    "wrap_info":null,
    "warnings":[  
      "Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."
    ],
    "auth":null
  }

  ---

  The VaultKeyManager._store_key_value method doesn't care for the
  "warnings" value and just returns the key_id, but the data was
  actually not stored.

  The required fixes are in the url (add 'data/' after secret/) and the
  request data is now {"data":{...}} instead of just {...}.

  $ curl \
      --header "X-Vault-Token: $VAULT_TOKEN" \
      --request POST \
      --data '{"data":{"value": "bar"}}' \ 
      http://127.0.0.1:8200/v1/secret/data/foo

  ### Formatted JSON Data returned by curl
  {
    "request_id":"087e314a-c2aa-7261-f004-99f07783e14f",
    "lease_id":"",
    "renewable":false,
    "lease_duration":0,
    "data":{  
      "created_time":"2018-08-22T09:58:47.245643874Z",
      "deletion_time":"",
      "destroyed":false,
      "version":1
    },
    "wrap_info":null,
    "warnings":null,
    "auth":null
  }

  The equivalent fixes are also required in VaultKeyManager.get().

To manage notifications about this bug go to:
https://bugs.launchpad.net/castellan/+bug/1788375/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list