Support trimming trailing slashes via a mount tuneable to support CMPv2 (#28752)

* Support trimming trailing slashes via a mount tuneable to support CMPv2 * changelog/ * Perform trimming in handleLoginRequest too * Eagerly fetch the mount entry so we only test this once * Add a mount match function that gets path and entry * Update vault/request_handling.go Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * more docs * Some patches (from ENT) didnt apply * patch fail * Update vault/router.go Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * PR feedback * dupe * another dupe * Add support for enabling trim_request_trailing_slashes on mount creation * Fix read mount api returning configuration for trim_request_trailing_slashes * Fix test assertion * Switch enable and tune arguments to BoolPtrVal to allow end-users to specify false flag * Add trim-request-trailing-slashes to the auth enable API and CLI --------- Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2025-11-04 04:28:08 +00:00 · 2024-10-24 10:47:17 -05:00
parent 314874c2b1
commit 415d260995
21 changed files with 292 additions and 140 deletions
--- a/command/auth_tune.go
+++ b/command/auth_tune.go
@@ -40,6 +40,7 @@ type AuthTuneCommand struct {
 	flagUserLockoutCounterResetDuration time.Duration
 	flagUserLockoutDisable              bool
 	flagIdentityTokenKey                string
+	flagTrimRequestTrailingSlashes      BoolPtr
 }

 func (c *AuthTuneCommand) Synopsis() string {
@@ -195,6 +196,11 @@ func (c *AuthTuneCommand) Flags() *FlagSets {
 		Usage: "Select the semantic version of the plugin to run. The new version must be registered in " +
 			"the plugin catalog, and will not start running until the plugin is reloaded.",
 	})
+	f.BoolPtrVar(&BoolPtrVar{
+		Name:   flagNameTrimRequestTrailingSlashes,
+		Target: &c.flagTrimRequestTrailingSlashes,
+		Usage:  "Whether to trim trailing slashes for incoming requests to this mount",
+	})

 	f.StringVar(&StringVar{
 		Name:    flagNameIdentityTokenKey,
@@ -306,6 +312,11 @@ func (c *AuthTuneCommand) Run(args []string) int {
 		if fl.Name == flagNameIdentityTokenKey {
 			mountConfigInput.IdentityTokenKey = c.flagIdentityTokenKey
 		}
+
+		if fl.Name == flagNameTrimRequestTrailingSlashes && c.flagTrimRequestTrailingSlashes.IsSet() {
+			val := c.flagTrimRequestTrailingSlashes.Get()
+			mountConfigInput.TrimRequestTrailingSlashes = &val
+		}
 	})

 	// Append /auth (since that's where auths live) and a trailing slash to