Make API not depend on SDK (#18962)

2025-11-01 02:57:59 +00:00 · 2023-02-06 09:41:56 -05:00
parent b5d7d47ca2
commit 192baa88db
39 changed files with 315 additions and 449 deletions
--- a/api/ssh_agent.go
+++ b/api/ssh_agent.go
@@ -15,7 +15,6 @@ import (
 	rootcerts "github.com/hashicorp/go-rootcerts"
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/hcl/hcl/ast"
-	"github.com/hashicorp/vault/sdk/helper/hclutil"
 	"github.com/mitchellh/mapstructure"
 )

@@ -169,7 +168,7 @@ func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error) {
 		"tls_skip_verify",
 		"tls_server_name",
 	}
-	if err := hclutil.CheckHCLKeys(list, valid); err != nil {
+	if err := CheckHCLKeys(list, valid); err != nil {
 		return nil, multierror.Prefix(err, "ssh_helper:")
 	}

@@ -185,6 +184,33 @@ func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error) {
 	return &c, nil
 }

+func CheckHCLKeys(node ast.Node, valid []string) error {
+	var list *ast.ObjectList
+	switch n := node.(type) {
+	case *ast.ObjectList:
+		list = n
+	case *ast.ObjectType:
+		list = n.List
+	default:
+		return fmt.Errorf("cannot check HCL keys of type %T", n)
+	}
+
+	validMap := make(map[string]struct{}, len(valid))
+	for _, v := range valid {
+		validMap[v] = struct{}{}
+	}
+
+	var result error
+	for _, item := range list.Items {
+		key := item.Keys[0].Token.Value().(string)
+		if _, ok := validMap[key]; !ok {
+			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
+		}
+	}
+
+	return result
+}
+
 // SSHHelper creates an SSHHelper object which can talk to Vault server with SSH backend
 // mounted at default path ("ssh").
 func (c *Client) SSHHelper() *SSHHelper {