How to list Vault child namespaces

Avatar
Florin Țiucra-Popa
  • Updated

Introduction

On particular occasions, a Vault administrator needs to identify all the child namespaces starting from a specific point or from the rootnamespace. This how-to aims to simplify this task by leveraging a shell script. 

 

Prerequisites

  • This how-to article is valid only for the Enterprise version of Vault.
  • Bash version 5.1 or BusyBox version 1.33.1 onwards.

Overview

If for example there are multiple child namespaces named ns1, ns2, ns3, ns1/ns11, ns1/ns12andns3/ns31/ns32/ns34, it might be difficult to get all the child namespaces with a single command.
The following script can leverage the effort by parsing recursively, starting from a specific namespace, all the child namespaces within a desired depth. By default, the starting namespace is the  rootnamespace and the default depth is 1.

Procedures

  • Step 1 (optional) - For testing purposes, create a namespace child hierarchy like: ns1,ns2andns3 and ns1/ns11,ns1/ns12andns3/ns31/ns32/ns34or as visual tree: 
root/
├── ns1
│   ├── ns11
│   └── ns12
├── ns2
└── ns3
    └── ns31
        └── ns32
            └── ns34
# Commands for creating the namespaces

$ vault namespace create ns1
$ vault namespace create ns2
$ vault namespace create ns3
$ VAULT_NAMESPACE=ns1 vault namespace create ns11
$ VAULT_NAMESPACE=ns1 vault namespace create ns12
$ VAULT_NAMESPACE=ns3 vault namespace create ns31
$ VAULT_NAMESPACE=ns3/ns31 vault namespace create ns32
$ VAULT_NAMESPACE=ns3/ns31/ns32 vault namespace create ns33
  • Step 2 - Create a Bash shell script for parsing the namespaces with name recursive_namespaces.sh
#!/bin/sh
# First passing argument is the depth
# The second passing argument is the starting namespace

export all_namespaces=""

function getnamespaces()
{
# Recursive function for collecting all the namespaces in a variable
# First argument is the depth of recursivity
# Second argument is the starting namespace
# If the first argument is not a number than we bail out
case $1 in
''|*[!0-9]*) return 1;;
*) : ;;
esac
# If we reach to the last level then we end the recursive loop
[[ $1 -lt 1 ]] && return 0

for i in $(vault namespace list -ns=$2 2>>/dev/null |sed -e '1,2d') ; do
{
export all_namespaces=$(echo $all_namespaces "$2$i")
if [ "X$2" == "X" ] ; then
[ $1 -gt 1 ] && getnamespaces $(($1 - 1 )) "$i"
else
[ $1 -gt 1 ] && getnamespaces $(($1 - 1 )) "$2$i"
fi
}
done
return 0
}

# Getting all arguments from OS as ARGS
# By default we use the level depth 1

case $1 in
''|*[!0-9]*) export level=1;;
*) export level=$(echo $1) ; level=${level:=1};;
esac

namespace=$(echo $2)
namespace=${namespace:=root}

# If the namespace is default we empty the namespace starting point
[ "X${namespace}" == "Xroot" ] && export namespace=""

# If the namespace is not empty we ensure that the last character is '/'
if [ "X${namespace}" == "X" ] ; then
:
else
[ $(echo ${2: -1}) == '/' ] || export namespace="${namespace}/"
fi

echo "### Searching namespaces starting with $namespace ."
getnamespaces $level $namespace
echo "$all_namespaces ###" |sed 's/ /\n/g'
  • Step 3 - Example of how to execute the Bash script for parsing the namespaces with default depth level=2 starting from rootnamespace 
sh recursive_namespaces.sh 2
### Searching namespaces starting with .
ns1/
ns1/ns11/
ns1/ns12/
ns1/ns2/
ns1/ns3/
ns2/
ns3/
ns3/ns31/
###
  • Step 4 - Example of how to execute the Bash script for parsing the namespaces with default depth level=3 starting from ns3/ns31namespace: 
sh recursive_namespaces.sh 3 ns3/ns31
### Searching namespaces starting with ns3/ns31/ .
ns3/ns31/ns32/
ns3/ns31/ns32/ns33/
###

Additional Information: 

Articles in this section

See more

Related articles