scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a new log message, reporting collisions between OpenAPI paths (#20873)

Browse Source 
Vault API endpoints are defined using regexes in instances of the SDK's
framework.Path structure. However, OpenAPI does not use regexes, so a
translation is performed. It is technically possible that this
translation produces colliding OpenAPI paths from multiple
framework.Path structures. When this happens, there has formerly been no
diagnostic, and one result silently overwrites the other in a map.

As a result of this, several operations are currently accidentally
missing from the Vault OpenAPI, which is also the trigger for
https://github.com/hashicorp/vault-client-go/issues/180.

This PR adds a log message, to help catch such accidents so that they
can be fixed. Much of the PR is propagating a logger to the point where
it is needed, and adjusting tests for the API change.

With current Vault, this will result in the following being logged each
time a request is made which triggers OpenAPI generation:
```
[WARN]  secrets.identity.identity_0cd35e4d: OpenAPI spec generation: multiple framework.Path instances generated the same path; last processed wins: path=/mfa/method
[WARN]  secrets.identity.identity_0cd35e4d: OpenAPI spec generation: multiple framework.Path instances generated the same path; last processed wins: path=/mfa/method/totp
[WARN]  secrets.identity.identity_0cd35e4d: OpenAPI spec generation: multiple framework.Path instances generated the same path; last processed wins: path=/mfa/method/okta
[WARN]  secrets.identity.identity_0cd35e4d: OpenAPI spec generation: multiple framework.Path instances generated the same path; last processed wins: path=/mfa/method/duo
[WARN]  secrets.identity.identity_0cd35e4d: OpenAPI spec generation: multiple framework.Path instances generated the same path; last processed wins: path=/mfa/method/pingid
```

I will submit a further PR to fix the issue - this one is just to add
the diagnostic.
This commit is contained in:
Max Bowsher
2023-06-23 18:36:11 +01:00
committed by GitHub
parent 43ae739971
commit 5ebda5d8f4
3 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
sdk/framework/openapi_test.go
View File

@@ -324,12 +324,15 @@ func TestOpenAPI_SpecialPaths(t *testing.T) {
path := Path{
Pattern: test.pattern,
}
specialPaths := &logical.Paths{
Root: test.rootPaths,
Unauthenticated: test.unauthenticatedPaths,
backend := &Backend{
PathsSpecial: &logical.Paths{
Root: test.rootPaths,
Unauthenticated: test.unauthenticatedPaths,
},
BackendType: logical.TypeLogical,
}
if err := documentPath(&path, specialPaths, "kv", logical.TypeLogical, doc); err != nil {
if err := documentPath(&path, backend, "kv", doc); err != nil {
t.Fatal(err)
}
@@ -593,7 +596,7 @@ func TestOpenAPI_CustomDecoder(t *testing.T) {
}
docOrig := NewOASDocument("version")
err := documentPath(p, nil, "kv", logical.TypeLogical, docOrig)
err := documentPath(p, &Backend{BackendType: logical.TypeLogical}, "kv", docOrig)
if err != nil {
t.Fatal(err)
}
@@ -866,7 +869,10 @@ func testPath(t *testing.T, path *Path, sp *logical.Paths, expectedJSON string)
t.Helper()
doc := NewOASDocument("dummyversion")
if err := documentPath(path, sp, "kv", logical.TypeLogical, doc); err != nil {
if err := documentPath(path, &Backend{
PathsSpecial: sp,
BackendType: logical.TypeLogical,
}, "kv", doc); err != nil {
t.Fatal(err)
}
doc.CreateOperationIDs("")