Detailed Description
The Vault integration incorrectly determines the KV engine version based on the value of mountPath. Specifically, KV v2 is only used when mountPath == "kv2", which conflates the Vault mount name with the KV version.
This causes issues when using a KV v2 engine mounted under a different name (e.g., testing-path). In such cases, the exporter either:
incorrectly uses KV v1 logic, or
generates invalid API paths when forcing mountPath to "kv2"
Expected Behavior
The exporter should:
Treat mountPath as the actual Vault mount name (e.g., itesting-path)
Independently determine or configure the KV version (v1 vs v2)
Correctly construct API calls like:
/v1/<mountPath>/data/<secretPath>
for KV v2
Current Behavior
KV v2 logic is only triggered when mountPath == "kv2"
If the actual mount name is used (e.g., testing-path), the exporter falls back to KV v1 parsing and fails to read fields like user
If mountPath is set to "kv2" to force KV v2, the exporter generates incorrect API calls such as:
/v1/kv2/data/testing-path/data/<secret>
which results in errors (e.g., 403 or invalid path)
Detailed Description
The Vault integration incorrectly determines the KV engine version based on the value of mountPath. Specifically, KV v2 is only used when mountPath == "kv2", which conflates the Vault mount name with the KV version.
This causes issues when using a KV v2 engine mounted under a different name (e.g., testing-path). In such cases, the exporter either:
incorrectly uses KV v1 logic, or
generates invalid API paths when forcing mountPath to "kv2"
Expected Behavior
The exporter should:
Treat mountPath as the actual Vault mount name (e.g., itesting-path)
Independently determine or configure the KV version (v1 vs v2)
Correctly construct API calls like:
for KV v2
Current Behavior
KV v2 logic is only triggered when mountPath == "kv2"
If the actual mount name is used (e.g., testing-path), the exporter falls back to KV v1 parsing and fails to read fields like user
If mountPath is set to "kv2" to force KV v2, the exporter generates incorrect API calls such as:
which results in errors (e.g., 403 or invalid path)