func()

in pkg/vault/kv/v2_service.go [94:165]


func (s *kvv2Backend) ReadVersion(ctx context.Context, path string, version uint32) (SecretData, SecretMetadata, error) {
	// Clean path first
	secretPath := vpath.SanitizePath(path)
	if secretPath == "" {
		return nil, nil, fmt.Errorf("unable to query with empty path")
	}

	var (
		secret *api.Secret
		err    error
	)

	// Create a logical client
	if version > 0 {
		// Prepare params
		versionParam := map[string][]string{
			"version": {fmt.Sprintf("%d", version)},
		}

		secret, err = s.logical.ReadWithData(vpath.AddPrefixToVKVPath(secretPath, s.mountPath, "data"), versionParam)
	} else {
		secret, err = s.logical.Read(vpath.AddPrefixToVKVPath(secretPath, s.mountPath, "data"))
	}
	if err != nil {
		return nil, nil, fmt.Errorf("unable to retrieve secret for path '%s': %w", path, err)
	}
	if secret == nil {
		return nil, nil, fmt.Errorf("unable to retrieve secret for path '%s': %w", path, ErrPathNotFound)
	}
	if secret.Data == nil {
		return nil, nil, fmt.Errorf("unable to retrieve secret for path '%s': %w", path, ErrNoData)
	}

	// Check v2 backend
	data, ok := secret.Data["data"]
	if !ok {
		return nil, nil, fmt.Errorf("unable to extract values for path '%s', secret backend supposed to be a v2 but it's not", path)
	}
	metadata, ok := secret.Data["metadata"].(map[string]interface{})
	if !ok {
		return nil, nil, fmt.Errorf("unable to extract metadata for path '%s', secret backend supposed to be a v2 but it's not", path)
	}

	// Check data
	if data == nil {
		return nil, nil, ErrNoData
	}

	// Custom metadata enabled => retrieve secret meatadata.
	if s.customMetadataEnabled {
		rawMeta, errMeta := s.logical.Read(vpath.AddPrefixToVKVPath(secretPath, s.mountPath, "metadata"))
		if errMeta != nil {
			return nil, nil, fmt.Errorf("unable to extract secret metadata for path '%s': %w", path, errMeta)
		}
		if rawMeta == nil {
			return nil, nil, fmt.Errorf("unable to retrieve secret metadata for path '%s': %w", path, ErrPathNotFound)
		}
		if rawMeta.Data == nil {
			return nil, nil, fmt.Errorf("unable to retrieve secret metadata for path '%s': %w", path, ErrNoData)
		}

		// Check if response contains custom_metadata
		if rawCustomMeta, ok := rawMeta.Data["custom_metadata"]; ok {
			if customMeta, ok := rawCustomMeta.(map[string]interface{}); ok {
				metadata["custom_metadata"] = customMeta
			}
		}
	}

	// Return secret value and no error
	return data.(map[string]interface{}), metadata, err
}