[ https://issues.apache.org/jira/browse/NIFI-12080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17878349#comment-17878349 ]
ASF subversion and git services commented on NIFI-12080: -------------------------------------------------------- Commit f828907df50de98abdc73cb6d1c08cba4c4f8271 in nifi's branch refs/heads/main from Pierre Villard [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f828907df5 ] NIFI-12080 Added support for KV_2 in HashiCorp Parameter Provider This closes #9209 Signed-off-by: David Handermann <exceptionfact...@apache.org> > HashiCorp Vault parameter context kv2 compatability. > ---------------------------------------------------- > > Key: NIFI-12080 > URL: https://issues.apache.org/jira/browse/NIFI-12080 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework > Affects Versions: 1.20.0 > Environment: Tested on OpenShift 4.11 and local environment. > Reporter: Robert D > Assignee: Pierre Villard > Priority: Minor > Attachments: image-2023-09-18-15-54-55-187.png, > image-2023-09-18-15-55-10-366.png > > Time Spent: 20m > Remaining Estimate: 0h > > When trying to use hashicorp vault with a kv2 backend I can successfully > authenticate with vault but trying to use a parameter provider it can't list > any secrets. > I believe it's because {{KeyValueBackend.KV_1}} is hardcoded in the > {{listKeyValueSecrets}} function instead of using the member variable > {{{}keyValueBackend{}}}. > The code can be seen > [here|https://github.com/apache/nifi/blob/main/nifi-commons/nifi-hashicorp-vault/src/main/java/org/apache/nifi/vault/hashicorp/StandardHashiCorpVaultCommunicationService.java#L148]. > !image-2023-09-18-15-54-55-187.png! > > !image-2023-09-18-15-55-10-366.png! > > After that is changed to {{keyValueBackend}} another issue that comes up is > that it can only list the top level secrets. > This is because {{listKeyValueSecrets}} hardcodes the path to the [root > path|https://github.com/apache/nifi/blob/main/nifi-commons/nifi-hashicorp-vault/src/main/java/org/apache/nifi/vault/hashicorp/StandardHashiCorpVaultCommunicationService.java#L149]. > For example if there is a secret under the path {{shared/test}} it is > inaccessible. > Adding the {{shared}} path to the Key/Value path parameter also doesn't fix > it because Vault expects the metadata path after the kv engine. > A valid path would be {{/kv/metadata/shared/?list=true}} adding {{shared }}to > the Key/Value path makes a request to {{{}/kv/shared/metadata/?list=true{}}}. > Adding a parameter to the {{listKeyValueSecrets}} function to specify the > secret path fixes it. > > In the parameter provider it says it's for Key/Value version 1 secrets but > after these changes I could use it with a kv2 backend. The only downside is > that it can only get the latest version of the secret but that is good enough > for my usecase. -- This message was sent by Atlassian Jira (v8.20.10#820010)