From 6ebc53d0aeebf66ee83b8394ee2eb31d71e953d8 Mon Sep 17 00:00:00 2001
From: Adrian Todorov <adrian.todorov@hashicorp.com>
Date: Tue, 14 Jan 2025 17:50:46 +0100
Subject: [PATCH 1/2] support Vault KV subkeys to avoid consul-template adding
 /data/ to the path

---
 dependency/vault_read.go      |  4 ++--
 dependency/vault_read_test.go | 17 ++++++++++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/dependency/vault_read.go b/dependency/vault_read.go
index c2f837e4d..005e54980 100644
--- a/dependency/vault_read.go
+++ b/dependency/vault_read.go
@@ -212,9 +212,9 @@ func shimKVv2Path(rawPath, mountPath, clientNamespace string) string {
 		// Trim (mount path - client namespace) from the raw path
 		p := strings.TrimPrefix(rawPath, rawPathNsAndMountPath)
 
-		// Only add /data/ prefix to the path if neither /data/ or /metadata/ are
+		// Only add /data/ prefix to the path if neither /data/, or /metadata/ or /subkeys/ are
 		// present.
-		if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") {
+		if strings.HasPrefix(p, "data/") || strings.HasPrefix(p, "metadata/") || strings.HasPrefix(p, "subkeys/") {
 			return rawPath
 		}
 
diff --git a/dependency/vault_read_test.go b/dependency/vault_read_test.go
index 9dc0daaaf..2a9ed8004 100644
--- a/dependency/vault_read_test.go
+++ b/dependency/vault_read_test.go
@@ -706,7 +706,22 @@ func TestShimKVv2Path(t *testing.T) {
 			"secret/",
 			"secret/data/foometadata/foo/bar",
 			"",
-		}, {
+		},
+		{
+			"prefix not added to subkeys",
+			"/secret/subkeys/foo",
+			"secret/",
+			"secret/subkeys/foo",
+			"",
+		},
+		{
+			"prefix added with subkeys* in subpath",
+			"/secret/subkeysfoo/foo/bar",
+			"secret/",
+			"secret/data/subkeysfoo/foo/bar",
+			"",
+		},
+		{
 			"prefix added to mount path",
 			"secret/",
 			"secret/",

From a513d0cea0d99e6c7c95e6ea18dfa1bdc6030651 Mon Sep 17 00:00:00 2001
From: Adrian Todorov <adrian.ttodorov@gmail.com>
Date: Wed, 29 Jan 2025 17:33:32 +0100
Subject: [PATCH 2/2] Update vault_read_test.go to fix failing test

---
 dependency/vault_read_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dependency/vault_read_test.go b/dependency/vault_read_test.go
index 2a9ed8004..1ef0c03fe 100644
--- a/dependency/vault_read_test.go
+++ b/dependency/vault_read_test.go
@@ -709,14 +709,14 @@ func TestShimKVv2Path(t *testing.T) {
 		},
 		{
 			"prefix not added to subkeys",
-			"/secret/subkeys/foo",
+			"secret/subkeys/foo",
 			"secret/",
 			"secret/subkeys/foo",
 			"",
 		},
 		{
 			"prefix added with subkeys* in subpath",
-			"/secret/subkeysfoo/foo/bar",
+			"secret/subkeysfoo/foo/bar",
 			"secret/",
 			"secret/data/subkeysfoo/foo/bar",
 			"",