Merge pull request #2016 from sofixa/add_vault_kv_subkeys

support Vault KV subkeys to avoid consul-template adding /data/ to the path

dependency/vault_read.go

@@ -212,9 +212,9 @@ func shimKVv2Path(rawPath, mountPath, clientNamespace string) string {
 		// Trim (mount path - client namespace) from the raw path
 		p := strings.TrimPrefix(rawPath, rawPathNsAndMountPath)
 
-		// Only add /data/ prefix to the path if neither /data/ or /metadata/ are
+		// Only add /data/ prefix to the path if neither /data/, or /metadata/ or /subkeys/ are
 		// present.
-		if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") {
+		if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") || strings.HasPrefix(p, "subkeys/") {
 			return rawPath
 		}
 

dependency/vault_read_test.go

@@ -706,7 +706,22 @@ func TestShimKVv2Path(t *testing.T) {
 			"secret/",
 			"secret/data/foometadata/foo/bar",
 			"",
-		}, {
+		},
+		{
+			"prefix not added to subkeys",
+			"secret/subkeys/foo",
+			"secret/",
+			"secret/subkeys/foo",
+			"",
+		},
+		{
+			"prefix added with subkeys* in subpath",
+			"secret/subkeysfoo/foo/bar",
+			"secret/",
+			"secret/data/subkeysfoo/foo/bar",
+			"",
+		},
+		{
 			"prefix added to mount path",
 			"secret/",
 			"secret/",