-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HTTP PATCH support for key metadata #57
Conversation
TypeKVPairs results in using a map[string]string whereas TypeMap results in using a map[string]interface{}. Being able to accept null values for custom_metadata fields is important for HTTP PATCH operations as it signals to the handler to remove the field. A shared parser has been added to ensure that the provided non-nil values are indeed parsable as strings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm! Thanks for including comments for each new function, and for the comprehensive testing!
Just a couple questions/comments to clarify my understanding.
go.mod
Outdated
@@ -10,7 +10,7 @@ require ( | |||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.2 | |||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 | |||
github.com/hashicorp/vault/api v1.3.0 | |||
github.com/hashicorp/vault/sdk v0.3.0 | |||
github.com/hashicorp/vault/sdk v0.3.1-0.20211124134129-09816c37b82e |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you link the relevant sdk update that is required for this PR? I noticed that this PR uses HandlePatchOperation
, which is updated here: https://github.com/hashicorp/vault/pull/13191/files . Was this the change you wanted to include?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, yes. I did link the PR above but I will add a note in the description to specify why the sdk version has been updated. Thank you for calling that out!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! In that case, I think we'd want to merge the sdk PR first, then redo the go get
so we don't depend on a branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, that's the plan.
// framework.PatchPreprocessorFunc handles filtering out Vault-managed fields, | ||
// filtering out nulls, and ensuring appropriate handling of data types not | ||
// supported directly by FieldType. | ||
func metadataPatchPreprocessor() framework.PatchPreprocessorFunc { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we filter out nils here? Further down in PathMetadataPatch
, the parsing logic should filter out nils already. Not a problem regardless as I think having the extra lair of defensive coding is a good thing, but I was just curious if I was missing something here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good point. We have discussed this further offline and come to the conclusion that nils provided for top-level fields will be treated as unsetting the field. The godoc for framework.HandlePatchOperation
will account for this functionality.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changing my review from Approve
to Request changes
because I think the question about the go.mod
upgrade might be blocking, but otherwise lgtm!
Overview
The
custom_metadata
map field was added to key metadata in #48. Updating the field currently results in a full overwrite. HTTPPATCH
was introduced for the data endpoint in #49. Now that Vault generally supports HTTPPATCH
, it seemed prudent to add aPatchOperation
handler for the metadata endpoint so thatcustom_metadata
can be patched rather than fully overwritten.Design of Change
The
custom_metadata
type has been changed fromframework.TypeKVPairs
toframework.TypeMap
. Theframework.TypeKVPairs
restricts values to strings but does not result in proper handling when users to submitnull
values within the JSON request body. Anull
will indicate to the JSON merge handler to remove the field. Usingframework.TypeKVPairs
will result in coercing anil
interface{}
from the request data to an empty string which is not ideal. Changing the type of this field was a concern that was handled carefully. TheparseCustomMetadata
function was added to handle the parsing of theinterface{}
values into strings to create amap[string]string
in the same way that theFieldData
parsing would if it were otherwise typed asframework.TypeKVPairs
. This function is then used for theCreateOperation
/UpdateOperation
andPatchOperation
handlers to ensure consistent request data coercion.A
PatchOperation
handler has been added to the metadata path. Similar to theCreateOperation
/UpdateOperation
handler, thecas_required
field is treated as lower priority than the backend configuration. If thecas_required
field on the backend configuration is set totrue
and an attempt made to set the metadata'scas_required
tofalse
will result in a warning.The
framework.PatchPreprocessorFunc
for the metadataPatchOperation
handler is responsible for the following:max_versions
,cas_required
,delete_version_after
,custom_metadata
as all other fields are handled internally by the backendnil
values as they will result in the JSON merge patch removing them from the resource, they are allowed to exist withincustom_metadata
DurationProto
value fordelete_version_after
Related Issues/Pull Requests
HandlePatchOperation
which have been included in the update ofgithub.com/hashicorp/vault/sdk
to versionv0.3.1-0.20211124134129-09816c37b82e
kv metadata patch
CLI support and doc updates