luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/request_handling_util.go

48 lines
1.2 KiB
Go
Raw Normal View History

The big one (#5346)
2018-09-18 03:03:00 +00:00
// +build !enterprise
package vault
import (
"context"
"github.com/hashicorp/vault/helper/identity"
Create sdk/ and api/ submodules (#6583)
2019-04-12 21:54:35 +00:00
"github.com/hashicorp/vault/sdk/logical"
The big one (#5346)
2018-09-18 03:03:00 +00:00
)
func waitForReplicationState(context.Context, *Core, *logical.Request) error { return nil }
func checkNeedsCG(context.Context, *Core, *logical.Request, *logical.Auth, error, []string) (error, *logical.Response, *logical.Auth, error) {
return nil, nil, nil, nil
}
core: port over CG and perf standby handling bits (#6530)
2019-04-03 21:16:49 +00:00
func checkErrControlGroupTokenNeedsCreated(err error) bool {
return false
}
Fix various read only storage errors * Fix various read only storage errors A mistake we've seen multiple times in our own plugins and that we've seen in the GCP plugin now is that control flow (how the code is structured, helper functions, etc.) can obfuscate whether an error came from storage or some other Vault-core location (in which case likely it needs to be a 5XX message) or because of user input (thus 4XX). Error handling for functions therefore often ends up always treating errors as either user related or internal. When the error is logical.ErrReadOnly this means that treating errors as user errors skips the check that triggers forwarding, instead returning a read only view error to the user. While it's obviously more correct to fix that code, it's not always immediately apparent to reviewers or fixers what the issue is and fixing it when it's found both requires someone to hit the problem and report it (thus exposing bugs to users) and selective targeted refactoring that only helps that one specific case. If instead we check whether the logical.Response is an error and, if so, whether it contains the error value, we work around this in all of these cases automatically. It feels hacky since it's a coding mistake, but it's one we've made too multiple times, and avoiding bugs altogether is better for our users.
2019-07-05 22:12:34 +00:00
func shouldForward(c *Core, resp *logical.Response, err error) bool {
Add code for writing and reading request counters to storage. (#5918) Increment a counter whenever a request is received. The in-memory counter is persisted to counters/requests/YYYY/MM. When the month wraps around, we reset the in-memory counter to zero. Add an endpoint for querying the request counters across all time.
2019-03-05 19:55:07 +00:00
return false
}
func syncCounter(c *Core) {
}
func couldForward(c *Core) bool {
return false
}
func forward(ctx context.Context, c *Core, req *logical.Request) (*logical.Response, error) {
panic("forward called in OSS Vault")
The big one (#5346)
2018-09-18 03:03:00 +00:00
}
func getLeaseRegisterFunc(c *Core) (func(context.Context, *logical.Request, *logical.Response) (string, error), error) {
return c.expiration.Register, nil
}
func getAuthRegisterFunc(c *Core) (RegisterAuthFunc, error) {
return c.RegisterAuth, nil
}
func possiblyForwardAliasCreation(ctx context.Context, c *Core, inErr error, auth *logical.Auth, entity *identity.Entity) (*identity.Entity, error) {
return entity, inErr
}