theapsgroup / steampipe-plugin-vault Goto Github PK

This is John from the Steampipe team -- We're excited to have you contributing to the Steampipe plugin community! We will need to work through the mechanics of how exactly the registry publishing process works, as you are the first external contributor -- We will contact you with more details in this regard.

I took a quick look at your plugin today and had a few items that should be addressed:

• Tables names should be singular, not plural

• Generally, date/time fields should use ColumnType_TIMESTAMP.

  • server_time_utc uses ColumnType_INT should probably be converted, and use a ColumnType_TIMESTAMP ( https://github.com/theapsgroup/steampipe-plugin-vault/blob/main/vault/table_health.go#L41 )

• Im not sure why the noop - I don't think you really need the Get at all here? - https://github.com/theapsgroup/steampipe-plugin-vault/blob/main/vault/table_health.go#L29

• The tables don't seem to have many columns. For example, I would minimally expect to see the same data in the vault_kv_secrets as the vault kv get command would return (including the secret data values):
  as

$ vault kv get secret/hello
====== Metadata ======
Key              Value
---              -----
created_time     2021-05-10T20:10:28.307902Z
deletion_time    n/a
destroyed        false
version          2

===== Data =====
Key        Value
---        -----
excited    yes
foo        world

• My knowledge of vault is limited, but I notice that the column names don't always conform to the language used in the CLI. Im not sure what is correct in this case, but it is definitely worth paying attention to, as renaming columns after the plugin is released is a hassle for users. For example, the mountpoint in vault_engines seems to be referred to as path in the CLI output:

$ steampipe query "select * from vault_engines"
+------------+-----------+
| mountpoint | type      |
+------------+-----------+
| sys/       | system    |
| secret/    | kv        |
| identity/  | identity  |
| cubbyhole/ | cubbyhole |
+------------+-----------+

Time: 483.783688ms

Johns-MBP-2:steampipe-plugin-vault jsmyth$ vault secrets list
Path          Type         Accessor              Description
----          ----         --------              -----------
cubbyhole/    cubbyhole    cubbyhole_03ad4f03    per-token private secret storage
identity/     identity     identity_37451878     identity store
secret/       kv           kv_63726df9           key/value secret storage
sys/          system       system_ac4bc3bf       system endpoints used for control, policy and debugging

Likewise, vault_kv_secrets uses the name path where the CLI refers to key:

$ steampipe query "select * from vault_kv_secrets"
+--------+------------+
| path   | mountpoint |
+--------+------------+
| /hello | secret/    |
+--------+------------+


$ vault kv list secret
Keys
----
hello

I look forward to continued collaboration, and feel free to reach out in the Slack or Github!

As part of periodic Steampipe maintenance all plugins should be upgraded to use SDK 1.8.2 as well as golang v1.17.

I'm currently working on getting a count of secrets in our Vault instance and have noticed that the steampipe-plugin-vault does not appear to have a way to get info from version 1 of the secrets engine.

it's able to recognize v1 as type = kv:

> select path from vault_engine where type = 'kv';
+-----------------+
| path            |
+-----------------+
| aws-root-creds/ | # v2 
| configs/        |  # v2 
| kv/             |  # v1
+-----------------+

but does not get any counts etc from the v1 engine:

> select count(key) from vault_kv_secret where path = 'configs/';
+-------+
| count |
+-------+
| 32    |
+-------+

vs

> select count(key) from vault_kv_secret where path = 'kv/';
+-------+
| count |
+-------+
| 0     |
+-------+

It's been a while since we've updated the Vault SDK, should be updated to latest version along with a run-though of all existing tables to ensure columns are up to date - any (potential) new tables should be raised as separate issues.

It's been a while so we should updated the Steampipe SDK to v5.0.1 (or v5.1.0 if released).

just now installed steampipe and vault plugin. every command related to vault fails with the same error
` select * from vault_engine
Error: rpc error: code = Internal desc = list call listEngines failed with panic runtime error: invalid memory address or nil pointer dereference

select * from vault_engine;
Error: rpc error: code = Internal desc = list call listEngines failed with panic runtime error: invalid memory address or nil pointer dereference
select * from vault.vault_engine;
Error: rpc error: code = Internal desc = list call listEngines failed with panic runtime error: invalid memory address or nil pointer dereference
select * from vault.vault_kv_secret
Error: rpc error: code = Internal desc = list call listSecrets failed with panic runtime error: invalid memory address or nil pointer dereference
select * from vault.vault_sys_health
Error: rpc error: code = Internal desc = list call getSysHealth failed with panic runtime error: invalid memory address or nil pointer dereference
`
VAULT_TOKEN and VAULT_ADDR are set

other plugins such as gitlab are working fine
steampipe plugin list

+----------------------------------------------------+---------+-------------+
| Name | Version | Connections |
+----------------------------------------------------+---------+-------------+
| hub.steampipe.io/plugins/theapsgroup/gitlab@latest | 0.0.3 | gitlab |
| hub.steampipe.io/plugins/theapsgroup/vault@latest | 0.0.4 | vault |
| hub.steampipe.io/plugins/turbot/aws@latest | 0.34.0 | aws |
| hub.steampipe.io/plugins/turbot/docker@latest | 0.0.2 | docker |
| hub.steampipe.io/plugins/turbot/steampipe@latest | 0.1.3 | steampipe |
+----------------------------------------------------+---------+-------------+

Upgrade to:
steampipe-plugin-sdk v3.1.0
Go version 1.18