diff --git a/esp/esdllib/docs/getSecretKeyValue.md b/esp/esdllib/docs/getSecretKeyValue.md index b6d2e1d9783..b2f11db072f 100644 --- a/esp/esdllib/docs/getSecretKeyValue.md +++ b/esp/esdllib/docs/getSecretKeyValue.md @@ -1,13 +1,9 @@ #### getSecretKeyValue - string getSecretKeyValue(key, secretName) - string getSecretKeyValue(key, secretName, vaultId) - string getSecretKeyValue(key, secretName, vaultId, version) + string getSecretKeyValue(secretId, key) -Lookup an *espUser* categorized secret based on a combination of name, vault ID, and version, and extract the property value identified by `key`. Because this function enables exposure of all data in the named secret, only secrets defined in the *espUser* category can be accessed with this function. +Lookup an *espUser* categorized secret based on a secret identifier, and extract the property value identified by `key`. Because this function enables exposure of all data in the named secret, only secrets defined in the *espUser* category can be accessed with this function. | Parameter | Required? | Description | | :- | :-: | :- | | key | Y | An identifier of a possible secret property value. | -| secretName | Y | The name of a potential secret. | -| vaultId | N | An identifier of the repository presumed to hold the named secret. | -| version | N | The requested version of the named secret. | +| secretId | Y | The identity of a secret, expressed as `[ vaultId "::" ] secretName [ "::" version ]`. A `secretName` is required always, and a `vaultId` is required before a version can be given. | diff --git a/esp/esdlscriptlib/esdl_xpath_extensions_libxml.cpp b/esp/esdlscriptlib/esdl_xpath_extensions_libxml.cpp index 736c51079ad..a477b2b51be 100644 --- a/esp/esdlscriptlib/esdl_xpath_extensions_libxml.cpp +++ b/esp/esdlscriptlib/esdl_xpath_extensions_libxml.cpp @@ -1058,43 +1058,23 @@ static void getSecretKeyValueExtFunc(xmlXPathParserContextPtr ctxt, int nargs) xmlXPathSetError((ctxt), XPATH_INVALID_CTXT); return; } - - SecretId id(""); - StringBuffer key; - xmlChar* tmp; - switch (nargs) + if (nargs != 2) { - case 4: // version - tmp = xmlXPathPopString(ctxt); - if (xmlXPathCheckError(ctxt)) - return; - id.version.set((const char*)tmp); - xmlFree(tmp); - // fall through - case 3: // vault ID - tmp = xmlXPathPopString(ctxt); - if (xmlXPathCheckError(ctxt)) - return; - id.vault.set((const char*)tmp); - xmlFree(tmp); - // fall through - case 2: // key, secret name - tmp = xmlXPathPopString(ctxt); - if (xmlXPathCheckError(ctxt)) - return; - id.name.set((const char*)tmp); - xmlFree(tmp); - tmp = xmlXPathPopString(ctxt); - if (xmlXPathCheckError(ctxt)) - return; - key.append((const char*)tmp); - xmlFree(tmp); - break; - default: xmlXPathSetArityError(ctxt); return; } + xmlChar* tmp = xmlXPathPopString(ctxt); + if (xmlXPathCheckError(ctxt)) + return; + StringBuffer key((const char*)tmp); + xmlFree(tmp); + tmp = xmlXPathPopString(ctxt); + if (xmlXPathCheckError(ctxt)) + return; + SecretId id((const char*)tmp); + xmlFree(tmp); + Owned secret(scriptContext->getSecret("espUser", id)); if (!secret) {