luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add context-aware functions to vault/api (#14388)

This commit is contained in:
Anton Averchenkov 2022-03-23 17:47:43 -04:00 committed by GitHub
parent e0722ba17c
commit 1222375d1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
130 changed files with 2114 additions and 1463 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
api/auth_token.go
View File

@ -15,14 +15,19 @@ func (a *Auth) Token() *TokenAuth {
}
func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error) {
return c.CreateWithContext(context.Background(), opts)
}
func (c *TokenAuth) CreateWithContext(ctx context.Context, opts *TokenCreateRequest) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/create")
if err := r.SetJSONBody(opts); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -32,14 +37,19 @@ func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error) {
}
func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error) {
return c.CreateOrphanWithContext(context.Background(), opts)
}
func (c *TokenAuth) CreateOrphanWithContext(ctx context.Context, opts *TokenCreateRequest) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/create-orphan")
if err := r.SetJSONBody(opts); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -49,14 +59,19 @@ func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error) {
}
func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*Secret, error) {
return c.CreateWithRoleWithContext(context.Background(), opts, roleName)
}
func (c *TokenAuth) CreateWithRoleWithContext(ctx context.Context, opts *TokenCreateRequest, roleName string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/create/"+roleName)
if err := r.SetJSONBody(opts); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -66,6 +81,13 @@ func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*
}
func (c *TokenAuth) Lookup(token string) (*Secret, error) {
return c.LookupWithContext(context.Background(), token)
}
func (c *TokenAuth) LookupWithContext(ctx context.Context, token string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/lookup")
if err := r.SetJSONBody(map[string]interface{}{
"token": token,
@ -73,9 +95,7 @@ func (c *TokenAuth) Lookup(token string) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -85,6 +105,13 @@ func (c *TokenAuth) Lookup(token string) (*Secret, error) {
}
func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) {
return c.LookupAccessorWithContext(context.Background(), accessor)
}
func (c *TokenAuth) LookupAccessorWithContext(ctx context.Context, accessor string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/lookup-accessor")
if err := r.SetJSONBody(map[string]interface{}{
"accessor": accessor,
@ -92,9 +119,7 @@ func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -104,11 +129,16 @@ func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) {
}
func (c *TokenAuth) LookupSelf() (*Secret, error) {
return c.LookupSelfWithContext(context.Background())
}
func (c *TokenAuth) LookupSelfWithContext(ctx context.Context) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/auth/token/lookup-self")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -118,6 +148,13 @@ func (c *TokenAuth) LookupSelf() (*Secret, error) {
}
func (c *TokenAuth) RenewAccessor(accessor string, increment int) (*Secret, error) {
return c.RenewAccessorWithContext(context.Background(), accessor, increment)
}
func (c *TokenAuth) RenewAccessorWithContext(ctx context.Context, accessor string, increment int) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/renew-accessor")
if err := r.SetJSONBody(map[string]interface{}{
"accessor": accessor,
@ -126,9 +163,7 @@ func (c *TokenAuth) RenewAccessor(accessor string, increment int) (*Secret, erro
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -138,6 +173,13 @@ func (c *TokenAuth) RenewAccessor(accessor string, increment int) (*Secret, erro
}
func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) {
return c.RenewWithContext(context.Background(), token, increment)
}
func (c *TokenAuth) RenewWithContext(ctx context.Context, token string, increment int) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/auth/token/renew")
if err := r.SetJSONBody(map[string]interface{}{
"token": token,
@ -146,9 +188,7 @@ func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -158,6 +198,13 @@ func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) {
}
func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) {
return c.RenewSelfWithContext(context.Background(), increment)
}
func (c *TokenAuth) RenewSelfWithContext(ctx context.Context, increment int) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/auth/token/renew-self")
body := map[string]interface{}{"increment": increment}
@ -165,9 +212,7 @@ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -176,9 +221,17 @@ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) {
return ParseSecret(resp.Body)
}
// RenewTokenAsSelf behaves like renew-self, but authenticates using a provided
// token instead of the token attached to the client.
// RenewTokenAsSelf wraps RenewTokenAsSelfWithContext using context.Background.
func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, error) {
return c.RenewTokenAsSelfWithContext(context.Background(), token, increment)
}
// RenewTokenAsSelfWithContext behaves like renew-self, but authenticates using a provided
// token instead of the token attached to the client.
func (c *TokenAuth) RenewTokenAsSelfWithContext(ctx context.Context, token string, increment int) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/auth/token/renew-self")
r.ClientToken = token
@ -187,9 +240,7 @@ func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, erro
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -198,9 +249,17 @@ func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, erro
return ParseSecret(resp.Body)
}
// RevokeAccessor revokes a token associated with the given accessor
// along with all the child tokens.
// RevokeAccessor wraps RevokeAccessorWithContext using context.Background.
func (c *TokenAuth) RevokeAccessor(accessor string) error {
return c.RevokeAccessorWithContext(context.Background(), accessor)
}
// RevokeAccessorWithContext revokes a token associated with the given accessor
// along with all the child tokens.
func (c *TokenAuth) RevokeAccessorWithContext(ctx context.Context, accessor string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/auth/token/revoke-accessor")
if err := r.SetJSONBody(map[string]interface{}{
"accessor": accessor,
@ -208,9 +267,7 @@ func (c *TokenAuth) RevokeAccessor(accessor string) error {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -219,9 +276,17 @@ func (c *TokenAuth) RevokeAccessor(accessor string) error {
return nil
}
// RevokeOrphan revokes a token without revoking the tree underneath it (so
// child tokens are orphaned rather than revoked)
// RevokeOrphan wraps RevokeOrphanWithContext using context.Background.
func (c *TokenAuth) RevokeOrphan(token string) error {
return c.RevokeOrphanWithContext(context.Background(), token)
}
// RevokeOrphanWithContext revokes a token without revoking the tree underneath it (so
// child tokens are orphaned rather than revoked)
func (c *TokenAuth) RevokeOrphanWithContext(ctx context.Context, token string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-orphan")
if err := r.SetJSONBody(map[string]interface{}{
"token": token,
@ -229,9 +294,7 @@ func (c *TokenAuth) RevokeOrphan(token string) error {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -240,15 +303,21 @@ func (c *TokenAuth) RevokeOrphan(token string) error {
return nil
}
// RevokeSelf revokes the token making the call. The `token` parameter is kept
// RevokeSelf wraps RevokeSelfWithContext using context.Background.
func (c *TokenAuth) RevokeSelf(token string) error {
return c.RevokeSelfWithContext(context.Background(), token)
}
// RevokeSelfWithContext revokes the token making the call. The `token` parameter is kept
// for backwards compatibility but is ignored; only the client's set token has
// an effect.
func (c *TokenAuth) RevokeSelf(token string) error {
func (c *TokenAuth) RevokeSelfWithContext(ctx context.Context, token string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -257,10 +326,18 @@ func (c *TokenAuth) RevokeSelf(token string) error {
return nil
}
// RevokeTree is the "normal" revoke operation that revokes the given token and
// RevokeTree wraps RevokeTreeWithContext using context.Background.
func (c *TokenAuth) RevokeTree(token string) error {
return c.RevokeTreeWithContext(context.Background(), token)
}
// RevokeTreeWithContext is the "normal" revoke operation that revokes the given token and
// the entire tree underneath -- all of its child tokens, their child tokens,
// etc.
func (c *TokenAuth) RevokeTree(token string) error {
func (c *TokenAuth) RevokeTreeWithContext(ctx context.Context, token string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/auth/token/revoke")
if err := r.SetJSONBody(map[string]interface{}{
"token": token,
@ -268,9 +345,7 @@ func (c *TokenAuth) RevokeTree(token string) error {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}

34
api/client.go
View File

@ -1097,6 +1097,9 @@ func (c *Client) NewRequest(method, requestPath string) *Request {
// RawRequest performs the raw request given. This request may be against
// a Vault server not configured with this client. This is an advanced operation
// that generally won't need to be called externally.
//
// Deprecated: This method should not be used directly. Use higher level
// methods instead.
func (c *Client) RawRequest(r *Request) (*Response, error) {
return c.RawRequestWithContext(context.Background(), r)
}
@ -1104,7 +1107,19 @@ func (c *Client) RawRequest(r *Request) (*Response, error) {
// RawRequestWithContext performs the raw request given. This request may be against
// a Vault server not configured with this client. This is an advanced operation
// that generally won't need to be called externally.
//
// Deprecated: This method should not be used directly. Use higher level
// methods instead.
func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Response, error) {
// Note: we purposefully do not call cancel manually. The reason is
// when canceled, the request.Body will EOF when reading due to the way
// it streams data in. Cancel will still be run when the timeout is
// hit, so this doesn't really harm anything.
ctx, _ = c.withConfiguredTimeout(ctx)
return c.rawRequestWithContext(ctx, r)
}
func (c *Client) rawRequestWithContext(ctx context.Context, r *Request) (*Response, error) {
c.modifyLock.RLock()
token := c.token
@ -1116,7 +1131,6 @@ func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Respon
checkRetry := c.config.CheckRetry
backoff := c.config.Backoff
httpClient := c.config.HttpClient
timeout := c.config.Timeout
outputCurlString := c.config.OutputCurlString
logger := c.config.Logger
c.config.modifyLock.RUnlock()
@ -1162,13 +1176,6 @@ START:
return nil, LastOutputStringError
}
if timeout != 0 {
// Note: we purposefully do not call cancel manually. The reason is
// when canceled, the request.Body will EOF when reading due to the way
// it streams data in. Cancel will still be run when the timeout is
// hit, so this doesn't really harm anything.
ctx, _ = context.WithTimeout(ctx, timeout)
}
req.Request = req.Request.WithContext(ctx)
if backoff == nil {
@ -1387,6 +1394,17 @@ func (c *Client) WithResponseCallbacks(callbacks ...ResponseCallback) *Client {
return &c2
}
// withConfiguredTimeout wraps the context with a timeout from the client configuration.
func (c *Client) withConfiguredTimeout(ctx context.Context) (context.Context, context.CancelFunc) {
timeout := c.ClientTimeout()
if timeout > 0 {
return context.WithTimeout(ctx, timeout)
}
return ctx, func() {}
}
// RecordState returns a response callback that will record the state returned
// by Vault in a response header.
func RecordState(state *string) ResponseCallback {

14
api/help.go
View File

@ -5,14 +5,20 @@ import (
"fmt"
)
// Help reads the help information for the given path.
// Help wraps HelpWithContext using context.Background.
func (c *Client) Help(path string) (*Help, error) {
return c.HelpWithContext(context.Background(), path)
}
// HelpWithContext reads the help information for the given path.
func (c *Client) HelpWithContext(ctx context.Context, path string) (*Help, error) {
ctx, cancelFunc := c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.NewRequest("GET", fmt.Sprintf("/v1/%s", path))
r.Params.Add("help", "1")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.RawRequestWithContext(ctx, r)
resp, err := c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

72
api/logical.go
View File

@ -49,10 +49,21 @@ func (c *Client) Logical() *Logical {
}
func (c *Logical) Read(path string) (*Secret, error) {
return c.ReadWithData(path, nil)
return c.ReadWithDataWithContext(context.Background(), path, nil)
}
func (c *Logical) ReadWithContext(ctx context.Context, path string) (*Secret, error) {
return c.ReadWithDataWithContext(ctx, path, nil)
}
func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, error) {
return c.ReadWithDataWithContext(context.Background(), path, data)
}
func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/"+path)
var values url.Values
@ -69,9 +80,7 @@ func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret,
r.Params = values
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
}
@ -97,15 +106,20 @@ func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret,
}
func (c *Logical) List(path string) (*Secret, error) {
return c.ListWithContext(context.Background(), path)
}
func (c *Logical) ListWithContext(ctx context.Context, path string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("LIST", "/v1/"+path)
// Set this for broader compatibility, but we use LIST above to be able to
// handle the wrapping lookup function
r.Method = "GET"
r.Params.Set("list", "true")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
}
@ -131,9 +145,10 @@ func (c *Logical) List(path string) (*Secret, error) {
}
func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error) {
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
return c.WriteWithContext(context.Background(), path, data)
}
func (c *Logical) WriteWithContext(ctx context.Context, path string, data map[string]interface{}) (*Secret, error) {
r := c.c.NewRequest("PUT", "/v1/"+path)
if err := r.SetJSONBody(data); err != nil {
return nil, err
@ -153,14 +168,21 @@ func (c *Logical) JSONMergePatch(ctx context.Context, path string, data map[stri
}
func (c *Logical) WriteBytes(path string, data []byte) (*Secret, error) {
return c.WriteBytesWithContext(context.Background(), path, data)
}
func (c *Logical) WriteBytesWithContext(ctx context.Context, path string, data []byte) (*Secret, error) {
r := c.c.NewRequest("PUT", "/v1/"+path)
r.BodyBytes = data
return c.write(context.Background(), path, r)
return c.write(ctx, path, r)
}
func (c *Logical) write(ctx context.Context, path string, request *Request) (*Secret, error) {
resp, err := c.c.RawRequestWithContext(ctx, request)
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
resp, err := c.c.rawRequestWithContext(ctx, request)
if resp != nil {
defer resp.Body.Close()
}
@ -185,10 +207,21 @@ func (c *Logical) write(ctx context.Context, path string, request *Request) (*Se
}
func (c *Logical) Delete(path string) (*Secret, error) {
return c.DeleteWithData(path, nil)
return c.DeleteWithContext(context.Background(), path)
}
func (c *Logical) DeleteWithContext(ctx context.Context, path string) (*Secret, error) {
return c.DeleteWithDataWithContext(ctx, path, nil)
}
func (c *Logical) DeleteWithData(path string, data map[string][]string) (*Secret, error) {
return c.DeleteWithDataWithContext(context.Background(), path, data)
}
func (c *Logical) DeleteWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/"+path)
var values url.Values
@ -205,9 +238,7 @@ func (c *Logical) DeleteWithData(path string, data map[string][]string) (*Secret
r.Params = values
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
}
@ -232,6 +263,13 @@ func (c *Logical) DeleteWithData(path string, data map[string][]string) (*Secret
}
func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
return c.UnwrapWithContext(context.Background(), wrappingToken)
}
func (c *Logical) UnwrapWithContext(ctx context.Context, wrappingToken string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
var data map[string]interface{}
wt := strings.TrimSpace(wrappingToken)
if wrappingToken != "" {
@ -249,9 +287,7 @@ func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
}

12
api/plugin_helpers.go
View File

@ -1,6 +1,7 @@
package api
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/base64"
@ -67,9 +68,14 @@ func (f *PluginAPIClientMeta) GetTLSConfig() *TLSConfig {
return nil
}
// VaultPluginTLSProvider is run inside a plugin and retrieves the response
// wrapped TLS certificate from vault. It returns a configured TLS Config.
// VaultPluginTLSProvider wraps VaultPluginTLSProviderContext using context.Background.
func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error) {
return VaultPluginTLSProviderContext(context.Background(), apiTLSConfig)
}
// VaultPluginTLSProviderContext is run inside a plugin and retrieves the response
// wrapped TLS certificate from vault. It returns a configured TLS Config.
func VaultPluginTLSProviderContext(ctx context.Context, apiTLSConfig *TLSConfig) func() (*tls.Config, error) {
if os.Getenv(PluginMetadataModeEnv) == "true" {
return nil
}
@ -121,7 +127,7 @@ func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error)
// Reset token value to make sure nothing has been set by default
client.ClearToken()
secret, err := client.Logical().Unwrap(unwrapToken)
secret, err := client.Logical().UnwrapWithContext(ctx, unwrapToken)
if err != nil {
return nil, errwrap.Wrapf("error during token unwrap request: {{err}}", err)
}

30
api/ssh.go
View File

@ -24,16 +24,22 @@ func (c *Client) SSHWithMountPoint(mountPoint string) *SSH {
}
}
// Credential invokes the SSH backend API to create a credential to establish an SSH session.
// Credential wraps CredentialWithContext using context.Background.
func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, error) {
return c.CredentialWithContext(context.Background(), role, data)
}
// CredentialWithContext invokes the SSH backend API to create a credential to establish an SSH session.
func (c *SSH) CredentialWithContext(ctx context.Context, role string, data map[string]interface{}) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/%s/creds/%s", c.MountPoint, role))
if err := r.SetJSONBody(data); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -42,17 +48,23 @@ func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, err
return ParseSecret(resp.Body)
}
// SignKey signs the given public key and returns a signed public key to pass
// along with the SSH request.
// SignKey wraps SignKeyWithContext using context.Background.
func (c *SSH) SignKey(role string, data map[string]interface{}) (*Secret, error) {
return c.SignKeyWithContext(context.Background(), role, data)
}
// SignKeyWithContext signs the given public key and returns a signed public key to pass
// along with the SSH request.
func (c *SSH) SignKeyWithContext(ctx context.Context, role string, data map[string]interface{}) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/%s/sign/%s", c.MountPoint, role))
if err := r.SetJSONBody(data); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

12
api/ssh_agent.go
View File

@ -206,6 +206,14 @@ func (c *Client) SSHHelperWithMountPoint(mountPoint string) *SSHHelper {
// an echo response message is returned. This feature is used by ssh-helper to verify if
// its configured correctly.
func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error) {
return c.VerifyWithContext(context.Background(), otp)
}
// VerifyWithContext the same as Verify but with a custom context.
func (c *SSHHelper) VerifyWithContext(ctx context.Context, otp string) (*SSHVerifyResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
data := map[string]interface{}{
"otp": otp,
}
@ -215,9 +223,7 @@ func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

44
api/sys_audit.go
View File

@ -9,6 +9,13 @@ import (
)
func (c *Sys) AuditHash(path string, input string) (string, error) {
return c.AuditHashWithContext(context.Background(), path, input)
}
func (c *Sys) AuditHashWithContext(ctx context.Context, path string, input string) (string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"input": input,
}
@ -18,9 +25,7 @@ func (c *Sys) AuditHash(path string, input string) (string, error) {
return "", err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return "", err
}
@ -47,11 +52,16 @@ func (c *Sys) AuditHash(path string, input string) (string, error) {
}
func (c *Sys) ListAudit() (map[string]*Audit, error) {
return c.ListAuditWithContext(context.Background())
}
func (c *Sys) ListAuditWithContext(ctx context.Context) (map[string]*Audit, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/audit")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -85,14 +95,19 @@ func (c *Sys) EnableAudit(
}
func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) error {
return c.EnableAuditWithOptionsWithContext(context.Background(), path, options)
}
func (c *Sys) EnableAuditWithOptionsWithContext(ctx context.Context, path string, options *EnableAuditOptions) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/sys/audit/%s", path))
if err := r.SetJSONBody(options); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -102,11 +117,16 @@ func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) e
}
func (c *Sys) DisableAudit(path string) error {
return c.DisableAuditWithContext(context.Background(), path)
}
func (c *Sys) DisableAuditWithContext(ctx context.Context, path string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/audit/%s", path))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()

33
api/sys_auth.go
View File

@ -9,11 +9,16 @@ import (
)
func (c *Sys) ListAuth() (map[string]*AuthMount, error) {
return c.ListAuthWithContext(context.Background())
}
func (c *Sys) ListAuthWithContext(ctx context.Context) (map[string]*AuthMount, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/auth")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -45,14 +50,19 @@ func (c *Sys) EnableAuth(path, authType, desc string) error {
}
func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) error {
return c.EnableAuthWithOptionsWithContext(context.Background(), path, options)
}
func (c *Sys) EnableAuthWithOptionsWithContext(ctx context.Context, path string, options *EnableAuthOptions) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", fmt.Sprintf("/v1/sys/auth/%s", path))
if err := r.SetJSONBody(options); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -62,11 +72,16 @@ func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) err
}
func (c *Sys) DisableAuth(path string) error {
return c.DisableAuthWithContext(context.Background(), path)
}
func (c *Sys) DisableAuthWithContext(ctx context.Context, path string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/auth/%s", path))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}

20
api/sys_capabilities.go
View File

@ -9,10 +9,24 @@ import (
)
func (c *Sys) CapabilitiesSelf(path string) ([]string, error) {
return c.Capabilities(c.c.Token(), path)
return c.CapabilitiesSelfWithContext(context.Background(), path)
}
func (c *Sys) CapabilitiesSelfWithContext(ctx context.Context, path string) ([]string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
return c.CapabilitiesWithContext(ctx, c.c.Token(), path)
}
func (c *Sys) Capabilities(token, path string) ([]string, error) {
return c.CapabilitiesWithContext(context.Background(), token, path)
}
func (c *Sys) CapabilitiesWithContext(ctx context.Context, token, path string) ([]string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]string{
"token": token,
"path": path,
@ -28,9 +42,7 @@ func (c *Sys) Capabilities(token, path string) ([]string, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

33
api/sys_config_cors.go
View File

@ -8,11 +8,16 @@ import (
)
func (c *Sys) CORSStatus() (*CORSResponse, error) {
return c.CORSStatusWithContext(context.Background())
}
func (c *Sys) CORSStatusWithContext(ctx context.Context) (*CORSResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/config/cors")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -36,14 +41,19 @@ func (c *Sys) CORSStatus() (*CORSResponse, error) {
}
func (c *Sys) ConfigureCORS(req *CORSRequest) error {
return c.ConfigureCORSWithContext(context.Background(), req)
}
func (c *Sys) ConfigureCORSWithContext(ctx context.Context, req *CORSRequest) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/config/cors")
if err := r.SetJSONBody(req); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -51,11 +61,16 @@ func (c *Sys) ConfigureCORS(req *CORSRequest) error {
}
func (c *Sys) DisableCORS() error {
return c.DisableCORSWithContext(context.Background())
}
func (c *Sys) DisableCORSWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/config/cors")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}

108
api/sys_generate_root.go
View File

@ -3,23 +3,36 @@ package api
import "context"
func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommon("/v1/sys/generate-root/attempt")
return c.GenerateRootStatusWithContext(context.Background())
}
func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommon("/v1/sys/replication/dr/secondary/generate-operation-token/attempt")
return c.GenerateDROperationTokenStatusWithContext(context.Background())
}
func (c *Sys) GenerateRecoveryOperationTokenStatus() (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommon("/v1/sys/generate-recovery-token/attempt")
return c.GenerateRecoveryOperationTokenStatusWithContext(context.Background())
}
func (c *Sys) generateRootStatusCommon(path string) (*GenerateRootStatusResponse, error) {
func (c *Sys) GenerateRootStatusWithContext(ctx context.Context) (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommonWithContext(ctx, "/v1/sys/generate-root/attempt")
}
func (c *Sys) GenerateDROperationTokenStatusWithContext(ctx context.Context) (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/attempt")
}
func (c *Sys) GenerateRecoveryOperationTokenStatusWithContext(ctx context.Context) (*GenerateRootStatusResponse, error) {
return c.generateRootStatusCommonWithContext(ctx, "/v1/sys/generate-recovery-token/attempt")
}
func (c *Sys) generateRootStatusCommonWithContext(ctx context.Context, path string) (*GenerateRootStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", path)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -31,18 +44,33 @@ func (c *Sys) generateRootStatusCommon(path string) (*GenerateRootStatusResponse
}
func (c *Sys) GenerateRootInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommon("/v1/sys/generate-root/attempt", otp, pgpKey)
return c.GenerateRootInitWithContext(context.Background(), otp, pgpKey)
}
func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommon("/v1/sys/replication/dr/secondary/generate-operation-token/attempt", otp, pgpKey)
return c.GenerateDROperationTokenInitWithContext(context.Background(), otp, pgpKey)
}
func (c *Sys) GenerateRecoveryOperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommon("/v1/sys/generate-recovery-token/attempt", otp, pgpKey)
return c.GenerateRecoveryOperationTokenInitWithContext(context.Background(), otp, pgpKey)
}
func (c *Sys) generateRootInitCommon(path, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
func (c *Sys) GenerateRootInitWithContext(ctx context.Context, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommonWithContext(ctx, "/v1/sys/generate-root/attempt", otp, pgpKey)
}
func (c *Sys) GenerateDROperationTokenInitWithContext(ctx context.Context, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/attempt", otp, pgpKey)
}
func (c *Sys) GenerateRecoveryOperationTokenInitWithContext(ctx context.Context, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
return c.generateRootInitCommonWithContext(ctx, "/v1/sys/generate-recovery-token/attempt", otp, pgpKey)
}
func (c *Sys) generateRootInitCommonWithContext(ctx context.Context, path, otp, pgpKey string) (*GenerateRootStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"otp": otp,
"pgp_key": pgpKey,
@ -53,9 +81,7 @@ func (c *Sys) generateRootInitCommon(path, otp, pgpKey string) (*GenerateRootSta
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -67,23 +93,36 @@ func (c *Sys) generateRootInitCommon(path, otp, pgpKey string) (*GenerateRootSta
}
func (c *Sys) GenerateRootCancel() error {
return c.generateRootCancelCommon("/v1/sys/generate-root/attempt")
return c.GenerateRootCancelWithContext(context.Background())
}
func (c *Sys) GenerateDROperationTokenCancel() error {
return c.generateRootCancelCommon("/v1/sys/replication/dr/secondary/generate-operation-token/attempt")
return c.GenerateDROperationTokenCancelWithContext(context.Background())
}
func (c *Sys) GenerateRecoveryOperationTokenCancel() error {
return c.generateRootCancelCommon("/v1/sys/generate-recovery-token/attempt")
return c.GenerateRecoveryOperationTokenCancelWithContext(context.Background())
}
func (c *Sys) generateRootCancelCommon(path string) error {
func (c *Sys) GenerateRootCancelWithContext(ctx context.Context) error {
return c.generateRootCancelCommonWithContext(ctx, "/v1/sys/generate-root/attempt")
}
func (c *Sys) GenerateDROperationTokenCancelWithContext(ctx context.Context) error {
return c.generateRootCancelCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/attempt")
}
func (c *Sys) GenerateRecoveryOperationTokenCancelWithContext(ctx context.Context) error {
return c.generateRootCancelCommonWithContext(ctx, "/v1/sys/generate-recovery-token/attempt")
}
func (c *Sys) generateRootCancelCommonWithContext(ctx context.Context, path string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", path)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -91,18 +130,33 @@ func (c *Sys) generateRootCancelCommon(path string) error {
}
func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommon("/v1/sys/generate-root/update", shard, nonce)
return c.GenerateRootUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommon("/v1/sys/replication/dr/secondary/generate-operation-token/update", shard, nonce)
return c.GenerateDROperationTokenUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) GenerateRecoveryOperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommon("/v1/sys/generate-recovery-token/update", shard, nonce)
return c.GenerateRecoveryOperationTokenUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) generateRootUpdateCommon(path, shard, nonce string) (*GenerateRootStatusResponse, error) {
func (c *Sys) GenerateRootUpdateWithContext(ctx context.Context, shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommonWithContext(ctx, "/v1/sys/generate-root/update", shard, nonce)
}
func (c *Sys) GenerateDROperationTokenUpdateWithContext(ctx context.Context, shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommonWithContext(ctx, "/v1/sys/replication/dr/secondary/generate-operation-token/update", shard, nonce)
}
func (c *Sys) GenerateRecoveryOperationTokenUpdateWithContext(ctx context.Context, shard, nonce string) (*GenerateRootStatusResponse, error) {
return c.generateRootUpdateCommonWithContext(ctx, "/v1/sys/generate-recovery-token/update", shard, nonce)
}
func (c *Sys) generateRootUpdateCommonWithContext(ctx context.Context, path, shard, nonce string) (*GenerateRootStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
@ -113,9 +167,7 @@ func (c *Sys) generateRootUpdateCommon(path, shard, nonce string) (*GenerateRoot
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

11
api/sys_hastatus.go
View File

@ -6,11 +6,16 @@ import (
)
func (c *Sys) HAStatus() (*HAStatusResponse, error) {
return c.HAStatusWithContext(context.Background())
}
func (c *Sys) HAStatusWithContext(ctx context.Context) (*HAStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/ha-status")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

11
api/sys_health.go
View File

@ -3,6 +3,13 @@ package api
import "context"
func (c *Sys) Health() (*HealthResponse, error) {
return c.HealthWithContext(context.Background())
}
func (c *Sys) HealthWithContext(ctx context.Context) (*HealthResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/health")
// If the code is 400 or above it will automatically turn into an error,
// but the sys/health API defaults to returning 5xx when not sealed or
@ -13,9 +20,7 @@ func (c *Sys) Health() (*HealthResponse, error) {
r.Params.Add("drsecondarycode", "299")
r.Params.Add("performancestandbycode", "299")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

22
api/sys_init.go
View File

@ -3,11 +3,16 @@ package api
import "context"
func (c *Sys) InitStatus() (bool, error) {
return c.InitStatusWithContext(context.Background())
}
func (c *Sys) InitStatusWithContext(ctx context.Context) (bool, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/init")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return false, err
}
@ -19,14 +24,19 @@ func (c *Sys) InitStatus() (bool, error) {
}
func (c *Sys) Init(opts *InitRequest) (*InitResponse, error) {
return c.InitWithContext(context.Background(), opts)
}
func (c *Sys) InitWithContext(ctx context.Context, opts *InitRequest) (*InitResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/init")
if err := r.SetJSONBody(opts); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

11
api/sys_leader.go
View File

@ -6,11 +6,16 @@ import (
)
func (c *Sys) Leader() (*LeaderResponse, error) {
return c.LeaderWithContext(context.Background())
}
func (c *Sys) LeaderWithContext(ctx context.Context) (*LeaderResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/leader")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

66
api/sys_leases.go
View File

@ -6,6 +6,13 @@ import (
)
func (c *Sys) Renew(id string, increment int) (*Secret, error) {
return c.RenewWithContext(context.Background(), id, increment)
}
func (c *Sys) RenewWithContext(ctx context.Context, id string, increment int) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/leases/renew")
body := map[string]interface{}{
@ -16,9 +23,7 @@ func (c *Sys) Renew(id string, increment int) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -28,6 +33,13 @@ func (c *Sys) Renew(id string, increment int) (*Secret, error) {
}
func (c *Sys) Lookup(id string) (*Secret, error) {
return c.LookupWithContext(context.Background(), id)
}
func (c *Sys) LookupWithContext(ctx context.Context, id string) (*Secret, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/leases/lookup")
body := map[string]interface{}{
@ -37,9 +49,7 @@ func (c *Sys) Lookup(id string) (*Secret, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -49,6 +59,13 @@ func (c *Sys) Lookup(id string) (*Secret, error) {
}
func (c *Sys) Revoke(id string) error {
return c.RevokeWithContext(context.Background(), id)
}
func (c *Sys) RevokeWithContext(ctx context.Context, id string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/leases/revoke")
body := map[string]interface{}{
"lease_id": id,
@ -57,9 +74,7 @@ func (c *Sys) Revoke(id string) error {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -67,11 +82,16 @@ func (c *Sys) Revoke(id string) error {
}
func (c *Sys) RevokePrefix(id string) error {
return c.RevokePrefixWithContext(context.Background(), id)
}
func (c *Sys) RevokePrefixWithContext(ctx context.Context, id string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/leases/revoke-prefix/"+id)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -79,11 +99,16 @@ func (c *Sys) RevokePrefix(id string) error {
}
func (c *Sys) RevokeForce(id string) error {
return c.RevokeForceWithContext(context.Background(), id)
}
func (c *Sys) RevokeForceWithContext(ctx context.Context, id string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/leases/revoke-force/"+id)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -91,6 +116,13 @@ func (c *Sys) RevokeForce(id string) error {
}
func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error {
return c.RevokeWithOptionsWithContext(context.Background(), opts)
}
func (c *Sys) RevokeWithOptionsWithContext(ctx context.Context, opts *RevokeOptions) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
if opts == nil {
return errors.New("nil options provided")
}
@ -115,9 +147,7 @@ func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error {
}
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}

96
api/sys_mounts.go
View File

@ -10,11 +10,16 @@ import (
)
func (c *Sys) ListMounts() (map[string]*MountOutput, error) {
return c.ListMountsWithContext(context.Background())
}
func (c *Sys) ListMountsWithContext(ctx context.Context) (map[string]*MountOutput, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/mounts")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -38,14 +43,19 @@ func (c *Sys) ListMounts() (map[string]*MountOutput, error) {
}
func (c *Sys) Mount(path string, mountInfo *MountInput) error {
return c.MountWithContext(context.Background(), path, mountInfo)
}
func (c *Sys) MountWithContext(ctx context.Context, path string, mountInfo *MountInput) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", fmt.Sprintf("/v1/sys/mounts/%s", path))
if err := r.SetJSONBody(mountInfo); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -55,27 +65,37 @@ func (c *Sys) Mount(path string, mountInfo *MountInput) error {
}
func (c *Sys) Unmount(path string) error {
return c.UnmountWithContext(context.Background(), path)
}
func (c *Sys) UnmountWithContext(ctx context.Context, path string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/mounts/%s", path))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
// Remount kicks off a remount operation, polls the status endpoint using
// the migration ID till either success or failure state is observed
// Remount wraps RemountWithContext using context.Background.
func (c *Sys) Remount(from, to string) error {
remountResp, err := c.StartRemount(from, to)
return c.RemountWithContext(context.Background(), from, to)
}
// RemountWithContext kicks off a remount operation, polls the status endpoint using
// the migration ID till either success or failure state is observed
func (c *Sys) RemountWithContext(ctx context.Context, from, to string) error {
remountResp, err := c.StartRemountWithContext(ctx, from, to)
if err != nil {
return err
}
for {
remountStatusResp, err := c.RemountStatus(remountResp.MigrationID)
remountStatusResp, err := c.RemountStatusWithContext(ctx, remountResp.MigrationID)
if err != nil {
return err
}
@ -89,8 +109,16 @@ func (c *Sys) Remount(from, to string) error {
}
}
// StartRemount kicks off a mount migration and returns a response with the migration ID
// StartRemount wraps StartRemountWithContext using context.Background.
func (c *Sys) StartRemount(from, to string) (*MountMigrationOutput, error) {
return c.StartRemountWithContext(context.Background(), from, to)
}
// StartRemountWithContext kicks off a mount migration and returns a response with the migration ID
func (c *Sys) StartRemountWithContext(ctx context.Context, from, to string) (*MountMigrationOutput, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"from": from,
"to": to,
@ -101,9 +129,7 @@ func (c *Sys) StartRemount(from, to string) (*MountMigrationOutput, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -125,13 +151,19 @@ func (c *Sys) StartRemount(from, to string) (*MountMigrationOutput, error) {
return &result, err
}
// RemountStatus checks the status of a mount migration operation with the provided ID
// RemountStatus wraps RemountStatusWithContext using context.Background.
func (c *Sys) RemountStatus(migrationID string) (*MountMigrationStatusOutput, error) {
return c.RemountStatusWithContext(context.Background(), migrationID)
}
// RemountStatusWithContext checks the status of a mount migration operation with the provided ID
func (c *Sys) RemountStatusWithContext(ctx context.Context, migrationID string) (*MountMigrationStatusOutput, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/remount/status/%s", migrationID))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -154,14 +186,19 @@ func (c *Sys) RemountStatus(migrationID string) (*MountMigrationStatusOutput, er
}
func (c *Sys) TuneMount(path string, config MountConfigInput) error {
return c.TuneMountWithContext(context.Background(), path, config)
}
func (c *Sys) TuneMountWithContext(ctx context.Context, path string, config MountConfigInput) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", fmt.Sprintf("/v1/sys/mounts/%s/tune", path))
if err := r.SetJSONBody(config); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -169,11 +206,16 @@ func (c *Sys) TuneMount(path string, config MountConfigInput) error {
}
func (c *Sys) MountConfig(path string) (*MountConfigOutput, error) {
return c.MountConfigWithContext(context.Background(), path)
}
func (c *Sys) MountConfigWithContext(ctx context.Context, path string) (*MountConfigOutput, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/mounts/%s/tune", path))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

94
api/sys_plugins.go
View File

@ -29,9 +29,17 @@ type ListPluginsResponse struct {
Names []string `json:"names"`
}
// ListPlugins lists all plugins in the catalog and returns their names as a
// list of strings.
// ListPlugins wraps ListPluginsWithContext using context.Background.
func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) {
return c.ListPluginsWithContext(context.Background(), i)
}
// ListPluginsWithContext lists all plugins in the catalog and returns their names as a
// list of strings.
func (c *Sys) ListPluginsWithContext(ctx context.Context, i *ListPluginsInput) (*ListPluginsResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
path := ""
method := ""
if i.Type == consts.PluginTypeUnknown {
@ -50,9 +58,7 @@ func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) {
req.Params.Set("list", "true")
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err != nil && resp == nil {
return nil, err
}
@ -66,7 +72,7 @@ func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) {
// switch it to a LIST.
if resp.StatusCode == 405 {
req.Params.Set("list", "true")
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err != nil {
return nil, err
}
@ -142,14 +148,20 @@ type GetPluginResponse struct {
SHA256 string `json:"sha256"`
}
// GetPlugin retrieves information about the plugin.
// GetPlugin wraps GetPluginWithContext using context.Background.
func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) {
return c.GetPluginWithContext(context.Background(), i)
}
// GetPluginWithContext retrieves information about the plugin.
func (c *Sys) GetPluginWithContext(ctx context.Context, i *GetPluginInput) (*GetPluginResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
path := catalogPathByType(i.Type, i.Name)
req := c.c.NewRequest(http.MethodGet, path)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err != nil {
return nil, err
}
@ -183,8 +195,16 @@ type RegisterPluginInput struct {
SHA256 string `json:"sha256,omitempty"`
}
// RegisterPlugin registers the plugin with the given information.
// RegisterPlugin wraps RegisterPluginWithContext using context.Background.
func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error {
return c.RegisterPluginWithContext(context.Background(), i)
}
// RegisterPluginWithContext registers the plugin with the given information.
func (c *Sys) RegisterPluginWithContext(ctx context.Context, i *RegisterPluginInput) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
path := catalogPathByType(i.Type, i.Name)
req := c.c.NewRequest(http.MethodPut, path)
@ -192,9 +212,7 @@ func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err == nil {
defer resp.Body.Close()
}
@ -210,15 +228,21 @@ type DeregisterPluginInput struct {
Type consts.PluginType `json:"type"`
}
// DeregisterPlugin removes the plugin with the given name from the plugin
// catalog.
// DeregisterPlugin wraps DeregisterPluginWithContext using context.Background.
func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error {
return c.DeregisterPluginWithContext(context.Background(), i)
}
// DeregisterPluginWithContext removes the plugin with the given name from the plugin
// catalog.
func (c *Sys) DeregisterPluginWithContext(ctx context.Context, i *DeregisterPluginInput) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
path := catalogPathByType(i.Type, i.Name)
req := c.c.NewRequest(http.MethodDelete, path)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err == nil {
defer resp.Body.Close()
}
@ -237,9 +261,17 @@ type ReloadPluginInput struct {
Scope string `json:"scope"`
}
// ReloadPlugin reloads mounted plugin backends, possibly returning
// reloadId for a cluster scoped reload
// ReloadPlugin wraps ReloadPluginWithContext using context.Background.
func (c *Sys) ReloadPlugin(i *ReloadPluginInput) (string, error) {
return c.ReloadPluginWithContext(context.Background(), i)
}
// ReloadPluginWithContext reloads mounted plugin backends, possibly returning
// reloadId for a cluster scoped reload
func (c *Sys) ReloadPluginWithContext(ctx context.Context, i *ReloadPluginInput) (string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
path := "/v1/sys/plugins/reload/backend"
req := c.c.NewRequest(http.MethodPut, path)
@ -247,10 +279,7 @@ func (c *Sys) ReloadPlugin(i *ReloadPluginInput) (string, error) {
return "", err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err != nil {
return "", err
}
@ -287,16 +316,21 @@ type ReloadPluginStatusInput struct {
ReloadID string `json:"reload_id"`
}
// ReloadPluginStatus retrieves the status of a reload operation
// ReloadPluginStatus wraps ReloadPluginStatusWithContext using context.Background.
func (c *Sys) ReloadPluginStatus(reloadStatusInput *ReloadPluginStatusInput) (*ReloadStatusResponse, error) {
return c.ReloadPluginStatusWithContext(context.Background(), reloadStatusInput)
}
// ReloadPluginStatusWithContext retrieves the status of a reload operation
func (c *Sys) ReloadPluginStatusWithContext(ctx context.Context, reloadStatusInput *ReloadPluginStatusInput) (*ReloadStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
path := "/v1/sys/plugins/reload/backend/status"
req := c.c.NewRequest(http.MethodGet, path)
req.Params.Add("reload_id", reloadStatusInput.ReloadID)
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, req)
resp, err := c.c.rawRequestWithContext(ctx, req)
if err != nil {
return nil, err
}

44
api/sys_policy.go
View File

@ -9,15 +9,20 @@ import (
)
func (c *Sys) ListPolicies() ([]string, error) {
return c.ListPoliciesWithContext(context.Background())
}
func (c *Sys) ListPoliciesWithContext(ctx context.Context) ([]string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("LIST", "/v1/sys/policies/acl")
// Set this for broader compatibility, but we use LIST above to be able to
// handle the wrapping lookup function
r.Method = "GET"
r.Params.Set("list", "true")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -41,11 +46,16 @@ func (c *Sys) ListPolicies() ([]string, error) {
}
func (c *Sys) GetPolicy(name string) (string, error) {
return c.GetPolicyWithContext(context.Background(), name)
}
func (c *Sys) GetPolicyWithContext(ctx context.Context, name string) (string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/policies/acl/%s", name))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
if resp.StatusCode == 404 {
@ -72,6 +82,13 @@ func (c *Sys) GetPolicy(name string) (string, error) {
}
func (c *Sys) PutPolicy(name, rules string) error {
return c.PutPolicyWithContext(context.Background(), name, rules)
}
func (c *Sys) PutPolicyWithContext(ctx context.Context, name, rules string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]string{
"policy": rules,
}
@ -81,9 +98,7 @@ func (c *Sys) PutPolicy(name, rules string) error {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
@ -93,11 +108,16 @@ func (c *Sys) PutPolicy(name, rules string) error {
}
func (c *Sys) DeletePolicy(name string) error {
return c.DeletePolicyWithContext(context.Background(), name)
}
func (c *Sys) DeletePolicyWithContext(ctx context.Context, name string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/policies/acl/%s", name))
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}

72
api/sys_raft.go
View File

@ -108,18 +108,24 @@ type AutopilotServer struct {
Meta map[string]string `mapstructure:"meta"`
}
// RaftJoin adds the node from which this call is invoked from to the raft
// cluster represented by the leader address in the parameter.
// RaftJoin wraps RaftJoinWithContext using context.Background.
func (c *Sys) RaftJoin(opts *RaftJoinRequest) (*RaftJoinResponse, error) {
return c.RaftJoinWithContext(context.Background(), opts)
}
// RaftJoinWithContext adds the node from which this call is invoked from to the raft
// cluster represented by the leader address in the parameter.
func (c *Sys) RaftJoinWithContext(ctx context.Context, opts *RaftJoinRequest) (*RaftJoinResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/sys/storage/raft/join")
if err := r.SetJSONBody(opts); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -130,12 +136,9 @@ func (c *Sys) RaftJoin(opts *RaftJoinRequest) (*RaftJoinResponse, error) {
return &result, err
}
// RaftSnapshot is a thin wrapper around RaftSnapshotWithContext
// RaftSnapshot wraps RaftSnapshotWithContext using context.Background.
func (c *Sys) RaftSnapshot(snapWriter io.Writer) error {
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
return c.RaftSnapshotWithContext(ctx, snapWriter)
return c.RaftSnapshotWithContext(context.Background(), snapWriter)
}
// RaftSnapshotWithContext invokes the API that takes the snapshot of the raft cluster and
@ -207,12 +210,9 @@ func (c *Sys) RaftSnapshotWithContext(ctx context.Context, snapWriter io.Writer)
return nil
}
// RaftSnapshotRestore is a thin wrapper around RaftSnapshotRestoreWithContext
// RaftSnapshotRestore wraps RaftSnapshotRestoreWithContext using context.Background.
func (c *Sys) RaftSnapshotRestore(snapReader io.Reader, force bool) error {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
return c.RaftSnapshotRestoreWithContext(ctx, snapReader, force)
return c.RaftSnapshotRestoreWithContext(context.Background(), snapReader, force)
}
// RaftSnapshotRestoreWithContext reads the snapshot from the io.Reader and installs that
@ -235,13 +235,19 @@ func (c *Sys) RaftSnapshotRestoreWithContext(ctx context.Context, snapReader io.
return nil
}
// RaftAutopilotState returns the state of the raft cluster as seen by autopilot.
// RaftAutopilotState wraps RaftAutopilotStateWithContext using context.Background.
func (c *Sys) RaftAutopilotState() (*AutopilotState, error) {
return c.RaftAutopilotStateWithContext(context.Background())
}
// RaftAutopilotStateWithContext returns the state of the raft cluster as seen by autopilot.
func (c *Sys) RaftAutopilotStateWithContext(ctx context.Context) (*AutopilotState, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/storage/raft/autopilot/state")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
if resp.StatusCode == 404 {
@ -269,13 +275,19 @@ func (c *Sys) RaftAutopilotState() (*AutopilotState, error) {
return &result, err
}
// RaftAutopilotConfiguration fetches the autopilot config.
// RaftAutopilotConfiguration wraps RaftAutopilotConfigurationWithContext using context.Background.
func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error) {
return c.RaftAutopilotConfigurationWithContext(context.Background())
}
// RaftAutopilotConfigurationWithContext fetches the autopilot config.
func (c *Sys) RaftAutopilotConfigurationWithContext(ctx context.Context) (*AutopilotConfig, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/storage/raft/autopilot/configuration")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil {
defer resp.Body.Close()
if resp.StatusCode == 404 {
@ -311,17 +323,23 @@ func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error) {
return &result, err
}
// PutRaftAutopilotConfiguration allows modifying the raft autopilot configuration
// PutRaftAutopilotConfiguration wraps PutRaftAutopilotConfigurationWithContext using context.Background.
func (c *Sys) PutRaftAutopilotConfiguration(opts *AutopilotConfig) error {
return c.PutRaftAutopilotConfigurationWithContext(context.Background(), opts)
}
// PutRaftAutopilotConfigurationWithContext allows modifying the raft autopilot configuration
func (c *Sys) PutRaftAutopilotConfigurationWithContext(ctx context.Context, opts *AutopilotConfig) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/sys/storage/raft/autopilot/configuration")
if err := r.SetJSONBody(opts); err != nil {
return err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}

198
api/sys_rekey.go
View File

@ -8,11 +8,16 @@ import (
)
func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) {
return c.RekeyStatusWithContext(context.Background())
}
func (c *Sys) RekeyStatusWithContext(ctx context.Context) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/rekey/init")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -24,11 +29,16 @@ func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) {
}
func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) {
return c.RekeyRecoveryKeyStatusWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyStatusWithContext(ctx context.Context) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/rekey-recovery-key/init")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -40,11 +50,16 @@ func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) {
}
func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error) {
return c.RekeyVerificationStatusWithContext(context.Background())
}
func (c *Sys) RekeyVerificationStatusWithContext(ctx context.Context) (*RekeyVerificationStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/rekey/verify")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -56,11 +71,16 @@ func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error
}
func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error) {
return c.RekeyRecoveryKeyVerificationStatusWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyVerificationStatusWithContext(ctx context.Context) (*RekeyVerificationStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/rekey-recovery-key/verify")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -72,14 +92,19 @@ func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResp
}
func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) {
return c.RekeyInitWithContext(context.Background(), config)
}
func (c *Sys) RekeyInitWithContext(ctx context.Context, config *RekeyInitRequest) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/rekey/init")
if err := r.SetJSONBody(config); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -91,14 +116,19 @@ func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error)
}
func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) {
return c.RekeyRecoveryKeyInitWithContext(context.Background(), config)
}
func (c *Sys) RekeyRecoveryKeyInitWithContext(ctx context.Context, config *RekeyInitRequest) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/rekey-recovery-key/init")
if err := r.SetJSONBody(config); err != nil {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -110,11 +140,16 @@ func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusRespon
}
func (c *Sys) RekeyCancel() error {
return c.RekeyCancelWithContext(context.Background())
}
func (c *Sys) RekeyCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/rekey/init")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -122,11 +157,16 @@ func (c *Sys) RekeyCancel() error {
}
func (c *Sys) RekeyRecoveryKeyCancel() error {
return c.RekeyRecoveryKeyCancelWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/rekey-recovery-key/init")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -134,11 +174,16 @@ func (c *Sys) RekeyRecoveryKeyCancel() error {
}
func (c *Sys) RekeyVerificationCancel() error {
return c.RekeyVerificationCancelWithContext(context.Background())
}
func (c *Sys) RekeyVerificationCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/rekey/verify")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -146,11 +191,16 @@ func (c *Sys) RekeyVerificationCancel() error {
}
func (c *Sys) RekeyRecoveryKeyVerificationCancel() error {
return c.RekeyRecoveryKeyVerificationCancelWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyVerificationCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/rekey-recovery-key/verify")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -158,6 +208,13 @@ func (c *Sys) RekeyRecoveryKeyVerificationCancel() error {
}
func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) {
return c.RekeyUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
@ -168,9 +225,7 @@ func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) {
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -182,6 +237,13 @@ func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) {
}
func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) {
return c.RekeyRecoveryKeyUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyRecoveryKeyUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
@ -192,9 +254,7 @@ func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse,
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -206,11 +266,16 @@ func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse,
}
func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) {
return c.RekeyRetrieveBackupWithContext(context.Background())
}
func (c *Sys) RekeyRetrieveBackupWithContext(ctx context.Context) (*RekeyRetrieveResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/rekey/backup")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -234,11 +299,16 @@ func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) {
}
func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) {
return c.RekeyRetrieveRecoveryBackupWithContext(context.Background())
}
func (c *Sys) RekeyRetrieveRecoveryBackupWithContext(ctx context.Context) (*RekeyRetrieveResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/rekey/recovery-key-backup")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -262,11 +332,16 @@ func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) {
}
func (c *Sys) RekeyDeleteBackup() error {
return c.RekeyDeleteBackupWithContext(context.Background())
}
func (c *Sys) RekeyDeleteBackupWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/rekey/backup")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -275,11 +350,16 @@ func (c *Sys) RekeyDeleteBackup() error {
}
func (c *Sys) RekeyDeleteRecoveryBackup() error {
return c.RekeyDeleteRecoveryBackupWithContext(context.Background())
}
func (c *Sys) RekeyDeleteRecoveryBackupWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("DELETE", "/v1/sys/rekey/recovery-key-backup")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -288,6 +368,13 @@ func (c *Sys) RekeyDeleteRecoveryBackup() error {
}
func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
return c.RekeyVerificationUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyVerificationUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
@ -298,9 +385,7 @@ func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUp
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
@ -312,6 +397,13 @@ func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUp
}
func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
return c.RekeyRecoveryKeyVerificationUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyRecoveryKeyVerificationUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
@ -322,9 +414,7 @@ func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVer
return nil, err
}
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

22
api/sys_rotate.go
View File

@ -8,11 +8,16 @@ import (
)
func (c *Sys) Rotate() error {
return c.RotateWithContext(context.Background())
}
func (c *Sys) RotateWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("POST", "/v1/sys/rotate")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
@ -20,11 +25,16 @@ func (c *Sys) Rotate() error {
}
func (c *Sys) KeyStatus() (*KeyStatus, error) {
return c.KeyStatusWithContext(context.Background())
}
func (c *Sys) KeyStatusWithContext(ctx context.Context) (*KeyStatus, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("GET", "/v1/sys/key-status")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

51
api/sys_seal.go
View File

@ -3,23 +3,38 @@ package api
import "context"
func (c *Sys) SealStatus() (*SealStatusResponse, error) {
return c.SealStatusWithContext(context.Background())
}
func (c *Sys) SealStatusWithContext(ctx context.Context) (*SealStatusResponse, error) {
r := c.c.NewRequest("GET", "/v1/sys/seal-status")
return sealStatusRequest(c, r)
return sealStatusRequestWithContext(ctx, c, r)
}
func (c *Sys) Seal() error {
return c.SealWithContext(context.Background())
}
func (c *Sys) SealWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/seal")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return err
}
return err
defer resp.Body.Close()
return nil
}
func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error) {
return c.ResetUnsealProcessWithContext(context.Background())
}
func (c *Sys) ResetUnsealProcessWithContext(ctx context.Context) (*SealStatusResponse, error) {
body := map[string]interface{}{"reset": true}
r := c.c.NewRequest("PUT", "/v1/sys/unseal")
@ -27,10 +42,14 @@ func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error) {
return nil, err
}
return sealStatusRequest(c, r)
return sealStatusRequestWithContext(ctx, c, r)
}
func (c *Sys) Unseal(shard string) (*SealStatusResponse, error) {
return c.UnsealWithContext(context.Background(), shard)
}
func (c *Sys) UnsealWithContext(ctx context.Context, shard string) (*SealStatusResponse, error) {
body := map[string]interface{}{"key": shard}
r := c.c.NewRequest("PUT", "/v1/sys/unseal")
@ -38,22 +57,28 @@ func (c *Sys) Unseal(shard string) (*SealStatusResponse, error) {
return nil, err
}
return sealStatusRequest(c, r)
return sealStatusRequestWithContext(ctx, c, r)
}
func (c *Sys) UnsealWithOptions(opts *UnsealOpts) (*SealStatusResponse, error) {
return c.UnsealWithOptionsWithContext(context.Background(), opts)
}
func (c *Sys) UnsealWithOptionsWithContext(ctx context.Context, opts *UnsealOpts) (*SealStatusResponse, error) {
r := c.c.NewRequest("PUT", "/v1/sys/unseal")
if err := r.SetJSONBody(opts); err != nil {
return nil, err
}
return sealStatusRequest(c, r)
return sealStatusRequestWithContext(ctx, c, r)
}
func sealStatusRequest(c *Sys, r *Request) (*SealStatusResponse, error) {
ctx, cancelFunc := context.WithCancel(context.Background())
func sealStatusRequestWithContext(ctx context.Context, c *Sys, r *Request) (*SealStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}

11
api/sys_stepdown.go
View File

@ -3,11 +3,16 @@ package api
import "context"
func (c *Sys) StepDown() error {
return c.StepDownWithContext(context.Background())
}
func (c *Sys) StepDownWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("PUT", "/v1/sys/step-down")
ctx, cancelFunc := context.WithCancel(context.Background())
defer cancelFunc()
resp, err := c.c.RawRequestWithContext(ctx, r)
resp, err := c.c.rawRequestWithContext(ctx, r)
if resp != nil && resp.Body != nil {
resp.Body.Close()
}

4
builtin/credential/aws/backend_e2e_test.go
View File

@ -63,10 +63,10 @@ func TestBackend_E2E_Initialize(t *testing.T) {
"policies": "default",
"bound_subnet_id": "subnet-abcdef",
}
if _, err := core.Client.Logical().Write("auth/aws/role/test-role", data); err != nil {
if _, err := core.Client.Logical().WriteWithContext(context.Background(), "auth/aws/role/test-role", data); err != nil {
t.Fatal(err)
}
role, err := core.Client.Logical().Read("auth/aws/role/test-role")
role, err := core.Client.Logical().ReadWithContext(context.Background(), "auth/aws/role/test-role")
if err != nil {
t.Fatal(err)
}

20
builtin/credential/cert/backend_test.go
View File

@ -272,7 +272,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
var err error
// Mount /pki as a root CA
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -285,7 +285,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
// Set the cluster's certificate as the root CA in /pki
pemBundleRootCA := string(cluster.CACertPEM) + string(cluster.CAKeyPEM)
_, err = client.Logical().Write("pki/config/ca", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/config/ca", map[string]interface{}{
"pem_bundle": pemBundleRootCA,
})
if err != nil {
@ -293,7 +293,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
}
// Mount /pki2 to operate as an intermediate CA
err = client.Sys().Mount("pki2", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki2", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -305,14 +305,14 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
}
// Create a CSR for the intermediate CA
secret, err := client.Logical().Write("pki2/intermediate/generate/internal", nil)
secret, err := client.Logical().WriteWithContext(context.Background(), "pki2/intermediate/generate/internal", nil)
if err != nil {
t.Fatal(err)
}
intermediateCSR := secret.Data["csr"].(string)
// Sign the intermediate CSR using /pki
secret, err = client.Logical().Write("pki/root/sign-intermediate", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "pki/root/sign-intermediate", map[string]interface{}{
"permitted_dns_domains": ".myvault.com",
"csr": intermediateCSR,
})
@ -322,7 +322,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
intermediateCertPEM := secret.Data["certificate"].(string)
// Configure the intermediate cert as the CA in /pki2
_, err = client.Logical().Write("pki2/intermediate/set-signed", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki2/intermediate/set-signed", map[string]interface{}{
"certificate": intermediateCertPEM,
})
if err != nil {
@ -330,7 +330,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
}
// Create a role on the intermediate CA mount
_, err = client.Logical().Write("pki2/roles/myvault-dot-com", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki2/roles/myvault-dot-com", map[string]interface{}{
"allowed_domains": "myvault.com",
"allow_subdomains": "true",
"max_ttl": "5m",
@ -340,7 +340,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
}
// Issue a leaf cert using the intermediate CA
secret, err = client.Logical().Write("pki2/issue/myvault-dot-com", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "pki2/issue/myvault-dot-com", map[string]interface{}{
"common_name": "cert.myvault.com",
"format": "pem",
"ip_sans": "127.0.0.1",
@ -360,7 +360,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
}
// Set the intermediate CA cert as a trusted certificate in the backend
_, err = client.Logical().Write("auth/cert/certs/myvault-dot-com", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/cert/certs/myvault-dot-com", map[string]interface{}{
"display_name": "myvault.com",
"policies": "default",
"certificate": intermediateCertPEM,
@ -447,7 +447,7 @@ func TestBackend_PermittedDNSDomainsIntermediateCA(t *testing.T) {
// Create a new api client with the desired TLS configuration
newClient := getAPIClient(cores[0].Listeners[0].Address.Port, cores[0].TLSConfig)
secret, err = newClient.Logical().Write("auth/cert/login", map[string]interface{}{
secret, err = newClient.Logical().WriteWithContext(context.Background(), "auth/cert/login", map[string]interface{}{
"name": "myvault-dot-com",
})
if err != nil {

220
builtin/logical/pki/backend_test.go
View File

@ -62,7 +62,7 @@ func TestPKI_RequireCN(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -73,7 +73,7 @@ func TestPKI_RequireCN(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
})
if err != nil {
@ -84,7 +84,7 @@ func TestPKI_RequireCN(t *testing.T) {
}
// Create a role which does require CN (default)
_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/example", map[string]interface{}{
"allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com",
"allow_bare_domains": true,
"allow_subdomains": true,
@ -96,7 +96,7 @@ func TestPKI_RequireCN(t *testing.T) {
// Issue a cert with require_cn set to true and with common name supplied.
// It should succeed.
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{
"common_name": "foobar.com",
})
if err != nil {
@ -105,13 +105,13 @@ func TestPKI_RequireCN(t *testing.T) {
// Issue a cert with require_cn set to true and with out supplying the
// common name. It should error out.
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{})
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{})
if err == nil {
t.Fatalf("expected an error due to missing common_name")
}
// Modify the role to make the common name optional
_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/example", map[string]interface{}{
"allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com",
"allow_bare_domains": true,
"allow_subdomains": true,
@ -124,7 +124,7 @@ func TestPKI_RequireCN(t *testing.T) {
// Issue a cert with require_cn set to false and without supplying the
// common name. It should succeed.
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{})
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{})
if err != nil {
t.Fatal(err)
}
@ -135,7 +135,7 @@ func TestPKI_RequireCN(t *testing.T) {
// Issue a cert with require_cn set to false and with a common name. It
// should succeed.
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{})
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{})
if err != nil {
t.Fatal(err)
}
@ -159,7 +159,7 @@ func TestPKI_DeviceCert(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -170,7 +170,7 @@ func TestPKI_DeviceCert(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
"not_after": "9999-12-31T23:59:59Z",
})
@ -197,7 +197,7 @@ func TestPKI_DeviceCert(t *testing.T) {
}
// Create a role which does require CN (default)
_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/example", map[string]interface{}{
"allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com",
"allow_bare_domains": true,
"allow_subdomains": true,
@ -209,7 +209,7 @@ func TestPKI_DeviceCert(t *testing.T) {
// Issue a cert with require_cn set to true and with common name supplied.
// It should succeed.
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{
"common_name": "foobar.com",
})
if err != nil {
@ -245,7 +245,7 @@ func TestBackend_InvalidParameter(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -256,7 +256,7 @@ func TestBackend_InvalidParameter(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
"not_after": "9999-12-31T23:59:59Z",
"ttl": "25h",
@ -265,7 +265,7 @@ func TestBackend_InvalidParameter(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
"not_after": "9999-12-31T23:59:59",
})
@ -2156,7 +2156,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -2167,7 +2167,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
})
if err != nil {
@ -2176,7 +2176,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
if resp == nil {
t.Fatal("expected ca info")
}
resp, err = client.Logical().Read("pki/cert/ca_chain")
resp, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
if err != nil {
t.Fatalf("error reading ca_chain: %v", err)
}
@ -2184,7 +2184,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
r1Data := resp.Data
// Try again, make sure it's a 204 and same CA
resp, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
})
if err != nil {
@ -2196,7 +2196,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
if resp.Data != nil || len(resp.Warnings) == 0 {
t.Fatalf("bad response: %#v", *resp)
}
resp, err = client.Logical().Read("pki/cert/ca_chain")
resp, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
if err != nil {
t.Fatalf("error reading ca_chain: %v", err)
}
@ -2205,7 +2205,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
t.Fatal("got different ca certs")
}
resp, err = client.Logical().Delete("pki/root")
resp, err = client.Logical().DeleteWithContext(context.Background(), "pki/root")
if err != nil {
t.Fatal(err)
}
@ -2213,7 +2213,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
t.Fatal("expected nil response")
}
// Make sure it behaves the same
resp, err = client.Logical().Delete("pki/root")
resp, err = client.Logical().DeleteWithContext(context.Background(), "pki/root")
if err != nil {
t.Fatal(err)
}
@ -2221,12 +2221,12 @@ func TestBackend_Root_Idempotency(t *testing.T) {
t.Fatal("expected nil response")
}
_, err = client.Logical().Read("pki/cert/ca_chain")
_, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
if err == nil {
t.Fatal("expected error")
}
resp, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"common_name": "myvault.com",
})
if err != nil {
@ -2236,7 +2236,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
t.Fatal("expected ca info")
}
_, err = client.Logical().Read("pki/cert/ca_chain")
_, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
if err != nil {
t.Fatal(err)
}
@ -2256,7 +2256,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("root", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -2266,7 +2266,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
if err != nil {
t.Fatal(err)
}
err = client.Sys().Mount("int", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "int", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "4h",
@ -2278,7 +2278,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
}
// Direct issuing from root
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -2286,7 +2286,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
"allow_bare_domains": true,
"allow_subdomains": true,
})
@ -2294,7 +2294,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("int/intermediate/generate/internal", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "int/intermediate/generate/internal", map[string]interface{}{
"common_name": "myint.com",
})
if err != nil {
@ -2303,7 +2303,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
csr := resp.Data["csr"]
_, err = client.Logical().Write("root/sign/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/sign/test", map[string]interface{}{
"common_name": "myint.com",
"csr": csr,
"ttl": "60h",
@ -2312,7 +2312,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
t.Fatal("expected error")
}
_, err = client.Logical().Write("root/sign-verbatim/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/sign-verbatim/test", map[string]interface{}{
"common_name": "myint.com",
"other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com",
"csr": csr,
@ -2322,7 +2322,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
t.Fatal("expected error")
}
resp, err = client.Logical().Write("root/root/sign-intermediate", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/root/sign-intermediate", map[string]interface{}{
"common_name": "myint.com",
"other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com",
"csr": csr,
@ -2650,7 +2650,7 @@ func TestBackend_OID_SANs(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("root", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -2666,7 +2666,7 @@ func TestBackend_OID_SANs(t *testing.T) {
var block *pem.Block
var cert *x509.Certificate
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -2674,7 +2674,7 @@ func TestBackend_OID_SANs(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
"allowed_domains": []string{"foobar.com", "zipzap.com"},
"allow_bare_domains": true,
"allow_subdomains": true,
@ -2688,7 +2688,7 @@ func TestBackend_OID_SANs(t *testing.T) {
// Get a baseline before adding OID SANs. In the next sections we'll verify
// that the SANs are all added even as the OID SAN inclusion forces other
// adding logic (custom rather than built-in Golang logic)
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foobar.com,foo.foobar.com,bar.foobar.com",
@ -2714,7 +2714,7 @@ func TestBackend_OID_SANs(t *testing.T) {
}
// First test some bad stuff that shouldn't work
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2726,7 +2726,7 @@ func TestBackend_OID_SANs(t *testing.T) {
t.Fatal("expected error")
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2738,7 +2738,7 @@ func TestBackend_OID_SANs(t *testing.T) {
t.Fatal("expected error")
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2750,7 +2750,7 @@ func TestBackend_OID_SANs(t *testing.T) {
t.Fatal("expected error")
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2762,7 +2762,7 @@ func TestBackend_OID_SANs(t *testing.T) {
t.Fatal("expected error")
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2775,7 +2775,7 @@ func TestBackend_OID_SANs(t *testing.T) {
}
// Valid for first possibility
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2805,7 +2805,7 @@ func TestBackend_OID_SANs(t *testing.T) {
}
// Valid for second possibility
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2841,7 +2841,7 @@ func TestBackend_OID_SANs(t *testing.T) {
fmt.Sprintf("%s;%s:%s", oid1, type1, val1),
fmt.Sprintf("%s;%s:%s", oid2, type2, val2),
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -2893,7 +2893,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("root", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -2909,7 +2909,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
var block *pem.Block
var cert *x509.Certificate
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -2918,7 +2918,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
}
// First test that Serial Numbers are not allowed
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
"allow_any_name": true,
"enforce_hostnames": false,
})
@ -2926,7 +2926,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
t.Fatal(err)
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar",
"ttl": "1h",
})
@ -2934,7 +2934,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
t.Fatal(err)
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar",
"ttl": "1h",
"serial_number": "foobar",
@ -2944,7 +2944,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
}
// Update the role to allow serial numbers
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
"allow_any_name": true,
"enforce_hostnames": false,
"allowed_serial_numbers": "f00*,b4r*",
@ -2953,7 +2953,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
t.Fatal(err)
}
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar",
"ttl": "1h",
// Not a valid serial number
@ -2964,7 +2964,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
}
// Valid for first possibility
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar",
"serial_number": "f00bar",
})
@ -2985,7 +2985,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
}
// Valid for second possibility
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar",
"serial_number": "b4rf00",
})
@ -3020,7 +3020,7 @@ func TestBackend_URI_SANs(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("root", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3031,7 +3031,7 @@ func TestBackend_URI_SANs(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -3039,7 +3039,7 @@ func TestBackend_URI_SANs(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
"allowed_domains": []string{"foobar.com", "zipzap.com"},
"allow_bare_domains": true,
"allow_subdomains": true,
@ -3051,7 +3051,7 @@ func TestBackend_URI_SANs(t *testing.T) {
}
// First test some bad stuff that shouldn't work
_, err = client.Logical().Write("root/issue/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -3063,7 +3063,7 @@ func TestBackend_URI_SANs(t *testing.T) {
}
// Test valid single entry
_, err = client.Logical().Write("root/issue/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -3075,7 +3075,7 @@ func TestBackend_URI_SANs(t *testing.T) {
}
// Test globed entry
_, err = client.Logical().Write("root/issue/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -3087,7 +3087,7 @@ func TestBackend_URI_SANs(t *testing.T) {
}
// Test multiple entries
resp, err := client.Logical().Write("root/issue/test", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
"common_name": "foobar.com",
"ip_sans": "1.2.3.4",
"alt_names": "foo.foobar.com,bar.foobar.com",
@ -3136,7 +3136,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
client := cluster.Cores[0].Client
// Write test policy for userpass auth method.
err := client.Sys().PutPolicy("test", `
err := client.Sys().PutPolicyWithContext(context.Background(), "test", `
path "pki/*" {
capabilities = ["update"]
}`)
@ -3150,7 +3150,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
}
// Configure test role for userpass.
if _, err := client.Logical().Write("auth/userpass/users/userpassname", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/userpassname", map[string]interface{}{
"password": "test",
"policies": "test",
}); err != nil {
@ -3158,7 +3158,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
}
// Login userpass for test role and keep client token.
secret, err := client.Logical().Write("auth/userpass/login/userpassname", map[string]interface{}{
secret, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/login/userpassname", map[string]interface{}{
"password": "test",
})
if err != nil || secret == nil {
@ -3167,14 +3167,14 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
userpassToken := secret.Auth.ClientToken
// Get auth accessor for identity template.
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
userpassAccessor := auths["userpass/"].Accessor
// Mount PKI.
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3186,7 +3186,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
}
// Generate internal CA.
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -3195,7 +3195,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
}
// Write role PKI.
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
"allowed_uri_sans": []string{
"spiffe://domain/{{identity.entity.aliases." + userpassAccessor + ".name}}",
"spiffe://domain/{{identity.entity.aliases." + userpassAccessor + ".name}}/*", "spiffe://domain/foo",
@ -3209,27 +3209,27 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
// Issue certificate with identity templating
client.SetToken(userpassToken)
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname, spiffe://domain/foo"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname, spiffe://domain/foo"})
if err != nil {
t.Fatal(err)
}
// Issue certificate with identity templating and glob
client.SetToken(userpassToken)
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname/bar"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname/bar"})
if err != nil {
t.Fatal(err)
}
// Issue certificate with non-matching identity template parameter
client.SetToken(userpassToken)
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/unknownuser"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/unknownuser"})
if err == nil {
t.Fatal(err)
}
// Set allowed_uri_sans_template to false.
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
"allowed_uri_sans_template": false,
})
if err != nil {
@ -3237,7 +3237,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
}
// Issue certificate with userpassToken.
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/users/userpassname"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/users/userpassname"})
if err == nil {
t.Fatal("expected error")
}
@ -3260,7 +3260,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
client := cluster.Cores[0].Client
// Write test policy for userpass auth method.
err := client.Sys().PutPolicy("test", `
err := client.Sys().PutPolicyWithContext(context.Background(), "test", `
path "pki/*" {
capabilities = ["update"]
}`)
@ -3274,7 +3274,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
}
// Configure test role for userpass.
if _, err := client.Logical().Write("auth/userpass/users/userpassname", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/userpassname", map[string]interface{}{
"password": "test",
"policies": "test",
}); err != nil {
@ -3288,14 +3288,14 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
}
// Get auth accessor for identity template.
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
userpassAccessor := auths["userpass/"].Accessor
// Mount PKI.
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3307,7 +3307,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
}
// Generate internal CA.
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -3316,7 +3316,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
}
// Write role PKI.
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
"allowed_domains": []string{
"foobar.com", "zipzap.com", "{{identity.entity.aliases." + userpassAccessor + ".name}}",
"foo.{{identity.entity.aliases." + userpassAccessor + ".name}}.example.com",
@ -3336,31 +3336,31 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
if err != nil || secret == nil {
t.Fatal(err)
}
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
if err != nil {
t.Fatal(err)
}
// Issue certificate for foobar.com to verify allowed_domain_templae doesnt break plain domains.
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "foobar.com"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "foobar.com"})
if err != nil {
t.Fatal(err)
}
// Issue certificate for unknown userpassname.
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "unknownuserpassname"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "unknownuserpassname"})
if err == nil {
t.Fatal("expected error")
}
// Issue certificate for foo.userpassname.domain.
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "foo.userpassname.example.com"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "foo.userpassname.example.com"})
if err != nil {
t.Fatal("expected error")
}
// Set allowed_domains_template to false.
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
"allowed_domains_template": false,
})
if err != nil {
@ -3368,7 +3368,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
}
// Issue certificate with userpassToken.
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
if err == nil {
t.Fatal("expected error")
}
@ -3510,7 +3510,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
var err error
// Mount /pki as a root CA
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3523,7 +3523,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
// Set the cluster's certificate as the root CA in /pki
pemBundleRootCA := string(cluster.CACertPEM) + string(cluster.CAKeyPEM)
_, err = client.Logical().Write("pki/config/ca", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/config/ca", map[string]interface{}{
"pem_bundle": pemBundleRootCA,
})
if err != nil {
@ -3531,7 +3531,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
}
// Mount /pki2 to operate as an intermediate CA
err = client.Sys().Mount("pki2", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki2", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3543,14 +3543,14 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
}
// Create a CSR for the intermediate CA
secret, err := client.Logical().Write("pki2/intermediate/generate/internal", nil)
secret, err := client.Logical().WriteWithContext(context.Background(), "pki2/intermediate/generate/internal", nil)
if err != nil {
t.Fatal(err)
}
intermediateCSR := secret.Data["csr"].(string)
// Sign the intermediate CSR using /pki
secret, err = client.Logical().Write("pki/root/sign-intermediate", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "pki/root/sign-intermediate", map[string]interface{}{
"permitted_dns_domains": ".myvault.com",
"csr": intermediateCSR,
"ttl": "10s",
@ -3562,7 +3562,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
intermediateCASerialColon := strings.ReplaceAll(strings.ToLower(intermediateCertSerial), ":", "-")
// Get the intermediate cert after signing
secret, err = client.Logical().Read("pki/cert/" + intermediateCASerialColon)
secret, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/"+intermediateCASerialColon)
if err != nil {
t.Fatal(err)
}
@ -3571,7 +3571,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
}
// Issue a revoke on on /pki
_, err = client.Logical().Write("pki/revoke", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/revoke", map[string]interface{}{
"serial_number": intermediateCertSerial,
})
if err != nil {
@ -3583,7 +3583,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
time.Sleep(3 * time.Second)
// Issue a tidy on /pki
_, err = client.Logical().Write("pki/tidy", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/tidy", map[string]interface{}{
"tidy_cert_store": true,
"tidy_revoked_certs": true,
"safety_buffer": "1s",
@ -3631,7 +3631,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
time.Sleep(10 * time.Second)
// Issue a tidy on /pki
_, err = client.Logical().Write("pki/tidy", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/tidy", map[string]interface{}{
"tidy_cert_store": true,
"tidy_revoked_certs": true,
"safety_buffer": "1s",
@ -3645,7 +3645,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
// Issue a tidy-status on /pki
{
tidyStatus, err := client.Logical().Read("pki/tidy-status")
tidyStatus, err := client.Logical().ReadWithContext(context.Background(), "pki/tidy-status")
if err != nil {
t.Fatal(err)
}
@ -3770,7 +3770,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
var err error
// Generate a root CA at /pki-root
err = client.Sys().Mount("pki-root", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki-root", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3781,7 +3781,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("pki-root/root/generate/exported", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki-root/root/generate/exported", map[string]interface{}{
"common_name": "root myvault.com",
})
if err != nil {
@ -3794,7 +3794,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
rootCert := rootData["certificate"].(string)
// Validate that root's /cert/ca-chain now contains the certificate.
resp, err = client.Logical().Read("pki-root/cert/ca_chain")
resp, err = client.Logical().ReadWithContext(context.Background(), "pki-root/cert/ca_chain")
if err != nil {
t.Fatal(err)
}
@ -3808,7 +3808,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
}
// Now generate an intermediate at /pki-intermediate, signed by the root.
err = client.Sys().Mount("pki-intermediate", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki-intermediate", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3819,7 +3819,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
t.Fatal(err)
}
resp, err = client.Logical().Write("pki-intermediate/intermediate/generate/exported", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-intermediate/intermediate/generate/exported", map[string]interface{}{
"common_name": "intermediate myvault.com",
})
if err != nil {
@ -3831,7 +3831,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
intermediateData := resp.Data
intermediateKey := intermediateData["private_key"].(string)
resp, err = client.Logical().Write("pki-root/root/sign-intermediate", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-root/root/sign-intermediate", map[string]interface{}{
"csr": intermediateData["csr"],
"format": "pem_bundle",
})
@ -3844,7 +3844,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
intermediateSignedData := resp.Data
intermediateCert := intermediateSignedData["certificate"].(string)
resp, err = client.Logical().Write("pki-intermediate/intermediate/set-signed", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-intermediate/intermediate/set-signed", map[string]interface{}{
"certificate": intermediateCert + "\n" + rootCert + "\n",
})
if err != nil {
@ -3853,7 +3853,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
// Validate that intermediate's ca_chain field now includes the full
// chain.
resp, err = client.Logical().Read("pki-intermediate/cert/ca_chain")
resp, err = client.Logical().ReadWithContext(context.Background(), "pki-intermediate/cert/ca_chain")
if err != nil {
t.Fatal(err)
}
@ -3871,7 +3871,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
// Finally, import this signing cert chain into a new mount to ensure
// "external" CAs behave as expected.
err = client.Sys().Mount("pki-external", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki-external", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -3882,7 +3882,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
t.Fatal(err)
}
resp, err = client.Logical().Write("pki-external/config/ca", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-external/config/ca", map[string]interface{}{
"pem_bundle": intermediateKey + "\n" + intermediateCert + "\n" + rootCert + "\n",
})
if err != nil {
@ -3890,7 +3890,7 @@ func TestBackend_Root_FullCAChain(t *testing.T) {
}
// Validate the external chain information was loaded correctly.
resp, err = client.Logical().Read("pki-external/cert/ca_chain")
resp, err = client.Logical().ReadWithContext(context.Background(), "pki-external/cert/ca_chain")
if err != nil {
t.Fatal(err)
}
@ -3950,7 +3950,7 @@ func RoleIssuanceRegressionHelper(t *testing.T, client *api.Client, index int, t
for _, AllowLocalhost := range test.AllowLocalhost.ToValues() {
for _, AllowWildcardCertificates := range test.AllowWildcardCertificates.ToValues() {
role := fmt.Sprintf("issuance-regression-%d-bare-%v-glob-%v-subdomains-%v-localhost-%v-wildcard-%v", index, AllowBareDomains, AllowGlobDomains, AllowSubdomains, AllowLocalhost, AllowWildcardCertificates)
resp, err := client.Logical().Write("pki/roles/"+role, map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/roles/"+role, map[string]interface{}{
"allowed_domains": test.AllowedDomains,
"allow_bare_domains": AllowBareDomains,
"allow_glob_domains": AllowGlobDomains,
@ -3967,7 +3967,7 @@ func RoleIssuanceRegressionHelper(t *testing.T, client *api.Client, index int, t
t.Fatal(err)
}
resp, err = client.Logical().Write("pki/issue/"+role, map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/"+role, map[string]interface{}{
"common_name": test.CommonName,
})
@ -4158,7 +4158,7 @@ func TestBackend_Roles_IssuanceRegression(t *testing.T) {
var err error
// Generate a root CA at /pki to use for our tests
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "12h",
@ -4169,7 +4169,7 @@ func TestBackend_Roles_IssuanceRegression(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("pki/root/generate/exported", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/exported", map[string]interface{}{
"common_name": "myvault.com",
"ttl": "128h",
"key_type": "ec",

48
builtin/logical/pki/ca_test.go
View File

@ -155,7 +155,7 @@ func TestBackend_CA_Steps(t *testing.T) {
// Setup backends
var rsaRoot, rsaInt, ecRoot, ecInt, edRoot, edInt *backend
{
if err := client.Sys().Mount("rsaroot", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "rsaroot", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -166,7 +166,7 @@ func TestBackend_CA_Steps(t *testing.T) {
}
rsaRoot = b
if err := client.Sys().Mount("rsaint", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "rsaint", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -177,7 +177,7 @@ func TestBackend_CA_Steps(t *testing.T) {
}
rsaInt = b
if err := client.Sys().Mount("ecroot", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "ecroot", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -188,7 +188,7 @@ func TestBackend_CA_Steps(t *testing.T) {
}
ecRoot = b
if err := client.Sys().Mount("ecint", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "ecint", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -199,7 +199,7 @@ func TestBackend_CA_Steps(t *testing.T) {
}
ecInt = b
if err := client.Sys().Mount("ed25519root", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "ed25519root", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -210,7 +210,7 @@ func TestBackend_CA_Steps(t *testing.T) {
}
edRoot = b
if err := client.Sys().Mount("ed25519int", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "ed25519int", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -259,7 +259,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
{
// Attempt import but only provide one the cert
{
_, err := client.Logical().Write(rootName+"config/ca", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), rootName+"config/ca", map[string]interface{}{
"pem_bundle": caCert,
})
if err == nil {
@ -269,7 +269,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Same but with only the key
{
_, err := client.Logical().Write(rootName+"config/ca", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), rootName+"config/ca", map[string]interface{}{
"pem_bundle": caKey,
})
if err == nil {
@ -279,7 +279,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Import CA bundle
{
_, err := client.Logical().Write(rootName+"config/ca", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), rootName+"config/ca", map[string]interface{}{
"pem_bundle": strings.Join([]string{caKey, caCert}, "\n"),
})
if err != nil {
@ -292,7 +292,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// cert/ca path
{
resp, err := client.Logical().Read(rootName + "cert/ca")
resp, err := client.Logical().ReadWithContext(context.Background(), rootName+"cert/ca")
if err != nil {
t.Fatal(err)
}
@ -359,7 +359,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
{
// Set CRL config
{
_, err := client.Logical().Write(rootName+"config/crl", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), rootName+"config/crl", map[string]interface{}{
"expiry": "16h",
})
if err != nil {
@ -369,7 +369,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Verify it
{
resp, err := client.Logical().Read(rootName + "config/crl")
resp, err := client.Logical().ReadWithContext(context.Background(), rootName+"config/crl")
if err != nil {
t.Fatal(err)
}
@ -390,7 +390,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
{
// First, delete the existing CA info
{
_, err := client.Logical().Delete(rootName + "root")
_, err := client.Logical().DeleteWithContext(context.Background(), rootName+"root")
if err != nil {
t.Fatal(err)
}
@ -399,7 +399,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
var rootPEM, rootKey, rootPEMBundle string
// Test exported root generation
{
resp, err := client.Logical().Write(rootName+"root/generate/exported", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), rootName+"root/generate/exported", map[string]interface{}{
"common_name": "Root Cert",
"ttl": "180h",
})
@ -421,7 +421,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
var intPEM, intCSR, intKey string
// Test exported intermediate CSR generation
{
resp, err := client.Logical().Write(intName+"intermediate/generate/exported", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), intName+"intermediate/generate/exported", map[string]interface{}{
"common_name": "intermediate.cert.com",
"ttl": "180h",
})
@ -441,7 +441,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Test signing
{
resp, err := client.Logical().Write(rootName+"root/sign-intermediate", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), rootName+"root/sign-intermediate", map[string]interface{}{
"common_name": "intermediate.cert.com",
"ttl": "10s",
"csr": intCSR,
@ -458,7 +458,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Test setting signed
{
resp, err := client.Logical().Write(intName+"intermediate/set-signed", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), intName+"intermediate/set-signed", map[string]interface{}{
"certificate": intPEM,
})
if err != nil {
@ -471,7 +471,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Verify we can find it via the root
{
resp, err := client.Logical().Read(rootName + "cert/" + intSerialNumber)
resp, err := client.Logical().ReadWithContext(context.Background(), rootName+"cert/"+intSerialNumber)
if err != nil {
t.Fatal(err)
}
@ -485,7 +485,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Revoke the intermediate
{
resp, err := client.Logical().Write(rootName+"revoke", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), rootName+"revoke", map[string]interface{}{
"serial_number": intSerialNumber,
})
if err != nil {
@ -501,7 +501,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
t.Helper()
// Verify it is now revoked
{
resp, err := client.Logical().Read(rootName + "cert/" + intSerialNumber)
resp, err := client.Logical().ReadWithContext(context.Background(), rootName+"cert/"+intSerialNumber)
if err != nil {
t.Fatal(err)
}
@ -559,7 +559,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
}
verifyTidyStatus := func(expectedCertStoreDeleteCount int, expectedRevokedCertDeletedCount int) {
tidyStatus, err := client.Logical().Read(rootName + "tidy-status")
tidyStatus, err := client.Logical().ReadWithContext(context.Background(), rootName+"tidy-status")
if err != nil {
t.Fatal(err)
}
@ -594,7 +594,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
{
// Run with a high safety buffer, nothing should happen
{
resp, err := client.Logical().Write(rootName+"tidy", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), rootName+"tidy", map[string]interface{}{
"safety_buffer": "3h",
"tidy_cert_store": true,
"tidy_revoked_certs": true,
@ -617,7 +617,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Run with both values set false, nothing should happen
{
resp, err := client.Logical().Write(rootName+"tidy", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), rootName+"tidy", map[string]interface{}{
"safety_buffer": "1s",
"tidy_cert_store": false,
"tidy_revoked_certs": false,
@ -640,7 +640,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
// Run with a short safety buffer and both set to true, both should be cleared
{
resp, err := client.Logical().Write(rootName+"tidy", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), rootName+"tidy", map[string]interface{}{
"safety_buffer": "1s",
"tidy_cert_store": true,
"tidy_revoked_certs": true,

17
builtin/logical/pki/crl_test.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"crypto/x509"
"testing"
@ -24,7 +25,7 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
client := cluster.Cores[0].Client
var err error
err = client.Sys().Mount("pki", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -32,7 +33,7 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
},
})
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
"ttl": "40h",
"common_name": "myvault.com",
})
@ -41,7 +42,7 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
}
caSerial := resp.Data["serial_number"]
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
"allow_bare_domains": true,
"allow_subdomains": true,
"allowed_domains": "foobar.com",
@ -53,7 +54,7 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
serials := make(map[int]string)
for i := 0; i < 6; i++ {
resp, err := client.Logical().Write("pki/issue/test", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{
"common_name": "test.foobar.com",
})
if err != nil {
@ -63,7 +64,7 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
}
test := func(num int) {
resp, err := client.Logical().Read("pki/cert/crl")
resp, err := client.Logical().ReadWithContext(context.Background(), "pki/cert/crl")
if err != nil {
t.Fatal(err)
}
@ -79,14 +80,14 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
}
revoke := func(num int) {
resp, err = client.Logical().Write("pki/revoke", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/revoke", map[string]interface{}{
"serial_number": serials[num],
})
if err != nil {
t.Fatal(err)
}
resp, err = client.Logical().Write("pki/revoke", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/revoke", map[string]interface{}{
"serial_number": caSerial,
})
if err == nil {
@ -95,7 +96,7 @@ func TestBackend_CRL_EnableDisable(t *testing.T) {
}
toggle := func(disabled bool) {
_, err = client.Logical().Write("pki/config/crl", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/config/crl", map[string]interface{}{
"disable": disabled,
})
if err != nil {

42
builtin/logical/ssh/backend_test.go
View File

@ -1464,14 +1464,14 @@ func TestBackend_DefExtTemplatingEnabled(t *testing.T) {
client := cluster.Cores[0].Client
// Get auth accessor for identity template.
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
userpassAccessor := auths["userpass/"].Accessor
// Write SSH role.
_, err = client.Logical().Write("ssh/roles/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "ssh/roles/test", map[string]interface{}{
"key_type": "ca",
"allowed_extensions": "login@zipzap.com",
"allow_user_certificates": true,
@ -1490,7 +1490,7 @@ func TestBackend_DefExtTemplatingEnabled(t *testing.T) {
// Issue SSH certificate with default extensions templating enabled, and no user-provided extensions
client.SetToken(userpassToken)
resp, err := client.Logical().Write("ssh/sign/test", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "ssh/sign/test", map[string]interface{}{
"public_key": publicKey4096,
})
if err != nil {
@ -1518,7 +1518,7 @@ func TestBackend_DefExtTemplatingEnabled(t *testing.T) {
userProvidedExtensionPermissions := map[string]string{
"login@zipzap.com": "some_other_user_name",
}
resp, err = client.Logical().Write("ssh/sign/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "ssh/sign/test", map[string]interface{}{
"public_key": publicKey4096,
"extensions": userProvidedExtensionPermissions,
})
@ -1542,7 +1542,7 @@ func TestBackend_DefExtTemplatingEnabled(t *testing.T) {
invalidUserProvidedExtensionPermissions := map[string]string{
"login@foobar.com": "{{identity.entity.metadata}}",
}
resp, err = client.Logical().Write("ssh/sign/test", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "ssh/sign/test", map[string]interface{}{
"public_key": publicKey4096,
"extensions": invalidUserProvidedExtensionPermissions,
})
@ -1557,7 +1557,7 @@ func TestBackend_EmptyAllowedExtensionFailsClosed(t *testing.T) {
client := cluster.Cores[0].Client
// Get auth accessor for identity template.
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -1565,7 +1565,7 @@ func TestBackend_EmptyAllowedExtensionFailsClosed(t *testing.T) {
// Write SSH role to test with no allowed extension. We also provide a templated default extension,
// to verify that it's not actually being evaluated
_, err = client.Logical().Write("ssh/roles/test_allow_all_extensions", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "ssh/roles/test_allow_all_extensions", map[string]interface{}{
"key_type": "ca",
"allow_user_certificates": true,
"allowed_users": "tuber",
@ -1585,7 +1585,7 @@ func TestBackend_EmptyAllowedExtensionFailsClosed(t *testing.T) {
userProvidedAnyExtensionPermissions := map[string]string{
"login@foobar.com": "not_userpassname",
}
_, err = client.Logical().Write("ssh/sign/test_allow_all_extensions", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "ssh/sign/test_allow_all_extensions", map[string]interface{}{
"public_key": publicKey4096,
"extensions": userProvidedAnyExtensionPermissions,
})
@ -1604,7 +1604,7 @@ func TestBackend_DefExtTemplatingDisabled(t *testing.T) {
client := cluster.Cores[0].Client
// Get auth accessor for identity template.
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -1612,7 +1612,7 @@ func TestBackend_DefExtTemplatingDisabled(t *testing.T) {
// Write SSH role to test with any extension. We also provide a templated default extension,
// to verify that it's not actually being evaluated
_, err = client.Logical().Write("ssh/roles/test_allow_all_extensions", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "ssh/roles/test_allow_all_extensions", map[string]interface{}{
"key_type": "ca",
"allow_user_certificates": true,
"allowed_users": "tuber",
@ -1635,7 +1635,7 @@ func TestBackend_DefExtTemplatingDisabled(t *testing.T) {
"login@foobar.com": "{{identity.entity.aliases." + userpassAccessor + ".name}}",
"login@zipzap.com": "some_other_user_name",
}
resp, err := client.Logical().Write("ssh/sign/test_allow_all_extensions", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "ssh/sign/test_allow_all_extensions", map[string]interface{}{
"public_key": publicKey4096,
"extensions": defaultExtensionPermissions,
})
@ -1661,7 +1661,7 @@ func TestBackend_DefExtTemplatingDisabled(t *testing.T) {
"login@foobar.com": "not_userpassname",
"login@zipzap.com": "some_other_user_name",
}
resp, err = client.Logical().Write("ssh/sign/test_allow_all_extensions", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "ssh/sign/test_allow_all_extensions", map[string]interface{}{
"public_key": publicKey4096,
"extensions": userProvidedAnyExtensionPermissions,
})
@ -1698,7 +1698,7 @@ func getSshCaTestCluster(t *testing.T, userIdentity string) (*vault.TestCluster,
client := cluster.Cores[0].Client
// Write test policy for userpass auth method.
err := client.Sys().PutPolicy("test", `
err := client.Sys().PutPolicyWithContext(context.Background(), "test", `
path "ssh/*" {
capabilities = ["update"]
}`)
@ -1712,7 +1712,7 @@ func getSshCaTestCluster(t *testing.T, userIdentity string) (*vault.TestCluster,
}
// Configure test role for userpass.
if _, err := client.Logical().Write("auth/userpass/users/"+userIdentity, map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/"+userIdentity, map[string]interface{}{
"password": "test",
"policies": "test",
}); err != nil {
@ -1720,7 +1720,7 @@ func getSshCaTestCluster(t *testing.T, userIdentity string) (*vault.TestCluster,
}
// Login userpass for test role and keep client token.
secret, err := client.Logical().Write("auth/userpass/login/"+userIdentity, map[string]interface{}{
secret, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/login/"+userIdentity, map[string]interface{}{
"password": "test",
})
if err != nil || secret == nil {
@ -1729,7 +1729,7 @@ func getSshCaTestCluster(t *testing.T, userIdentity string) (*vault.TestCluster,
userpassToken := secret.Auth.ClientToken
// Mount SSH.
err = client.Sys().Mount("ssh", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "ssh", &api.MountInput{
Type: "ssh",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -1741,7 +1741,7 @@ func getSshCaTestCluster(t *testing.T, userIdentity string) (*vault.TestCluster,
}
// Configure SSH CA.
_, err = client.Logical().Write("ssh/config/ca", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "ssh/config/ca", map[string]interface{}{
"public_key": testCAPublicKey,
"private_key": testCAPrivateKey,
})
@ -1759,21 +1759,21 @@ func testAllowedUsersTemplate(t *testing.T, testAllowedUsersTemplate string,
client := cluster.Cores[0].Client
// set metadata "ssh_username" to userpass username
tokenLookupResponse, err := client.Logical().Write("/auth/token/lookup", map[string]interface{}{
tokenLookupResponse, err := client.Logical().WriteWithContext(context.Background(), "/auth/token/lookup", map[string]interface{}{
"token": userpassToken,
})
if err != nil {
t.Fatal(err)
}
entityID := tokenLookupResponse.Data["entity_id"].(string)
_, err = client.Logical().Write("/identity/entity/id/"+entityID, map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "/identity/entity/id/"+entityID, map[string]interface{}{
"metadata": testEntityMetadata,
})
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Write("ssh/roles/my-role", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "ssh/roles/my-role", map[string]interface{}{
"key_type": testCaKeyType,
"allow_user_certificates": true,
"allowed_users": testAllowedUsersTemplate,
@ -1785,7 +1785,7 @@ func testAllowedUsersTemplate(t *testing.T, testAllowedUsersTemplate string,
// sign SSH key as userpass user
client.SetToken(userpassToken)
signResponse, err := client.Logical().Write("ssh/sign/my-role", map[string]interface{}{
signResponse, err := client.Logical().WriteWithContext(context.Background(), "ssh/sign/my-role", map[string]interface{}{
"public_key": testCAPublicKey,
"valid_principals": expectedValidPrincipal,
})

8
builtin/logical/transit/path_config_test.go
View File

@ -348,7 +348,7 @@ func TestTransit_UpdateKeyConfigWithAutorotation(t *testing.T) {
cores := cluster.Cores
vault.TestWaitActive(t, cores[0].Core)
client := cores[0].Client
err := client.Sys().Mount("transit", &api.MountInput{
err := client.Sys().MountWithContext(context.Background(), "transit", &api.MountInput{
Type: "transit",
})
if err != nil {
@ -363,13 +363,13 @@ func TestTransit_UpdateKeyConfigWithAutorotation(t *testing.T) {
}
keyName := hex.EncodeToString(keyNameBytes)
_, err = client.Logical().Write(fmt.Sprintf("transit/keys/%s", keyName), map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), fmt.Sprintf("transit/keys/%s", keyName), map[string]interface{}{
"auto_rotate_period": test.initialAutoRotatePeriod,
})
if err != nil {
t.Fatal(err)
}
resp, err := client.Logical().Write(fmt.Sprintf("transit/keys/%s/config", keyName), map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), fmt.Sprintf("transit/keys/%s/config", keyName), map[string]interface{}{
"auto_rotate_period": test.newAutoRotatePeriod,
})
switch {
@ -380,7 +380,7 @@ func TestTransit_UpdateKeyConfigWithAutorotation(t *testing.T) {
}
if !test.shouldError {
resp, err = client.Logical().Read(fmt.Sprintf("transit/keys/%s", keyName))
resp, err = client.Logical().ReadWithContext(context.Background(), fmt.Sprintf("transit/keys/%s", keyName))
if err != nil {
t.Fatal(err)
}

23
builtin/logical/transit/path_keys_test.go
View File

@ -1,6 +1,7 @@
package transit_test
import (
"context"
"encoding/hex"
"encoding/json"
"fmt"
@ -39,7 +40,7 @@ func TestTransit_Issue_2958(t *testing.T) {
client := cores[0].Client
err := client.Sys().EnableAuditWithOptions("file", &api.EnableAuditOptions{
err := client.Sys().EnableAuditWithOptionsWithContext(context.Background(), "file", &api.EnableAuditOptions{
Type: "file",
Options: map[string]string{
"file_path": "/dev/null",
@ -49,45 +50,45 @@ func TestTransit_Issue_2958(t *testing.T) {
t.Fatal(err)
}
err = client.Sys().Mount("transit", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "transit", &api.MountInput{
Type: "transit",
})
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Write("transit/keys/foo", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "transit/keys/foo", map[string]interface{}{
"type": "ecdsa-p256",
})
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Write("transit/keys/foobar", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "transit/keys/foobar", map[string]interface{}{
"type": "ecdsa-p384",
})
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Write("transit/keys/bar", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "transit/keys/bar", map[string]interface{}{
"type": "ed25519",
})
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Read("transit/keys/foo")
_, err = client.Logical().ReadWithContext(context.Background(), "transit/keys/foo")
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Read("transit/keys/foobar")
_, err = client.Logical().ReadWithContext(context.Background(), "transit/keys/foobar")
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Read("transit/keys/bar")
_, err = client.Logical().ReadWithContext(context.Background(), "transit/keys/bar")
if err != nil {
t.Fatal(err)
}
@ -144,7 +145,7 @@ func TestTransit_CreateKeyWithAutorotation(t *testing.T) {
cores := cluster.Cores
vault.TestWaitActive(t, cores[0].Core)
client := cores[0].Client
err := client.Sys().Mount("transit", &api.MountInput{
err := client.Sys().MountWithContext(context.Background(), "transit", &api.MountInput{
Type: "transit",
})
if err != nil {
@ -159,7 +160,7 @@ func TestTransit_CreateKeyWithAutorotation(t *testing.T) {
}
keyName := hex.EncodeToString(keyNameBytes)
_, err = client.Logical().Write(fmt.Sprintf("transit/keys/%s", keyName), map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), fmt.Sprintf("transit/keys/%s", keyName), map[string]interface{}{
"auto_rotate_period": test.autoRotatePeriod,
})
switch {
@ -170,7 +171,7 @@ func TestTransit_CreateKeyWithAutorotation(t *testing.T) {
}
if !test.shouldError {
resp, err := client.Logical().Read(fmt.Sprintf("transit/keys/%s", keyName))
resp, err := client.Logical().ReadWithContext(context.Background(), fmt.Sprintf("transit/keys/%s", keyName))
if err != nil {
t.Fatal(err)
}

3
changelog/14388.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
api: Add context-aware functions to vault/api for each API wrapper function.
```

2
command/agent/alicloud_end_to_end_test.go
View File

@ -60,7 +60,7 @@ func TestAliCloudEndToEnd(t *testing.T) {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/alicloud/role/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/alicloud/role/test", map[string]interface{}{
"arn": os.Getenv(envVarAlicloudRoleArn),
}); err != nil {
t.Fatal(err)

32
command/agent/approle_end_to_end_test.go
View File

@ -93,7 +93,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
t.Fatal(err)
}
_, err = client.Logical().Write("auth/approle/role/test1", addConstraints(!bindSecretID, map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1", addConstraints(!bindSecretID, map[string]interface{}{
"bind_secret_id": bindSecretID,
"token_ttl": "6s",
"token_max_ttl": "10s",
@ -109,7 +109,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
secretID1 := ""
secretID2 := ""
if bindSecretID {
resp, err := client.Logical().Write("auth/approle/role/test1/secret-id", nil)
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
@ -117,13 +117,13 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
} else {
logger.Trace("skipped write to auth/approle/role/test1/secret-id")
}
resp, err := client.Logical().Read("auth/approle/role/test1/role-id")
resp, err := client.Logical().ReadWithContext(context.Background(), "auth/approle/role/test1/role-id")
if err != nil {
t.Fatal(err)
}
roleID1 := resp.Data["role_id"].(string)
_, err = client.Logical().Write("auth/approle/role/test2", addConstraints(!bindSecretID, map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test2", addConstraints(!bindSecretID, map[string]interface{}{
"bind_secret_id": bindSecretID,
"token_ttl": "6s",
"token_max_ttl": "10s",
@ -132,7 +132,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
t.Fatal(err)
}
if bindSecretID {
resp, err = client.Logical().Write("auth/approle/role/test2/secret-id", nil)
resp, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test2/secret-id", nil)
if err != nil {
t.Fatal(err)
}
@ -140,7 +140,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
} else {
logger.Trace("skipped write to auth/approle/role/test2/secret-id")
}
resp, err = client.Logical().Read("auth/approle/role/test2/role-id")
resp, err = client.Logical().ReadWithContext(context.Background(), "auth/approle/role/test2/role-id")
if err != nil {
t.Fatal(err)
}
@ -321,7 +321,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
}
}
client.SetToken(string(val))
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -345,7 +345,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
if time.Now().After(timeout) {
break
}
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -385,7 +385,7 @@ func testAppRoleEndToEnd(t *testing.T, removeSecretIDFile bool, bindSecretID boo
if time.Now().After(timeout) {
break
}
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -455,7 +455,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
t.Fatal(err)
}
_, err = client.Logical().Write("auth/approle/role/test1", addConstraints(!bindSecretID, map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1", addConstraints(!bindSecretID, map[string]interface{}{
"bind_secret_id": bindSecretID,
"token_ttl": "6s",
"token_max_ttl": "10s",
@ -474,7 +474,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
secret := ""
secretID1 := ""
if bindSecretID {
resp, err := client.Logical().Write("auth/approle/role/test1/secret-id", nil)
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
@ -482,7 +482,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
} else {
logger.Trace("skipped write to auth/approle/role/test1/secret-id")
}
resp, err := client.Logical().Read("auth/approle/role/test1/role-id")
resp, err := client.Logical().ReadWithContext(context.Background(), "auth/approle/role/test1/role-id")
if err != nil {
t.Fatal(err)
}
@ -664,7 +664,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
}
client.SetToken(string(val))
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -690,7 +690,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
if time.Now().After(timeout) {
break
}
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -708,7 +708,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
logger.Trace("origToken set into client", "origToken", origToken)
if bindSecretID {
resp, err = client.Logical().Write("auth/approle/role/test1/secret-id", nil)
resp, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
@ -732,7 +732,7 @@ func testAppRoleWithWrapping(t *testing.T, bindSecretID bool, secretIDLess bool,
if time.Now().After(timeout) {
break
}
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

2
command/agent/auth/auth_test.go
View File

@ -33,7 +33,7 @@ func newUserpassTestMethod(t *testing.T, client *api.Client) AuthMethod {
}
func (u *userpassTestMethod) Authenticate(_ context.Context, client *api.Client) (string, http.Header, map[string]interface{}, error) {
_, err := client.Logical().Write("auth/userpass/users/foo", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/foo", map[string]interface{}{
"password": "bar",
})
if err != nil {

10
command/agent/auto_auth_preload_token_end_to_end_test.go
View File

@ -48,7 +48,7 @@ func TestTokenPreload_UsingAutoAuth(t *testing.T) {
}
// Setup Approle
_, err := client.Logical().Write("auth/approle/role/test1", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1", map[string]interface{}{
"bind_secret_id": "true",
"token_ttl": "3s",
"token_max_ttl": "10s",
@ -58,13 +58,13 @@ func TestTokenPreload_UsingAutoAuth(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("auth/approle/role/test1/secret-id", nil)
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
secretID1 := resp.Data["secret_id"].(string)
resp, err = client.Logical().Read("auth/approle/role/test1/role-id")
resp, err = client.Logical().ReadWithContext(context.Background(), "auth/approle/role/test1/role-id")
if err != nil {
t.Fatal(err)
}
@ -108,7 +108,7 @@ func TestTokenPreload_UsingAutoAuth(t *testing.T) {
}
// Setup Preload Token
tokenRespRaw, err := client.Logical().Write("auth/token/create", map[string]interface{}{
tokenRespRaw, err := client.Logical().WriteWithContext(context.Background(), "auth/token/create", map[string]interface{}{
"ttl": "10s",
"explicit-max-ttl": "15s",
"policies": []string{""},
@ -222,7 +222,7 @@ func TestTokenPreload_UsingAutoAuth(t *testing.T) {
wrappedToken := map[string]interface{}{
"token": authToken.Token,
}
unwrapResp, err := client.Logical().Write("sys/wrapping/unwrap", wrappedToken)
unwrapResp, err := client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", wrappedToken)
if err != nil {
t.Fatalf("error unwrapping token: %s", err)
}

2
command/agent/aws_end_to_end_test.go
View File

@ -70,7 +70,7 @@ func TestAWSEndToEnd(t *testing.T) {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/aws/role/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/aws/role/test", map[string]interface{}{
"auth_type": "iam",
"policies": "default",
// Retain thru the account number of the given arn and wildcard the rest.

152
command/agent/cache/cache_test.go vendored
View File

@ -92,7 +92,7 @@ func setupClusterAndAgentCommon(ctx context.Context, t *testing.T, coreConfig *v
}
// Add an admin policy
if err := activeClient.Sys().PutPolicy("admin", policyAdmin); err != nil {
if err := activeClient.Sys().PutPolicyWithContext(context.Background(), "admin", policyAdmin); err != nil {
t.Fatal(err)
}
@ -105,7 +105,7 @@ func setupClusterAndAgentCommon(ctx context.Context, t *testing.T, coreConfig *v
t.Fatal(err)
}
_, err = activeClient.Logical().Write("auth/userpass/users/foo", map[string]interface{}{
_, err = activeClient.Logical().WriteWithContext(context.Background(), "auth/userpass/users/foo", map[string]interface{}{
"password": "bar",
"policies": []string{"admin"},
})
@ -174,7 +174,7 @@ func setupClusterAndAgentCommon(ctx context.Context, t *testing.T, coreConfig *v
// Login via userpass method to derive a managed token. Set that token as the
// testClient's token
resp, err := testClient.Logical().Write("auth/userpass/login/foo", map[string]interface{}{
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/userpass/login/foo", map[string]interface{}{
"password": "bar",
})
if err != nil {
@ -264,7 +264,7 @@ func TestCache_AutoAuthTokenStripping(t *testing.T) {
// Empty the token in the client. Auto-auth token should be put to use.
testClient.SetToken("")
secret, err := testClient.Auth().Token().LookupSelf()
secret, err := testClient.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -272,7 +272,7 @@ func TestCache_AutoAuthTokenStripping(t *testing.T) {
t.Fatalf("failed to strip off auto-auth token on lookup-self")
}
secret, err = testClient.Auth().Token().Lookup("")
secret, err = testClient.Auth().Token().LookupWithContext(context.Background(), "")
if err != nil {
t.Fatal(err)
}
@ -329,7 +329,7 @@ func TestCache_AutoAuthClientTokenProxyStripping(t *testing.T) {
// Empty the token in the client. Auto-auth token should be put to use.
testClient.SetToken(dummyToken)
_, err = testClient.Auth().Token().LookupSelf()
_, err = testClient.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -351,7 +351,7 @@ func TestCache_ConcurrentRequests(t *testing.T) {
cleanup, _, testClient, _ := setupClusterAndAgent(namespace.RootContext(nil), t, coreConfig)
defer cleanup()
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -364,13 +364,13 @@ func TestCache_ConcurrentRequests(t *testing.T) {
go func(i int) {
defer wg.Done()
key := fmt.Sprintf("kv/foo/%d_%d", i, rand.Int())
_, err := testClient.Logical().Write(key, map[string]interface{}{
_, err := testClient.Logical().WriteWithContext(context.Background(), key, map[string]interface{}{
"key": key,
})
if err != nil {
t.Fatal(err)
}
secret, err := testClient.Logical().Read(key)
secret, err := testClient.Logical().ReadWithContext(context.Background(), key)
if err != nil {
t.Fatal(err)
}
@ -402,7 +402,7 @@ func TestCache_TokenRevocations_RevokeOrphan(t *testing.T) {
sampleSpace[token1] = "token"
// Mount the kv backend
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -410,7 +410,7 @@ func TestCache_TokenRevocations_RevokeOrphan(t *testing.T) {
}
// Create a secret in the backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -419,14 +419,14 @@ func TestCache_TokenRevocations_RevokeOrphan(t *testing.T) {
}
// Read the secret and create a lease
leaseResp, err := testClient.Logical().Read("kv/foo")
leaseResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease1 := leaseResp.LeaseID
sampleSpace[lease1] = "lease"
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -435,14 +435,14 @@ func TestCache_TokenRevocations_RevokeOrphan(t *testing.T) {
testClient.SetToken(token2)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease2 := leaseResp.LeaseID
sampleSpace[lease2] = "lease"
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -451,7 +451,7 @@ func TestCache_TokenRevocations_RevokeOrphan(t *testing.T) {
testClient.SetToken(token3)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -469,7 +469,7 @@ func TestCache_TokenRevocations_RevokeOrphan(t *testing.T) {
// including the child tokens and leases of the child tokens should be
// untouched.
testClient.SetToken(token2)
err = testClient.Auth().Token().RevokeOrphan(token2)
err = testClient.Auth().Token().RevokeOrphanWithContext(context.Background(), token2)
if err != nil {
t.Fatal(err)
}
@ -503,7 +503,7 @@ func TestCache_TokenRevocations_LeafLevelToken(t *testing.T) {
sampleSpace[token1] = "token"
// Mount the kv backend
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -511,7 +511,7 @@ func TestCache_TokenRevocations_LeafLevelToken(t *testing.T) {
}
// Create a secret in the backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -520,14 +520,14 @@ func TestCache_TokenRevocations_LeafLevelToken(t *testing.T) {
}
// Read the secret and create a lease
leaseResp, err := testClient.Logical().Read("kv/foo")
leaseResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease1 := leaseResp.LeaseID
sampleSpace[lease1] = "lease"
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -536,14 +536,14 @@ func TestCache_TokenRevocations_LeafLevelToken(t *testing.T) {
testClient.SetToken(token2)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease2 := leaseResp.LeaseID
sampleSpace[lease2] = "lease"
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -552,7 +552,7 @@ func TestCache_TokenRevocations_LeafLevelToken(t *testing.T) {
testClient.SetToken(token3)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -569,7 +569,7 @@ func TestCache_TokenRevocations_LeafLevelToken(t *testing.T) {
// token, evict entries for all the child tokens and their respective
// leases.
testClient.SetToken(token3)
err = testClient.Auth().Token().RevokeSelf("")
err = testClient.Auth().Token().RevokeSelfWithContext(context.Background(), "")
if err != nil {
t.Fatal(err)
}
@ -603,7 +603,7 @@ func TestCache_TokenRevocations_IntermediateLevelToken(t *testing.T) {
sampleSpace[token1] = "token"
// Mount the kv backend
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -611,7 +611,7 @@ func TestCache_TokenRevocations_IntermediateLevelToken(t *testing.T) {
}
// Create a secret in the backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -620,14 +620,14 @@ func TestCache_TokenRevocations_IntermediateLevelToken(t *testing.T) {
}
// Read the secret and create a lease
leaseResp, err := testClient.Logical().Read("kv/foo")
leaseResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease1 := leaseResp.LeaseID
sampleSpace[lease1] = "lease"
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -636,14 +636,14 @@ func TestCache_TokenRevocations_IntermediateLevelToken(t *testing.T) {
testClient.SetToken(token2)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease2 := leaseResp.LeaseID
sampleSpace[lease2] = "lease"
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -652,7 +652,7 @@ func TestCache_TokenRevocations_IntermediateLevelToken(t *testing.T) {
testClient.SetToken(token3)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -669,7 +669,7 @@ func TestCache_TokenRevocations_IntermediateLevelToken(t *testing.T) {
// belonging to this token, evict entries for all the child tokens and
// their respective leases.
testClient.SetToken(token2)
err = testClient.Auth().Token().RevokeSelf("")
err = testClient.Auth().Token().RevokeSelfWithContext(context.Background(), "")
if err != nil {
t.Fatal(err)
}
@ -701,7 +701,7 @@ func TestCache_TokenRevocations_TopLevelToken(t *testing.T) {
sampleSpace[token1] = "token"
// Mount the kv backend
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -709,7 +709,7 @@ func TestCache_TokenRevocations_TopLevelToken(t *testing.T) {
}
// Create a secret in the backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -718,14 +718,14 @@ func TestCache_TokenRevocations_TopLevelToken(t *testing.T) {
}
// Read the secret and create a lease
leaseResp, err := testClient.Logical().Read("kv/foo")
leaseResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease1 := leaseResp.LeaseID
sampleSpace[lease1] = "lease"
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -734,14 +734,14 @@ func TestCache_TokenRevocations_TopLevelToken(t *testing.T) {
testClient.SetToken(token2)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease2 := leaseResp.LeaseID
sampleSpace[lease2] = "lease"
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -750,7 +750,7 @@ func TestCache_TokenRevocations_TopLevelToken(t *testing.T) {
testClient.SetToken(token3)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -767,7 +767,7 @@ func TestCache_TokenRevocations_TopLevelToken(t *testing.T) {
// to this token, evict entries for all the child tokens and their
// respective leases.
testClient.SetToken(token1)
err = testClient.Auth().Token().RevokeSelf("")
err = testClient.Auth().Token().RevokeSelfWithContext(context.Background(), "")
if err != nil {
t.Fatal(err)
}
@ -797,7 +797,7 @@ func TestCache_TokenRevocations_Shutdown(t *testing.T) {
sampleSpace[token1] = "token"
// Mount the kv backend
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -805,7 +805,7 @@ func TestCache_TokenRevocations_Shutdown(t *testing.T) {
}
// Create a secret in the backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -814,14 +814,14 @@ func TestCache_TokenRevocations_Shutdown(t *testing.T) {
}
// Read the secret and create a lease
leaseResp, err := testClient.Logical().Read("kv/foo")
leaseResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease1 := leaseResp.LeaseID
sampleSpace[lease1] = "lease"
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -830,14 +830,14 @@ func TestCache_TokenRevocations_Shutdown(t *testing.T) {
testClient.SetToken(token2)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease2 := leaseResp.LeaseID
sampleSpace[lease2] = "lease"
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -846,7 +846,7 @@ func TestCache_TokenRevocations_Shutdown(t *testing.T) {
testClient.SetToken(token3)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -886,7 +886,7 @@ func TestCache_TokenRevocations_BaseContextCancellation(t *testing.T) {
sampleSpace[token1] = "token"
// Mount the kv backend
err := testClient.Sys().Mount("kv", &api.MountInput{
err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -894,7 +894,7 @@ func TestCache_TokenRevocations_BaseContextCancellation(t *testing.T) {
}
// Create a secret in the backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -903,14 +903,14 @@ func TestCache_TokenRevocations_BaseContextCancellation(t *testing.T) {
}
// Read the secret and create a lease
leaseResp, err := testClient.Logical().Read("kv/foo")
leaseResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease1 := leaseResp.LeaseID
sampleSpace[lease1] = "lease"
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -919,14 +919,14 @@ func TestCache_TokenRevocations_BaseContextCancellation(t *testing.T) {
testClient.SetToken(token2)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
lease2 := leaseResp.LeaseID
sampleSpace[lease2] = "lease"
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -935,7 +935,7 @@ func TestCache_TokenRevocations_BaseContextCancellation(t *testing.T) {
testClient.SetToken(token3)
leaseResp, err = testClient.Logical().Read("kv/foo")
leaseResp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -972,13 +972,13 @@ func TestCache_NonCacheable(t *testing.T) {
defer cleanup()
// Query mounts first
origMounts, err := testClient.Sys().ListMounts()
origMounts, err := testClient.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
// Mount a kv backend
if err := testClient.Sys().Mount("kv", &api.MountInput{
if err := testClient.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
Options: map[string]string{
"version": "2",
@ -988,7 +988,7 @@ func TestCache_NonCacheable(t *testing.T) {
}
// Query mounts again
newMounts, err := testClient.Sys().ListMounts()
newMounts, err := testClient.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -1020,7 +1020,7 @@ func TestCache_Caching_AuthResponse(t *testing.T) {
cleanup, _, testClient, _ := setupClusterAndAgent(namespace.RootContext(nil), t, nil)
defer cleanup()
resp, err := testClient.Logical().Write("auth/token/create", nil)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -1028,7 +1028,7 @@ func TestCache_Caching_AuthResponse(t *testing.T) {
testClient.SetToken(token)
authTokeCreateReq := func(t *testing.T, policies map[string]interface{}) *api.Secret {
resp, err := testClient.Logical().Write("auth/token/create", policies)
resp, err := testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", policies)
if err != nil {
t.Fatal(err)
}
@ -1079,7 +1079,7 @@ func TestCache_Caching_LeaseResponse(t *testing.T) {
cleanup, client, testClient, _ := setupClusterAndAgent(namespace.RootContext(nil), t, coreConfig)
defer cleanup()
err := client.Sys().Mount("kv", &api.MountInput{
err := client.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -1089,14 +1089,14 @@ func TestCache_Caching_LeaseResponse(t *testing.T) {
// Test proxy by issuing two different requests
{
// Write data to the lease-kv backend
_, err := testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err := testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
if err != nil {
t.Fatal(err)
}
_, err = testClient.Logical().Write("kv/foobar", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foobar", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -1104,12 +1104,12 @@ func TestCache_Caching_LeaseResponse(t *testing.T) {
t.Fatal(err)
}
firstResp, err := testClient.Logical().Read("kv/foo")
firstResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
secondResp, err := testClient.Logical().Read("kv/foobar")
secondResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foobar")
if err != nil {
t.Fatal(err)
}
@ -1122,7 +1122,7 @@ func TestCache_Caching_LeaseResponse(t *testing.T) {
// Test caching behavior by issue the same request twice
{
_, err := testClient.Logical().Write("kv/baz", map[string]interface{}{
_, err := testClient.Logical().WriteWithContext(context.Background(), "kv/baz", map[string]interface{}{
"value": "foo",
"ttl": "1h",
})
@ -1130,12 +1130,12 @@ func TestCache_Caching_LeaseResponse(t *testing.T) {
t.Fatal(err)
}
proxiedResp, err := testClient.Logical().Read("kv/baz")
proxiedResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/baz")
if err != nil {
t.Fatal(err)
}
cachedResp, err := testClient.Logical().Read("kv/baz")
cachedResp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/baz")
if err != nil {
t.Fatal(err)
}
@ -1181,7 +1181,7 @@ func testCachingCacheClearCommon(t *testing.T, clearType string) {
cleanup, client, testClient, leaseCache := setupClusterAndAgent(namespace.RootContext(nil), t, coreConfig)
defer cleanup()
err := client.Sys().Mount("kv", &api.MountInput{
err := client.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -1189,7 +1189,7 @@ func testCachingCacheClearCommon(t *testing.T, clearType string) {
}
// Write data to the lease-kv backend
_, err = testClient.Logical().Write("kv/foo", map[string]interface{}{
_, err = testClient.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -1198,7 +1198,7 @@ func testCachingCacheClearCommon(t *testing.T, clearType string) {
}
// Proxy this request, agent should cache the response
resp, err := testClient.Logical().Read("kv/foo")
resp, err := testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -1228,7 +1228,7 @@ func testCachingCacheClearCommon(t *testing.T, clearType string) {
case "token":
data["value"] = testClient.Token()
case "token_accessor":
lookupResp, err := client.Auth().Token().Lookup(testClient.Token())
lookupResp, err := client.Auth().Token().LookupWithContext(context.Background(), testClient.Token())
if err != nil {
t.Fatal(err)
}
@ -1285,7 +1285,7 @@ func TestCache_AuthTokenCreateOrphan(t *testing.T) {
Policies: []string{"default"},
NoParent: true,
}
resp, err := testClient.Auth().Token().Create(reqOpts)
resp, err := testClient.Auth().Token().CreateWithContext(context.Background(), reqOpts)
if err != nil {
t.Fatal(err)
}
@ -1312,7 +1312,7 @@ func TestCache_AuthTokenCreateOrphan(t *testing.T) {
// Use the test client but set the token to one that's not managed by agent
testClient.SetToken(clusterClient.Token())
resp, err := testClient.Auth().Token().Create(reqOpts)
resp, err := testClient.Auth().Token().CreateWithContext(context.Background(), reqOpts)
if err != nil {
t.Fatal(err)
}
@ -1336,7 +1336,7 @@ func TestCache_AuthTokenCreateOrphan(t *testing.T) {
reqOpts := &api.TokenCreateRequest{
Policies: []string{"default"},
}
resp, err := testClient.Auth().Token().CreateOrphan(reqOpts)
resp, err := testClient.Auth().Token().CreateOrphanWithContext(context.Background(), reqOpts)
if err != nil {
t.Fatal(err)
}
@ -1362,7 +1362,7 @@ func TestCache_AuthTokenCreateOrphan(t *testing.T) {
// Use the test client but set the token to one that's not managed by agent
testClient.SetToken(clusterClient.Token())
resp, err := testClient.Auth().Token().CreateOrphan(reqOpts)
resp, err := testClient.Auth().Token().CreateOrphanWithContext(context.Background(), reqOpts)
if err != nil {
t.Fatal(err)
}

24
command/agent/cache_end_to_end_test.go
View File

@ -71,7 +71,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
defer os.Setenv(api.EnvVaultCACert, os.Getenv(api.EnvVaultCACert))
os.Setenv(api.EnvVaultCACert, fmt.Sprintf("%s/ca_cert.pem", cluster.TempDir))
err = client.Sys().Mount("kv", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
})
if err != nil {
@ -79,7 +79,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
}
// Create a secret in the backend
_, err = client.Logical().Write("kv/foo", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "kv/foo", map[string]interface{}{
"value": "bar",
"ttl": "1h",
})
@ -88,7 +88,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
}
// Add an kv-admin policy
if err := client.Sys().PutPolicy("test-autoauth", policyAutoAuthAppRole); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "test-autoauth", policyAutoAuthAppRole); err != nil {
t.Fatal(err)
}
@ -100,7 +100,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/approle/role/test1", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1", map[string]interface{}{
"bind_secret_id": "true",
"token_ttl": "3s",
"token_max_ttl": "10s",
@ -110,13 +110,13 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
t.Fatal(err)
}
resp, err := client.Logical().Write("auth/approle/role/test1/secret-id", nil)
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
secretID1 := resp.Data["secret_id"].(string)
resp, err = client.Logical().Read("auth/approle/role/test1/role-id")
resp, err = client.Logical().ReadWithContext(context.Background(), "auth/approle/role/test1/role-id")
if err != nil {
t.Fatal(err)
}
@ -343,7 +343,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
// Empty the token in the client to ensure that auto-auth token is used
testClient.SetToken("")
resp, err = testClient.Logical().Read("auth/token/lookup-self")
resp, err = testClient.Logical().ReadWithContext(context.Background(), "auth/token/lookup-self")
if err != nil {
t.Fatal(err)
}
@ -354,14 +354,14 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
// This block tests lease creation caching using the auto-auth token.
{
resp, err = testClient.Logical().Read("kv/foo")
resp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
origReqID := resp.RequestID
resp, err = testClient.Logical().Read("kv/foo")
resp, err = testClient.Logical().ReadWithContext(context.Background(), "kv/foo")
if err != nil {
t.Fatal(err)
}
@ -379,7 +379,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
// This block tests auth token creation caching (child, non-orphan tokens)
// using the auto-auth token.
{
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -388,7 +388,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
// Sleep for a bit to allow renewer logic to kick in
time.Sleep(20 * time.Millisecond)
resp, err = testClient.Logical().Write("auth/token/create", nil)
resp, err = testClient.Logical().WriteWithContext(context.Background(), "auth/token/create", nil)
if err != nil {
t.Fatal(err)
}
@ -405,7 +405,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
// Empty the token in the client to ensure that auto-auth token is used
testClient.SetToken(client.Token())
resp, err = testClient.Logical().Read("auth/token/lookup-self")
resp, err = testClient.Logical().ReadWithContext(context.Background(), "auth/token/lookup-self")
if err != nil {
t.Fatal(err)
}

20
command/agent/cert_end_to_end_test.go
View File

@ -90,7 +90,7 @@ func testCertEndToEnd(t *testing.T, withCertRoleName, ahWrapping bool) {
certificatePEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cluster.CACert.Raw})
certRoleName := "test"
_, err = client.Logical().Write(fmt.Sprintf("auth/cert/certs/%s", certRoleName), map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), fmt.Sprintf("auth/cert/certs/%s", certRoleName), map[string]interface{}{
"certificate": string(certificatePEM),
"policies": "default",
})
@ -327,7 +327,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
// /////////////
// Mount /pki as a root CA
err := client.Sys().Mount("pki", &api.MountInput{
err := client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -340,7 +340,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
// Set the cluster's certificate as the root CA in /pki
pemBundleRootCA := string(cluster.CACertPEM) + string(cluster.CAKeyPEM)
_, err = client.Logical().Write("pki/config/ca", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki/config/ca", map[string]interface{}{
"pem_bundle": pemBundleRootCA,
})
if err != nil {
@ -348,7 +348,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
}
// Mount /pki2 to operate as an intermediate CA
err = client.Sys().Mount("pki2", &api.MountInput{
err = client.Sys().MountWithContext(context.Background(), "pki2", &api.MountInput{
Type: "pki",
Config: api.MountConfigInput{
DefaultLeaseTTL: "16h",
@ -360,14 +360,14 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
}
// Create a CSR for the intermediate CA
secret, err := client.Logical().Write("pki2/intermediate/generate/internal", nil)
secret, err := client.Logical().WriteWithContext(context.Background(), "pki2/intermediate/generate/internal", nil)
if err != nil {
t.Fatal(err)
}
intermediateCSR := secret.Data["csr"].(string)
// Sign the intermediate CSR using /pki
secret, err = client.Logical().Write("pki/root/sign-intermediate", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "pki/root/sign-intermediate", map[string]interface{}{
"permitted_dns_domains": ".myvault.com",
"csr": intermediateCSR,
})
@ -377,7 +377,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
intermediateCertPEM := secret.Data["certificate"].(string)
// Configure the intermediate cert as the CA in /pki2
_, err = client.Logical().Write("pki2/intermediate/set-signed", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki2/intermediate/set-signed", map[string]interface{}{
"certificate": intermediateCertPEM,
})
if err != nil {
@ -385,7 +385,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
}
// Create a role on the intermediate CA mount
_, err = client.Logical().Write("pki2/roles/myvault-dot-com", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "pki2/roles/myvault-dot-com", map[string]interface{}{
"allowed_domains": "myvault.com",
"allow_subdomains": "true",
"max_ttl": "5m",
@ -395,7 +395,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
}
// Issue a leaf cert using the intermediate CA
secret, err = client.Logical().Write("pki2/issue/myvault-dot-com", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "pki2/issue/myvault-dot-com", map[string]interface{}{
"common_name": "cert.myvault.com",
"format": "pem",
"ip_sans": "127.0.0.1",
@ -457,7 +457,7 @@ func TestCertEndToEnd_CertsInConfig(t *testing.T) {
}
// Set the intermediate CA cert as a trusted certificate in the backend
_, err = client.Logical().Write("auth/cert/certs/myvault-dot-com", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/cert/certs/myvault-dot-com", map[string]interface{}{
"display_name": "myvault.com",
"policies": "default",
"certificate": intermediateCertPEM,

4
command/agent/cf_end_to_end_test.go
View File

@ -68,7 +68,7 @@ func TestCFEndToEnd(t *testing.T) {
defer mockCFAPI.Close()
// Configure a CA certificate like a Vault operator would in setting up CF.
if _, err := client.Logical().Write("auth/cf/config", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/cf/config", map[string]interface{}{
"identity_ca_certificates": testCFCerts.CACertificate,
"cf_api_addr": mockCFAPI.URL,
"cf_username": cfAPI.AuthUsername,
@ -78,7 +78,7 @@ func TestCFEndToEnd(t *testing.T) {
}
// Configure a role to be used for logging in, another thing a Vault operator would do.
if _, err := client.Logical().Write("auth/cf/roles/test-role", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/cf/roles/test-role", map[string]interface{}{
"bound_instance_ids": cfAPI.FoundServiceGUID,
"bound_organization_ids": cfAPI.FoundOrgGUID,
"bound_space_ids": cfAPI.FoundSpaceGUID,

4
command/agent/jwt_end_to_end_test.go
View File

@ -53,7 +53,7 @@ func testJWTEndToEnd(t *testing.T, ahWrapping bool) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/jwt/config", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/jwt/config", map[string]interface{}{
"bound_issuer": "https://team-vault.auth0.com/",
"jwt_validation_pubkeys": TestECDSAPubKey,
"jwt_supported_algs": "ES256",
@ -62,7 +62,7 @@ func testJWTEndToEnd(t *testing.T, ahWrapping bool) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/jwt/role/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/jwt/role/test", map[string]interface{}{
"role_type": "jwt",
"bound_subject": "r3qXcK2bix9eFECzsU3Sbmh0K16fatW6@clients",
"bound_audiences": "https://vault.plugin.auth.jwt.test",

31
command/agent_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
@ -75,7 +76,7 @@ func TestAgent_Cache_UnixListener(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/jwt/config", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/jwt/config", map[string]interface{}{
"bound_issuer": "https://team-vault.auth0.com/",
"jwt_validation_pubkeys": agent.TestECDSAPubKey,
})
@ -83,7 +84,7 @@ func TestAgent_Cache_UnixListener(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/jwt/role/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/jwt/role/test", map[string]interface{}{
"role_type": "jwt",
"bound_subject": "r3qXcK2bix9eFECzsU3Sbmh0K16fatW6@clients",
"bound_audiences": "https://vault.plugin.auth.jwt.test",
@ -218,7 +219,7 @@ cache {
time.Sleep(1 * time.Second)
// Invoke lookup self through the agent
secret, err := testClient.Auth().Token().LookupSelf()
secret, err := testClient.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -263,7 +264,7 @@ func testAgentExitAfterAuth(t *testing.T, viaFlag bool) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/jwt/config", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/jwt/config", map[string]interface{}{
"bound_issuer": "https://team-vault.auth0.com/",
"jwt_validation_pubkeys": agent.TestECDSAPubKey,
"jwt_supported_algs": "ES256",
@ -272,7 +273,7 @@ func testAgentExitAfterAuth(t *testing.T, viaFlag bool) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/jwt/role/test", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/jwt/role/test", map[string]interface{}{
"role_type": "jwt",
"bound_subject": "r3qXcK2bix9eFECzsU3Sbmh0K16fatW6@clients",
"bound_audiences": "https://vault.plugin.auth.jwt.test",
@ -1306,7 +1307,7 @@ func TestAgent_Template_Retry(t *testing.T) {
methodConf, cleanup := prepAgentApproleKV(t, serverClient)
defer cleanup()
err := serverClient.Sys().TuneMount("secret", api.MountConfigInput{
err := serverClient.Sys().TuneMountWithContext(context.Background(), "secret", api.MountConfigInput{
Options: map[string]string{
"version": "2",
},
@ -1315,7 +1316,7 @@ func TestAgent_Template_Retry(t *testing.T) {
t.Fatal(err)
}
_, err = serverClient.Logical().Write("secret/data/otherapp", map[string]interface{}{
_, err = serverClient.Logical().WriteWithContext(context.Background(), "secret/data/otherapp", map[string]interface{}{
"data": map[string]interface{}{
"username": "barstuff",
"password": "zap",
@ -1499,7 +1500,7 @@ path "/secret/*" {
}
`
// Add an kv-admin policy
if err := client.Sys().PutPolicy("test-autoauth", policyAutoAuthAppRole); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "test-autoauth", policyAutoAuthAppRole); err != nil {
t.Fatal(err)
}
@ -1511,7 +1512,7 @@ path "/secret/*" {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/approle/role/test1", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1", map[string]interface{}{
"bind_secret_id": "true",
"token_ttl": "1h",
"token_max_ttl": "2h",
@ -1521,14 +1522,14 @@ path "/secret/*" {
t.Fatal(err)
}
resp, err := client.Logical().Write("auth/approle/role/test1/secret-id", nil)
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/test1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
secretID := resp.Data["secret_id"].(string)
secretIDFile := makeTempFile(t, "secret_id.txt", secretID+"\n")
resp, err = client.Logical().Read("auth/approle/role/test1/role-id")
resp, err = client.Logical().ReadWithContext(context.Background(), "auth/approle/role/test1/role-id")
if err != nil {
t.Fatal(err)
}
@ -1590,7 +1591,7 @@ func TestAgent_Cache_Retry(t *testing.T) {
defer os.Setenv(api.EnvVaultAddress, os.Getenv(api.EnvVaultAddress))
os.Unsetenv(api.EnvVaultAddress)
_, err := serverClient.Logical().Write("secret/foo", map[string]interface{}{
_, err := serverClient.Logical().WriteWithContext(context.Background(), "secret/foo", map[string]interface{}{
"bar": "baz",
})
if err != nil {
@ -1688,7 +1689,7 @@ vault {
if err != nil {
t.Fatal(err)
}
secret, err := client.Logical().Read("secret/foo")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/foo")
switch {
case (err != nil || secret == nil) && tc.expectError:
case (err == nil || secret != nil) && !tc.expectError:
@ -1742,7 +1743,7 @@ func TestAgent_TemplateConfig_ExitOnRetryFailure(t *testing.T) {
autoAuthConfig, cleanup := prepAgentApproleKV(t, serverClient)
defer cleanup()
err := serverClient.Sys().TuneMount("secret", api.MountConfigInput{
err := serverClient.Sys().TuneMountWithContext(context.Background(), "secret", api.MountConfigInput{
Options: map[string]string{
"version": "2",
},
@ -1751,7 +1752,7 @@ func TestAgent_TemplateConfig_ExitOnRetryFailure(t *testing.T) {
t.Fatal(err)
}
_, err = serverClient.Logical().Write("secret/data/otherapp", map[string]interface{}{
_, err = serverClient.Logical().WriteWithContext(context.Background(), "secret/data/otherapp", map[string]interface{}{
"data": map[string]interface{}{
"username": "barstuff",
"password": "zap",

6
command/approle_concurrency_integ_test.go
View File

@ -45,7 +45,7 @@ func TestAppRole_Integ_ConcurrentLogins(t *testing.T) {
t.Fatal(err)
}
_, err = client.Logical().Write("auth/approle/role/role1", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/role1", map[string]interface{}{
"bind_secret_id": "true",
"period": "300",
})
@ -53,13 +53,13 @@ func TestAppRole_Integ_ConcurrentLogins(t *testing.T) {
t.Fatal(err)
}
secret, err := client.Logical().Write("auth/approle/role/role1/secret-id", nil)
secret, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/role1/secret-id", nil)
if err != nil {
t.Fatal(err)
}
secretID := secret.Data["secret_id"].(string)
secret, err = client.Logical().Read("auth/approle/role/role1/role-id")
secret, err = client.Logical().ReadWithContext(context.Background(), "auth/approle/role/role1/role-id")
if err != nil {
t.Fatal(err)
}

7
command/audit_disable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -63,7 +64,7 @@ func TestAuditDisableCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().EnableAuditWithOptions("file", &api.EnableAuditOptions{
if err := client.Sys().EnableAuditWithOptionsWithContext(context.Background(), "file", &api.EnableAuditOptions{
Type: "file",
Options: map[string]string{
"file_path": "discard",
@ -93,7 +94,7 @@ func TestAuditDisableCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().EnableAuditWithOptions("integration_audit_disable", &api.EnableAuditOptions{
if err := client.Sys().EnableAuditWithOptionsWithContext(context.Background(), "integration_audit_disable", &api.EnableAuditOptions{
Type: "file",
Options: map[string]string{
"file_path": "discard",
@ -118,7 +119,7 @@ func TestAuditDisableCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/audit_enable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"io/ioutil"
"os"
"strings"
@ -108,7 +109,7 @@ func TestAuditEnableCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
audits, err := client.Sys().ListAudit()
audits, err := client.Sys().ListAuditWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/audit_list_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -57,7 +58,7 @@ func TestAuditListCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().EnableAuditWithOptions("file", &api.EnableAuditOptions{
if err := client.Sys().EnableAuditWithOptionsWithContext(context.Background(), "file", &api.EnableAuditOptions{
Type: "file",
Options: map[string]string{
"file_path": "discard",

3
command/auth_disable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -95,7 +96,7 @@ func TestAuthDisableCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/auth_enable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"io/ioutil"
"strings"
"testing"
@ -105,7 +106,7 @@ func TestAuthEnableCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/auth_move_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -104,7 +105,7 @@ func TestAuthMoveCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListAuth()
mounts, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

7
command/auth_tune_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -109,7 +110,7 @@ func TestAuthTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -175,7 +176,7 @@ func TestAuthTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -218,7 +219,7 @@ func TestAuthTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
auths, err := client.Sys().ListAuth()
auths, err := client.Sys().ListAuthWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

27
command/base_predict_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"reflect"
"testing"
@ -16,25 +17,25 @@ func TestPredictVaultPaths(t *testing.T) {
defer closer()
data := map[string]interface{}{"a": "b"}
if _, err := client.Logical().Write("secret/bar", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/bar", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/foo", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/foo", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/zip/zap", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/zip/zap", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/zip/zonk", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/zip/zonk", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/zip/twoot", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/zip/twoot", data); err != nil {
t.Fatal(err)
}
if err := client.Sys().Mount("level1a/level2a/level3a", &api.MountInput{Type: "kv"}); err != nil {
if err := client.Sys().MountWithContext(context.Background(), "level1a/level2a/level3a", &api.MountInput{Type: "kv"}); err != nil {
t.Fatal(err)
}
if err := client.Sys().Mount("level1a/level2a/level3b", &api.MountInput{Type: "kv"}); err != nil {
if err := client.Sys().MountWithContext(context.Background(), "level1a/level2a/level3b", &api.MountInput{Type: "kv"}); err != nil {
t.Fatal(err)
}
@ -230,7 +231,7 @@ func TestPredict_Audits(t *testing.T) {
badClient, badCloser := testVaultServerBad(t)
defer badCloser()
if err := client.Sys().EnableAuditWithOptions("file", &api.EnableAuditOptions{
if err := client.Sys().EnableAuditWithOptionsWithContext(context.Background(), "file", &api.EnableAuditOptions{
Type: "file",
Options: map[string]string{
"file_path": "discard",
@ -495,13 +496,13 @@ func TestPredict_Paths(t *testing.T) {
defer closer()
data := map[string]interface{}{"a": "b"}
if _, err := client.Logical().Write("secret/bar", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/bar", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/foo", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/foo", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/zip/zap", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/zip/zap", data); err != nil {
t.Fatal(err)
}
@ -571,10 +572,10 @@ func TestPredict_ListPaths(t *testing.T) {
defer badCloser()
data := map[string]interface{}{"a": "b"}
if _, err := client.Logical().Write("secret/bar", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/bar", data); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("secret/foo", data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/foo", data); err != nil {
t.Fatal(err)
}

2
command/command_test.go
View File

@ -236,7 +236,7 @@ func testVaultServerBad(tb testing.TB) (*api.Client, func()) {
func testTokenAndAccessor(tb testing.TB, client *api.Client) (string, string) {
tb.Helper()
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Policies: []string{"default"},
TTL: "30m",
})

3
command/debug_test.go
View File

@ -2,6 +2,7 @@ package command
import (
"archive/tar"
"context"
"encoding/json"
"fmt"
"io/ioutil"
@ -640,7 +641,7 @@ func TestDebugCommand_PartialPermissions(t *testing.T) {
defer closer()
// Create a new token with default policy
resp, err := client.Logical().Write("auth/token/create", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/token/create", map[string]interface{}{
"policies": "default",
})
if err != nil {

5
command/delete_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -81,7 +82,7 @@ func TestDeleteCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if _, err := client.Logical().Write("secret/delete/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/delete/foo", map[string]interface{}{
"foo": "bar",
}); err != nil {
t.Fatal(err)
@ -103,7 +104,7 @@ func TestDeleteCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, _ := client.Logical().Read("secret/delete/foo")
secret, _ := client.Logical().ReadWithContext(context.Background(), "secret/delete/foo")
if secret != nil {
t.Errorf("expected deletion: %#v", secret)
}

13
command/kv_metadata_patch_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"encoding/json"
"io"
"strings"
@ -62,7 +63,7 @@ func TestKvMetadataPatchCommand_EmptyArgs(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount error: %#v", err)
@ -179,7 +180,7 @@ func TestKvMetadataPatchCommand_Flags(t *testing.T) {
secretPath := basePath + "my-secret"
metadataPath := basePath + "metadata/" + "my-secret"
if err := client.Sys().Mount(basePath, &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), basePath, &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount error: %#v", err)
@ -192,7 +193,7 @@ func TestKvMetadataPatchCommand_Flags(t *testing.T) {
t.Fatalf("initial metadata put failed, code: %d, output: %s", code, combined)
}
initialMetadata, err := client.Logical().Read(metadataPath)
initialMetadata, err := client.Logical().ReadWithContext(context.Background(), metadataPath)
if err != nil {
t.Fatalf("metadata read failed, err: %#v", err)
}
@ -208,7 +209,7 @@ func TestKvMetadataPatchCommand_Flags(t *testing.T) {
t.Fatalf("expected code to be %d but was %d for patch cmd with args %#v", tc.code, code, patchArgs)
}
patchedMetadata, err := client.Logical().Read(metadataPath)
patchedMetadata, err := client.Logical().ReadWithContext(context.Background(), metadataPath)
if err != nil {
t.Fatalf("metadata read failed, err: %#v", err)
}
@ -235,7 +236,7 @@ func TestKvMetadataPatchCommand_CasWarning(t *testing.T) {
defer closer()
basePath := "kv/"
if err := client.Sys().Mount(basePath, &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), basePath, &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount error: %#v", err)
@ -254,7 +255,7 @@ func TestKvMetadataPatchCommand_CasWarning(t *testing.T) {
"cas_required": true,
}
_, err := client.Logical().Write(basePath+"config", casConfig)
_, err := client.Logical().WriteWithContext(context.Background(), basePath+"config", casConfig)
if err != nil {
t.Fatalf("config write failed, err: #%v", err)
}

17
command/kv_metadata_put_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"encoding/json"
"strings"
"testing"
@ -26,7 +27,7 @@ func TestKvMetadataPutCommand_DeleteVersionAfter(t *testing.T) {
defer closer()
basePath := t.Name() + "/"
if err := client.Sys().Mount(basePath, &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), basePath, &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatal(err)
@ -48,7 +49,7 @@ func TestKvMetadataPutCommand_DeleteVersionAfter(t *testing.T) {
t.Fatalf("expected %q but received %q", success, combined)
}
secret, err := client.Logical().Read(metaFullPath)
secret, err := client.Logical().ReadWithContext(context.Background(), metaFullPath)
if err != nil {
t.Fatal(err)
}
@ -71,7 +72,7 @@ func TestKvMetadataPutCommand_DeleteVersionAfter(t *testing.T) {
t.Errorf("expected %q but received %q", success, combined)
}
secret, err = client.Logical().Read(metaFullPath)
secret, err = client.Logical().ReadWithContext(context.Background(), metaFullPath)
if err != nil {
t.Fatal(err)
}
@ -87,7 +88,7 @@ func TestKvMetadataPutCommand_CustomMetadata(t *testing.T) {
basePath := t.Name() + "/"
secretPath := basePath + "secret/my-secret"
if err := client.Sys().Mount(basePath, &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), basePath, &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount error: %#v", err)
@ -110,7 +111,7 @@ func TestKvMetadataPutCommand_CustomMetadata(t *testing.T) {
t.Fatalf("Expected command output %q but received %q", expectedOutput, commandOutput)
}
metadata, err := client.Logical().Read(metaFullPath)
metadata, err := client.Logical().ReadWithContext(context.Background(), metaFullPath)
if err != nil {
t.Fatalf("Metadata read error: %#v", err)
}
@ -141,7 +142,7 @@ func TestKvMetadataPutCommand_CustomMetadata(t *testing.T) {
t.Fatalf("Expected command output %q but received %q", expectedOutput, commandOutput)
}
metadata, err = client.Logical().Read(metaFullPath)
metadata, err = client.Logical().ReadWithContext(context.Background(), metaFullPath)
if err != nil {
t.Fatalf("Metadata read error: %#v", err)
@ -163,7 +164,7 @@ func TestKvMetadataPutCommand_UnprovidedFlags(t *testing.T) {
basePath := t.Name() + "/"
secretPath := basePath + "my-secret"
if err := client.Sys().Mount(basePath, &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), basePath, &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount error: %#v", err)
@ -186,7 +187,7 @@ func TestKvMetadataPutCommand_UnprovidedFlags(t *testing.T) {
t.Fatalf("expected 0 exit status but received %d", code)
}
secret, err := client.Logical().Read(basePath + "metadata/" + "my-secret")
secret, err := client.Logical().ReadWithContext(context.Background(), basePath+"metadata/"+"my-secret")
if err != nil {
t.Fatal(err)
}

65
command/kv_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"fmt"
"io"
"strings"
@ -151,7 +152,7 @@ func TestKVPutCommand(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatal(err)
@ -176,7 +177,7 @@ func TestKVPutCommand(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatal(err)
@ -283,7 +284,7 @@ func TestKVPutCommand(t *testing.T) {
t.Fatalf("expected 0 to be %d", code)
}
secret, err := client.Logical().Read("secret/write/stdin_full")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/write/stdin_full")
if err != nil {
t.Fatal(err)
}
@ -318,7 +319,7 @@ func TestKVPutCommand(t *testing.T) {
t.Fatalf("expected 0 to be %d", code)
}
secret, err := client.Logical().Read("secret/write/stdin_value")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/write/stdin_value")
if err != nil {
t.Fatal(err)
}
@ -346,7 +347,7 @@ func TestKVPutCommand(t *testing.T) {
t.Fatalf("expected 0 to be %d", code)
}
secret, err := client.Logical().Read("secret/write/integration")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/write/integration")
if err != nil {
t.Fatal(err)
}
@ -460,7 +461,7 @@ func TestKVGetCommand(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatal(err)
@ -469,13 +470,13 @@ func TestKVGetCommand(t *testing.T) {
// Give time for the upgrade code to run/finish
time.Sleep(time.Second)
if _, err := client.Logical().Write("secret/read/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/read/foo", map[string]interface{}{
"foo": "bar",
}); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("kv/data/read/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "kv/data/read/foo", map[string]interface{}{
"data": map[string]interface{}{
"foo": "bar",
},
@ -579,7 +580,7 @@ func TestKVMetadataGetCommand(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatal(err)
@ -588,7 +589,7 @@ func TestKVMetadataGetCommand(t *testing.T) {
// Give time for the upgrade code to run/finish
time.Sleep(time.Second)
if _, err := client.Logical().Write("kv/data/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "kv/data/foo", map[string]interface{}{
"data": map[string]interface{}{
"foo": "bar",
},
@ -669,7 +670,7 @@ func TestKVPatchCommand_ArgValidation(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
@ -705,13 +706,13 @@ func TestKvPatchCommand_StdinFull(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
}
if _, err := client.Logical().Write("kv/data/patch/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "kv/data/patch/foo", map[string]interface{}{
"data": map[string]interface{}{
"foo": "a",
},
@ -738,7 +739,7 @@ func TestKvPatchCommand_StdinFull(t *testing.T) {
t.Fatalf("expected code to be 0 but was %d for patch cmd with args %#v\n", code, args)
}
secret, err := client.Logical().Read("kv/data/patch/foo")
secret, err := client.Logical().ReadWithContext(context.Background(), "kv/data/patch/foo")
if err != nil {
t.Fatalf("read failed, err: %#v\n", err)
}
@ -768,13 +769,13 @@ func TestKvPatchCommand_StdinValue(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
}
if _, err := client.Logical().Write("kv/data/patch/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "kv/data/patch/foo", map[string]interface{}{
"data": map[string]interface{}{
"foo": "a",
},
@ -800,7 +801,7 @@ func TestKvPatchCommand_StdinValue(t *testing.T) {
}
}
secret, err := client.Logical().Read("kv/data/patch/foo")
secret, err := client.Logical().ReadWithContext(context.Background(), "kv/data/patch/foo")
if err != nil {
t.Fatalf("read failed, err: %#v\n", err)
}
@ -826,7 +827,7 @@ func TestKVPatchCommand_RWMethodNotExists(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
@ -849,13 +850,13 @@ func TestKVPatchCommand_RWMethodSucceeds(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
}
if _, err := client.Logical().Write("kv/data/patch/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "kv/data/patch/foo", map[string]interface{}{
"data": map[string]interface{}{
"foo": "a",
"bar": "b",
@ -933,7 +934,7 @@ func TestKVPatchCommand_CAS(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
@ -953,7 +954,7 @@ func TestKVPatchCommand_CAS(t *testing.T) {
kvClient.SetToken(secretAuth.ClientToken)
_, err = kvClient.Logical().Write("kv/data/foo", map[string]interface{}{"data": map[string]interface{}{"bar": "baz"}})
_, err = kvClient.Logical().WriteWithContext(context.Background(), "kv/data/foo", map[string]interface{}{"data": map[string]interface{}{"bar": "baz"}})
if err != nil {
t.Fatal(err)
}
@ -970,7 +971,7 @@ func TestKVPatchCommand_CAS(t *testing.T) {
}
}
secret, err := kvClient.Logical().Read("kv/data/foo")
secret, err := kvClient.Logical().ReadWithContext(context.Background(), "kv/data/foo")
if err != nil {
t.Fatal(err)
}
@ -1012,7 +1013,7 @@ func TestKVPatchCommand_Methods(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
@ -1032,7 +1033,7 @@ func TestKVPatchCommand_Methods(t *testing.T) {
kvClient.SetToken(secretAuth.ClientToken)
_, err = kvClient.Logical().Write("kv/data/foo", map[string]interface{}{"data": map[string]interface{}{"bar": "baz"}})
_, err = kvClient.Logical().WriteWithContext(context.Background(), "kv/data/foo", map[string]interface{}{"data": map[string]interface{}{"bar": "baz"}})
if err != nil {
t.Fatal(err)
}
@ -1043,7 +1044,7 @@ func TestKVPatchCommand_Methods(t *testing.T) {
t.Fatalf("expected code to be %d but was %d", tc.code, code)
}
secret, err := kvClient.Logical().Read("kv/data/foo")
secret, err := kvClient.Logical().ReadWithContext(context.Background(), "kv/data/foo")
if err != nil {
t.Fatal(err)
}
@ -1086,7 +1087,7 @@ func TestKVPatchCommand_403Fallback(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
@ -1107,7 +1108,7 @@ func TestKVPatchCommand_403Fallback(t *testing.T) {
kvClient.SetToken(secretAuth.ClientToken)
// Write a value then attempt to patch it
_, err = kvClient.Logical().Write("kv/data/foo", map[string]interface{}{"data": map[string]interface{}{"bar": "baz"}})
_, err = kvClient.Logical().WriteWithContext(context.Background(), "kv/data/foo", map[string]interface{}{"data": map[string]interface{}{"bar": "baz"}})
if err != nil {
t.Fatal(err)
}
@ -1167,7 +1168,7 @@ func TestKVPatchCommand_RWMethodPolicyVariations(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("kv/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv/", &api.MountInput{
Type: "kv-v2",
}); err != nil {
t.Fatalf("kv-v2 mount attempt failed - err: %#v\n", err)
@ -1180,7 +1181,7 @@ func TestKVPatchCommand_RWMethodPolicyVariations(t *testing.T) {
client.SetToken(secretAuth.ClientToken)
if _, err := client.Logical().Write("kv/data/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "kv/data/foo", map[string]interface{}{
"data": map[string]interface{}{
"foo": "bar",
"bar": "baz",
@ -1254,11 +1255,11 @@ func TestPadEqualSigns(t *testing.T) {
func createTokenForPolicy(t *testing.T, client *api.Client, policy string) (*api.SecretAuth, error) {
t.Helper()
if err := client.Sys().PutPolicy("policy", policy); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "policy", policy); err != nil {
return nil, err
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Policies: []string{"policy"},
TTL: "30m",
})

7
command/lease_lookup_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -22,13 +23,13 @@ func testLeaseLookupCommand(tb testing.TB) (*cli.MockUi, *LeaseLookupCommand) {
// testLeaseLookupCommandMountAndLease mounts a leased secret backend and returns
// the leaseID of an item.
func testLeaseLookupCommandMountAndLease(tb testing.TB, client *api.Client) string {
if err := client.Sys().Mount("testing", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "testing", &api.MountInput{
Type: "generic-leased",
}); err != nil {
tb.Fatal(err)
}
if _, err := client.Logical().Write("testing/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "testing/foo", map[string]interface{}{
"key": "value",
"lease": "5m",
}); err != nil {
@ -36,7 +37,7 @@ func testLeaseLookupCommandMountAndLease(tb testing.TB, client *api.Client) stri
}
// Read the secret back to get the leaseID
secret, err := client.Logical().Read("testing/foo")
secret, err := client.Logical().ReadWithContext(context.Background(), "testing/foo")
if err != nil {
tb.Fatal(err)
}

7
command/lease_renew_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -22,13 +23,13 @@ func testLeaseRenewCommand(tb testing.TB) (*cli.MockUi, *LeaseRenewCommand) {
// testLeaseRenewCommandMountAndLease mounts a leased secret backend and returns
// the leaseID of an item.
func testLeaseRenewCommandMountAndLease(tb testing.TB, client *api.Client) string {
if err := client.Sys().Mount("testing", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "testing", &api.MountInput{
Type: "generic-leased",
}); err != nil {
tb.Fatal(err)
}
if _, err := client.Logical().Write("testing/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "testing/foo", map[string]interface{}{
"key": "value",
"lease": "5m",
}); err != nil {
@ -36,7 +37,7 @@ func testLeaseRenewCommandMountAndLease(tb testing.TB, client *api.Client) strin
}
// Read the secret back to get the leaseID
secret, err := client.Logical().Read("testing/foo")
secret, err := client.Logical().ReadWithContext(context.Background(), "testing/foo")
if err != nil {
tb.Fatal(err)
}

7
command/lease_revoke_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -78,7 +79,7 @@ func TestLeaseRevokeCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("secret-leased", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "secret-leased", &api.MountInput{
Type: "generic-leased",
}); err != nil {
t.Fatal(err)
@ -89,10 +90,10 @@ func TestLeaseRevokeCommand_Run(t *testing.T) {
"key": "value",
"lease": "1m",
}
if _, err := client.Logical().Write(path, data); err != nil {
if _, err := client.Logical().WriteWithContext(context.Background(), path, data); err != nil {
t.Fatal(err)
}
secret, err := client.Logical().Read(path)
secret, err := client.Logical().ReadWithContext(context.Background(), path)
if err != nil {
t.Fatal(err)
}

3
command/list_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -77,7 +78,7 @@ func TestListCommand_Run(t *testing.T) {
"secret/list/baz",
}
for _, k := range keys {
if _, err := client.Logical().Write(k, map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), k, map[string]interface{}{
"foo": "bar",
}); err != nil {
t.Fatal(err)

19
command/login_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -48,7 +49,7 @@ func TestLoginCommand_Run(t *testing.T) {
if err := client.Sys().EnableAuth("my-auth", "userpass", ""); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/my-auth/users/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/my-auth/users/test", map[string]interface{}{
"password": "test",
"policies": "default",
}); err != nil {
@ -98,7 +99,7 @@ func TestLoginCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Policies: []string{"default"},
TTL: "30m",
})
@ -144,7 +145,7 @@ func TestLoginCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Policies: []string{"default"},
TTL: "30m",
})
@ -187,7 +188,7 @@ func TestLoginCommand_Run(t *testing.T) {
if err := client.Sys().EnableAuth("userpass", "userpass", ""); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/userpass/users/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/test", map[string]interface{}{
"password": "test",
"policies": "default",
}); err != nil {
@ -265,7 +266,7 @@ func TestLoginCommand_Run(t *testing.T) {
if err := client.Sys().EnableAuth("userpass", "userpass", ""); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/userpass/users/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/test", map[string]interface{}{
"password": "test",
"policies": "default",
}); err != nil {
@ -302,7 +303,7 @@ func TestLoginCommand_Run(t *testing.T) {
client.SetToken(token)
// Ensure the resulting token is unwrapped
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Error(err)
}
@ -324,7 +325,7 @@ func TestLoginCommand_Run(t *testing.T) {
if err := client.Sys().EnableAuth("userpass", "userpass", ""); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/userpass/users/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/test", map[string]interface{}{
"password": "test",
"policies": "default",
}); err != nil {
@ -367,7 +368,7 @@ func TestLoginCommand_Run(t *testing.T) {
// Ensure the resulting token is, in fact, still wrapped.
client.SetToken(token)
secret, err := client.Logical().Unwrap("")
secret, err := client.Logical().UnwrapWithContext(context.Background(), "")
if err != nil {
t.Error(err)
}
@ -385,7 +386,7 @@ func TestLoginCommand_Run(t *testing.T) {
if err := client.Sys().EnableAuth("userpass", "userpass", ""); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().Write("auth/userpass/users/test", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/test", map[string]interface{}{
"password": "test",
"policies": "default",
}); err != nil {

13
command/operator_generate_root_test.go
View File

@ -3,6 +3,7 @@
package command
import (
"context"
"encoding/base64"
"io"
"os"
@ -255,7 +256,7 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) {
defer closer()
// Initialize a generation
if _, err := client.Sys().GenerateRootInit("", ""); err != nil {
if _, err := client.Sys().GenerateRootInitWithContext(context.Background(), "", ""); err != nil {
t.Fatal(err)
}
@ -275,7 +276,7 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().GenerateRootStatus()
status, err := client.Sys().GenerateRootStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -307,7 +308,7 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().GenerateRootStatus()
status, err := client.Sys().GenerateRootStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -343,7 +344,7 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().GenerateRootStatus()
status, err := client.Sys().GenerateRootStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -386,7 +387,7 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) {
defer closer()
// Initialize a generation
status, err := client.Sys().GenerateRootInit("", "")
status, err := client.Sys().GenerateRootInitWithContext(context.Background(), "", "")
if err != nil {
t.Fatal(err)
}
@ -447,7 +448,7 @@ func TestOperatorGenerateRootCommand_Run(t *testing.T) {
defer closer()
// Initialize a generation
status, err := client.Sys().GenerateRootInit("", "")
status, err := client.Sys().GenerateRootInitWithContext(context.Background(), "", "")
if err != nil {
t.Fatal(err)
}

17
command/operator_init_test.go
View File

@ -3,6 +3,7 @@
package command
import (
"context"
"fmt"
"os"
"regexp"
@ -143,7 +144,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
}
// Now init to verify the init response code
if _, err := client.Sys().Init(&api.InitRequest{
if _, err := client.Sys().InitWithContext(context.Background(), &api.InitRequest{
SecretShares: 1,
SecretThreshold: 1,
}); err != nil {
@ -175,7 +176,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
}
init, err := client.Sys().InitStatus()
init, err := client.Sys().InitStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -198,7 +199,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
// Try unsealing with those keys - only use 3, which is the default
// threshold.
for i, key := range keys[:3] {
resp, err := client.Sys().Unseal(key)
resp, err := client.Sys().UnsealWithContext(context.Background(), key)
if err != nil {
t.Fatal(err)
}
@ -209,7 +210,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
}
}
status, err := client.Sys().SealStatus()
status, err := client.Sys().SealStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -237,7 +238,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
}
init, err := client.Sys().InitStatus()
init, err := client.Sys().InitStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -260,7 +261,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
// Try unsealing with those keys - only use 3, which is the default
// threshold.
for i, key := range keys[:keyThreshold] {
resp, err := client.Sys().Unseal(key)
resp, err := client.Sys().UnsealWithContext(context.Background(), key)
if err != nil {
t.Fatal(err)
}
@ -271,7 +272,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
}
}
status, err := client.Sys().SealStatus()
status, err := client.Sys().SealStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -320,7 +321,7 @@ func TestOperatorInitCommand_Run(t *testing.T) {
// Try unsealing with one key
decryptedKey := testPGPDecrypt(t, pgpkeys.TestPrivKey1, keys[0])
if _, err := client.Sys().Unseal(decryptedKey); err != nil {
if _, err := client.Sys().UnsealWithContext(context.Background(), decryptedKey); err != nil {
t.Fatal(err)
}

23
command/operator_rekey_test.go
View File

@ -3,6 +3,7 @@
package command
import (
"context"
"io"
"reflect"
"regexp"
@ -117,7 +118,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
}
// Now init to verify the init response
if _, err := client.Sys().RekeyInit(&api.RekeyInitRequest{
if _, err := client.Sys().RekeyInitWithContext(context.Background(), &api.RekeyInitRequest{
SecretShares: 1,
SecretThreshold: 1,
}); err != nil {
@ -148,7 +149,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
defer closer()
// Initialize a rekey
if _, err := client.Sys().RekeyInit(&api.RekeyInitRequest{
if _, err := client.Sys().RekeyInitWithContext(context.Background(), &api.RekeyInitRequest{
SecretShares: 1,
SecretThreshold: 1,
}); err != nil {
@ -171,7 +172,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().GenerateRootStatus()
status, err := client.Sys().GenerateRootStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -205,7 +206,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().RekeyStatus()
status, err := client.Sys().RekeyStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -242,7 +243,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().RekeyStatus()
status, err := client.Sys().RekeyStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -261,7 +262,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
defer closer()
// Initialize a rekey
status, err := client.Sys().RekeyInit(&api.RekeyInitRequest{
status, err := client.Sys().RekeyInitWithContext(context.Background(), &api.RekeyInitRequest{
SecretShares: 1,
SecretThreshold: 1,
})
@ -307,7 +308,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
if err := client.Sys().Seal(); err != nil {
t.Fatal(err)
}
sealStatus, err := client.Sys().Unseal(unsealKey)
sealStatus, err := client.Sys().UnsealWithContext(context.Background(), unsealKey)
if err != nil {
t.Fatal(err)
}
@ -323,7 +324,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
defer closer()
// Initialize a rekey
status, err := client.Sys().RekeyInit(&api.RekeyInitRequest{
status, err := client.Sys().RekeyInitWithContext(context.Background(), &api.RekeyInitRequest{
SecretShares: 1,
SecretThreshold: 1,
})
@ -383,7 +384,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
if err := client.Sys().Seal(); err != nil {
t.Fatal(err)
}
sealStatus, err := client.Sys().Unseal(unsealKey)
sealStatus, err := client.Sys().UnsealWithContext(context.Background(), unsealKey)
if err != nil {
t.Fatal(err)
}
@ -416,7 +417,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
}
// Get the status for the nonce
status, err := client.Sys().RekeyStatus()
status, err := client.Sys().RekeyStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -479,7 +480,7 @@ func TestOperatorRekeyCommand_Run(t *testing.T) {
t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
}
secret, err := client.Sys().RekeyRetrieveBackup()
secret, err := client.Sys().RekeyRetrieveBackupWithContext(context.Background())
if err == nil {
t.Errorf("expected error: %#v", secret)
}

3
command/operator_seal_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -83,7 +84,7 @@ func TestOperatorSealCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
sealStatus, err := client.Sys().SealStatus()
sealStatus, err := client.Sys().SealStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

5
command/operator_unseal_test.go
View File

@ -2,6 +2,7 @@ package command
import (
"bytes"
"context"
"encoding/json"
"io/ioutil"
"os"
@ -59,7 +60,7 @@ func TestOperatorUnsealCommand_Run(t *testing.T) {
}
// Enter an unseal key
if _, err := client.Sys().Unseal(keys[0]); err != nil {
if _, err := client.Sys().UnsealWithContext(context.Background(), keys[0]); err != nil {
t.Fatal(err)
}
@ -106,7 +107,7 @@ func TestOperatorUnsealCommand_Run(t *testing.T) {
}
}
status, err := client.Sys().SealStatus()
status, err := client.Sys().SealStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

13
command/path_map_upgrade_api_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"testing"
log "github.com/hashicorp/go-hclog"
@ -45,7 +46,7 @@ func TestPathMap_Upgrade_API(t *testing.T) {
}
// Create an app-id
_, err = client.Logical().Write("auth/app-id/map/app-id/test-app-id", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/app-id/map/app-id/test-app-id", map[string]interface{}{
"policy": "test-policy",
})
if err != nil {
@ -53,7 +54,7 @@ func TestPathMap_Upgrade_API(t *testing.T) {
}
// Create a user-id
_, err = client.Logical().Write("auth/app-id/map/user-id/test-user-id", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/app-id/map/user-id/test-user-id", map[string]interface{}{
"value": "test-app-id",
})
if err != nil {
@ -61,7 +62,7 @@ func TestPathMap_Upgrade_API(t *testing.T) {
}
// Perform a login. It should succeed.
_, err = client.Logical().Write("auth/app-id/login", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/app-id/login", map[string]interface{}{
"app_id": "test-app-id",
"user_id": "test-user-id",
})
@ -70,20 +71,20 @@ func TestPathMap_Upgrade_API(t *testing.T) {
}
// List the hashed app-ids in the storage
secret, err := client.Logical().List("auth/app-id/map/app-id")
secret, err := client.Logical().ListWithContext(context.Background(), "auth/app-id/map/app-id")
if err != nil {
t.Fatal(err)
}
hashedAppID := secret.Data["keys"].([]interface{})[0].(string)
// Try reading it. This used to cause an issue which is fixed in [GH-3806].
_, err = client.Logical().Read("auth/app-id/map/app-id/" + hashedAppID)
_, err = client.Logical().ReadWithContext(context.Background(), "auth/app-id/map/app-id/"+hashedAppID)
if err != nil {
t.Fatal(err)
}
// Ensure that there was no issue by performing another login
_, err = client.Logical().Write("auth/app-id/login", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "auth/app-id/login", map[string]interface{}{
"app_id": "test-app-id",
"user_id": "test-user-id",
})

5
command/plugin_deregister_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -88,7 +89,7 @@ func TestPluginDeregisterCommand_Run(t *testing.T) {
ui, cmd := testPluginDeregisterCommand(t)
cmd.client = client
if err := client.Sys().RegisterPlugin(&api.RegisterPluginInput{
if err := client.Sys().RegisterPluginWithContext(context.Background(), &api.RegisterPluginInput{
Name: pluginName,
Type: consts.PluginTypeCredential,
Command: pluginName,
@ -111,7 +112,7 @@ func TestPluginDeregisterCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
resp, err := client.Sys().ListPlugins(&api.ListPluginsInput{
resp, err := client.Sys().ListPluginsWithContext(context.Background(), &api.ListPluginsInput{
Type: consts.PluginTypeCredential,
})
if err != nil {

3
command/plugin_register_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -103,7 +104,7 @@ func TestPluginRegisterCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
resp, err := client.Sys().ListPlugins(&api.ListPluginsInput{
resp, err := client.Sys().ListPluginsWithContext(context.Background(), &api.ListPluginsInput{
Type: consts.PluginTypeCredential,
})
if err != nil {

3
command/plugin_reload_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -94,7 +95,7 @@ func TestPluginReloadCommand_Run(t *testing.T) {
ui, cmd := testPluginReloadCommand(t)
cmd.client = client
if err := client.Sys().RegisterPlugin(&api.RegisterPluginInput{
if err := client.Sys().RegisterPluginWithContext(context.Background(), &api.RegisterPluginInput{
Name: pluginName,
Type: consts.PluginTypeCredential,
Command: pluginName,

3
command/plugin_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"crypto/sha256"
"fmt"
"io"
@ -67,7 +68,7 @@ func testPluginCreateAndRegister(tb testing.TB, client *api.Client, dir, name st
pth, sha256Sum := testPluginCreate(tb, dir, name)
if err := client.Sys().RegisterPlugin(&api.RegisterPluginInput{
if err := client.Sys().RegisterPluginWithContext(context.Background(), &api.RegisterPluginInput{
Name: name,
Type: pluginType,
Command: name,

5
command/policy_delete_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"reflect"
"strings"
"testing"
@ -77,7 +78,7 @@ func TestPolicyDeleteCommand_Run(t *testing.T) {
defer closer()
policy := `path "secret/" {}`
if err := client.Sys().PutPolicy("my-policy", policy); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "my-policy", policy); err != nil {
t.Fatal(err)
}
@ -97,7 +98,7 @@ func TestPolicyDeleteCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
policies, err := client.Sys().ListPolicies()
policies, err := client.Sys().ListPoliciesWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/policy_read_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -76,7 +77,7 @@ func TestPolicyReadCommand_Run(t *testing.T) {
defer closer()
policy := `path "secret/" {}`
if err := client.Sys().PutPolicy("my-policy", policy); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "my-policy", policy); err != nil {
t.Fatal(err)
}

5
command/policy_write_test.go
View File

@ -2,6 +2,7 @@ package command
import (
"bytes"
"context"
"io"
"io/ioutil"
"os"
@ -123,7 +124,7 @@ func TestPolicyWriteCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
policies, err := client.Sys().ListPolicies()
policies, err := client.Sys().ListPoliciesWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -164,7 +165,7 @@ func TestPolicyWriteCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
policies, err := client.Sys().ListPolicies()
policies, err := client.Sys().ListPoliciesWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/read_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -83,7 +84,7 @@ func TestReadCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if _, err := client.Logical().Write("secret/read/foo", map[string]interface{}{
if _, err := client.Logical().WriteWithContext(context.Background(), "secret/read/foo", map[string]interface{}{
"foo": "bar",
}); err != nil {
t.Fatal(err)

3
command/rotate_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -83,7 +84,7 @@ func TestOperatorRotateCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
status, err := client.Sys().KeyStatus()
status, err := client.Sys().KeyStatusWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

5
command/secrets_disable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -88,7 +89,7 @@ func TestSecretsDisableCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("my-secret/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "my-secret/", &api.MountInput{
Type: "generic",
}); err != nil {
t.Fatal(err)
@ -110,7 +111,7 @@ func TestSecretsDisableCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/secrets_enable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"io/ioutil"
"strings"
"testing"
@ -127,7 +128,7 @@ func TestSecretsEnableCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

3
command/secrets_move_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -97,7 +98,7 @@ func TestSecretsMoveCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

19
command/secrets_tune_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -80,7 +81,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
cmd.client = client
// Mount
if err := client.Sys().Mount("kv", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
Options: map[string]string{
"version": "2",
@ -90,7 +91,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
}
// confirm default max_versions
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -125,7 +126,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err = client.Sys().ListMounts()
mounts, err = client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -155,7 +156,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
cmd.client = client
// Mount
if err := client.Sys().Mount("mount_tune_integration", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "mount_tune_integration", &api.MountInput{
Type: "pki",
}); err != nil {
t.Fatal(err)
@ -184,7 +185,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -232,7 +233,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
cmd.client = client
// Mount
if err := client.Sys().Mount("mount_tune_integration", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "mount_tune_integration", &api.MountInput{
Type: "pki",
Description: "initial description",
}); err != nil {
@ -253,7 +254,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -275,7 +276,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
cmd.client = client
// Mount
if err := client.Sys().Mount("mount_tune_integration", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "mount_tune_integration", &api.MountInput{
Type: "pki",
Description: "initial description",
}); err != nil {
@ -296,7 +297,7 @@ func TestSecretsTuneCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
mounts, err := client.Sys().ListMounts()
mounts, err := client.Sys().ListMountsWithContext(context.Background())
if err != nil {
t.Fatal(err)
}

2
command/server/server_seal_transit_acc_test.go
View File

@ -61,7 +61,7 @@ func TestTransitSeal_TokenRenewal(t *testing.T) {
req := &api.TokenCreateRequest{
Period: "5s",
}
rsp, err := remoteClient.Auth().Token().Create(req)
rsp, err := remoteClient.Auth().Token().CreateWithContext(context.Background(), req)
if err != nil {
t.Fatalf("err: %s", err)
}

9
command/token_capabilities_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -67,11 +68,11 @@ func TestTokenCapabilitiesCommand_Run(t *testing.T) {
defer closer()
policy := `path "secret/foo" { capabilities = ["read"] }`
if err := client.Sys().PutPolicy("policy", policy); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "policy", policy); err != nil {
t.Error(err)
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Policies: []string{"policy"},
TTL: "30m",
})
@ -107,11 +108,11 @@ func TestTokenCapabilitiesCommand_Run(t *testing.T) {
defer closer()
policy := `path "secret/foo" { capabilities = ["read"] }`
if err := client.Sys().PutPolicy("policy", policy); err != nil {
if err := client.Sys().PutPolicyWithContext(context.Background(), "policy", policy); err != nil {
t.Error(err)
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Policies: []string{"policy"},
TTL: "30m",
})

7
command/token_create_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"reflect"
"strings"
"testing"
@ -115,7 +116,7 @@ func TestTokenCreateCommand_Run(t *testing.T) {
}
token := strings.TrimSpace(ui.OutputWriter.String())
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if secret == nil || err != nil {
t.Fatal(err)
}
@ -140,7 +141,7 @@ func TestTokenCreateCommand_Run(t *testing.T) {
}
token := strings.TrimSpace(ui.OutputWriter.String())
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if secret == nil || err != nil {
t.Fatal(err)
}
@ -176,7 +177,7 @@ func TestTokenCreateCommand_Run(t *testing.T) {
}
token := strings.TrimSpace(ui.OutputWriter.String())
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if secret == nil || err != nil {
t.Fatal(err)
}

7
command/token_renew_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"encoding/json"
"strconv"
"strings"
@ -106,7 +107,7 @@ func TestTokenRenewCommand_Run(t *testing.T) {
t.Errorf("expected %d to be %d", code, exp)
}
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if err != nil {
t.Fatal(err)
}
@ -141,7 +142,7 @@ func TestTokenRenewCommand_Run(t *testing.T) {
t.Errorf("expected %d to be %d", code, exp)
}
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if err != nil {
t.Fatal(err)
}
@ -180,7 +181,7 @@ func TestTokenRenewCommand_Run(t *testing.T) {
}
client.SetToken(oldToken)
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if err != nil {
t.Fatal(err)
}

7
command/token_revoke_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -129,7 +130,7 @@ func TestTokenRevokeCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if secret != nil || err == nil {
t.Errorf("expected token to be revoked: %#v", secret)
}
@ -157,7 +158,7 @@ func TestTokenRevokeCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if secret != nil || err == nil {
t.Errorf("expected token to be revoked: %#v", secret)
}
@ -188,7 +189,7 @@ func TestTokenRevokeCommand_Run(t *testing.T) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, err := client.Auth().Token().Lookup(token)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), token)
if secret != nil || err == nil {
t.Errorf("expected token to be revoked: %#v", secret)
}

3
command/unwrap_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"strings"
"testing"
@ -22,7 +23,7 @@ func testUnwrapCommand(tb testing.TB) (*cli.MockUi, *UnwrapCommand) {
func testUnwrapWrappedToken(tb testing.TB, client *api.Client, data map[string]interface{}) string {
tb.Helper()
wrapped, err := client.Logical().Write("sys/wrapping/wrap", data)
wrapped, err := client.Logical().WriteWithContext(context.Background(), "sys/wrapping/wrap", data)
if err != nil {
tb.Fatal(err)
}

11
command/write_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"context"
"io"
"strings"
"testing"
@ -121,7 +122,7 @@ func TestWriteCommand_Run(t *testing.T) {
client, closer := testVaultServer(t)
defer closer()
if err := client.Sys().Mount("transit/", &api.MountInput{
if err := client.Sys().MountWithContext(context.Background(), "transit/", &api.MountInput{
Type: "transit",
}); err != nil {
t.Fatal(err)
@ -138,7 +139,7 @@ func TestWriteCommand_Run(t *testing.T) {
t.Fatalf("expected %d to be %d: %q", code, exp, ui.ErrorWriter.String())
}
secret, err := client.Logical().Read("transit/keys/my-key")
secret, err := client.Logical().ReadWithContext(context.Background(), "transit/keys/my-key")
if err != nil {
t.Fatal(err)
}
@ -170,7 +171,7 @@ func TestWriteCommand_Run(t *testing.T) {
t.Fatalf("expected 0 to be %d", code)
}
secret, err := client.Logical().Read("secret/write/stdin_full")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/write/stdin_full")
if err != nil {
t.Fatal(err)
}
@ -205,7 +206,7 @@ func TestWriteCommand_Run(t *testing.T) {
t.Fatalf("expected 0 to be %d", code)
}
secret, err := client.Logical().Read("secret/write/stdin_value")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/write/stdin_value")
if err != nil {
t.Fatal(err)
}
@ -233,7 +234,7 @@ func TestWriteCommand_Run(t *testing.T) {
t.Fatalf("expected 0 to be %d", code)
}
secret, err := client.Logical().Read("secret/write/integration")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/write/integration")
if err != nil {
t.Fatal(err)
}

25
http/auth_token_test.go
View File

@ -1,6 +1,7 @@
package http
import (
"context"
"strings"
"testing"
@ -22,7 +23,7 @@ func TestAuthTokenCreate(t *testing.T) {
}
client.SetToken(token)
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Lease: "1h",
})
if err != nil {
@ -37,7 +38,7 @@ func TestAuthTokenCreate(t *testing.T) {
Renewable: new(bool),
}
secret, err = client.Auth().Token().Create(renewCreateRequest)
secret, err = client.Auth().Token().CreateWithContext(context.Background(), renewCreateRequest)
if err != nil {
t.Fatal(err)
}
@ -49,7 +50,7 @@ func TestAuthTokenCreate(t *testing.T) {
}
*renewCreateRequest.Renewable = true
secret, err = client.Auth().Token().Create(renewCreateRequest)
secret, err = client.Auth().Token().CreateWithContext(context.Background(), renewCreateRequest)
if err != nil {
t.Fatal(err)
}
@ -65,7 +66,7 @@ func TestAuthTokenCreate(t *testing.T) {
ExplicitMaxTTL: "1800s",
}
secret, err = client.Auth().Token().Create(explicitMaxCreateRequest)
secret, err = client.Auth().Token().CreateWithContext(context.Background(), explicitMaxCreateRequest)
if err != nil {
t.Fatal(err)
}
@ -74,7 +75,7 @@ func TestAuthTokenCreate(t *testing.T) {
}
explicitMaxCreateRequest.ExplicitMaxTTL = "2h"
secret, err = client.Auth().Token().Create(explicitMaxCreateRequest)
secret, err = client.Auth().Token().CreateWithContext(context.Background(), explicitMaxCreateRequest)
if err != nil {
t.Fatal(err)
}
@ -98,7 +99,7 @@ func TestAuthTokenLookup(t *testing.T) {
client.SetToken(token)
// Create a new token ...
secret2, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret2, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Lease: "1h",
})
if err != nil {
@ -106,7 +107,7 @@ func TestAuthTokenLookup(t *testing.T) {
}
// lookup details of this token
secret, err := client.Auth().Token().Lookup(secret2.Auth.ClientToken)
secret, err := client.Auth().Token().LookupWithContext(context.Background(), secret2.Auth.ClientToken)
if err != nil {
t.Fatalf("unable to lookup details of token, err = %v", err)
}
@ -131,7 +132,7 @@ func TestAuthTokenLookupSelf(t *testing.T) {
client.SetToken(token)
// you should be able to lookup your own token
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatalf("should be allowed to lookup self, err = %v", err)
}
@ -159,7 +160,7 @@ func TestAuthTokenRenew(t *testing.T) {
client.SetToken(token)
// The default root token is not renewable, so this should not work
_, err = client.Auth().Token().Renew(token, 0)
_, err = client.Auth().Token().RenewWithContext(context.Background(), token, 0)
if err == nil {
t.Fatal("should not be allowed to renew root token")
}
@ -168,7 +169,7 @@ func TestAuthTokenRenew(t *testing.T) {
}
// Create a new token that should be renewable
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
secret, err := client.Auth().Token().CreateWithContext(context.Background(), &api.TokenCreateRequest{
Lease: "1h",
})
if err != nil {
@ -177,7 +178,7 @@ func TestAuthTokenRenew(t *testing.T) {
client.SetToken(secret.Auth.ClientToken)
// Now attempt a renew with the new token
secret, err = client.Auth().Token().Renew(secret.Auth.ClientToken, 3600)
secret, err = client.Auth().Token().RenewWithContext(context.Background(), secret.Auth.ClientToken, 3600)
if err != nil {
t.Fatal(err)
}
@ -191,7 +192,7 @@ func TestAuthTokenRenew(t *testing.T) {
}
// Do the same thing with the self variant
secret, err = client.Auth().Token().RenewSelf(3600)
secret, err = client.Auth().Token().RenewSelfWithContext(context.Background(), 3600)
if err != nil {
t.Fatal(err)
}

11
http/forwarding_test.go
View File

@ -2,6 +2,7 @@ package http
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
@ -61,7 +62,7 @@ func TestHTTP_Fallback_Bad_Address(t *testing.T) {
}
client.SetToken(cluster.RootToken)
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -109,7 +110,7 @@ func TestHTTP_Fallback_Disabled(t *testing.T) {
}
client.SetToken(cluster.RootToken)
secret, err := client.Auth().Token().LookupSelf()
secret, err := client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -529,7 +530,7 @@ func TestHTTP_Forwarding_ClientTLS(t *testing.T) {
t.Fatal(err)
}
secret, err := client.Logical().Write("auth/cert/login", nil)
secret, err := client.Logical().WriteWithContext(context.Background(), "auth/cert/login", nil)
if err != nil {
t.Fatal(err)
}
@ -546,7 +547,7 @@ func TestHTTP_Forwarding_ClientTLS(t *testing.T) {
t.Fatalf("bad client token: %#v", *secret.Auth)
}
client.SetToken(secret.Auth.ClientToken)
secret, err = client.Auth().Token().LookupSelf()
secret, err = client.Auth().Token().LookupSelfWithContext(context.Background())
if err != nil {
t.Fatal(err)
}
@ -594,7 +595,7 @@ func TestHTTP_Forwarding_LocalOnly(t *testing.T) {
vault.TestWaitActive(t, cores[0].Core)
testLocalOnly := func(client *api.Client) {
_, err := client.Logical().Read("sys/config/state/sanitized")
_, err := client.Logical().ReadWithContext(context.Background(), "sys/config/state/sanitized")
if err == nil {
t.Fatal("expected error")
}

2
http/handler_test.go
View File

@ -843,7 +843,7 @@ func TestHandler_Parse_Form(t *testing.T) {
client := cores[0].Client
client.SetToken(cluster.RootToken)
apiResp, err := client.Logical().Read("secret/foo")
apiResp, err := client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}

13
http/plugin_test.go
View File

@ -1,6 +1,7 @@
package http
import (
"context"
"encoding/json"
"io/ioutil"
"os"
@ -54,7 +55,7 @@ func getPluginClusterAndCore(t testing.TB, logger log.Logger) (*vault.TestCluste
vault.TestAddTestPlugin(t, core.Core, "mock-plugin", consts.PluginTypeSecrets, "TestPlugin_PluginMain", []string{}, "")
// Mount the mock plugin
err = core.Client.Sys().Mount("mock", &api.MountInput{
err = core.Client.Sys().MountWithContext(context.Background(), "mock", &api.MountInput{
Type: "mock-plugin",
})
if err != nil {
@ -102,14 +103,14 @@ func TestPlugin_MockList(t *testing.T) {
cluster, core := getPluginClusterAndCore(t, logger)
defer cluster.Cleanup()
_, err := core.Client.Logical().Write("mock/kv/foo", map[string]interface{}{
_, err := core.Client.Logical().WriteWithContext(context.Background(), "mock/kv/foo", map[string]interface{}{
"value": "baz",
})
if err != nil {
t.Fatal(err)
}
keys, err := core.Client.Logical().List("mock/kv/")
keys, err := core.Client.Logical().ListWithContext(context.Background(), "mock/kv/")
if err != nil {
t.Fatal(err)
}
@ -117,14 +118,14 @@ func TestPlugin_MockList(t *testing.T) {
t.Fatal(keys)
}
_, err = core.Client.Logical().Write("mock/kv/zoo", map[string]interface{}{
_, err = core.Client.Logical().WriteWithContext(context.Background(), "mock/kv/zoo", map[string]interface{}{
"value": "baz",
})
if err != nil {
t.Fatal(err)
}
keys, err = core.Client.Logical().List("mock/kv/")
keys, err = core.Client.Logical().ListWithContext(context.Background(), "mock/kv/")
if err != nil {
t.Fatal(err)
}
@ -165,7 +166,7 @@ func TestPlugin_GetParams(t *testing.T) {
cluster, core := getPluginClusterAndCore(t, logger)
defer cluster.Cleanup()
_, err := core.Client.Logical().Write("mock/kv/foo", map[string]interface{}{
_, err := core.Client.Logical().WriteWithContext(context.Background(), "mock/kv/foo", map[string]interface{}{
"value": "baz",
})
if err != nil {

5
http/sys_hostinfo_test.go
View File

@ -1,6 +1,7 @@
package http
import (
"context"
"encoding/json"
"testing"
@ -19,7 +20,7 @@ func TestSysHostInfo(t *testing.T) {
vault.TestWaitActive(t, cores[0].Core)
// Query against the active node, should get host information back
secret, err := cores[0].Client.Logical().Read("sys/host-info")
secret, err := cores[0].Client.Logical().ReadWithContext(context.Background(), "sys/host-info")
if err != nil {
t.Fatal(err)
}
@ -54,7 +55,7 @@ func TestSysHostInfo(t *testing.T) {
}
// Query against a standby, should error
secret, err = cores[1].Client.Logical().Read("sys/host-info")
secret, err = cores[1].Client.Logical().ReadWithContext(context.Background(), "sys/host-info")
if err == nil || secret != nil {
t.Fatalf("expected error on standby node, HostInfo: %v", secret)
}

7
http/sys_mounts_test.go
View File

@ -1,6 +1,7 @@
package http
import (
"context"
"fmt"
"math/rand"
"testing"
@ -29,10 +30,10 @@ func TestSysMountConfig(t *testing.T) {
if err != nil {
t.Fatal(err)
}
defer client.Sys().Unmount(path)
defer client.Sys().UnmountWithContext(context.Background(), path)
// Get config info for this mount
mountConfig, err := client.Sys().MountConfig(path)
mountConfig, err := client.Sys().MountConfigWithContext(context.Background(), path)
if err != nil {
t.Fatal(err)
}
@ -60,6 +61,6 @@ func testMount(client *api.Client) (string, error) {
rand.Seed(time.Now().UTC().UnixNano())
randInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
path := fmt.Sprintf("testmount-%d", randInt)
err := client.Sys().Mount(path, &api.MountInput{Type: "kv"})
err := client.Sys().MountWithContext(context.Background(), path, &api.MountInput{Type: "kv"})
return path, err
}

61
http/sys_wrapping_test.go
View File

@ -1,6 +1,7 @@
package http
import (
"context"
"encoding/json"
"reflect"
"testing"
@ -29,7 +30,7 @@ func TestHTTP_Wrapping(t *testing.T) {
client.SetToken(cluster.RootToken)
// Write a value that we will use with wrapping for lookup
_, err := client.Logical().Write("secret/foo", map[string]interface{}{
_, err := client.Logical().WriteWithContext(context.Background(), "secret/foo", map[string]interface{}{
"zip": "zap",
})
if err != nil {
@ -47,19 +48,19 @@ func TestHTTP_Wrapping(t *testing.T) {
// First test: basic things that should fail, lookup edition
// Root token isn't a wrapping token
_, err = client.Logical().Write("sys/wrapping/lookup", nil)
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/lookup", nil)
if err == nil {
t.Fatal("expected error")
}
// Not supplied
_, err = client.Logical().Write("sys/wrapping/lookup", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/lookup", map[string]interface{}{
"foo": "bar",
})
if err == nil {
t.Fatal("expected error")
}
// Nonexistent token isn't a wrapping token
_, err = client.Logical().Write("sys/wrapping/lookup", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/lookup", map[string]interface{}{
"token": "bar",
})
if err == nil {
@ -68,24 +69,24 @@ func TestHTTP_Wrapping(t *testing.T) {
// Second: basic things that should fail, unwrap edition
// Root token isn't a wrapping token
_, err = client.Logical().Unwrap(cluster.RootToken)
_, err = client.Logical().UnwrapWithContext(context.Background(), cluster.RootToken)
if err == nil {
t.Fatal("expected error")
}
// Root token isn't a wrapping token
_, err = client.Logical().Write("sys/wrapping/unwrap", nil)
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", nil)
if err == nil {
t.Fatal("expected error")
}
// Not supplied
_, err = client.Logical().Write("sys/wrapping/unwrap", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", map[string]interface{}{
"foo": "bar",
})
if err == nil {
t.Fatal("expected error")
}
// Nonexistent token isn't a wrapping token
_, err = client.Logical().Write("sys/wrapping/unwrap", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", map[string]interface{}{
"token": "bar",
})
if err == nil {
@ -97,7 +98,7 @@ func TestHTTP_Wrapping(t *testing.T) {
//
// Create a wrapping token
secret, err := client.Logical().Read("secret/foo")
secret, err := client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}
@ -108,7 +109,7 @@ func TestHTTP_Wrapping(t *testing.T) {
// Test this twice to ensure no ill effect to the wrapping token as a result of the lookup
for i := 0; i < 2; i++ {
secret, err = client.Logical().Write("sys/wrapping/lookup", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/lookup", map[string]interface{}{
"token": wrapInfo.Token,
})
if err != nil {
@ -131,7 +132,7 @@ func TestHTTP_Wrapping(t *testing.T) {
//
// Create a wrapping token
secret, err = client.Logical().Read("secret/foo")
secret, err = client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}
@ -142,7 +143,7 @@ func TestHTTP_Wrapping(t *testing.T) {
// Test unwrap via the client token
client.SetToken(wrapInfo.Token)
secret, err = client.Logical().Write("sys/wrapping/unwrap", nil)
secret, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", nil)
if err != nil {
t.Fatal(err)
}
@ -151,14 +152,14 @@ func TestHTTP_Wrapping(t *testing.T) {
}
ret1 := secret
// Should be expired and fail
_, err = client.Logical().Write("sys/wrapping/unwrap", nil)
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", nil)
if err == nil {
t.Fatal("expected err")
}
// Create a wrapping token
client.SetToken(cluster.RootToken)
secret, err = client.Logical().Read("secret/foo")
secret, err = client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}
@ -168,7 +169,7 @@ func TestHTTP_Wrapping(t *testing.T) {
wrapInfo = secret.WrapInfo
// Test as a separate token
secret, err = client.Logical().Write("sys/wrapping/unwrap", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", map[string]interface{}{
"token": wrapInfo.Token,
})
if err != nil {
@ -176,7 +177,7 @@ func TestHTTP_Wrapping(t *testing.T) {
}
ret2 := secret
// Should be expired and fail
_, err = client.Logical().Write("sys/wrapping/unwrap", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", map[string]interface{}{
"token": wrapInfo.Token,
})
if err == nil {
@ -184,7 +185,7 @@ func TestHTTP_Wrapping(t *testing.T) {
}
// Create a wrapping token
secret, err = client.Logical().Read("secret/foo")
secret, err = client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}
@ -195,20 +196,20 @@ func TestHTTP_Wrapping(t *testing.T) {
// Read response directly
client.SetToken(wrapInfo.Token)
secret, err = client.Logical().Read("cubbyhole/response")
secret, err = client.Logical().ReadWithContext(context.Background(), "cubbyhole/response")
if err != nil {
t.Fatal(err)
}
ret3 := secret
// Should be expired and fail
_, err = client.Logical().Write("cubbyhole/response", nil)
_, err = client.Logical().WriteWithContext(context.Background(), "cubbyhole/response", nil)
if err == nil {
t.Fatal("expected err")
}
// Create a wrapping token
client.SetToken(cluster.RootToken)
secret, err = client.Logical().Read("secret/foo")
secret, err = client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}
@ -218,13 +219,13 @@ func TestHTTP_Wrapping(t *testing.T) {
wrapInfo = secret.WrapInfo
// Read via Unwrap method
secret, err = client.Logical().Unwrap(wrapInfo.Token)
secret, err = client.Logical().UnwrapWithContext(context.Background(), wrapInfo.Token)
if err != nil {
t.Fatal(err)
}
ret4 := secret
// Should be expired and fail
_, err = client.Logical().Unwrap(wrapInfo.Token)
_, err = client.Logical().UnwrapWithContext(context.Background(), wrapInfo.Token)
if err == nil {
t.Fatal("expected err")
}
@ -269,7 +270,7 @@ func TestHTTP_Wrapping(t *testing.T) {
client.SetWrappingLookupFunc(func(operation, path string) string {
return ""
})
secret, err = client.Logical().Write("sys/wrapping/wrap", data)
secret, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/wrap", data)
if err == nil {
t.Fatal("expected error")
}
@ -282,11 +283,11 @@ func TestHTTP_Wrapping(t *testing.T) {
return api.DefaultWrappingLookupFunc(operation, path)
})
secret, err = client.Logical().Write("sys/wrapping/wrap", data)
secret, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/wrap", data)
if err != nil {
t.Fatal(err)
}
secret, err = client.Logical().Unwrap(secret.WrapInfo.Token)
secret, err = client.Logical().UnwrapWithContext(context.Background(), secret.WrapInfo.Token)
if err != nil {
t.Fatal(err)
}
@ -299,7 +300,7 @@ func TestHTTP_Wrapping(t *testing.T) {
//
// Create a wrapping token
secret, err = client.Logical().Read("secret/foo")
secret, err = client.Logical().ReadWithContext(context.Background(), "secret/foo")
if err != nil {
t.Fatal(err)
}
@ -314,7 +315,7 @@ func TestHTTP_Wrapping(t *testing.T) {
}
// Test rewrapping
secret, err = client.Logical().Write("sys/wrapping/rewrap", map[string]interface{}{
secret, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/rewrap", map[string]interface{}{
"token": wrapInfo.Token,
})
if err != nil {
@ -327,7 +328,7 @@ func TestHTTP_Wrapping(t *testing.T) {
}
// Should be expired and fail
_, err = client.Logical().Write("sys/wrapping/unwrap", map[string]interface{}{
_, err = client.Logical().WriteWithContext(context.Background(), "sys/wrapping/unwrap", map[string]interface{}{
"token": wrapInfo.Token,
})
if err == nil {
@ -336,12 +337,12 @@ func TestHTTP_Wrapping(t *testing.T) {
// Attempt unwrapping the rewrapped token
wrapToken := secret.WrapInfo.Token
secret, err = client.Logical().Unwrap(wrapToken)
secret, err = client.Logical().UnwrapWithContext(context.Background(), wrapToken)
if err != nil {
t.Fatal(err)
}
// Should be expired and fail
_, err = client.Logical().Unwrap(wrapToken)
_, err = client.Logical().UnwrapWithContext(context.Background(), wrapToken)
if err == nil {
t.Fatal("expected err")
}

7
http/unwrapping_raw_body_test.go
View File

@ -1,6 +1,7 @@
package http
import (
"context"
"testing"
kv "github.com/hashicorp/vault-plugin-secrets-kv"
@ -26,7 +27,7 @@ func TestUnwrapping_Raw_Body(t *testing.T) {
client := cluster.Cores[0].Client
// Mount a k/v backend, version 2
err := client.Sys().Mount("kv", &api.MountInput{
err := client.Sys().MountWithContext(context.Background(), "kv", &api.MountInput{
Type: "kv",
Options: map[string]string{"version": "2"},
})
@ -37,7 +38,7 @@ func TestUnwrapping_Raw_Body(t *testing.T) {
client.SetWrappingLookupFunc(func(operation, path string) string {
return "5m"
})
secret, err := client.Logical().Write("kv/foo/bar", map[string]interface{}{
secret, err := client.Logical().WriteWithContext(context.Background(), "kv/foo/bar", map[string]interface{}{
"a": "b",
})
if err != nil {
@ -52,7 +53,7 @@ func TestUnwrapping_Raw_Body(t *testing.T) {
wrapToken := secret.WrapInfo.Token
client.SetWrappingLookupFunc(nil)
secret, err = client.Logical().Unwrap(wrapToken)
secret, err = client.Logical().UnwrapWithContext(context.Background(), wrapToken)
if err != nil {
t.Fatal(err)
}

19
vault/expiration_integ_test.go
View File

@ -1,6 +1,7 @@
package vault_test
import (
"context"
"encoding/json"
"testing"
"time"
@ -38,7 +39,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
}
// Tune the mount
err = client.Sys().TuneMount("auth/approle", api.MountConfigInput{
err = client.Sys().TuneMountWithContext(context.Background(), "auth/approle", api.MountConfigInput{
DefaultLeaseTTL: "5s",
MaxLeaseTTL: "5s",
})
@ -47,7 +48,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
}
// Create role
resp, err := client.Logical().Write("auth/approle/role/role-period", map[string]interface{}{
resp, err := client.Logical().WriteWithContext(context.Background(), "auth/approle/role/role-period", map[string]interface{}{
"period": "5s",
})
if err != nil {
@ -55,7 +56,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
}
// Get role_id
resp, err = client.Logical().Read("auth/approle/role/role-period/role-id")
resp, err = client.Logical().ReadWithContext(context.Background(), "auth/approle/role/role-period/role-id")
if err != nil {
t.Fatal(err)
}
@ -65,7 +66,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
roleID := resp.Data["role_id"]
// Get secret_id
resp, err = client.Logical().Write("auth/approle/role/role-period/secret-id", map[string]interface{}{})
resp, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/role/role-period/secret-id", map[string]interface{}{})
if err != nil {
t.Fatal(err)
}
@ -75,7 +76,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
secretID := resp.Data["secret_id"]
// Login
resp, err = client.Logical().Write("auth/approle/login", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "auth/approle/login", map[string]interface{}{
"role_id": roleID,
"secret_id": secretID,
})
@ -97,7 +98,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
time.Sleep(3 * time.Second)
// Renew
resp, err = client.Logical().Write("auth/token/renew", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "auth/token/renew", map[string]interface{}{
"token": roleToken,
})
if err != nil {
@ -108,7 +109,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
}
// Perform token lookup and verify TTL
resp, err = client.Auth().Token().Lookup(roleToken)
resp, err = client.Auth().Token().LookupWithContext(context.Background(), roleToken)
if err != nil {
t.Fatal(err)
}
@ -133,7 +134,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
time.Sleep(3 * time.Second)
// Do a second renewal to ensure that period can be renewed past sys/mount max_ttl
resp, err = client.Logical().Write("auth/token/renew", map[string]interface{}{
resp, err = client.Logical().WriteWithContext(context.Background(), "auth/token/renew", map[string]interface{}{
"token": roleToken,
})
if err != nil {
@ -144,7 +145,7 @@ func TestExpiration_RenewToken_TestCluster(t *testing.T) {
}
// Perform token lookup and verify TTL
resp, err = client.Auth().Token().Lookup(roleToken)
resp, err = client.Auth().Token().LookupWithContext(context.Background(), roleToken)
if err != nil {
t.Fatal(err)
}

Some files were not shown because too many files have changed in this diff Show More