mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 10:37:56 +00:00
Begin factoring out sys paths into logical routes. Also, standardize on 307 as redirect code.
This commit is contained in:
Jeff Mitchell
@@ -40,11 +40,11 @@ func Handler(core *vault.Core) http.Handler {
|
||||
mux.Handle("/v1/sys/audit/", handleSysAudit(core))
|
||||
mux.Handle("/v1/sys/leader", handleSysLeader(core))
|
||||
mux.Handle("/v1/sys/health", handleSysHealth(core))
|
||||
mux.Handle("/v1/sys/rotate", handleSysRotate(core))
|
||||
mux.Handle("/v1/sys/key-status", handleSysKeyStatus(core))
|
||||
mux.Handle("/v1/sys/rotate", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/key-status", proxySysRequest(core))
|
||||
mux.Handle("/v1/sys/rekey/init", handleSysRekeyInit(core))
|
||||
mux.Handle("/v1/sys/rekey/update", handleSysRekeyUpdate(core))
|
||||
mux.Handle("/v1/", handleLogical(core))
|
||||
mux.Handle("/v1/", handleLogical(core, false))
|
||||
|
||||
// Wrap the handler in another handler to trigger all help paths.
|
||||
handler := handleHelpHandler(mux, core)
|
||||
@@ -214,6 +214,10 @@ func respondOk(w http.ResponseWriter, body interface{}) {
|
||||
}
|
||||
}
|
||||
|
||||
func proxySysRequest(core *vault.Core) http.Handler {
|
||||
return handleLogical(core, true)
|
||||
}
|
||||
|
||||
type ErrorResponse struct {
|
||||
Errors []string `json:"errors"`
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ import (
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
func handleLogical(core *vault.Core) http.Handler {
|
||||
func handleLogical(core *vault.Core, dataOnly bool) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// Determine the path...
|
||||
if !strings.HasPrefix(r.URL.Path, "/v1/") {
|
||||
@@ -72,17 +72,22 @@ func handleLogical(core *vault.Core) http.Handler {
|
||||
}
|
||||
|
||||
// Build the proper response
|
||||
respondLogical(w, r, path, resp)
|
||||
respondLogical(w, r, path, dataOnly, resp)
|
||||
})
|
||||
}
|
||||
|
||||
func respondLogical(w http.ResponseWriter, r *http.Request, path string, resp *logical.Response) {
|
||||
func respondLogical(w http.ResponseWriter, r *http.Request, path string, dataOnly bool, resp *logical.Response) {
|
||||
var httpResp interface{}
|
||||
if resp != nil {
|
||||
if resp.Redirect != "" {
|
||||
// If we have a redirect, redirect! We use a 302 code
|
||||
// If we have a redirect, redirect! We use a 307 code
|
||||
// because we don't actually know if its permanent.
|
||||
http.Redirect(w, r, resp.Redirect, 302)
|
||||
http.Redirect(w, r, resp.Redirect, 307)
|
||||
return
|
||||
}
|
||||
|
||||
if dataOnly {
|
||||
respondOk(w, resp.Data)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ func handleSysRenew(core *vault.Core) http.Handler {
|
||||
return
|
||||
}
|
||||
|
||||
respondLogical(w, r, path, resp)
|
||||
respondLogical(w, r, path, false, resp)
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@@ -1,51 +0,0 @@
|
||||
package http
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/hashicorp/vault/logical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
func handleSysKeyStatus(core *vault.Core) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != "GET" {
|
||||
respondError(w, http.StatusMethodNotAllowed, nil)
|
||||
return
|
||||
}
|
||||
|
||||
resp, err := core.HandleRequest(requestAuth(r, &logical.Request{
|
||||
Operation: logical.ReadOperation,
|
||||
Path: "sys/key-status",
|
||||
Connection: getConnection(r),
|
||||
}))
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
respondOk(w, resp.Data)
|
||||
})
|
||||
}
|
||||
|
||||
func handleSysRotate(core *vault.Core) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
switch r.Method {
|
||||
case "POST":
|
||||
case "PUT":
|
||||
default:
|
||||
respondError(w, http.StatusMethodNotAllowed, nil)
|
||||
return
|
||||
}
|
||||
|
||||
_, err := core.HandleRequest(requestAuth(r, &logical.Request{
|
||||
Operation: logical.WriteOperation,
|
||||
Path: "sys/rotate",
|
||||
Connection: getConnection(r),
|
||||
}))
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
respondOk(w, nil)
|
||||
})
|
||||
}
|
||||
@@ -30,6 +30,6 @@ func TestSysRotate(t *testing.T) {
|
||||
testResponseBody(t, resp, &actual)
|
||||
delete(actual, "install_time")
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("bad: %#v", actual)
|
||||
t.Fatalf("bad:\nexpected: %#v\nactual: %#v", expected, actual)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -770,7 +770,7 @@ func (b *SystemBackend) handleRotate(
|
||||
}
|
||||
b.Backend.Logger().Printf("[INFO] sys: installed new encryption key")
|
||||
|
||||
// In non-HA mode, we need to an upgrade path for the standby instances
|
||||
// In HA mode, we need to an upgrade path for the standby instances
|
||||
if b.Core.ha != nil {
|
||||
// Create the upgrade path to the new term
|
||||
if err := b.Core.barrier.CreateUpgrade(newTerm); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user