Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VAULT-20669: Add New Authenticated Endpoint for Version #23740

Merged
merged 14 commits into from
Oct 26, 2023
Merged

VAULT-20669: Add New Authenticated Endpoint for Version #23740

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a3f8d29
add sys/internal/ui/version path
Oct 19, 2023
e5ccd61
add read capability for sys/internal/ui/version in default policy
Oct 19, 2023
2f9ea9c
add changelog file
Oct 19, 2023
78ff999
doc: add api-docs page for sys/internal/ui/version
Oct 19, 2023
e80493a
add godoc for pathInternalUIVersion function
Oct 20, 2023
4afa0fa
add tests for functions in version package
Oct 20, 2023
a7c70ca
remove unreachable code
Oct 20, 2023
46922f5
use closure to restore version at end of test function
Oct 20, 2023
cadba85
use an example version in sample response
Oct 20, 2023
b1659db
Update website/content/api-docs/system/internal-ui-version.mdx
Oct 25, 2023
bc9eb6f
Apply suggestions from code review
Oct 25, 2023
c602c76
Update website/content/api-docs/system/internal-ui-version.mdx
Oct 25, 2023
705ba9f
add copyright header to version_test.go
Oct 26, 2023
53121c8
Merge branch 'main' into marcboudreau/VAULT-20669/add-new-ui-version-…
Oct 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog/23740.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
core: add sys/internal/ui/version endpoint
```
10 changes: 10 additions & 0 deletions vault/logical_system.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4754,6 +4754,16 @@ func (b *SystemBackend) pathInternalUIResultantACL(ctx context.Context, req *log
return resp, nil
}

func (b *SystemBackend) pathInternalUIVersion(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
marcboudreau marked this conversation as resolved.
Show resolved Hide resolved
resp := &logical.Response{
Data: map[string]any{
"version": version.GetVersion().VersionNumber(),
},
}

return resp, nil
}

func (b *SystemBackend) pathInternalOpenAPI(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Limit output to authorized paths
resp, err := b.pathInternalUIMountsRead(ctx, req, d)
Expand Down
5 changes: 5 additions & 0 deletions vault/logical_system_integ_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,11 @@ func TestSystemBackend_InternalUIResultantACL(t *testing.T) {
"read",
},
},
"sys/internal/ui/version": map[string]interface{}{
"capabilities": []interface{}{
"read",
},
},
"sys/leases/lookup": map[string]interface{}{
"capabilities": []interface{}{
"update",
Expand Down
25 changes: 25 additions & 0 deletions vault/logical_system_paths.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2641,6 +2641,31 @@ func (b *SystemBackend) internalPaths() []*framework.Path {
HelpSynopsis: strings.TrimSpace(sysHelp["internal-ui-resultant-acl"][0]),
HelpDescription: strings.TrimSpace(sysHelp["internal-ui-resultant-acl"][1]),
},
{
Pattern: "internal/ui/version",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: "internal-ui",
OperationVerb: "read",
OperationSuffix: "version",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathInternalUIVersion,
Summary: "Backwards compatibility is not guaranteed for this API",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ I wonder why we just use the same summary message for multiple internal API endpoints, do you think it would be useful to include what this endpoint is for (even if it also says that it doesn't guarantee backwards compatibility)?

Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"version": {
Type: framework.TypeString,
Required: true,
},
},
}},
},
},
},
},
{
Pattern: "internal/counters/requests",
DisplayAttrs: &framework.DisplayAttributes{
Expand Down
6 changes: 6 additions & 0 deletions vault/policy_store.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,12 @@ path "sys/internal/ui/resultant-acl" {
capabilities = ["read"]
}

# Allow a token to look up the Vault version. This path is not subject to
# redaction like the unauthenticated endpoints that provide the Vault version.
path "sys/internal/ui/version" {
capabilities = ["read"]
}

# Allow a token to renew a lease via lease_id in the request body; old path for
# old clients, new path for newer
path "sys/renew" {
Expand Down
49 changes: 49 additions & 0 deletions website/content/api-docs/system/internal-ui-version.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---
layout: api
page_title: /sys/internal/ui/version - HTTP API
description: >-
The `/sys/internal/ui/version` endpoint exposes the software version of Vault.
---

# `/sys/internal/ui/version`

The `/sys/internal/ui/version` endpoint is used to expose the software version
of Vault to the UI so that it can be displayed to logged in users.
marcboudreau marked this conversation as resolved.
Show resolved Hide resolved

This is currently only being used internally for the UI. Due to the nature of its
intended usage, there is no guarantee on backwards compatibility for this endpoint.
marcboudreau marked this conversation as resolved.
Show resolved Hide resolved

## Get version

This endpoint exposes the software version of Vault to the UI.
marcboudreau marked this conversation as resolved.
Show resolved Hide resolved

| Method | Path |
| :----- | :------------------------- |
| `GET` | `/sys/internal/ui/version` |

### Sample request

```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
http://127.0.0.1:8200/v1/sys/internal/ui/version
```

### Sample response

```json
{
"request_id": "d585b9be-9c6f-a05f-939b-490cf062ebbe",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"version": "..."
marcboudreau marked this conversation as resolved.
Show resolved Hide resolved
},
"wrap_info": null,
"warnings": null,
"auth": null,
"mount_type": "system"
}
```
4 changes: 4 additions & 0 deletions website/data/api-docs-nav-data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,10 @@
"title": "<code>/sys/internal/ui/resultant-acl</code>",
"path": "system/internal-ui-resultant-acl"
},
{
"title": "<code>/sys/internal/ui/version</code>",
"path": "system/internal-ui-version"
},
{
"title": "<code>/sys/key-status</code>",
"path": "system/key-status"
Expand Down
Loading