open-vault/command/agent/cache/api_proxy.go

package cache

import (
	"context"
	"fmt"

	hclog "github.com/hashicorp/go-hclog"
	"github.com/hashicorp/vault/api"
)

// APIProxy is an implementation of the proxier interface that is used to
// forward the request to Vault and get the response.
type APIProxy struct {
	client *api.Client
	logger hclog.Logger
}

type APIProxyConfig struct {
	Client *api.Client
	Logger hclog.Logger
}

func NewAPIProxy(config *APIProxyConfig) (Proxier, error) {
	if config.Client == nil {
		return nil, fmt.Errorf("nil API client")
	}
	return &APIProxy{
		client: config.Client,
		logger: config.Logger,
	}, nil
}

func (ap *APIProxy) Send(ctx context.Context, req *SendRequest) (*SendResponse, error) {
	client, err := ap.client.Clone()
	if err != nil {
		return nil, err
	}
	client.SetToken(req.Token)
	client.SetHeaders(req.Request.Header)

	fwReq := client.NewRequest(req.Request.Method, req.Request.URL.Path)
	fwReq.BodyBytes = req.RequestBody

	// Make the request to Vault and get the response
	ap.logger.Info("forwarding request", "path", req.Request.URL.Path, "method", req.Request.Method)

	resp, err := client.RawRequestWithContext(ctx, fwReq)

	// Before error checking from the request call, we'd want to initialize a SendResponse to
	// potentially return
	sendResponse, newErr := NewSendResponse(resp, nil)
	if newErr != nil {
		return nil, newErr
	}

	// Bubble back the api.Response as well for error checking/handling at the handler layer.
	return sendResponse, err
}
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`package cache`

			`import (`
			`"context"`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`"fmt"`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00
			`hclog "github.com/hashicorp/go-hclog"`
			`"github.com/hashicorp/vault/api"`
			`)`

			`// APIProxy is an implementation of the proxier interface that is used to`
			`// forward the request to Vault and get the response.`
			`type APIProxy struct {`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`client *api.Client`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`logger hclog.Logger`
			`}`

			`type APIProxyConfig struct {`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`Client *api.Client`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`Logger hclog.Logger`
			`}`

Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`func NewAPIProxy(config *APIProxyConfig) (Proxier, error) {`
			`if config.Client == nil {`
			`return nil, fmt.Errorf("nil API client")`
			`}`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`return &APIProxy{`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`client: config.Client,`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`logger: config.Logger,`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`}, nil`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`}`

			`func (ap APIProxy) Send(ctx context.Context, req SendRequest) (*SendResponse, error) {`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00			`client, err := ap.client.Clone()`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`client.SetToken(req.Token)`
			`client.SetHeaders(req.Request.Header)`

			`fwReq := client.NewRequest(req.Request.Method, req.Request.URL.Path)`
			`fwReq.BodyBytes = req.RequestBody`

			`// Make the request to Vault and get the response`
			`ap.logger.Info("forwarding request", "path", req.Request.URL.Path, "method", req.Request.Method)`
agent/caching: proxy redirect and non-json responses; update tests (#6353) * agent/caching: proxy redirect and non-json responses; update tests * agent/caching: do not wrap error responses as internal errors, simply proxy them back as-is * minor refactoring of APIProxy.Send logic * add test case to ensure error response is not wrapped 2019-03-07 01:23:20 +00:00
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`resp, err := client.RawRequestWithContext(ctx, fwReq)`
Agent Cache: Some review feedback (#6257) * Revamp agent cache client * Update command/agent.go Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com> * Agent cache auto auth token lookup case (#6258) * agent cache auto auth token lookup case * Use Blake2b256Hash instead of SHA256 * agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259) * agent/cache: update cache-clear endpoint; use bytes.NewReader instead * agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b * agent/cache: Only parse response body if it's non-nil (#6260) * Differently disable agent address in the API client * Remove DisableAgent 2019-02-19 21:53:29 +00:00
agent/caching: add X-Cache and Age headers (#6394) * agent/caching: add X-Cache and Age headers, update Date header on cached resp * Update command/agent/cache/lease_cache.go Co-Authored-By: calvn <cleung2010@gmail.com> * Update command/agent/cache/proxy.go Co-Authored-By: calvn <cleung2010@gmail.com> 2019-03-12 20:21:02 +00:00			`// Before error checking from the request call, we'd want to initialize a SendResponse to`
			`// potentially return`
			`sendResponse, newErr := NewSendResponse(resp, nil)`
			`if newErr != nil {`
			`return nil, newErr`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`}`

agent/caching: add X-Cache and Age headers (#6394) * agent/caching: add X-Cache and Age headers, update Date header on cached resp * Update command/agent/cache/lease_cache.go Co-Authored-By: calvn <cleung2010@gmail.com> * Update command/agent/cache/proxy.go Co-Authored-By: calvn <cleung2010@gmail.com> 2019-03-12 20:21:02 +00:00			`// Bubble back the api.Response as well for error checking/handling at the handler layer.`
			`return sendResponse, err`
Vault Agent Cache (#6220) * vault-agent-cache: squashed 250+ commits * Add proper token revocation validations to the tests * Add more test cases * Avoid leaking by not closing request/response bodies; add comments * Fix revoke orphan use case; update tests * Add CLI test for making request over unix socket * agent/cache: remove namespace-related tests * Strip-off the auto-auth token from the lookup response * Output listener details along with configuration * Add scheme to API address output * leasecache: use IndexNameLease for prefix lease revocations * Make CLI accept the fully qualified unix address * export VAULT_AGENT_ADDR=unix://path/to/socket * unix:/ to unix:// 2019-02-15 01:10:36 +00:00			`}`