Skip to content

Commit

Permalink
If we get a 405 doing an HTTP PATCH, assume the server is pre-1.9 and…
Browse files Browse the repository at this point in the history
… fall back to old readThenWrite approach (#13615)
  • Loading branch information
ncabatoff committed Jan 11, 2022
1 parent ea03f6a commit 00e63eb
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
3 changes: 3 additions & 0 deletions changelog/13615.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
cli: Fix using kv patch with older server versions that don't support HTTP PATCH.
```
7 changes: 7 additions & 0 deletions command/kv_patch.go
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,13 @@ func (c *KVPatchCommand) mergePatch(client *api.Client, path string, newData map

secret, err := client.Logical().JSONMergePatch(context.Background(), path, data)
if err != nil {
// If it's a 405, that probably means the server is running a pre-1.9
// Vault version that doesn't support the HTTP PATCH method.
// Fall back to the old way of doing it if the user didn't specify a -method.
// If they did, and it was "patch", then just error.
if re, ok := err.(*api.ResponseError); ok && re.StatusCode == 405 && rwFallback {
return c.readThenWrite(client, path, newData)
}
// If it's a 403, that probably means they don't have the patch capability in their policy. Fall back to
// the old way of doing it if the user didn't specify a -method. If they did, and it was "patch", then just error.
if re, ok := err.(*api.ResponseError); ok && re.StatusCode == 403 && rwFallback {
Expand Down

0 comments on commit 00e63eb

Please sign in to comment.