vault-redux/api/request.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package api

import (
	"bytes"
	"encoding/json"
	"io"
	"io/ioutil"
	"net/http"
	"net/url"

	retryablehttp "github.com/hashicorp/go-retryablehttp"
)

// Request is a raw request configuration structure used to initiate
// API requests to the Vault server.
type Request struct {
	Method        string
	URL           *url.URL
	Host          string
	Params        url.Values
	Headers       http.Header
	ClientToken   string
	MFAHeaderVals []string
	WrapTTL       string
	Obj           interface{}

	// When possible, use BodyBytes as it is more efficient due to how the
	// retry logic works
	BodyBytes []byte

	// Fallback
	Body     io.Reader
	BodySize int64

	// Whether to request overriding soft-mandatory Sentinel policies (RGPs and
	// EGPs). If set, the override flag will take effect for all policies
	// evaluated during the request.
	PolicyOverride bool
}

// SetJSONBody is used to set a request body that is a JSON-encoded value.
func (r *Request) SetJSONBody(val interface{}) error {
	buf, err := json.Marshal(val)
	if err != nil {
		return err
	}

	r.Obj = val
	r.BodyBytes = buf
	return nil
}

// ResetJSONBody is used to reset the body for a redirect
func (r *Request) ResetJSONBody() error {
	if r.BodyBytes == nil {
		return nil
	}
	return r.SetJSONBody(r.Obj)
}

// DEPRECATED: ToHTTP turns this request into a valid *http.Request for use
// with the net/http package.
func (r *Request) ToHTTP() (*http.Request, error) {
	req, err := r.toRetryableHTTP()
	if err != nil {
		return nil, err
	}

	switch {
	case r.BodyBytes == nil && r.Body == nil:
		// No body

	case r.BodyBytes != nil:
		req.Request.Body = ioutil.NopCloser(bytes.NewReader(r.BodyBytes))

	default:
		if c, ok := r.Body.(io.ReadCloser); ok {
			req.Request.Body = c
		} else {
			req.Request.Body = ioutil.NopCloser(r.Body)
		}
	}

	return req.Request, nil
}

func (r *Request) toRetryableHTTP() (*retryablehttp.Request, error) {
	// Encode the query parameters
	r.URL.RawQuery = r.Params.Encode()

	// Create the HTTP request, defaulting to retryable
	var req *retryablehttp.Request

	var err error
	var body interface{}

	switch {
	case r.BodyBytes == nil && r.Body == nil:
		// No body

	case r.BodyBytes != nil:
		// Use bytes, it's more efficient
		body = r.BodyBytes

	default:
		body = r.Body
	}

	req, err = retryablehttp.NewRequest(r.Method, r.URL.RequestURI(), body)
	if err != nil {
		return nil, err
	}

	req.URL.User = r.URL.User
	req.URL.Scheme = r.URL.Scheme
	req.URL.Host = r.URL.Host
	req.Host = r.Host

	if r.Headers != nil {
		for header, vals := range r.Headers {
			for _, val := range vals {
				req.Header.Add(header, val)
			}
		}
	}

	if len(r.ClientToken) != 0 {
		req.Header.Set(AuthHeaderName, r.ClientToken)
	}

	if len(r.WrapTTL) != 0 {
		req.Header.Set("X-Vault-Wrap-TTL", r.WrapTTL)
	}

	if len(r.MFAHeaderVals) != 0 {
		for _, mfaHeaderVal := range r.MFAHeaderVals {
			req.Header.Add("X-Vault-MFA", mfaHeaderVal)
		}
	}

	if r.PolicyOverride {
		req.Header.Set("X-Vault-Policy-Override", "true")
	}

	return req, nil
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 19:00:52 +03:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`package api`

			`import (`
			`"bytes"`
			`"encoding/json"`
			`"io"`
Update go-retryablehttp vendor 2018-05-10 00:44:53 +03:00			`"io/ioutil"`
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-12 00:37:46 +03:00			`"net/http"`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`"net/url"`
Update go-retryablehttp vendor 2018-05-10 00:44:53 +03:00
			`retryablehttp "github.com/hashicorp/go-retryablehttp"`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`)`

			`// Request is a raw request configuration structure used to initiate`
			`// API requests to the Vault server.`
			`type Request struct {`
More syncing 2017-10-23 23:52:56 +03:00			`Method string`
			`URL *url.URL`
Fix SRV Lookups (#8520) * Pin HTTP Host header for all client requests * Drop port map scheme * Add SRV Lookup environment var * Lookup SRV records only when env var is specified * Add docs Co-Authored-By: Michel Vocks <michelvocks@gmail.com> 2020-03-11 16:22:58 +03:00			`Host string`
More syncing 2017-10-23 23:52:56 +03:00			`Params url.Values`
			`Headers http.Header`
			`ClientToken string`
			`MFAHeaderVals []string`
			`WrapTTL string`
			`Obj interface{}`
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00
			`// When possible, use BodyBytes as it is more efficient due to how the`
			`// retry logic works`
			`BodyBytes []byte`

			`// Fallback`
			`Body io.Reader`
			`BodySize int64`
More syncing 2017-10-23 23:52:56 +03:00
			`// Whether to request overriding soft-mandatory Sentinel policies (RGPs and`
			`// EGPs). If set, the override flag will take effect for all policies`
			`// evaluated during the request.`
			`PolicyOverride bool`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`}`

			`// SetJSONBody is used to set a request body that is a JSON-encoded value.`
			`func (r *Request) SetJSONBody(val interface{}) error {`
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`buf, err := json.Marshal(val)`
			`if err != nil {`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`return err`
			`}`

api: Allow reseting of request body 2015-04-20 20:44:51 +03:00			`r.Obj = val`
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`r.BodyBytes = buf`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`return nil`
			`}`

api: Allow reseting of request body 2015-04-20 20:44:51 +03:00			`// ResetJSONBody is used to reset the body for a redirect`
			`func (r *Request) ResetJSONBody() error {`
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`if r.BodyBytes == nil {`
api: Allow reseting of request body 2015-04-20 20:44:51 +03:00			`return nil`
			`}`
			`return r.SetJSONBody(r.Obj)`
			`}`

Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`// DEPRECATED: ToHTTP turns this request into a valid *http.Request for use`
			`// with the net/http package.`
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-12 00:37:46 +03:00			`func (r Request) ToHTTP() (http.Request, error) {`
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`req, err := r.toRetryableHTTP()`
Update go-retryablehttp vendor 2018-05-10 00:44:53 +03:00			`if err != nil {`
			`return nil, err`
			`}`
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00
			`switch {`
			`case r.BodyBytes == nil && r.Body == nil:`
			`// No body`

			`case r.BodyBytes != nil:`
			`req.Request.Body = ioutil.NopCloser(bytes.NewReader(r.BodyBytes))`

			`default:`
			`if c, ok := r.Body.(io.ReadCloser); ok {`
			`req.Request.Body = c`
			`} else {`
			`req.Request.Body = ioutil.NopCloser(r.Body)`
			`}`
			`}`

Update go-retryablehttp vendor 2018-05-10 00:44:53 +03:00			`return req.Request, nil`
			`}`

Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`func (r Request) toRetryableHTTP() (retryablehttp.Request, error) {`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`// Encode the query parameters`
			`r.URL.RawQuery = r.Params.Encode()`

Update go-retryablehttp vendor 2018-05-10 00:44:53 +03:00			`// Create the HTTP request, defaulting to retryable`
			`var req *retryablehttp.Request`

Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 16:12:43 +03:00			`var err error`
			`var body interface{}`

			`switch {`
			`case r.BodyBytes == nil && r.Body == nil:`
			`// No body`

			`case r.BodyBytes != nil:`
			`// Use bytes, it's more efficient`
			`body = r.BodyBytes`

			`default:`
			`body = r.Body`
			`}`

			`req, err = retryablehttp.NewRequest(r.Method, r.URL.RequestURI(), body)`
			`if err != nil {`
			`return nil, err`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`}`

Pass user/pass for HTTP Basic Authentication in URL parameters (#2469) 2017-03-10 15:19:23 +03:00			`req.URL.User = r.URL.User`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`req.URL.Scheme = r.URL.Scheme`
			`req.URL.Host = r.URL.Host`
Fix SRV Lookups (#8520) * Pin HTTP Host header for all client requests * Drop port map scheme * Add SRV Lookup environment var * Lookup SRV records only when env var is specified * Add docs Co-Authored-By: Michel Vocks <michelvocks@gmail.com> 2020-03-11 16:22:58 +03:00			`req.Host = r.Host`
api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00
Return error on bad CORS and add Header specification to API request primitive 2017-06-20 01:20:44 +03:00			`if r.Headers != nil {`
			`for header, vals := range r.Headers {`
			`for _, val := range vals {`
			`req.Header.Add(header, val)`
			`}`
			`}`
			`}`

Remove cookie authentication. 2015-08-22 03:36:19 +03:00			`if len(r.ClientToken) != 0 {`
Make API not depend on SDK (#18962) 2023-02-06 17:41:56 +03:00			`req.Header.Set(AuthHeaderName, r.ClientToken)`
Remove cookie authentication. 2015-08-22 03:36:19 +03:00			`}`

Add wrap support to API/CLI 2016-05-02 08:58:58 +03:00			`if len(r.WrapTTL) != 0 {`
			`req.Header.Set("X-Vault-Wrap-TTL", r.WrapTTL)`
			`}`

More syncing 2017-10-23 23:52:56 +03:00			`if len(r.MFAHeaderVals) != 0 {`
			`for _, mfaHeaderVal := range r.MFAHeaderVals {`
			`req.Header.Add("X-Vault-MFA", mfaHeaderVal)`
			`}`
			`}`

			`if r.PolicyOverride {`
			`req.Header.Set("X-Vault-Policy-Override", "true")`
			`}`

api: start the groundwork API stuff 2015-03-09 21:38:50 +03:00			`return req, nil`
			`}`