Add option for not mounting the KV mount in --dev (#16974)

* Add option for not mounting the KV mount in --dev * Fix whitespace I messed up during merge conflict resolution * Feature -> Improvement * Fix formatting for real --------- Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2025-10-29 01:32:33 +00:00 · 2024-06-01 03:48:56 +08:00
parent 158ad050a7
commit 3e998a431f
2 changed files with 36 additions and 23 deletions
--- a/changelog/16974.txt
+++ b/changelog/16974.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+cli: Add a `--dev-no-kv` flag to prevent auto mounting a key-value secret backend when running a dev server
+```
--- a/command/server.go
+++ b/command/server.go
@@ -135,6 +135,7 @@ type ServerCommand struct {
 	flagDevLatency         int
 	flagDevLatencyJitter   int
 	flagDevLeasedKV        bool
+	flagDevNoKV            bool
 	flagDevKVV1            bool
 	flagDevSkipInit        bool
 	flagDevThreeNode       bool
@@ -345,6 +346,13 @@ func (c *ServerCommand) Flags() *FlagSets {
 		Hidden:  true,
 	})

+	f.BoolVar(&BoolVar{
+		Name:    "dev-no-kv",
+		Target:  &c.flagDevNoKV,
+		Default: false,
+		Hidden:  true,
+	})
+
 	f.BoolVar(&BoolVar{
 		Name:    "dev-kv-v1",
 		Target:  &c.flagDevKVV1,
@@ -1031,7 +1039,7 @@ func (c *ServerCommand) Run(args []string) int {
 	}

 	// Automatically enable dev mode if other dev flags are provided.
-	if c.flagDevConsul || c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode || c.flagDevFourCluster || c.flagDevAutoSeal || c.flagDevKVV1 || c.flagDevTLS {
+	if c.flagDevConsul || c.flagDevHA || c.flagDevTransactional || c.flagDevLeasedKV || c.flagDevThreeNode || c.flagDevFourCluster || c.flagDevAutoSeal || c.flagDevKVV1 || c.flagDevNoKV || c.flagDevTLS {
 		c.flagDev = true
 	}

@@ -2105,29 +2113,31 @@ func (c *ServerCommand) enableDev(core *vault.Core, coreConfig *vault.CoreConfig
 		}
 	}

-	kvVer := "2"
-	if c.flagDevKVV1 || c.flagDevLeasedKV {
-		kvVer = "1"
-	}
-	req := &logical.Request{
-		Operation:   logical.UpdateOperation,
-		ClientToken: init.RootToken,
-		Path:        "sys/mounts/secret",
-		Data: map[string]interface{}{
-			"type":        "kv",
-			"path":        "secret/",
-			"description": "key/value secret storage",
-			"options": map[string]string{
-				"version": kvVer,
+	if !c.flagDevNoKV {
+		kvVer := "2"
+		if c.flagDevKVV1 || c.flagDevLeasedKV {
+			kvVer = "1"
+		}
+		req := &logical.Request{
+			Operation:   logical.UpdateOperation,
+			ClientToken: init.RootToken,
+			Path:        "sys/mounts/secret",
+			Data: map[string]interface{}{
+				"type":        "kv",
+				"path":        "secret/",
+				"description": "key/value secret storage",
+				"options": map[string]string{
+					"version": kvVer,
+				},
 			},
-		},
-	}
-	resp, err := core.HandleRequest(ctx, req)
-	if err != nil {
-		return nil, fmt.Errorf("error creating default KV store: %w", err)
-	}
-	if resp.IsError() {
-		return nil, fmt.Errorf("failed to create default KV store: %w", resp.Error())
+		}
+		resp, err := core.HandleRequest(ctx, req)
+		if err != nil {
+			return nil, fmt.Errorf("error creating default KV store: %w", err)
+		}
+		if resp.IsError() {
+			return nil, fmt.Errorf("failed to create default KV store: %w", resp.Error())
+		}
 	}

 	return init, nil