-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for reading deleted secret versions (kv2) without an exception #907
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #907 +/- ##
===========================================
+ Coverage 81.64% 83.56% +1.91%
===========================================
Files 65 65
Lines 3002 3011 +9
===========================================
+ Hits 2451 2516 +65
+ Misses 551 495 -56
|
15b4a4d
to
15f1bec
Compare
This comment was marked as outdated.
This comment was marked as outdated.
15f1bec
to
eb2a8c0
Compare
This comment was marked as outdated.
This comment was marked as outdated.
29a648d
to
7014601
Compare
7014601
to
c5bf96f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really clean, looks good!
…907) * add test to verify the desired behavior * blackify * update test * nominal fix (no flag) * revert kv_v2 * add VaultError.from_status class method * add optional text and json fields to VaultError instances * update raise_for_error to incorportate new VaultError fields and class method * update RawAdapter to provide text and json in exceptions * update kv2 read_secret_version to handle latest deleted secret * we already got the text * missed some conditionals * cleanerrrr * add raise_on_deleted_version with deprecated default * add unit tests * update integration tests * fix unit syntax * refactor and test * text prop mock * blackify * who's mocking whom * update docs
…vac#907) * add test to verify the desired behavior * blackify * update test * nominal fix (no flag) * revert kv_v2 * add VaultError.from_status class method * add optional text and json fields to VaultError instances * update raise_for_error to incorportate new VaultError fields and class method * update RawAdapter to provide text and json in exceptions * update kv2 read_secret_version to handle latest deleted secret * we already got the text * missed some conditionals * cleanerrrr * add raise_on_deleted_version with deprecated default * add unit tests * update integration tests * fix unit syntax * refactor and test * text prop mock * blackify * who's mocking whom * update docs
How can you avoid this error? |
@blatnoy7447 set |
Fixes #906
Here's the final state of this PR
VaultError
(the base class for all the Vault exceptions) has been updated as follows:text
andjson
arguments and populates them as fieldsfrom_status
is added to return an instance of a specific Vault exception, based on the given status code; this replaces the logic inraise_for_error
to something a little cleanerutils.raise_for_error
now acceptstext
andjson
fields to pass along to the exception classes, and is reduced to just callingVaultError.from_status
RawAdapter
(the only current place whereraise_for_status
is used) has been updated to populate thetext
andjson
fields as best it can from itsrequests.Response
All of the above now enables methods to remain Adapter-agnostic, but gain some additional information in the exceptions raised which can allow for handling of some conditions. With that:
read_secret_version
can catch theInvalidPath
exception, inspect thejson
field to try to determine if the cause was due to a deleted secret version, and if so, can respond by returning the data instead of allowing the exception to be raised.raise_on_deleted_version
None
None
will default toTrue
(preserving the old behavior) with a warning explaining that the default will change toFalse
inv3.0.0
v3.0.0
we'll change the actual default toFalse
and remove the warning code and the test for itSince clients also gain from the new exception fields, sophisticated clients can decide how to handle a deleted version result in their application (whether by setting the new parameter, or catching exceptions), including:
0
At this time, I don't think we should look to implement these workarounds in
hvac
itself.Tests have also been added or improved, and all of the changes here have 100% test coverage.