Backport of Fix multiple OpenAPI generation issues with new AST-based generator into release/1.11.x #19717
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #18554 to be assessed for backporting due to the inclusion of the label backport/1.11.x.
WARNING automatic cherry-pick of commits failed. Commits will require human attention.
The below text is copied from the body of the original PR.
Currently, the Vault OpenAPI generator attempts to use a variety of ad-hoc regexps, to simplify the path regexps that are the canonical specification of URL paths in Vault backends, and convert them into OpenAPI URL patterns. Regexps are not well suited to parsing regexps, and this approach is fragile and incomplete.
Happily, the Go regexp library provides easy access to its string-to-AST parser, so we can just ask it to parse the regexps for us, and then walk the resulting AST for a more reliable translation from regexps to OpenAPI patterns - this PR makes that change.
Whilst developing this change, it came to light that there are incorrectly unescaped full stops in some existing patterns - so the dot in
/.well-known/
could in fact be any character. These are now properly escaped.As a result of these changes, the OpenAPI document changes in the following ways:
In the AWS secrets engine, the
/creds/{name}
endpoint was being incorrectly documented as/creds
- fixed (closes #18488).In the GCP secrets engine, the
/roleset
and/static-account
endpoints were missing - fixed.In the KV v2 secrets engine, the/.*
endpoint, which already had no visible operations since they are all marked asUnpublished
, is now removed from the OpenAPI document entirely, since'/.*
is not a valid OpenAPI path pattern.In the PKI secrets engine, widespread inaccuracies are fixed (closes #18484):
The following endpoints, which were incorrectly undocumented, are added:
The following endpoints, which were documented but don't actually exist, are removed:
In the RADIUS auth method,
/login
endpoint no longer documents an incorrecturlusername
field in the request body.In the
/sys/plugins/catalog/{type}/{name}
endpoint, thetype
parameter is now no longer also incorrectly included in the request body.In the
/sys/tools/hash
endpoints, theurlalgorithm
parameter is now no longer incorrectly included in the request body.In the
/sys/tools/random
and/transit/random
endpoints, thesource
andurlbytes
parameters are now no longer incorrectly included in the request body.In various
/transit/
endpoints, theurlalgorithm
parameter is now no longer incorrectly included in the request body.In the
/transit/restore
endpoints, thename
parameter is now no longer incorrectly included in the request body.These "parameter is now no longer incorrectly included in the request body" fixes are helpful, but accidental, and dependent on another bug - the request schema for multiple expansions for the same endpoint overwrites each other, with last generated wins, and the generation is simply happening in a more convenient order in this version of the code.
Overview of commits