Listeners: Redaction only for TCP (#23592)

* redaction should only work for TCP listeners, also fix bug that allowed custom response headers for unix listeners * fix failing test * updates from PR feedback
2025-11-03 12:07:54 +00:00 · 2023-10-11 17:38:05 +01:00
parent 525bf2f894
commit 813c786032
6 changed files with 113 additions and 24 deletions
--- a/command/server/config_test_helpers.go
+++ b/command/server/config_test_helpers.go
@@ -793,7 +793,7 @@ func testConfig_Sanitized(t *testing.T) {
 					"address":          "127.0.0.1:443",
 					"chroot_namespace": "admin/",
 				},
-				"type": "tcp",
+				"type": configutil.TCP,
 			},
 		},
 		"log_format":       "",
@@ -890,6 +890,15 @@ listener "tcp" {
  redact_addresses = true
  redact_cluster_name = true
  redact_version = true
+}
+listener "unix" {
+  address = "/var/run/vault.sock"
+  socket_mode = "644"
+  socket_user = "1000"
+  socket_group = "1000"
+  redact_addresses = true
+  redact_cluster_name = true
+  redact_version = true
 }`))

 	config := Config{
@@ -903,16 +912,14 @@ listener "tcp" {
 	config.Listeners = listeners
 	// Track which types of listener were found.
 	for _, l := range config.Listeners {
-		config.found(l.Type, l.Type)
+		config.found(l.Type.String(), l.Type.String())
 	}

-	if len(config.Listeners) == 0 {
-		t.Fatalf("expected at least one listener in the config")
-	}
-	listener := config.Listeners[0]
-	if listener.Type != "tcp" {
-		t.Fatalf("expected tcp listener in the config")
-	}
+	require.Len(t, config.Listeners, 2)
+	tcpListener := config.Listeners[0]
+	require.Equal(t, configutil.TCP, tcpListener.Type)
+	unixListner := config.Listeners[1]
+	require.Equal(t, configutil.Unix, unixListner.Type)

 	expected := &Config{
 		SharedConfig: &configutil.SharedConfig{
@@ -946,6 +953,16 @@ listener "tcp" {
 					RedactClusterName:     true,
 					RedactVersion:         true,
 				},
+				{
+					Type:              "unix",
+					Address:           "/var/run/vault.sock",
+					SocketMode:        "644",
+					SocketUser:        "1000",
+					SocketGroup:       "1000",
+					RedactAddresses:   false,
+					RedactClusterName: false,
+					RedactVersion:     false,
+				},
 			},
 		},
 	}