Remove delete-version-after from kv put and undelete subcommands

Removes the optional parameter "delete-version-after" from the following CLI subcommands: - kv put - kv undelete - kv rollback
2025-10-30 18:17:55 +00:00 · 2019-06-19 15:44:21 -04:00
parent 12ecac24a9
commit 2dde85e43b
6 changed files with 17 additions and 167 deletions
--- a/command/kv_put.go
+++ b/command/kv_put.go
@@ -5,7 +5,6 @@ import (
 	"io"
 	"os"
 	"strings"
-	"time"

 	"github.com/mitchellh/cli"
 	"github.com/posener/complete"
@@ -17,9 +16,8 @@ var _ cli.CommandAutocomplete = (*KVPutCommand)(nil)
 type KVPutCommand struct {
 	*BaseCommand

-	flagCAS                int
-	flagDeleteVersionAfter time.Duration
-	testStdin              io.Reader // for tests
+	flagCAS   int
+	testStdin io.Reader // for tests
 }

 func (c *KVPutCommand) Synopsis() string {
@@ -73,19 +71,6 @@ func (c *KVPutCommand) Flags() *FlagSets {
 		parameter.`,
 	})

-	f.DurationVar(&DurationVar{
-		Name:       "delete-version-after",
-		Target:     &c.flagDeleteVersionAfter,
-		Default:    0,
-		EnvVar:     "",
-		Completion: complete.PredictAnything,
-		Usage: `Specifies the length of time before this version is
-		deleted. If not set, the metadata's delete-version-after is used.
-		Cannot be greater than the metadata's delete-version-after. The
-		delete-version-after is specified as a numeric string with a suffix
-		like "30s" or "3h25m19s".`,
-	})
-
 	return set
 }

@@ -152,10 +137,6 @@ func (c *KVPutCommand) Run(args []string) int {
 		if c.flagCAS > -1 {
 			data["options"].(map[string]interface{})["cas"] = c.flagCAS
 		}
-
-		if c.flagDeleteVersionAfter > 0 {
-			data["options"].(map[string]interface{})["delete_version_after"] = c.flagDeleteVersionAfter.String()
-		}
 	}

 	secret, err := client.Logical().Write(path, data)
--- a/command/kv_rollback.go
+++ b/command/kv_rollback.go
@@ -4,7 +4,6 @@ import (
 	"flag"
 	"fmt"
 	"strings"
-	"time"

 	"github.com/mitchellh/cli"
 	"github.com/posener/complete"
@@ -16,8 +15,7 @@ var _ cli.CommandAutocomplete = (*KVRollbackCommand)(nil)
 type KVRollbackCommand struct {
 	*BaseCommand

-	flagVersion            int
-	flagDeleteVersionAfter time.Duration
+	flagVersion int
 }

 func (c *KVRollbackCommand) Synopsis() string {
@@ -55,19 +53,6 @@ func (c *KVRollbackCommand) Flags() *FlagSets {
 		Usage:  `Specifies the version number that should be made current again.`,
 	})

-	f.DurationVar(&DurationVar{
-		Name:       "delete-version-after",
-		Target:     &c.flagDeleteVersionAfter,
-		Default:    0,
-		EnvVar:     "",
-		Completion: complete.PredictAnything,
-		Usage: `Specifies the length of time before this version is
-		deleted. If not set, the metadata's delete-version-after is used.
-		Cannot be greater than the metadata's delete-version-after. The
-		delete-version-after is specified as a numeric string with a suffix
-		like "30s" or "3h25m19s".`,
-	})
-
 	return set
 }

@@ -232,18 +217,12 @@ func (c *KVRollbackCommand) Run(args []string) int {
 		}
 	}

-	data = map[string]interface{}{
+	secret, err := client.Logical().Write(path, map[string]interface{}{
 		"data": data,
 		"options": map[string]interface{}{
 			"cas": casVersion,
 		},
-	}
-
-	if c.flagDeleteVersionAfter > 0 {
-		data["options"].(map[string]interface{})["delete_version_after"] = c.flagDeleteVersionAfter.String()
-	}
-
-	secret, err := client.Logical().Write(path, data)
+	})
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err))
 		return 2
--- a/command/kv_test.go
+++ b/command/kv_test.go
@@ -120,7 +120,7 @@ func TestKVPutCommand(t *testing.T) {
 		cmd.client = client

 		code := cmd.Run([]string{
-			"-cas", "0", "-delete-version-after", "1h", "kv/write/cas", "bar=baz",
+			"-cas", "0", "kv/write/cas", "bar=baz",
 		})
 		if code != 0 {
 			t.Fatalf("expected 0 to be %d", code)
@@ -133,7 +133,7 @@ func TestKVPutCommand(t *testing.T) {
 		ui, cmd = testKVPutCommand(t)
 		cmd.client = client
 		code = cmd.Run([]string{
-			"-cas", "1", "-delete-version-after", "1h", "kv/write/cas", "bar=baz",
+			"-cas", "1", "kv/write/cas", "bar=baz",
 		})
 		if code != 0 {
 			t.Fatalf("expected 0 to be %d", code)
--- a/command/kv_undelete.go
+++ b/command/kv_undelete.go
@@ -3,7 +3,6 @@ package command
 import (
 	"fmt"
 	"strings"
-	"time"

 	"github.com/mitchellh/cli"
 	"github.com/posener/complete"
@@ -15,8 +14,7 @@ var _ cli.CommandAutocomplete = (*KVUndeleteCommand)(nil)
 type KVUndeleteCommand struct {
 	*BaseCommand

-	flagVersions           []string
-	flagDeleteVersionAfter time.Duration
+	flagVersions []string
 }

 func (c *KVUndeleteCommand) Synopsis() string {
@@ -31,7 +29,7 @@ Usage: vault kv undelete [options] KEY
  This restores the data, allowing it to be returned on get requests.

  To undelete version 3 of key "foo":
-
+  
      $ vault kv undelete -versions=3 secret/foo

  Additional flags and more advanced use cases are detailed below.
@@ -53,20 +51,6 @@ func (c *KVUndeleteCommand) Flags() *FlagSets {
 		Usage:   `Specifies the version numbers to undelete.`,
 	})

-	f.DurationVar(&DurationVar{
-		Name:       "delete-version-after",
-		Target:     &c.flagDeleteVersionAfter,
-		Default:    0,
-		EnvVar:     "",
-		Completion: complete.PredictAnything,
-		Usage: `Specifies the length of time before these versions will be
-		deleted. If not set, the metadata's delete-version-after is used.
-		Cannot be greater than the metadata's delete-version-after. The
-		delete-version-after is specified as a numeric string with a suffix
-		like "30s" or
-		"3h25m19s".`,
-	})
-
 	return set
 }

@@ -123,10 +107,6 @@ func (c *KVUndeleteCommand) Run(args []string) int {
 		"versions": kvParseVersionsFlags(c.flagVersions),
 	}

-	if c.flagDeleteVersionAfter > 0 {
-		data["delete_version_after"] = c.flagDeleteVersionAfter.String()
-	}
-
 	secret, err := client.Logical().Write(path, data)
 	if err != nil {
 		c.UI.Error(fmt.Sprintf("Error writing data to %s: %s", path, err))
--- a/website/source/api/secret/kv/kv-v2.html.md
+++ b/website/source/api/secret/kv/kv-v2.html.md
@@ -158,14 +158,6 @@ have an ACL policy granting the `update` capability.
      write will only be allowed if the key’s current version matches the
      version specified in the cas parameter.

-	- `delete_version_after` (`string:"0s"`) – Set the `delete_version_after`
-	  value to a duration to specify the `deletion_time` for this
-	  version. If not set, the metadata's `delete_version_after` will be used. If
-	  the metadata's `delete_version_after` is not set, the backend's
-	  `delete_version_after` will be used. If the value is greater than the
-	  metadata's `delete_version_after`, the metadata's `delete_version_after` will be
-	  used. Accepts [Go duration format string][duration-godoc].
-
 - `data` `(Map: <required>)` – The contents of the data map will be stored and
  returned on read.

@@ -174,8 +166,7 @@ have an ACL policy granting the `update` capability.
 ```json
 {
  "options": {
-      "cas": 0,
-	  "delete_version_after": "3m"
+      "cas": 0
  },
  "data": {
 	  "foo": "bar",
@@ -200,7 +191,7 @@ $ curl \
 {
  "data": {
    "created_time": "2018-03-22T02:36:43.986212308Z",
-    "deletion_time": "2018-03-22T02:39:43.986212308Z",
+    "deletion_time": "",
    "destroyed": false,
    "version": 1
  }
@@ -286,20 +277,11 @@ This restores the data, allowing it to be returned on get requests.
 - `versions` `([]int: <required>)` - The versions to undelete. The versions will
  be restored and their data will be returned on normal get requests.

- `delete_version_after` (`string:"0s"`) – Set the `delete_version_after` value
-  to a duration to specify the `deletion_time` for the versions being
-  undeleted. If not set, the metadata's `delete_version_after` will be used. If
-  the metadata's `delete_version_after` is not set, the backend's `delete_version_after`
-  will be used. If the value is greater than the metadata's
-  `delete_version_after`, the metadata's `delete_version_after` will be used. Accepts
-  [Go duration format string][duration-godoc].
-
 ### Sample Payload

 ```json
 {
-    "versions": [1, 2],
-    "delete_version_after": "25m"
+    "versions": [1, 2]
 }
 ```

--- a/website/source/docs/secrets/kv/kv-v2.html.md
+++ b/website/source/docs/secrets/kv/kv-v2.html.md
@@ -246,71 +246,6 @@ allows for writing keys with arbitrary values.
 	my-value    s3cr3t
    ```

-1. Write another version which will be deleted after a specified
-   duration. The `-delete-version-after` flag can optionally be passed to specify
-   a duration of time until the version will be deleted. The previous
-   versions will still be accessible.
-
-    ```text
-    $ vault kv put -delete-version-after=2m secret/my-secret my-value=short-lived-s3cr3t
-	Key              Value
-	---              -----
-	created_time     2019-06-19T17:23:21.834403Z
-	deletion_time    2019-06-19T17:25:21.834403Z
-	destroyed        false
-	version          3
-	```
-
-1. Reading now will return the newest version of the data and show the
-   `deletion_time`:
-
-    ```text
-	$ vault kv get secret/my-secret
-	====== Metadata ======
-	Key              Value
-	---              -----
-	created_time     2019-06-19T17:23:21.834403Z
-	deletion_time    2019-06-19T17:25:21.834403Z
-	destroyed        false
-	version          3
-
-	====== Data ======
-	Key         Value
-	---         -----
-	my-value    short-lived-s3cr3t
-	```
-
-1. Reading after the `deletion_time` will only return metadata:
-
-    ```text
-	$ vault kv get secret/my-secret
-	====== Metadata ======
-	Key              Value
-	---              -----
-	created_time     2019-06-19T17:23:21.834403Z
-	deletion_time    2019-06-19T17:25:21.834403Z
-	destroyed        false
-	version          3
-	```
-
-1. Previous versions not deleted can still be accessed with the `-version` flag:
-
-    ```text
-    $ vault kv get -version=2 secret/my-secret
-	====== Metadata ======
-	Key              Value
-	---              -----
-	created_time     2019-06-19T17:22:23.369372Z
-	deletion_time    n/a
-	destroyed        false
-	version          2
-
-	====== Data ======
-	Key         Value
-	---         -----
-	my-value    new-s3cr3t
-    ```
-
 ### Deleting and Destroying Data

 When deleting data the standard `vault kv delete` command will perform a
@@ -338,7 +273,7 @@ See the commands below for more information:
 1. Versions can be undeleted:

    ```text
-    $ vault kv undelete -versions=3 secret/my-secret
+    $ vault kv undelete -versions=2 secret/my-secret
 	Success! Data written to: secret/undelete/my-secret

    $ vault kv get secret/my-secret
@@ -348,7 +283,7 @@ See the commands below for more information:
 	created_time     2019-06-19T17:23:21.834403Z
 	deletion_time    n/a
 	destroyed        false
-	version          3
+	version          2

 	====== Data ======
 	Key         Value
@@ -359,7 +294,7 @@ See the commands below for more information:
 1. Destroying a version permanently deletes the underlying data:

    ```text
-    $ vault kv destroy -versions=3 secret/my-secret
+    $ vault kv destroy -versions=2 secret/my-secret
 	Success! Data written to: secret/destroy/my-secret
    ```

@@ -380,11 +315,11 @@ See the commands below for more information:
 	---                     -----
 	cas_required            false
 	created_time            2019-06-19T17:20:22.985303Z
-	current_version         3
+	current_version         2
 	delete_version_after    0s
 	max_versions            0
 	oldest_version          0
-	updated_time            2019-06-19T17:23:21.834403Z
+	updated_time            2019-06-19T17:22:23.369372Z

 	====== Version 1 ======
 	Key              Value
@@ -398,13 +333,6 @@ See the commands below for more information:
 	---              -----
 	created_time     2019-06-19T17:22:23.369372Z
 	deletion_time    n/a
-	destroyed        false
-
-	====== Version 3 ======
-	Key              Value
-	---              -----
-	created_time     2019-06-19T17:23:21.834403Z
-	deletion_time    n/a
 	destroyed        true
    ```