reduce calls to DetermineRoleFromLoginRequest from 3 to 1 for aws auth method (#22583)

* reduce calls to DetermineRoleFromLoginRequest from 3 to 1 for aws auth method

* change ordering of LoginCreateToken args

* replace another determineRoleFromLoginRequest function with role from context

* add changelog

* Check for role in context if not there make call to DeteremineRoleFromLoginRequest

* move context role check below nanmespace check

* Update changelog/22583.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* revert signature to same order

* make sure resp is last argument

* retrieve role from context closer to where role variable is needed

* remove failsafe for role in mfa login

* Update changelog/22583.txt

---------

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

http/util.go

@@ -5,6 +5,7 @@ package http
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -59,11 +60,16 @@ func rateLimitQuotaWrapping(handler http.Handler, core *vault.Core) http.Handler
 		}
 		r.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes))
 
+		role := core.DetermineRoleFromLoginRequestFromBytes(mountPath, bodyBytes, r.Context())
+
+		// add an entry to the context to prevent recalculating request role unnecessarily
+		r = r.WithContext(context.WithValue(r.Context(), logical.CtxKeyRequestRole{}, role))
+
 		quotaResp, err := core.ApplyRateLimitQuota(r.Context(), &quotas.Request{
 			Type:          quotas.TypeRateLimit,
 			Path:          path,
 			MountPath:     mountPath,
-			Role:          core.DetermineRoleFromLoginRequestFromBytes(mountPath, bodyBytes, r.Context()),
+			Role:          role,
 			NamespacePath: ns.Path,
 			ClientAddress: parseRemoteIPAddress(r),
 		})