scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.

Browse Source
This commit is contained in:
Jeff Mitchell
2015-08-20 13:20:35 -07:00
parent 440b11c279
commit b81fcab150
6 changed files with 20 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
http/handler.go
View File

@@ -40,11 +40,11 @@ func Handler(core *vault.Core) http.Handler {
mux.Handle("/v1/sys/audit/", handleSysAudit(core)) mux.Handle("/v1/sys/audit/", handleSysAudit(core))
mux.Handle("/v1/sys/leader", handleSysLeader(core)) mux.Handle("/v1/sys/leader", handleSysLeader(core))
mux.Handle("/v1/sys/health", handleSysHealth(core)) mux.Handle("/v1/sys/health", handleSysHealth(core))
mux.Handle("/v1/sys/rotate", handleSysRotate(core)) mux.Handle("/v1/sys/rotate", proxySysRequest(core))
mux.Handle("/v1/sys/key-status", handleSysKeyStatus(core)) mux.Handle("/v1/sys/key-status", proxySysRequest(core))
mux.Handle("/v1/sys/rekey/init", handleSysRekeyInit(core)) mux.Handle("/v1/sys/rekey/init", handleSysRekeyInit(core))
mux.Handle("/v1/sys/rekey/update", handleSysRekeyUpdate(core)) mux.Handle("/v1/sys/rekey/update", handleSysRekeyUpdate(core))
mux.Handle("/v1/", handleLogical(core)) mux.Handle("/v1/", handleLogical(core, false))
// Wrap the handler in another handler to trigger all help paths. // Wrap the handler in another handler to trigger all help paths.
handler := handleHelpHandler(mux, core) handler := handleHelpHandler(mux, core)
@@ -214,6 +214,10 @@ func respondOk(w http.ResponseWriter, body interface{}) {
} }
} }
func proxySysRequest(core *vault.Core) http.Handler {
return handleLogical(core, true)
}
type ErrorResponse struct { type ErrorResponse struct {
Errors []string `json:"errors"` Errors []string `json:"errors"`
} }

15
http/logical.go
View File

@@ -11,7 +11,7 @@ import (
"github.com/hashicorp/vault/vault" "github.com/hashicorp/vault/vault"
) )
func handleLogical(core *vault.Core) http.Handler { func handleLogical(core *vault.Core, dataOnly bool) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Determine the path... // Determine the path...
if !strings.HasPrefix(r.URL.Path, "/v1/") { if !strings.HasPrefix(r.URL.Path, "/v1/") {
@@ -72,17 +72,22 @@ func handleLogical(core *vault.Core) http.Handler {
} }
// Build the proper response // Build the proper response
respondLogical(w, r, path, resp) respondLogical(w, r, path, dataOnly, resp)
}) })
} }
func respondLogical(w http.ResponseWriter, r *http.Request, path string, resp *logical.Response) { func respondLogical(w http.ResponseWriter, r *http.Request, path string, dataOnly bool, resp *logical.Response) {
var httpResp interface{} var httpResp interface{}
if resp != nil { if resp != nil {
if resp.Redirect != "" { if resp.Redirect != "" {
// If we have a redirect, redirect! We use a 302 code // If we have a redirect, redirect! We use a 307 code
// because we don't actually know if its permanent. // because we don't actually know if its permanent.
http.Redirect(w, r, resp.Redirect, 302) http.Redirect(w, r, resp.Redirect, 307)
return
}
if dataOnly {
respondOk(w, resp.Data)
return return
} }

2
http/sys_lease.go
View File

@@ -49,7 +49,7 @@ func handleSysRenew(core *vault.Core) http.Handler {
return return
} }
respondLogical(w, r, path, resp) respondLogical(w, r, path, false, resp)
}) })
} }

51
http/sys_rotate.go
View File

@@ -1,51 +0,0 @@
package http
import (
"net/http"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
)
func handleSysKeyStatus(core *vault.Core) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" {
respondError(w, http.StatusMethodNotAllowed, nil)
return
}
resp, err := core.HandleRequest(requestAuth(r, &logical.Request{
Operation: logical.ReadOperation,
Path: "sys/key-status",
Connection: getConnection(r),
}))
if err != nil {
respondError(w, http.StatusInternalServerError, err)
return
}
respondOk(w, resp.Data)
})
}
func handleSysRotate(core *vault.Core) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "POST":
case "PUT":
default:
respondError(w, http.StatusMethodNotAllowed, nil)
return
}
_, err := core.HandleRequest(requestAuth(r, &logical.Request{
Operation: logical.WriteOperation,
Path: "sys/rotate",
Connection: getConnection(r),
}))
if err != nil {
respondError(w, http.StatusInternalServerError, err)
return
}
respondOk(w, nil)
})
}

2
http/sys_rotate_test.go
View File

@@ -30,6 +30,6 @@ func TestSysRotate(t *testing.T) {
testResponseBody(t, resp, &actual) testResponseBody(t, resp, &actual)
delete(actual, "install_time") delete(actual, "install_time")
if !reflect.DeepEqual(actual, expected) { if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual) t.Fatalf("bad:\nexpected: %#v\nactual: %#v", expected, actual)
} }
} }

2
vault/logical_system.go
View File

@@ -770,7 +770,7 @@ func (b *SystemBackend) handleRotate(
} }
b.Backend.Logger().Printf("[INFO] sys: installed new encryption key") b.Backend.Logger().Printf("[INFO] sys: installed new encryption key")
// In non-HA mode, we need to an upgrade path for the standby instances // In HA mode, we need to an upgrade path for the standby instances
if b.Core.ha != nil { if b.Core.ha != nil {
// Create the upgrade path to the new term // Create the upgrade path to the new term
if err := b.Core.barrier.CreateUpgrade(newTerm); err != nil { if err := b.Core.barrier.CreateUpgrade(newTerm); err != nil {