Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault CLI: show detailed information with ListResponseWithInfo #15417

Merged
merged 8 commits into from
May 18, 2022
Merged

Vault CLI: show detailed information with ListResponseWithInfo #15417

merged 8 commits into from
May 18, 2022

Conversation

cipherboy
Copy link
Contributor

@cipherboy cipherboy commented May 13, 2022
edited
Loading

This adds the ability (via switch -detailed) to show the additional metadata returned by endpoints which use the ListResponseWithInfo format helper. We add support for both table and JSON formatted response printing.

See the individual commit messages for examples of each.

An unofficial survey of endpoints returns:

  • PKI: /issuers and /keys, which are new to 1.11
  • SSH: /roles, which has been around for a while. It returns the key_type field.

A few other uses:

vault/identity_store_entities.go:666:			resp := logical.ListResponseWithInfo(keys, entityInfo)
vault/identity_store_entities.go:717:	return logical.ListResponseWithInfo(keys, entityInfo), nil
vault/identity_store_groups.go:533:	return logical.ListResponseWithInfo(keys, groupInfo), nil
vault/identity_store_util.go:2485:	return logical.ListResponseWithInfo(aliasIDs, aliasInfo), nil
vault/logical_system.go:4385:	return logical.ListResponseWithInfo(respKeys, respKeyInfo), nil
vault/login_mfa.go:191:	return logical.ListResponseWithInfo(keys, configInfo), nil
vault/login_mfa.go:746:	return logical.ListResponseWithInfo(keys, configInfo), nil

cipherboy added 2 commits May 13, 2022 12:32
@cipherboy
CLI: Add ability to display ListResponseWithInfos
0612bd9 
The Vault Server API includes a ListResponseWithInfo call, allowing LIST
responses to contain additional information about their keys. This is in
a key=value mapping format (both for each key, to get the additional
metadata, as well as within each metadata).

Expand the `vault list` CLI command with a `-detailed` flag (and env var
VAULT_DETAILED_LISTS) to print this additional metadata. This looks
roughly like the following:

    $ vault list -detailed pki/issuers
    Keys                                    issuer_name
    ----                                    -----------
    0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7    n/a
    35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0    n/a
    382fad1e-e99c-9c54-e147-bb1faa8033d3    n/a
    8bb4a793-2ad9-460c-9fa8-574c84a981f7    n/a
    8bd231d7-20e2-f21f-ae1a-7aa3319715e7    n/a
    9425d51f-cb81-426d-d6ad-5147d092094e    n/a
    ae679732-b497-ab0d-3220-806a2b9d81ed    n/a
    c5a44a1f-2ae4-2140-3acf-74b2609448cc    utf8
    d41d2419-efce-0e36-c96b-e91179a24dc1    something

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Allow detailed printing of LIST responses in JSON
663e319 
When using the JSON formatter, only the absolute list of keys were
returned. Reuse the `-detailed` flag value for the `-format=json` list
response printer, allowing us to show the complete API response returned
by Vault.

This returns something like the following:

    {
      "request_id": "e9a25dcd-b67a-97d7-0f08-3670918ef3ff",
      "lease_id": "",
      "lease_duration": 0,
      "renewable": false,
      "data": {
        "key_info": {
          "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7": {
            "issuer_name": ""
          },
          "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0": {
            "issuer_name": ""
          },
          "382fad1e-e99c-9c54-e147-bb1faa8033d3": {
            "issuer_name": ""
          },
          "8bb4a793-2ad9-460c-9fa8-574c84a981f7": {
            "issuer_name": ""
          },
          "8bd231d7-20e2-f21f-ae1a-7aa3319715e7": {
            "issuer_name": ""
          },
          "9425d51f-cb81-426d-d6ad-5147d092094e": {
            "issuer_name": ""
          },
          "ae679732-b497-ab0d-3220-806a2b9d81ed": {
            "issuer_name": ""
          },
          "c5a44a1f-2ae4-2140-3acf-74b2609448cc": {
            "issuer_name": "utf8"
          },
          "d41d2419-efce-0e36-c96b-e91179a24dc1": {
            "issuer_name": "something"
          }
        },
        "keys": [
          "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7",
          "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0",
          "382fad1e-e99c-9c54-e147-bb1faa8033d3",
          "8bb4a793-2ad9-460c-9fa8-574c84a981f7",
          "8bd231d7-20e2-f21f-ae1a-7aa3319715e7",
          "9425d51f-cb81-426d-d6ad-5147d092094e",
          "ae679732-b497-ab0d-3220-806a2b9d81ed",
          "c5a44a1f-2ae4-2140-3acf-74b2609448cc",
          "d41d2419-efce-0e36-c96b-e91179a24dc1"
        ]
      },
      "warnings": null
    }

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy added this to the 1.11.0-rc1 milestone May 13, 2022
@cipherboy
Add changelog
6d020c3 
Signed-off-by: Alexander Scheel <[email protected]>
ccapurso
ccapurso reviewed May 13, 2022
View reviewed changes
command/list.go Outdated Show resolved Hide resolved
@ccapurso
Copy link
Contributor

I provided a comment regarding the flag usage but overall, I really like the concept. As it would have prevented me from having to add a new command recently.

cipherboy added 3 commits May 16, 2022 08:34
@cipherboy
Use field on UI rather than secret.Data
38e8a82 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Only include headers from visitable key_infos
62415ec 
Certain API endpoints return data from non-visitable key_infos, by
virtue of using a hand-rolled response. Limit our headers to those
from visitable key_infos. This means we won't return entire columns with
n/a entries, if no key matches the key_info key that includes that
header.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Use setupEnv sourced detailed info
bf432a9 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Copy link
Contributor Author

@ccapurso Updated, let me know what you think. I tried to mimic the existing structure.

@cipherboy
Fix changelog environment variable
e59f5bd 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy requested a review from a team May 17, 2022 15:47
ccapurso
ccapurso approved these changes May 17, 2022
View reviewed changes
Copy link
Contributor

@ccapurso ccapurso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good to me! Thanks for adding this. You might want to get some feedback from someone on the devex side too.

VinnyHC
VinnyHC approved these changes May 18, 2022
View reviewed changes
Copy link
Contributor

@VinnyHC VinnyHC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me! Nice improvement.

@cipherboy
Fix broken tests using setupEnv
c119247 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Copy link
Contributor Author

Thanks all! I've fixed the broken tests, will merge now.

@cipherboy cipherboy merged commit 3379eaa into main May 18, 2022
Gabrielopesantos pushed a commit to Gabrielopesantos/vault that referenced this pull request Jun 6, 2022
@cipherboy @Gabrielopesantos
Vault CLI: show detailed information with ListResponseWithInfo (hashi…
fedf90c 
…corp#15417)

* CLI: Add ability to display ListResponseWithInfos

The Vault Server API includes a ListResponseWithInfo call, allowing LIST
responses to contain additional information about their keys. This is in
a key=value mapping format (both for each key, to get the additional
metadata, as well as within each metadata).

Expand the `vault list` CLI command with a `-detailed` flag (and env var
VAULT_DETAILED_LISTS) to print this additional metadata. This looks
roughly like the following:

    $ vault list -detailed pki/issuers
    Keys                                    issuer_name
    ----                                    -----------
    0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7    n/a
    35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0    n/a
    382fad1e-e99c-9c54-e147-bb1faa8033d3    n/a
    8bb4a793-2ad9-460c-9fa8-574c84a981f7    n/a
    8bd231d7-20e2-f21f-ae1a-7aa3319715e7    n/a
    9425d51f-cb81-426d-d6ad-5147d092094e    n/a
    ae679732-b497-ab0d-3220-806a2b9d81ed    n/a
    c5a44a1f-2ae4-2140-3acf-74b2609448cc    utf8
    d41d2419-efce-0e36-c96b-e91179a24dc1    something

Signed-off-by: Alexander Scheel <[email protected]>

* Allow detailed printing of LIST responses in JSON

When using the JSON formatter, only the absolute list of keys were
returned. Reuse the `-detailed` flag value for the `-format=json` list
response printer, allowing us to show the complete API response returned
by Vault.

This returns something like the following:

    {
      "request_id": "e9a25dcd-b67a-97d7-0f08-3670918ef3ff",
      "lease_id": "",
      "lease_duration": 0,
      "renewable": false,
      "data": {
        "key_info": {
          "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7": {
            "issuer_name": ""
          },
          "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0": {
            "issuer_name": ""
          },
          "382fad1e-e99c-9c54-e147-bb1faa8033d3": {
            "issuer_name": ""
          },
          "8bb4a793-2ad9-460c-9fa8-574c84a981f7": {
            "issuer_name": ""
          },
          "8bd231d7-20e2-f21f-ae1a-7aa3319715e7": {
            "issuer_name": ""
          },
          "9425d51f-cb81-426d-d6ad-5147d092094e": {
            "issuer_name": ""
          },
          "ae679732-b497-ab0d-3220-806a2b9d81ed": {
            "issuer_name": ""
          },
          "c5a44a1f-2ae4-2140-3acf-74b2609448cc": {
            "issuer_name": "utf8"
          },
          "d41d2419-efce-0e36-c96b-e91179a24dc1": {
            "issuer_name": "something"
          }
        },
        "keys": [
          "0cba84d7-bbbe-836a-4ff6-a11b31dc0fb7",
          "35dfb02d-0cdb-3d35-ee64-d0cd6568c6b0",
          "382fad1e-e99c-9c54-e147-bb1faa8033d3",
          "8bb4a793-2ad9-460c-9fa8-574c84a981f7",
          "8bd231d7-20e2-f21f-ae1a-7aa3319715e7",
          "9425d51f-cb81-426d-d6ad-5147d092094e",
          "ae679732-b497-ab0d-3220-806a2b9d81ed",
          "c5a44a1f-2ae4-2140-3acf-74b2609448cc",
          "d41d2419-efce-0e36-c96b-e91179a24dc1"
        ]
      },
      "warnings": null
    }

Signed-off-by: Alexander Scheel <[email protected]>

* Add changelog

Signed-off-by: Alexander Scheel <[email protected]>

* Use field on UI rather than secret.Data

Signed-off-by: Alexander Scheel <[email protected]>

* Only include headers from visitable key_infos

Certain API endpoints return data from non-visitable key_infos, by
virtue of using a hand-rolled response. Limit our headers to those
from visitable key_infos. This means we won't return entire columns with
n/a entries, if no key matches the key_info key that includes that
header.

Signed-off-by: Alexander Scheel <[email protected]>

* Use setupEnv sourced detailed info

Signed-off-by: Alexander Scheel <[email protected]>

* Fix changelog environment variable

Signed-off-by: Alexander Scheel <[email protected]>

* Fix broken tests using setupEnv

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy deleted the cipherboy-cli-list-response-with-info branch June 16, 2022 15:35
@cipherboy cipherboy mentioned this pull request Sep 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VinnyHC VinnyHC VinnyHC approved these changes

@ccapurso ccapurso ccapurso approved these changes

Assignees
No one assigned
Labels
core/cli
Projects
None yet
Milestone
1.11.0-rc1
Development

Successfully merging this pull request may close these issues.
3 participants
@cipherboy @ccapurso @VinnyHC