Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added OpenAPI response objects for sys endpoints #18633

Merged
merged 20 commits into from
Feb 15, 2023
Merged

added OpenAPI response objects for sys endpoints #18633

merged 20 commits into from
Feb 15, 2023

Conversation

lursu
Copy link
Collaborator

@lursu lursu commented Jan 9, 2023
edited by jira bot
Loading

This contains a partial list of the sys endpoints that are laid out in VAULT-12144.

@lursu lursu added this to the 1.13.0-rc1 milestone Jan 9, 2023
@lursu lursu requested review from dhuckins, AnPucel and averche January 9, 2023 16:37
dhuckins
dhuckins reviewed Jan 9, 2023
View reviewed changes
vault/logical_raw.go Outdated Show resolved Hide resolved
vault/logical_raw.go Outdated
Comment on lines 333 to 348
Callback: r.handleRawWrite,
Summary: "Update the value of the key at the given path.",
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
}},
},
Summary: "Update the value of the key at the given path.",
},
logical.CreateOperation: &framework.PathOperation{
Callback: r.handleRawWrite,
Summary: "Create a key with value at the given path.",
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
}},
},
Summary: "Create a key with value at the given path.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like it returns 204 no content on success

vault/vault/logical_raw.go

Line 225 in 4b8bd15

return nil, nil

vault/logical_raw.go Outdated Show resolved Hide resolved
vault/logical_system_paths.go Outdated
@@ -371,6 +372,7 @@ func (b *SystemBackend) rekeyPaths() []*framework.Path {
},
},

// TODO not sure what to do for this as there are no callbacks
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

think it's here
https://github.com/hashicorp/vault/blob/4b8bd15e28ad3194159e7601fe76a994688988d4/http/sys_rekey.go

(@AnPucel helped me last time one was missing iirc)

Copy link
Contributor

@AnPucel AnPucel Jan 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. Some of the sys calls don't have callbacks they get routed directly. If you code search the path it will show you where it gets handled, which I believe is here.

This is where some of the sys paths get handled manually

vault/logical_system_paths.go Outdated Show resolved Hide resolved
vault/logical_system_paths.go Outdated Show resolved Hide resolved
vault/logical_system_quotas.go Outdated Show resolved Hide resolved
vault/logical_system_quotas.go Outdated Show resolved Hide resolved
vault/logical_system_quotas.go Outdated Show resolved Hide resolved
lursu and others added 9 commits January 10, 2023 09:16
@lursu @dhuckins
Update vault/logical_system_paths.go
d2ac32d 
Co-authored-by: Daniel Huckins <[email protected]>
@lursu @dhuckins
Update vault/logical_raw.go
383ee4b 
Co-authored-by: Daniel Huckins <[email protected]>
@lursu @dhuckins
Update vault/logical_system_paths.go
e98af93 
Co-authored-by: Daniel Huckins <[email protected]>
@lursu @dhuckins
Update vault/logical_system_quotas.go
38da7da 
Co-authored-by: Daniel Huckins <[email protected]>
@lursu @dhuckins
Update vault/logical_system_quotas.go
641fdb5 
Co-authored-by: Daniel Huckins <[email protected]>
@lursu @dhuckins
Update vault/logical_system_quotas.go
7ab4ea1 
Co-authored-by: Daniel Huckins <[email protected]>
Merge branch 'main' into VAULT-12144/added_responses_for_sys_subsecti…
4b43b35 
…on_3
Merge branch 'main' into VAULT-12144/added_responses_for_sys_subsecti…
a211fab 
…on_3
add tests and update based on reviews
69de4d1
@lursu lursu requested a review from dhuckins January 30, 2023 17:33
averche
averche reviewed Feb 1, 2023
View reviewed changes
vault/logical_raw.go Outdated Show resolved Hide resolved
vault/logical_system_paths.go Show resolved Hide resolved
vault/logical_system_paths.go
Comment on lines +562 to +567
"t": {
Type: framework.TypeInt,
},
"n": {
Type: framework.TypeInt,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure where these fields are defined, but should some of them be marked as required?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So actually no only the three I have, this endpoint is fairly jank as it can return two totally different structures. more reading here:

vault/http/sys_rekey.go

Lines 198 to 220 in b741fa8

// Format the response
resp := &RekeyUpdateResponse{}
if result != nil {
resp.Complete = true
resp.Nonce = req.Nonce
resp.Backup = result.Backup
resp.PGPFingerprints = result.PGPFingerprints
resp.VerificationRequired = result.VerificationRequired
resp.VerificationNonce = result.VerificationNonce
// Encode the keys
keys := make([]string, 0, len(result.SecretShares))
keysB64 := make([]string, 0, len(result.SecretShares))
for _, k := range result.SecretShares {
keys = append(keys, hex.EncodeToString(k))
keysB64 = append(keysB64, base64.StdEncoding.EncodeToString(k))
}
resp.Keys = keys
resp.KeysB64 = keysB64
respondOk(w, resp)
} else {
handleSysRekeyInitGet(ctx, core, recovery, w, r)
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the API is unstable (can return two different structures), it might be better to just not specify the fields at all. Not really sure, what do you think?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's more helpful to return all possible fields than nothing at all.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so responses is map[int][]framework.Response
why not have

http.StatusOK: {
    {
        Description: "returned if ...",
        Fields: ...
    },
    {
        Description: "returned if ...",
        Fields: ...
    }
}

vault/logical_system_paths.go Outdated Show resolved Hide resolved
dhuckins
dhuckins approved these changes Feb 3, 2023
View reviewed changes
vault/logical_system_test.go Outdated Show resolved Hide resolved
vault/logical_system_test.go Outdated Show resolved Hide resolved
lursu and others added 2 commits February 7, 2023 16:27
@lursu lursu removed this from the 1.13.0-rc1 milestone Feb 13, 2023
@lursu lursu added this to the 1.14 milestone Feb 13, 2023
@lursu lursu changed the title added response objects for sys 3 section added OpenAPI response objects for sys endpoints Feb 15, 2023
@lursu lursu merged commit 7c261eb into main Feb 15, 2023
@lursu lursu deleted the VAULT-12144/added_responses_for_sys_subsection_3 branch October 8, 2024 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@averche averche averche left review comments

@dhuckins dhuckins dhuckins approved these changes

@AnPucel AnPucel Awaiting requested review from AnPucel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.14
Development

Successfully merging this pull request may close these issues.
4 participants
@lursu @dhuckins @AnPucel @averche