Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make API not depend on SDK #18962

Merged
merged 10 commits into from
Feb 6, 2023
Merged

Make API not depend on SDK #18962

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1434d4a
Make API not depend on SDK.
ncabatoff Feb 2, 2023
64d96ab
Add CL.
ncabatoff Feb 2, 2023
4341581
Fix method call.
ncabatoff Feb 2, 2023
089dcfd
Document file duplication.
ncabatoff Feb 2, 2023
3dea203
Fix a build failure.
ncabatoff Feb 2, 2023
c2e3888
Fix a test failure.
ncabatoff Feb 3, 2023
594f24d
Still more plugin test fallout from moving plugin consts to api.
ncabatoff Feb 3, 2023
1740ebb
Use branch from https://github.com/hashicorp/vault-testing-stepwise/p…
ncabatoff Feb 3, 2023
86bbf91
Fix some stepwise tests, import stepwise main branch latest.
ncabatoff Feb 3, 2023
4208f53
Simplify `vault monitor` test.
ncabatoff Feb 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions api/auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ package api
import (
"context"
"testing"

"github.com/hashicorp/vault/sdk/logical"
)

type mockAuthMethod struct {
Expand Down Expand Up @@ -91,7 +89,7 @@ func TestAuth_MFALoginTwoPhase(t *testing.T) {
m: &mockAuthMethod{
mockedSecret: &Secret{
Auth: &SecretAuth{
MFARequirement: &logical.MFARequirement{
MFARequirement: &MFARequirement{
MFARequestID: "a-req-id",
MFAConstraints: nil,
},
Expand Down
49 changes: 32 additions & 17 deletions api/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,9 @@ import (
"github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"golang.org/x/net/http2"
"golang.org/x/time/rate"

"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

const (
Expand All @@ -56,7 +53,19 @@ const (
HeaderIndex = "X-Vault-Index"
HeaderForward = "X-Vault-Forward"
HeaderInconsistent = "X-Vault-Inconsistent"
TLSErrorString = "This error usually means that the server is running with TLS disabled\n" +

// NamespaceHeaderName is the header set to specify which namespace the
// request is indented for.
NamespaceHeaderName = "X-Vault-Namespace"

// AuthHeaderName is the name of the header containing the token.
AuthHeaderName = "X-Vault-Token"

// RequestHeaderName is the name of the header used by the Agent for
// SSRF protection.
RequestHeaderName = "X-Vault-Request"

TLSErrorString = "This error usually means that the server is running with TLS disabled\n" +
"but the client is configured to use TLS. Please either enable TLS\n" +
"on the server or run the client with -address set to an address\n" +
"that uses the http protocol:\n\n" +
Expand Down Expand Up @@ -621,7 +630,7 @@ func NewClient(c *Config) (*Client, error) {
}

// Add the VaultRequest SSRF protection header
client.headers[consts.RequestHeaderName] = []string{"true"}
client.headers[RequestHeaderName] = []string{"true"}

if token := os.Getenv(EnvVaultToken); token != "" {
client.token = token
Expand Down Expand Up @@ -938,15 +947,15 @@ func (c *Client) setNamespace(namespace string) {
c.headers = make(http.Header)
}

c.headers.Set(consts.NamespaceHeaderName, namespace)
c.headers.Set(NamespaceHeaderName, namespace)
}

// ClearNamespace removes the namespace header if set.
func (c *Client) ClearNamespace() {
c.modifyLock.Lock()
defer c.modifyLock.Unlock()
if c.headers != nil {
c.headers.Del(consts.NamespaceHeaderName)
c.headers.Del(NamespaceHeaderName)
}
}

Expand All @@ -958,7 +967,7 @@ func (c *Client) Namespace() string {
if c.headers == nil {
return ""
}
return c.headers.Get(consts.NamespaceHeaderName)
return c.headers.Get(NamespaceHeaderName)
}

// WithNamespace makes a shallow copy of Client, modifies it to use
Expand Down Expand Up @@ -1292,7 +1301,7 @@ func (c *Client) rawRequestWithContext(ctx context.Context, r *Request) (*Respon
checkRetry := c.config.CheckRetry
backoff := c.config.Backoff
httpClient := c.config.HttpClient
ns := c.headers.Get(consts.NamespaceHeaderName)
ns := c.headers.Get(NamespaceHeaderName)
outputCurlString := c.config.OutputCurlString
outputPolicy := c.config.OutputPolicy
logger := c.config.Logger
Expand All @@ -1305,9 +1314,9 @@ func (c *Client) rawRequestWithContext(ctx context.Context, r *Request) (*Respon
// e.g. calls using (*Client).WithNamespace
switch ns {
case "":
r.Headers.Del(consts.NamespaceHeaderName)
r.Headers.Del(NamespaceHeaderName)
default:
r.Headers.Set(consts.NamespaceHeaderName, ns)
r.Headers.Set(NamespaceHeaderName, ns)
}

for _, cb := range c.requestCallbacks {
Expand Down Expand Up @@ -1460,8 +1469,8 @@ func (c *Client) httpRequestWithContext(ctx context.Context, r *Request) (*Respo
}
}
// explicitly set the namespace header to current client
if ns := c.headers.Get(consts.NamespaceHeaderName); ns != "" {
r.Headers.Set(consts.NamespaceHeaderName, ns)
if ns := c.headers.Get(NamespaceHeaderName); ns != "" {
r.Headers.Set(NamespaceHeaderName, ns)
}
}

Expand All @@ -1482,7 +1491,7 @@ func (c *Client) httpRequestWithContext(ctx context.Context, r *Request) (*Respo
req.Host = r.URL.Host

if len(r.ClientToken) != 0 {
req.Header.Set(consts.AuthHeaderName, r.ClientToken)
req.Header.Set(AuthHeaderName, r.ClientToken)
}

if len(r.WrapTTL) != 0 {
Expand Down Expand Up @@ -1672,7 +1681,13 @@ func MergeReplicationStates(old []string, new string) []string {
return strutil.RemoveDuplicates(ret, false)
}

func ParseReplicationState(raw string, hmacKey []byte) (*logical.WALState, error) {
type WALState struct {
ClusterID string
LocalIndex uint64
ReplicatedIndex uint64
}

func ParseReplicationState(raw string, hmacKey []byte) (*WALState, error) {
cooked, err := base64.StdEncoding.DecodeString(raw)
if err != nil {
return nil, err
Expand Down Expand Up @@ -1710,7 +1725,7 @@ func ParseReplicationState(raw string, hmacKey []byte) (*logical.WALState, error
return nil, fmt.Errorf("invalid replicated index in state header: %w", err)
}

return &logical.WALState{
return &WALState{
ClusterID: pieces[1],
LocalIndex: localIndex,
ReplicatedIndex: replicatedIndex,
Expand Down
5 changes: 2 additions & 3 deletions api/client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (

"github.com/go-test/deep"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/helper/consts"
)

func init() {
Expand Down Expand Up @@ -442,7 +441,7 @@ func TestClientDeprecatedEnvSettings(t *testing.T) {
func TestClientEnvNamespace(t *testing.T) {
var seenNamespace string
handler := func(w http.ResponseWriter, req *http.Request) {
seenNamespace = req.Header.Get(consts.NamespaceHeaderName)
seenNamespace = req.Header.Get(NamespaceHeaderName)
}
config, ln := testHTTPServer(t, http.HandlerFunc(handler))
defer ln.Close()
Expand Down Expand Up @@ -1267,7 +1266,7 @@ func TestClient_SetCloneToken(t *testing.T) {
func TestClientWithNamespace(t *testing.T) {
var ns string
handler := func(w http.ResponseWriter, req *http.Request) {
ns = req.Header.Get(consts.NamespaceHeaderName)
ns = req.Header.Get(NamespaceHeaderName)
}
config, ln := testHTTPServer(t, http.HandlerFunc(handler))
defer ln.Close()
Expand Down
27 changes: 2 additions & 25 deletions api/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,46 +14,23 @@ require (
github.com/hashicorp/go-retryablehttp v0.6.6
github.com/hashicorp/go-rootcerts v1.0.2
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
github.com/hashicorp/hcl v1.0.0
github.com/hashicorp/vault/sdk v0.7.0
github.com/mitchellh/mapstructure v1.5.0
golang.org/x/net v0.5.0
golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1
gopkg.in/square/go-jose.v2 v2.5.1
)

require (
github.com/armon/go-metrics v0.3.9 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/fatih/color v1.7.0 // indirect
github.com/frankban/quicktest v1.13.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-kms-wrapping/v2 v2.0.6 // indirect
github.com/hashicorp/go-plugin v1.4.5 // indirect
github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/google/go-cmp v0.5.7 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/go-uuid v1.0.2 // indirect
github.com/hashicorp/go-version v1.2.0 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
github.com/mattn/go-colorable v0.1.6 // indirect
github.com/mattn/go-isatty v0.0.12 // indirect
github.com/mitchellh/copystructure v1.0.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-testing-interface v1.0.0 // indirect
github.com/mitchellh/reflectwalk v1.0.0 // indirect
github.com/oklog/run v1.0.0 // indirect
github.com/pierrec/lz4 v2.5.2+incompatible // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
golang.org/x/crypto v0.5.0 // indirect
golang.org/x/sys v0.4.0 // indirect
golang.org/x/text v0.6.0 // indirect
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
google.golang.org/grpc v1.41.0 // indirect
google.golang.org/protobuf v1.27.1 // indirect
)
Loading