diff --git a/changelog/21563.txt b/changelog/21563.txt new file mode 100644 index 0000000000..7426ed24fa --- /dev/null +++ b/changelog/21563.txt @@ -0,0 +1,3 @@ +```release-note:improvement +openapi: Better mount points for kv-v1 and kv-v2 in openapi.json +``` diff --git a/helper/builtinplugins/registry_test.go b/helper/builtinplugins/registry_test.go index cfaec51814..55acdd9859 100644 --- a/helper/builtinplugins/registry_test.go +++ b/helper/builtinplugins/registry_test.go @@ -242,10 +242,10 @@ func Test_RegistryMatchesGenOpenapi(t *testing.T) { var ( credentialBackends []string - credentialBackendsRe = regexp.MustCompile(`^vault auth enable (?:"([a-zA-Z]+)"|([a-zA-Z]+))$`) + credentialBackendsRe = regexp.MustCompile(`^vault auth enable (?:-.+ )*(?:"([a-zA-Z]+)"|([a-zA-Z]+))$`) secretsBackends []string - secretsBackendsRe = regexp.MustCompile(`^vault secrets enable (?:"([a-zA-Z]+)"|([a-zA-Z]+))$`) + secretsBackendsRe = regexp.MustCompile(`^vault secrets enable (?:-.+ )*(?:"([a-zA-Z]+)"|([a-zA-Z]+))$`) ) scanner := bufio.NewScanner(f) diff --git a/scripts/gen_openapi.sh b/scripts/gen_openapi.sh index de4589877d..b9495cc9c6 100755 --- a/scripts/gen_openapi.sh +++ b/scripts/gen_openapi.sh @@ -37,7 +37,13 @@ trap defer_stop_vault INT TERM EXIT export VAULT_ADDR=http://127.0.0.1:8200 -echo "Mounting all builtin plugins..." +echo "Unmounting the default kv-v2 secrets engine ..." + +# Unmount the default kv-v2 engine so that we can remount it at 'kv_v2/' later. +# The mount path will be reflected in the resultant OpenAPI document. +vault secrets disable "secret/" + +echo "Mounting all builtin plugins ..." # Enable auth plugins vault auth enable "alicloud" @@ -67,7 +73,8 @@ vault secrets enable "database" vault secrets enable "gcp" vault secrets enable "gcpkms" vault secrets enable "kubernetes" -vault secrets enable "kv" +vault secrets enable -path="kv-v1/" -version=1 "kv" +vault secrets enable -path="kv-v2/" -version=2 "kv" vault secrets enable "ldap" vault secrets enable "mongodbatlas" vault secrets enable "nomad" diff --git a/vault/logical_system.go b/vault/logical_system.go index 1d7c8895e3..a332276b93 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -4541,7 +4541,7 @@ func (b *SystemBackend) pathInternalOpenAPI(ctx context.Context, req *logical.Re // Generic mount paths will primarily be used for code generation purposes. // This will result in parameterized mount paths being returned instead of // hardcoded actual paths. For example /auth/my-auth-method/login would be - // replaced with /auth/{my-auth-method_mount_path}/login. + // replaced with /auth/{my_auth_method_mount_path}/login. // // Note that for this to actually be useful, you have to be using it with // a Vault instance in which you have mounted one of each secrets engine @@ -4615,7 +4615,7 @@ func (b *SystemBackend) pathInternalOpenAPI(ctx context.Context, req *logical.Re (pluginType == "system" || pluginType == "identity" || pluginType == "cubbyhole")) if !isSingletonMount { - mountPathParameterName = strings.TrimRight(mount, "/") + "_mount_path" + mountPathParameterName = strings.TrimRight(strings.ReplaceAll(mount, "-", "_"), "/") + "_mount_path" } }