scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix TestProxy_Cache_EventSystemUpdatesCacheKVV2 (#26352)

Browse Source 
* Fix TestProxy_Cache_EventSystemUpdatesCacheKVV2

* Edited tests, and added a new bool

* Edited tests

* Edited comment

* Rename argument in handler method

---------

Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
This commit is contained in:
divyaac
2024-04-11 07:17:04 -07:00
committed by GitHub
parent c96c1efcea
commit e5fc11227d
6 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
command/agent.go
View File

@@ -669,15 +669,17 @@ func (c *AgentCommand) Run(args []string) int {
Logger: apiProxyLogger, Logger: apiProxyLogger,
Sink: inmemSink, Sink: inmemSink,
}) })
useAutoAuthToken := false
if config.APIProxy != nil { if config.APIProxy != nil {
useAutoAuthToken = true
proxyVaultToken = !config.APIProxy.ForceAutoAuthToken proxyVaultToken = !config.APIProxy.ForceAutoAuthToken
} }
var muxHandler http.Handler var muxHandler http.Handler
if leaseCache != nil { if leaseCache != nil {
muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, leaseCache, inmemSink, proxyVaultToken, authInProgress, invalidTokenErrCh) muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, leaseCache, inmemSink, proxyVaultToken, useAutoAuthToken, authInProgress, invalidTokenErrCh)
} else { } else {
muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, apiProxy, inmemSink, proxyVaultToken, authInProgress, invalidTokenErrCh) muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, apiProxy, inmemSink, proxyVaultToken, useAutoAuthToken, authInProgress, invalidTokenErrCh)
} }
// Parse 'require_request_header' listener config option, and wrap // Parse 'require_request_header' listener config option, and wrap

4
command/agent/cache_end_to_end_test.go
View File

@@ -318,8 +318,8 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
mux := http.NewServeMux() mux := http.NewServeMux()
mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx)) mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx))
// Passing a non-nil inmemsink tells the agent to use the auto-auth token // Setting useAutoAuthToken to true to ensure that the auto-auth token is used
mux.Handle("/", cache.ProxyHandler(ctx, cacheLogger, leaseCache, inmemSink, true, nil, nil)) mux.Handle("/", cache.ProxyHandler(ctx, cacheLogger, leaseCache, inmemSink, true, true, nil, nil))
server := &http.Server{ server := &http.Server{
Handler: mux, Handler: mux,
ReadHeaderTimeout: 10 * time.Second, ReadHeaderTimeout: 10 * time.Second,

4
command/agentproxyshared/cache/api_proxy_test.go vendored
View File

@@ -285,9 +285,9 @@ func setupClusterAndAgentCommon(ctx context.Context, t *testing.T, coreConfig *v
mux.Handle("/agent/v1/cache-clear", leaseCache.HandleCacheClear(ctx)) mux.Handle("/agent/v1/cache-clear", leaseCache.HandleCacheClear(ctx))
mux.Handle("/", ProxyHandler(ctx, cacheLogger, leaseCache, nil, true, nil, nil)) mux.Handle("/", ProxyHandler(ctx, cacheLogger, leaseCache, nil, true, false, nil, nil))
} else { } else {
mux.Handle("/", ProxyHandler(ctx, apiProxyLogger, apiProxy, nil, true, nil, nil)) mux.Handle("/", ProxyHandler(ctx, apiProxyLogger, apiProxy, nil, true, false, nil, nil))
} }
server := &http.Server{ server := &http.Server{

4
command/agentproxyshared/cache/cache_test.go vendored
View File

@@ -81,7 +81,7 @@ func TestCache_AutoAuthTokenStripping(t *testing.T) {
mux := http.NewServeMux() mux := http.NewServeMux()
mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx)) mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx))
mux.Handle("/", ProxyHandler(ctx, cacheLogger, leaseCache, mock.NewSink("testid"), true, nil, nil)) mux.Handle("/", ProxyHandler(ctx, cacheLogger, leaseCache, mock.NewSink("testid"), true, true, nil, nil))
server := &http.Server{ server := &http.Server{
Handler: mux, Handler: mux,
ReadHeaderTimeout: 10 * time.Second, ReadHeaderTimeout: 10 * time.Second,
@@ -170,7 +170,7 @@ func TestCache_AutoAuthClientTokenProxyStripping(t *testing.T) {
mux := http.NewServeMux() mux := http.NewServeMux()
// mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx)) // mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx))
mux.Handle("/", ProxyHandler(ctx, cacheLogger, leaseCache, mock.NewSink(realToken), false, nil, nil)) mux.Handle("/", ProxyHandler(ctx, cacheLogger, leaseCache, mock.NewSink(realToken), false, true, nil, nil))
server := &http.Server{ server := &http.Server{
Handler: mux, Handler: mux,
ReadHeaderTimeout: 10 * time.Second, ReadHeaderTimeout: 10 * time.Second,

6
command/agentproxyshared/cache/handler.go vendored
View File

@@ -25,11 +25,11 @@ import (
"github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/logical"
) )
func ProxyHandler(ctx context.Context, logger hclog.Logger, proxier Proxier, inmemSink sink.Sink, proxyVaultToken bool, authInProgress *atomic.Bool, invalidTokenErrCh chan error) http.Handler { func ProxyHandler(ctx context.Context, logger hclog.Logger, proxier Proxier, inmemSink sink.Sink, useProxyVaultToken bool, useAutoAuthToken bool, authInProgress *atomic.Bool, invalidTokenErrCh chan error) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
logger.Info("received request", "method", r.Method, "path", r.URL.Path) logger.Info("received request", "method", r.Method, "path", r.URL.Path)
if !proxyVaultToken { if !useProxyVaultToken {
r.Header.Del(consts.AuthHeaderName) r.Header.Del(consts.AuthHeaderName)
} }
@@ -38,7 +38,7 @@ func ProxyHandler(ctx context.Context, logger hclog.Logger, proxier Proxier, inm
var autoAuthToken string var autoAuthToken string
if inmemSink != nil { if inmemSink != nil {
autoAuthToken = inmemSink.(sink.SinkReader).Token() autoAuthToken = inmemSink.(sink.SinkReader).Token()
if token == "" { if token == "" && useAutoAuthToken {
logger.Debug("using auto auth token", "method", r.Method, "path", r.URL.Path) logger.Debug("using auto auth token", "method", r.Method, "path", r.URL.Path)
token = autoAuthToken token = autoAuthToken
} }

6
command/proxy.go
View File

@@ -627,16 +627,18 @@ func (c *ProxyCommand) Run(args []string) int {
Logger: apiProxyLogger, Logger: apiProxyLogger,
Sink: inmemSink, Sink: inmemSink,
}) })
useAutoAuthToken := false
proxyVaultToken := true proxyVaultToken := true
if config.APIProxy != nil { if config.APIProxy != nil {
useAutoAuthToken = true
proxyVaultToken = !config.APIProxy.ForceAutoAuthToken proxyVaultToken = !config.APIProxy.ForceAutoAuthToken
} }
var muxHandler http.Handler var muxHandler http.Handler
if leaseCache != nil { if leaseCache != nil {
muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, leaseCache, inmemSink, proxyVaultToken, authInProgress, invalidTokenErrCh) muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, leaseCache, inmemSink, proxyVaultToken, useAutoAuthToken, authInProgress, invalidTokenErrCh)
} else { } else {
muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, apiProxy, inmemSink, proxyVaultToken, authInProgress, invalidTokenErrCh) muxHandler = cache.ProxyHandler(ctx, apiProxyLogger, apiProxy, inmemSink, proxyVaultToken, useAutoAuthToken, authInProgress, invalidTokenErrCh)
} }
// Parse 'require_request_header' listener config option, and wrap // Parse 'require_request_header' listener config option, and wrap