kv2/metadata: ReadSecretPathsAsync allows empty path value to list …

…all secrets on the `mountPoint` (#337) * remove null check for path, in list secrets API the path is required in the API documentation of vault but if you manually run the API like curl --header "X-Vault-Token: …” --request LIST http://127.0.0.1:8200/v1/secret/metadata it would work therefore, removing the strict null check and adding a simple guard rail * update IKeyValueSecretsEngineV2 documentation * update CHANGELOG.md
rajanadar · Sep 8, 2024 · 5e568b6 · 5e568b6
1 parent 5fcb6a0
commit 5e568b6
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,7 @@
  * [GH-309](https://github.com/rajanadar/VaultSharp/issues/309) identity/oidc/role: create, read, update and delete apis.
  * [GH-309](https://github.com/rajanadar/VaultSharp/issues/309) auth/approle: ````PullNewSecretIdAsync``` allows for reponse wrapping using ```wrapTimeToLive``` parameter
  * [GH-329](https://github.com/rajanadar/VaultSharp/issues/329) kv2/metadata: `ReadSecretPathsAsync` to use HTTP `GET` method and `?list=true` instead of non-standard HTTP verb `LIST`
-
+ * [GH-334](https://github.com/rajanadar/VaultSharp/issues/334) kv2/metadata: `ReadSecretPathsAsync` allows empty path value to list all secrets on the `mountPoint`
 ## 1.13.0.1 (April 03, 2023)
 
 **BUG FIXES:**

diff --git a/src/VaultSharp/V1/SecretsEngines/KeyValue/V2/IKeyValueSecretsEngineV2.cs b/src/VaultSharp/V1/SecretsEngines/KeyValue/V2/IKeyValueSecretsEngineV2.cs
@@ -232,8 +232,10 @@ public interface IKeyValueSecretsEngineV2
         /// Folders are suffixed with /. The input must be a folder; list on a file will not return a value. 
         /// The values themselves are not accessible via this API.
         /// </summary>
-        /// <param name="path"><para>[required]</para>
-        /// The location path where the secret needs to be read from.</param>
+        /// <param name="path">
+        /// The location path where the secret needs to be read from. Can be empty string or null, if you
+        /// want to list all secrets on the mount point.
+        /// </param>
         /// <param name="mountPoint"><para>[optional]</para>
         /// The mount point for the Generic backend. Defaults to <see cref="SecretsEngineMountPoints.KeyValueV2" />
         /// Provide a value only if you have customized the mount point.</param>

diff --git a/src/VaultSharp/V1/SecretsEngines/KeyValue/V2/KeyValueSecretsEngineV2Provider.cs b/src/VaultSharp/V1/SecretsEngines/KeyValue/V2/KeyValueSecretsEngineV2Provider.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Threading.Tasks;
@@ -108,11 +108,13 @@ public async Task DestroySecretVersionsAsync(string path, IList<int> versions, s
 
         public async Task<Secret<ListInfo>> ReadSecretPathsAsync(string path, string mountPoint = null, string wrapTimeToLive = null)
         {
-            Checker.NotNull(path, "path");
-
+            string p = path ?? "";
+            if (p.Length > 0) {
+                p = p.Trim('/');
+            }
             string queryParameters = "?list=true";
 
-            return await _polymath.MakeVaultApiRequest<Secret<ListInfo>>(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.KeyValueV2, "/metadata/" + path.Trim('/') + queryParameters, HttpMethod.Get, wrapTimeToLive: wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
+            return await _polymath.MakeVaultApiRequest<Secret<ListInfo>>(mountPoint ?? _polymath.VaultClientSettings.SecretsEngineMountPoints.KeyValueV2, "/metadata/" + p + queryParameters, HttpMethod.Get, wrapTimeToLive: wrapTimeToLive).ConfigureAwait(_polymath.VaultClientSettings.ContinueAsyncTasksOnCapturedContext);
         }
 
         public async Task<Secret<FullSecretMetadata>> ReadSecretMetadataAsync(string path, string mountPoint = null, string wrapTimeToLive = null)