diff --git a/changelog/16794.txt b/changelog/16794.txt new file mode 100644 index 000000000000..0f78cf00a769 --- /dev/null +++ b/changelog/16794.txt @@ -0,0 +1,3 @@ +```release-note:bug +api: Fixed erroneous warnings of unrecognized parameters when unwrapping data. +``` diff --git a/http/sys_wrapping_test.go b/http/sys_wrapping_test.go index ab82b927c5f8..17520e78cf32 100644 --- a/http/sys_wrapping_test.go +++ b/http/sys_wrapping_test.go @@ -146,6 +146,9 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } if secret == nil || secret.Data == nil { t.Fatal("secret or secret data is nil") } @@ -222,6 +225,9 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } ret4 := secret // Should be expired and fail _, err = client.Logical().Unwrap(wrapInfo.Token) @@ -286,10 +292,16 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } secret, err = client.Logical().Unwrap(secret.WrapInfo.Token) if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } if !reflect.DeepEqual(data, secret.Data) { t.Fatalf("custom wrap did not match expected: %#v", secret.Data) } @@ -320,6 +332,9 @@ func TestHTTP_Wrapping(t *testing.T) { if err != nil { t.Fatal(err) } + if secret.Warnings != nil { + t.Fatalf("Warnings found: %v", secret.Warnings) + } // Check for correct Creation path after rewrap if wrapInfo.CreationPath != "secret/foo" { diff --git a/sdk/framework/backend.go b/sdk/framework/backend.go index 28071e5acdff..a4937f4c8588 100644 --- a/sdk/framework/backend.go +++ b/sdk/framework/backend.go @@ -221,7 +221,7 @@ func (b *Backend) HandleRequest(ctx context.Context, req *logical.Request) (*log var ignored []string for k, v := range req.Data { raw[k] = v - if path.Fields[k] == nil { + if !path.TakesArbitraryInput && path.Fields[k] == nil { ignored = append(ignored, k) } } diff --git a/sdk/framework/path.go b/sdk/framework/path.go index b316d2cc1577..fe29a400890a 100644 --- a/sdk/framework/path.go +++ b/sdk/framework/path.go @@ -116,6 +116,12 @@ type Path struct { // DisplayAttrs provides hints for UI and documentation generators. They // will be included in OpenAPI output if set. DisplayAttrs *DisplayAttributes + + // TakesArbitraryInput is used for endpoints that take arbitrary input, instead + // of or as well as their Fields. This is taken into account when printing + // warnings about ignored fields. If this is set, we will not warn when data is + // provided that is not part of the Fields declaration. + TakesArbitraryInput bool } // OperationHandler defines and describes a specific operation handler. diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index 6b1516217a6e..9ce4170c1b95 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -1789,6 +1789,8 @@ func (b *SystemBackend) wrappingPaths() []*framework.Path { HelpSynopsis: strings.TrimSpace(sysHelp["wrap"][0]), HelpDescription: strings.TrimSpace(sysHelp["wrap"][1]), + + TakesArbitraryInput: true, }, {