Add HTTP PATCH support for KV key metadata (#13215)

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata * add kv metadata patch command * add changelog entry * success tests for kv metadata patch flags * add more kv metadata patch flags tests * add kv metadata patch cas warning test * add kv-v2 key metadata patch API docs * add kv metadata patch to docs * prevent unintentional field overwriting in kv metadata put cmd * like create/update ops, prevent patch to paths ending in / * fix kv metadata patch cmd in docs * fix flag defaults for kv metadata put * go get vault-plugin-secrets-kv@vault-4290-patch-metadata * fix TestKvMetadataPatchCommand_Flags test * doc fixes * go get vault-plugin-secrets-kv@master; go mod tidy
2025-11-02 11:38:02 +00:00 · 2022-01-12 12:05:27 -05:00
parent fc590ca128
commit e014065c64
11 changed files with 633 additions and 43 deletions
--- a/command/kv_metadata_put_test.go
+++ b/command/kv_metadata_put_test.go
@@ -1,11 +1,13 @@
 package command

 import (
+	"encoding/json"
+	"strings"
+	"testing"
+
 	"github.com/go-test/deep"
 	"github.com/hashicorp/vault/api"
 	"github.com/mitchellh/cli"
-	"strings"
-	"testing"
 )

 func testKVMetadataPutCommand(tb testing.TB) (*cli.MockUi, *KVMetadataPutCommand) {
@@ -19,7 +21,7 @@ func testKVMetadataPutCommand(tb testing.TB) (*cli.MockUi, *KVMetadataPutCommand
 	}
 }

-func TestKvMetadataPutCommandDeleteVersionAfter(t *testing.T) {
+func TestKvMetadataPutCommand_DeleteVersionAfter(t *testing.T) {
 	client, closer := testVaultServer(t)
 	defer closer()

@@ -78,7 +80,7 @@ func TestKvMetadataPutCommandDeleteVersionAfter(t *testing.T) {
 	}
 }

-func TestKvMetadataPutCommandCustomMetadata(t *testing.T) {
+func TestKvMetadataPutCommand_CustomMetadata(t *testing.T) {
 	client, closer := testVaultServer(t)
 	defer closer()

@@ -154,3 +156,47 @@ func TestKvMetadataPutCommandCustomMetadata(t *testing.T) {
 		t.Fatal(diff)
 	}
 }
+
+func TestKvMetadataPutCommand_UnprovidedFlags(t *testing.T) {
+	client, closer := testVaultServer(t)
+	defer closer()
+
+	basePath := t.Name() + "/"
+	secretPath := basePath + "my-secret"
+
+	if err := client.Sys().Mount(basePath, &api.MountInput{
+		Type: "kv-v2",
+	}); err != nil {
+		t.Fatalf("kv-v2 mount error: %#v", err)
+	}
+
+	_, cmd := testKVMetadataPutCommand(t)
+	cmd.client = client
+
+	args := []string{"-cas-required=true", "-max-versions=10", secretPath}
+	code, _ := kvMetadataPutWithRetry(t, client, args, nil)
+
+	if code != 0 {
+		t.Fatalf("expected 0 exit status but received %d", code)
+	}
+
+	args = []string{"-custom-metadata=foo=bar", secretPath}
+	code, _ = kvMetadataPutWithRetry(t, client, args, nil)
+
+	if code != 0 {
+		t.Fatalf("expected 0 exit status but received %d", code)
+	}
+
+	secret, err := client.Logical().Read(basePath + "metadata/" + "my-secret")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if secret.Data["cas_required"] != true {
+		t.Fatalf("expected cas_required to be true but received %#v", secret.Data["cas_required"])
+	}
+
+	if secret.Data["max_versions"] != json.Number("10") {
+		t.Fatalf("expected max_versions to be 10 but received %#v", secret.Data["max_versions"])
+	}
+}