Vault: [Namespaces] "root" should be a reserved name and refer to the root namespace

I noticed yall implemented this change in January. Thanks! I'm just getting around to testing

@calvn Can you confirm if i'm missing something because the replacement doesnt appear to be working

$ vault --version
Vault v1.1.2+prem ('<redacted because im not sure how this is used>')

WORKING:

$ curl -H 'X-Vault-Token: <redacted)' -k https://127.0.0.1:8200/v1/database/config/test
{"request_id":"<redacted>","lease_id":"","renewable":false,"lease_

NOT WORKING:

$ curl -H 'X-Vault-Namespace: root' -H 'X-Vault-Token: <redacted>' -k https://127.0.0.1:8200/v1/database/config/test
{"errors":["no handler for route 'root/database/config/test'"]}

@briankassouf i cant reopen this but it may need to be reopened

@drewmullen can you try with root/?

actually that did work so thats good. it would be great if that wasnt required though :D

Yep, that case should be handled as well. Thanks for reporting!

alright so im testing on 1.1.3 - only 1 thing to report! thanks again for this feature!

Working:
cli - environment var VAULT_NAMESPACE
cli - path argument -ns=root
header - X-Vault-Namespace

Not working:
directly in the path:
curl -H "X-Vault-Token: <redacted>" -k https://vault.example.com:8200/v1/root/sys/mounts

"errors": [
    "no handler for route 'root/sys/mounts'"
  ]

luckily for me, my main access point is hvac which passes it as a header so thats not a big deal for me. so this isnt a huge deal but i figured id report it anyways

https://github.com/hvac/hvac/blob/c013371a43d30b5b54407f3fea2f2fd76bbe5934/hvac/adapters.py#L249

@drewmullen that's a proper error for this particular case. Under the hood, when root/ is provided via the working methods that you've listed, we simply route it to /, so the root namespace is not really under root/.

cool - thanks for letting me know