Add read_object_by_name method for Vault API

[hexedpackets]

Description

This new endpoint matches the response of the existing ID-based read method. Names have enforced uniqueness.

Documentation

Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.

[x] Yes

If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.

https://github.com/workos/workos/pull/49387

[greptile-apps]

Greptile Summary

Added read_object_by_name method to the Vault API that allows retrieving vault objects by name instead of ID. The implementation mirrors the existing read_object method:

• Added protocol method definition in VaultModule with proper docstring
• Implemented method in Vault class with input validation (checks for empty/None name)
• Makes GET request to /vault/v1/kv/name/{name} endpoint with URL-encoded name parameter
• Returns VaultObject with decrypted value, matching the response format of ID-based read
• Added comprehensive test coverage including success and validation edge cases

The implementation follows established codebase patterns for parameter validation, URL building, and response handling.

Confidence Score: 4/5

• Safe to merge with minor consideration for URL encoding edge cases
• The implementation correctly follows existing patterns and includes proper validation and test coverage. Score reflects one potential edge case around URL encoding of special characters in names (forward slashes aren't percent-encoded by urllib.parse.quote by default), though this may be acceptable if names are validated server-side to disallow such characters
• No files require special attention

Important Files Changed

Filename	Overview
workos/vault.py	Added read_object_by_name method mirroring read_object functionality for name-based lookups; implementation follows existing patterns with proper validation
tests/test_vault.py	Added comprehensive test coverage for read_object_by_name including success case and edge cases (empty string, None); follows existing test patterns

Sequence Diagram

sequenceDiagram
    participant Client
    participant Vault
    participant RequestHelper
    participant HTTPClient
    participant VaultAPI as Vault API

    Client->>Vault: read_object_by_name(name="test-secret")
    Vault->>Vault: Validate name is not empty
    alt name is empty or None
        Vault-->>Client: ValueError("Incomplete arguments")
    end
    Vault->>RequestHelper: build_parameterized_url("vault/v1/kv/name/{name}", name="test-secret")
    RequestHelper->>RequestHelper: URL encode name parameter
    RequestHelper-->>Vault: "vault/v1/kv/name/test-secret"
    Vault->>HTTPClient: request(url, method=GET)
    HTTPClient->>VaultAPI: GET /vault/v1/kv/name/test-secret
    VaultAPI-->>HTTPClient: {id, name, value, metadata}
    HTTPClient-->>Vault: response dict
    Vault->>Vault: VaultObject.model_validate(response)
    Vault-->>Client: VaultObject with decrypted value

Loading

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}