luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Pass context to backends (#3750) 

* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
This commit is contained in:
Brian Kassouf 2018-01-08 10:31:38 -08:00 committed by GitHub
parent 8cd19b481a
commit 1c190d4bda
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
204 changed files with 2384 additions and 2431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/credential/app-id/backend_test.go
View File

@ -1,6 +1,7 @@
package appId
import (
"context"
"fmt"
"testing"
@ -41,7 +42,7 @@ func TestBackend_basic(t *testing.T) {
Operation: logical.ListOperation,
Storage: storage,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}

12
builtin/credential/app-id/path_login.go
View File

@ -1,6 +1,7 @@
package appId
import (
"context"
"crypto/sha1"
"crypto/subtle"
"encoding/hex"
@ -62,8 +63,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
appId := data.Get("app_id").(string)
if appId == "" {
@ -79,8 +79,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
appId := data.Get("app_id").(string)
userId := data.Get("user_id").(string)
@ -126,8 +125,7 @@ func (b *backend) pathLogin(
}, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
appId := req.Auth.InternalData["app-id"].(string)
userId := req.Auth.InternalData["user-id"].(string)
@ -148,7 +146,7 @@ func (b *backend) pathLoginRenew(
return nil, fmt.Errorf("policies do not match")
}
return framework.LeaseExtend(0, 0, b.System())(req, d)
return framework.LeaseExtend(0, 0, b.System())(ctx, req, d)
}
func (b *backend) verifyCredentials(req *logical.Request, appId, userId string) (string, *logical.Response, error) {

9
builtin/credential/approle/path_login.go
View File

@ -1,6 +1,7 @@
package approle
import (
"context"
"fmt"
"strings"
@ -31,7 +32,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginUpdateAliasLookahead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginUpdateAliasLookahead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleID := strings.TrimSpace(data.Get("role_id").(string))
if roleID == "" {
return nil, fmt.Errorf("missing role_id")
@ -48,7 +49,7 @@ func (b *backend) pathLoginUpdateAliasLookahead(req *logical.Request, data *fram
// Returns the Auth object indicating the authentication and authorization information
// if the credentials provided are validated by the backend.
func (b *backend) pathLoginUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
role, roleName, metadata, _, err := b.validateCredentials(req, data)
if err != nil || role == nil {
return logical.ErrorResponse(fmt.Sprintf("failed to validate credentials: %v", err)), nil
@ -80,7 +81,7 @@ func (b *backend) pathLoginUpdate(req *logical.Request, data *framework.FieldDat
}
// Invoked when the token issued by this backend is attempting a renewal.
func (b *backend) pathLoginRenew(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := req.Auth.InternalData["role_name"].(string)
if roleName == "" {
return nil, fmt.Errorf("failed to fetch role_name during renewal")
@ -99,7 +100,7 @@ func (b *backend) pathLoginRenew(req *logical.Request, data *framework.FieldData
return nil, fmt.Errorf("role %s does not exist during renewal", roleName)
}
resp, err := framework.LeaseExtend(role.TokenTTL, role.TokenMaxTTL, b.System())(req, data)
resp, err := framework.LeaseExtend(role.TokenTTL, role.TokenMaxTTL, b.System())(ctx, req, data)
if err != nil {
return nil, err
}

7
builtin/credential/approle/path_login_test.go
View File

@ -1,6 +1,7 @@
package approle
import (
"context"
"testing"
"github.com/hashicorp/vault/logical"
@ -17,7 +18,7 @@ func TestAppRole_RoleLogin(t *testing.T) {
Path: "role/role1/role-id",
Storage: storage,
}
resp, err = b.HandleRequest(roleRoleIDReq)
resp, err = b.HandleRequest(context.Background(), roleRoleIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -28,7 +29,7 @@ func TestAppRole_RoleLogin(t *testing.T) {
Path: "role/role1/secret-id",
Storage: storage,
}
resp, err = b.HandleRequest(roleSecretIDReq)
resp, err = b.HandleRequest(context.Background(), roleSecretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -47,7 +48,7 @@ func TestAppRole_RoleLogin(t *testing.T) {
RemoteAddr: "127.0.0.1",
},
}
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}

89
builtin/credential/approle/path_role.go
View File

@ -1,6 +1,7 @@
package approle
import (
"context"
"fmt"
"strings"
"time"
@ -512,7 +513,7 @@ the role.`,
}
// pathRoleExistenceCheck returns whether the role with the given name exists or not.
func (b *backend) pathRoleExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathRoleExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return false, fmt.Errorf("missing role_name")
@ -531,7 +532,7 @@ func (b *backend) pathRoleExistenceCheck(req *logical.Request, data *framework.F
}
// pathRoleList is used to list all the Roles registered with the backend.
func (b *backend) pathRoleList(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
lock := b.roleLock("")
lock.RLock()
@ -545,7 +546,7 @@ func (b *backend) pathRoleList(req *logical.Request, data *framework.FieldData)
}
// pathRoleSecretIDList is used to list all the 'secret_id_accessor's issued against the role.
func (b *backend) pathRoleSecretIDList(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -722,7 +723,7 @@ func (b *backend) roleEntry(s logical.Storage, roleName string) (*roleStorageEnt
// pathRoleCreateUpdate registers a new role with the backend or updates the options
// of an existing role
func (b *backend) pathRoleCreateUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -858,7 +859,7 @@ func (b *backend) pathRoleCreateUpdate(req *logical.Request, data *framework.Fie
}
// pathRoleRead grabs a read lock and reads the options set on the role from the storage
func (b *backend) pathRoleRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -939,7 +940,7 @@ func (b *backend) pathRoleRead(req *logical.Request, data *framework.FieldData)
}
// pathRoleDelete removes the role from the storage
func (b *backend) pathRoleDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -976,7 +977,7 @@ func (b *backend) pathRoleDelete(req *logical.Request, data *framework.FieldData
}
// Returns the properties of the SecretID
func (b *backend) pathRoleSecretIDLookupUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDLookupUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1059,7 +1060,7 @@ func (b *backend) secretIDCommon(s logical.Storage, entryIndex, secretIDHMAC str
return resp, nil
}
func (b *backend) pathRoleSecretIDDestroyUpdateDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDDestroyUpdateDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1122,7 +1123,7 @@ func (b *backend) pathRoleSecretIDDestroyUpdateDelete(req *logical.Request, data
// pathRoleSecretIDAccessorLookupUpdate returns the properties of the SecretID
// given its accessor
func (b *backend) pathRoleSecretIDAccessorLookupUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDAccessorLookupUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1167,7 +1168,7 @@ func (b *backend) pathRoleSecretIDAccessorLookupUpdate(req *logical.Request, dat
return b.secretIDCommon(req.Storage, entryIndex, accessorEntry.SecretIDHMAC)
}
func (b *backend) pathRoleSecretIDAccessorDestroyUpdateDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDAccessorDestroyUpdateDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1222,7 +1223,7 @@ func (b *backend) pathRoleSecretIDAccessorDestroyUpdateDelete(req *logical.Reque
return nil, nil
}
func (b *backend) pathRoleBoundCIDRListUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleBoundCIDRListUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1259,7 +1260,7 @@ func (b *backend) pathRoleBoundCIDRListUpdate(req *logical.Request, data *framew
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleBoundCIDRListRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleBoundCIDRListRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1282,7 +1283,7 @@ func (b *backend) pathRoleBoundCIDRListRead(req *logical.Request, data *framewor
}
}
func (b *backend) pathRoleBoundCIDRListDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleBoundCIDRListDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1306,7 +1307,7 @@ func (b *backend) pathRoleBoundCIDRListDelete(req *logical.Request, data *framew
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleBindSecretIDUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleBindSecretIDUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1332,7 +1333,7 @@ func (b *backend) pathRoleBindSecretIDUpdate(req *logical.Request, data *framewo
}
}
func (b *backend) pathRoleBindSecretIDRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleBindSecretIDRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1355,7 +1356,7 @@ func (b *backend) pathRoleBindSecretIDRead(req *logical.Request, data *framework
}
}
func (b *backend) pathRoleBindSecretIDDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleBindSecretIDDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1379,7 +1380,7 @@ func (b *backend) pathRoleBindSecretIDDelete(req *logical.Request, data *framewo
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRolePoliciesUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolePoliciesUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1407,7 +1408,7 @@ func (b *backend) pathRolePoliciesUpdate(req *logical.Request, data *framework.F
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRolePoliciesRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolePoliciesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1430,7 +1431,7 @@ func (b *backend) pathRolePoliciesRead(req *logical.Request, data *framework.Fie
}
}
func (b *backend) pathRolePoliciesDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolePoliciesDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1453,7 +1454,7 @@ func (b *backend) pathRolePoliciesDelete(req *logical.Request, data *framework.F
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleSecretIDNumUsesUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDNumUsesUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1482,7 +1483,7 @@ func (b *backend) pathRoleSecretIDNumUsesUpdate(req *logical.Request, data *fram
}
}
func (b *backend) pathRoleRoleIDUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRoleIDUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1509,7 +1510,7 @@ func (b *backend) pathRoleRoleIDUpdate(req *logical.Request, data *framework.Fie
return nil, b.setRoleEntry(req.Storage, roleName, role, previousRoleID)
}
func (b *backend) pathRoleRoleIDRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRoleIDRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1532,7 +1533,7 @@ func (b *backend) pathRoleRoleIDRead(req *logical.Request, data *framework.Field
}
}
func (b *backend) pathRoleSecretIDNumUsesRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDNumUsesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1555,7 +1556,7 @@ func (b *backend) pathRoleSecretIDNumUsesRead(req *logical.Request, data *framew
}
}
func (b *backend) pathRoleSecretIDNumUsesDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDNumUsesDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1578,7 +1579,7 @@ func (b *backend) pathRoleSecretIDNumUsesDelete(req *logical.Request, data *fram
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleSecretIDTTLUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDTTLUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1604,7 +1605,7 @@ func (b *backend) pathRoleSecretIDTTLUpdate(req *logical.Request, data *framewor
}
}
func (b *backend) pathRoleSecretIDTTLRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDTTLRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1628,7 +1629,7 @@ func (b *backend) pathRoleSecretIDTTLRead(req *logical.Request, data *framework.
}
}
func (b *backend) pathRoleSecretIDTTLDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDTTLDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1651,7 +1652,7 @@ func (b *backend) pathRoleSecretIDTTLDelete(req *logical.Request, data *framewor
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRolePeriodUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolePeriodUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1680,7 +1681,7 @@ func (b *backend) pathRolePeriodUpdate(req *logical.Request, data *framework.Fie
}
}
func (b *backend) pathRolePeriodRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolePeriodRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1704,7 +1705,7 @@ func (b *backend) pathRolePeriodRead(req *logical.Request, data *framework.Field
}
}
func (b *backend) pathRolePeriodDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolePeriodDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1727,7 +1728,7 @@ func (b *backend) pathRolePeriodDelete(req *logical.Request, data *framework.Fie
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleTokenNumUsesUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenNumUsesUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1753,7 +1754,7 @@ func (b *backend) pathRoleTokenNumUsesUpdate(req *logical.Request, data *framewo
}
}
func (b *backend) pathRoleTokenNumUsesRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenNumUsesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1776,7 +1777,7 @@ func (b *backend) pathRoleTokenNumUsesRead(req *logical.Request, data *framework
}
}
func (b *backend) pathRoleTokenNumUsesDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenNumUsesDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1799,7 +1800,7 @@ func (b *backend) pathRoleTokenNumUsesDelete(req *logical.Request, data *framewo
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleTokenTTLUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenTTLUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1828,7 +1829,7 @@ func (b *backend) pathRoleTokenTTLUpdate(req *logical.Request, data *framework.F
}
}
func (b *backend) pathRoleTokenTTLRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenTTLRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1852,7 +1853,7 @@ func (b *backend) pathRoleTokenTTLRead(req *logical.Request, data *framework.Fie
}
}
func (b *backend) pathRoleTokenTTLDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenTTLDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1875,7 +1876,7 @@ func (b *backend) pathRoleTokenTTLDelete(req *logical.Request, data *framework.F
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleTokenMaxTTLUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenMaxTTLUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1904,7 +1905,7 @@ func (b *backend) pathRoleTokenMaxTTLUpdate(req *logical.Request, data *framewor
}
}
func (b *backend) pathRoleTokenMaxTTLRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenMaxTTLRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1928,7 +1929,7 @@ func (b *backend) pathRoleTokenMaxTTLRead(req *logical.Request, data *framework.
}
}
func (b *backend) pathRoleTokenMaxTTLDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTokenMaxTTLDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil
@ -1951,19 +1952,19 @@ func (b *backend) pathRoleTokenMaxTTLDelete(req *logical.Request, data *framewor
return nil, b.setRoleEntry(req.Storage, roleName, role, "")
}
func (b *backend) pathRoleSecretIDUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleSecretIDUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
secretID, err := uuid.GenerateUUID()
if err != nil {
return nil, fmt.Errorf("failed to generate secret_id: %v", err)
}
return b.handleRoleSecretIDCommon(req, data, secretID)
return b.handleRoleSecretIDCommon(ctx, req, data, secretID)
}
func (b *backend) pathRoleCustomSecretIDUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRoleSecretIDCommon(req, data, data.Get("secret_id").(string))
func (b *backend) pathRoleCustomSecretIDUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return b.handleRoleSecretIDCommon(ctx, req, data, data.Get("secret_id").(string))
}
func (b *backend) handleRoleSecretIDCommon(req *logical.Request, data *framework.FieldData, secretID string) (*logical.Response, error) {
func (b *backend) handleRoleSecretIDCommon(ctx context.Context, req *logical.Request, data *framework.FieldData, secretID string) (*logical.Response, error) {
roleName := data.Get("role_name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role_name"), nil

223
builtin/credential/approle/path_role_test.go
View File

@ -1,6 +1,7 @@
package approle
import (
"context"
"reflect"
"strings"
"testing"
@ -35,7 +36,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
Operation: logical.UpdateOperation,
Storage: storage,
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
@ -43,7 +44,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
roleID = "testroleid"
// Regular login flow. This should succeed.
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "login",
Operation: logical.UpdateOperation,
Storage: storage,
@ -58,14 +59,14 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
// Lower case the role name when generating the secret id
secretIDReq.Path = "role/testrolename/secret-id"
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
secretID = resp.Data["secret_id"].(string)
// Login should fail
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "login",
Operation: logical.UpdateOperation,
Storage: storage,
@ -84,7 +85,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
// Delete the role and create it again. This time don't directly persist
// it, but route the request to the creation handler so that it sets the
// LowerCaseRoleName to true.
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testRoleName",
Operation: logical.DeleteOperation,
Storage: storage,
@ -101,13 +102,13 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
"bind_secret_id": true,
},
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr: %v", resp, err)
}
// Create secret id with lower cased role name
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrolename/secret-id",
Operation: logical.UpdateOperation,
Storage: storage,
@ -117,7 +118,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
}
secretID = resp.Data["secret_id"].(string)
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrolename/role-id",
Operation: logical.ReadOperation,
Storage: storage,
@ -128,7 +129,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
roleID = resp.Data["role_id"].(string)
// Login should pass
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "login",
Operation: logical.UpdateOperation,
Storage: storage,
@ -142,7 +143,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
}
// Lookup of secret ID should work in case-insensitive manner
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrolename/secret-id/lookup",
Operation: logical.UpdateOperation,
Storage: storage,
@ -158,7 +159,7 @@ func TestApprole_RoleNameLowerCasing(t *testing.T) {
}
// Listing of secret IDs should work in case-insensitive manner
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Path: "role/testrolename/secret-id",
Operation: logical.ListOperation,
Storage: storage,
@ -188,7 +189,7 @@ func TestAppRole_RoleReadSetIndex(t *testing.T) {
}
// Create a role
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %v\n", resp, err)
}
@ -200,7 +201,7 @@ func TestAppRole_RoleReadSetIndex(t *testing.T) {
}
// Get the role ID
resp, err = b.HandleRequest(roleIDReq)
resp, err = b.HandleRequest(context.Background(), roleIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %v\n", resp, err)
}
@ -214,7 +215,7 @@ func TestAppRole_RoleReadSetIndex(t *testing.T) {
// Read the role again. This should add the index and return a warning
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %v\n", resp, err)
}
@ -242,12 +243,12 @@ func TestAppRole_RoleReadSetIndex(t *testing.T) {
// Check if updating and reading of roles work and that there are no lock
// contentions dangling due to previous operation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %v\n", resp, err)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %v\n", resp, err)
}
@ -272,7 +273,7 @@ func TestAppRole_CIDRSubset(t *testing.T) {
Data: roleData,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err: %v resp: %#v", err, resp)
}
@ -287,7 +288,7 @@ func TestAppRole_CIDRSubset(t *testing.T) {
Data: secretIDData,
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if resp != nil || resp.IsError() {
t.Fatalf("resp:%#v", resp)
}
@ -297,13 +298,13 @@ func TestAppRole_CIDRSubset(t *testing.T) {
roleData["bound_cidr_list"] = "192.168.27.29/16,172.245.30.40/24,10.20.30.40/30"
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err: %v resp: %#v", err, resp)
}
secretIDData["cidr_list"] = "192.168.27.29/20,172.245.30.40/25,10.20.30.40/32"
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil {
t.Fatal(err)
}
@ -330,7 +331,7 @@ func TestAppRole_RoleConstraints(t *testing.T) {
}
// Set bind_secret_id, which is enabled by default
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -339,7 +340,7 @@ func TestAppRole_RoleConstraints(t *testing.T) {
roleReq.Operation = logical.UpdateOperation
roleData["bind_secret_id"] = false
roleData["bound_cidr_list"] = "0.0.0.0/0"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -348,7 +349,7 @@ func TestAppRole_RoleConstraints(t *testing.T) {
roleReq.Operation = logical.UpdateOperation
roleData["bound_cidr_list"] = ""
roleData["bind_secret_id"] = false
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if resp != nil && resp.IsError() {
t.Fatalf("err:%v, resp:%#v", err, resp)
}
@ -376,7 +377,7 @@ func TestAppRole_RoleIDUpdate(t *testing.T) {
Storage: storage,
Data: roleData,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -389,7 +390,7 @@ func TestAppRole_RoleIDUpdate(t *testing.T) {
"role_id": "customroleid",
},
}
resp, err = b.HandleRequest(roleIDUpdateReq)
resp, err = b.HandleRequest(context.Background(), roleIDUpdateReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -399,7 +400,7 @@ func TestAppRole_RoleIDUpdate(t *testing.T) {
Storage: storage,
Path: "role/testrole1/secret-id",
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -418,7 +419,7 @@ func TestAppRole_RoleIDUpdate(t *testing.T) {
RemoteAddr: "127.0.0.1",
},
}
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -448,33 +449,33 @@ func TestAppRole_RoleIDUniqueness(t *testing.T) {
Data: roleData,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Path = "role/testrole2"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err == nil && !(resp != nil && resp.IsError()) {
t.Fatalf("expected an error: got resp:%#v", resp)
}
roleData["role_id"] = "role-id-456"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.UpdateOperation
roleData["role_id"] = "role-id-123"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err == nil && !(resp != nil && resp.IsError()) {
t.Fatalf("expected an error: got resp:%#v", resp)
}
roleReq.Path = "role/testrole1"
roleData["role_id"] = "role-id-456"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err == nil && !(resp != nil && resp.IsError()) {
t.Fatalf("expected an error: got resp:%#v", resp)
}
@ -488,27 +489,27 @@ func TestAppRole_RoleIDUniqueness(t *testing.T) {
Storage: storage,
Data: roleIDData,
}
resp, err = b.HandleRequest(roleIDReq)
resp, err = b.HandleRequest(context.Background(), roleIDReq)
if err == nil && !(resp != nil && resp.IsError()) {
t.Fatalf("expected an error: got resp:%#v", resp)
}
roleIDData["role_id"] = "role-id-123"
roleIDReq.Path = "role/testrole2/role-id"
resp, err = b.HandleRequest(roleIDReq)
resp, err = b.HandleRequest(context.Background(), roleIDReq)
if err == nil && !(resp != nil && resp.IsError()) {
t.Fatalf("expected an error: got resp:%#v", resp)
}
roleIDData["role_id"] = "role-id-2000"
resp, err = b.HandleRequest(roleIDReq)
resp, err = b.HandleRequest(context.Background(), roleIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleIDData["role_id"] = "role-id-1000"
roleIDReq.Path = "role/testrole1/role-id"
resp, err = b.HandleRequest(roleIDReq)
resp, err = b.HandleRequest(context.Background(), roleIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -526,15 +527,15 @@ func TestAppRole_RoleDeleteSecretID(t *testing.T) {
Path: "role/role1/secret-id",
}
// Create 3 secrets on the role
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -544,7 +545,7 @@ func TestAppRole_RoleDeleteSecretID(t *testing.T) {
Storage: storage,
Path: "role/role1/secret-id",
}
resp, err = b.HandleRequest(listReq)
resp, err = b.HandleRequest(context.Background(), listReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -558,11 +559,11 @@ func TestAppRole_RoleDeleteSecretID(t *testing.T) {
Storage: storage,
Path: "role/role1",
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(listReq)
resp, err = b.HandleRequest(context.Background(), listReq)
if err != nil || resp == nil || (resp != nil && !resp.IsError()) {
t.Fatalf("expected an error. err:%v resp:%#v", err, resp)
}
@ -579,7 +580,7 @@ func TestAppRole_RoleSecretIDReadDelete(t *testing.T) {
Storage: storage,
Path: "role/role1/secret-id",
}
resp, err = b.HandleRequest(secretIDCreateReq)
resp, err = b.HandleRequest(context.Background(), secretIDCreateReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -597,7 +598,7 @@ func TestAppRole_RoleSecretIDReadDelete(t *testing.T) {
"secret_id": secretID,
},
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -613,12 +614,12 @@ func TestAppRole_RoleSecretIDReadDelete(t *testing.T) {
"secret_id": secretID,
},
}
resp, err = b.HandleRequest(deleteSecretIDReq)
resp, err = b.HandleRequest(context.Background(), deleteSecretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if resp != nil && resp.IsError() {
t.Fatalf("error response:%#v", resp)
}
@ -638,7 +639,7 @@ func TestAppRole_RoleSecretIDAccessorReadDelete(t *testing.T) {
Storage: storage,
Path: "role/role1/secret-id",
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -648,7 +649,7 @@ func TestAppRole_RoleSecretIDAccessorReadDelete(t *testing.T) {
Storage: storage,
Path: "role/role1/secret-id",
}
resp, err = b.HandleRequest(listReq)
resp, err = b.HandleRequest(context.Background(), listReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -662,7 +663,7 @@ func TestAppRole_RoleSecretIDAccessorReadDelete(t *testing.T) {
"secret_id_accessor": hmacSecretID,
},
}
resp, err = b.HandleRequest(hmacReq)
resp, err = b.HandleRequest(context.Background(), hmacReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -671,13 +672,13 @@ func TestAppRole_RoleSecretIDAccessorReadDelete(t *testing.T) {
}
hmacReq.Path = "role/role1/secret-id-accessor/destroy"
resp, err = b.HandleRequest(hmacReq)
resp, err = b.HandleRequest(context.Background(), hmacReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
hmacReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(hmacReq)
resp, err = b.HandleRequest(context.Background(), hmacReq)
if resp != nil && resp.IsError() {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -699,23 +700,23 @@ func TestAppRoleRoleListSecretID(t *testing.T) {
Path: "role/role1/secret-id",
}
// Create 5 'secret_id's
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -725,7 +726,7 @@ func TestAppRoleRoleListSecretID(t *testing.T) {
Storage: storage,
Path: "role/role1/secret-id/",
}
resp, err = b.HandleRequest(listReq)
resp, err = b.HandleRequest(context.Background(), listReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -751,7 +752,7 @@ func TestAppRole_RoleList(t *testing.T) {
Path: "role",
Storage: storage,
}
resp, err = b.HandleRequest(listReq)
resp, err = b.HandleRequest(context.Background(), listReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -782,7 +783,7 @@ func TestAppRole_RoleSecretID(t *testing.T) {
Data: roleData,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -792,7 +793,7 @@ func TestAppRole_RoleSecretID(t *testing.T) {
Path: "role/role1/secret-id",
Storage: storage,
}
resp, err = b.HandleRequest(roleSecretIDReq)
resp, err = b.HandleRequest(context.Background(), roleSecretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -807,7 +808,7 @@ func TestAppRole_RoleSecretID(t *testing.T) {
}
roleSecretIDReq.Data = roleCustomSecretIDData
roleSecretIDReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleSecretIDReq)
resp, err = b.HandleRequest(context.Background(), roleSecretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -838,13 +839,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
Data: roleData,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -887,13 +888,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
roleReq.Data = roleData
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -922,7 +923,7 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RU for role_id field
roleReq.Path = "role/role1/role-id"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -932,13 +933,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
roleReq.Data = map[string]interface{}{"role_id": "custom_role_id"}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -949,20 +950,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for bind_secret_id field
roleReq.Path = "role/role1/bind-secret-id"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"bind_secret_id": false}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -971,13 +972,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: bind_secret_id: expected:false actual:%t\n", resp.Data["bind_secret_id"].(bool))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -989,20 +990,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for policies field
roleReq.Path = "role/role1/policies"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"policies": "a1,b1,c1,d1"}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1011,13 +1012,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: policies: actual:%s\n", resp.Data["policies"].([]string))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1031,20 +1032,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for secret-id-num-uses field
roleReq.Path = "role/role1/secret-id-num-uses"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"secret_id_num_uses": 200}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1053,13 +1054,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: secret_id_num_uses: expected:200 actual:%d\n", resp.Data["secret_id_num_uses"].(int))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1071,20 +1072,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for secret_id_ttl field
roleReq.Path = "role/role1/secret-id-ttl"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"secret_id_ttl": 3001}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1093,13 +1094,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: secret_id_ttl: expected:3001 actual:%d\n", resp.Data["secret_id_ttl"].(time.Duration))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1111,7 +1112,7 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for secret-id-num-uses field
roleReq.Path = "role/role1/token-num-uses"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1121,13 +1122,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
roleReq.Data = map[string]interface{}{"token_num_uses": 60}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1137,13 +1138,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1155,20 +1156,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for 'period' field
roleReq.Path = "role/role1/period"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"period": 9001}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1177,13 +1178,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: period: expected:9001 actual:%d\n", resp.Data["9001"].(time.Duration))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1195,20 +1196,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for token_ttl field
roleReq.Path = "role/role1/token-ttl"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"token_ttl": 4001}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1217,13 +1218,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: token_ttl: expected:4001 actual:%d\n", resp.Data["token_ttl"].(time.Duration))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1235,20 +1236,20 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// RUD for token_max_ttl field
roleReq.Path = "role/role1/token-max-ttl"
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Data = map[string]interface{}{"token_max_ttl": 5001}
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1257,13 +1258,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
t.Fatalf("bad: token_max_ttl: expected:5001 actual:%d\n", resp.Data["token_max_ttl"].(time.Duration))
}
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1275,13 +1276,13 @@ func TestAppRole_RoleCRUD(t *testing.T) {
// Delete test for role
roleReq.Path = "role/role1"
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -1306,7 +1307,7 @@ func createRole(t *testing.T, b *backend, s logical.Storage, roleName, policies
Data: roleData,
}
resp, err := b.HandleRequest(roleReq)
resp, err := b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}

4
builtin/credential/approle/path_tidy_user_id.go
View File

@ -1,6 +1,7 @@
package approle
import (
"context"
"fmt"
"sync/atomic"
"time"
@ -88,8 +89,7 @@ func (b *backend) tidySecretID(s logical.Storage) error {
}
// pathTidySecretIDUpdate is used to delete the expired SecretID entries
func (b *backend) pathTidySecretIDUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathTidySecretIDUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return nil, b.tidySecretID(req.Storage)
}

7
builtin/credential/approle/validation_test.go
View File

@ -1,6 +1,7 @@
package approle
import (
"context"
"testing"
"github.com/hashicorp/vault/logical"
@ -23,7 +24,7 @@ func TestAppRole_SecretIDNumUsesUpgrade(t *testing.T) {
Data: roleData,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -34,7 +35,7 @@ func TestAppRole_SecretIDNumUsesUpgrade(t *testing.T) {
Storage: storage,
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -44,7 +45,7 @@ func TestAppRole_SecretIDNumUsesUpgrade(t *testing.T) {
secretIDReq.Data = map[string]interface{}{
"secret_id": resp.Data["secret_id"].(string),
}
resp, err = b.HandleRequest(secretIDReq)
resp, err = b.HandleRequest(context.Background(), secretIDReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}

147
builtin/credential/aws/backend_test.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
@ -40,7 +41,7 @@ func TestBackend_CreateParseVerifyRoleTag(t *testing.T) {
"policies": "p,q,r,s",
"bound_ami_id": "abcd-123",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/abcd-123",
Storage: storage,
@ -107,7 +108,7 @@ func TestBackend_CreateParseVerifyRoleTag(t *testing.T) {
}
// register a different role
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/ami-6789",
Storage: storage,
@ -269,14 +270,14 @@ func TestBackend_ConfigTidyIdentities(t *testing.T) {
"disable_periodic_tidy": true,
}
tidyRequest.Data = data
_, err = b.HandleRequest(tidyRequest)
_, err = b.HandleRequest(context.Background(), tidyRequest)
if err != nil {
t.Fatal(err)
}
// test read operation
tidyRequest.Operation = logical.ReadOperation
resp, err := b.HandleRequest(tidyRequest)
resp, err := b.HandleRequest(context.Background(), tidyRequest)
if err != nil {
t.Fatal(err)
}
@ -289,7 +290,7 @@ func TestBackend_ConfigTidyIdentities(t *testing.T) {
// test delete operation
tidyRequest.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(tidyRequest)
resp, err = b.HandleRequest(context.Background(), tidyRequest)
if err != nil {
t.Fatal(err)
}
@ -323,14 +324,14 @@ func TestBackend_ConfigTidyRoleTags(t *testing.T) {
"disable_periodic_tidy": true,
}
tidyRequest.Data = data
_, err = b.HandleRequest(tidyRequest)
_, err = b.HandleRequest(context.Background(), tidyRequest)
if err != nil {
t.Fatal(err)
}
// test read operation
tidyRequest.Operation = logical.ReadOperation
resp, err := b.HandleRequest(tidyRequest)
resp, err := b.HandleRequest(context.Background(), tidyRequest)
if err != nil {
t.Fatal(err)
}
@ -343,7 +344,7 @@ func TestBackend_ConfigTidyRoleTags(t *testing.T) {
// test delete operation
tidyRequest.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(tidyRequest)
resp, err = b.HandleRequest(context.Background(), tidyRequest)
if err != nil {
t.Fatal(err)
}
@ -367,7 +368,7 @@ func TestBackend_TidyIdentities(t *testing.T) {
}
// test update operation
_, err = b.HandleRequest(&logical.Request{
_, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "tidy/identity-whitelist",
Storage: storage,
@ -392,7 +393,7 @@ func TestBackend_TidyRoleTags(t *testing.T) {
}
// test update operation
_, err = b.HandleRequest(&logical.Request{
_, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "tidy/roletag-blacklist",
Storage: storage,
@ -464,7 +465,7 @@ func TestBackend_ConfigClient(t *testing.T) {
})
// test existence check returning false
checkFound, exists, err := b.HandleExistenceCheck(&logical.Request{
checkFound, exists, err := b.HandleExistenceCheck(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "config/client",
Storage: storage,
@ -486,13 +487,13 @@ func TestBackend_ConfigClient(t *testing.T) {
Data: data,
Storage: storage,
}
_, err = b.HandleRequest(configClientCreateRequest)
_, err = b.HandleRequest(context.Background(), configClientCreateRequest)
if err != nil {
t.Fatal(err)
}
//test existence check returning true
checkFound, exists, err = b.HandleExistenceCheck(&logical.Request{
checkFound, exists, err = b.HandleExistenceCheck(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "config/client",
Storage: storage,
@ -519,13 +520,13 @@ func TestBackend_ConfigClient(t *testing.T) {
Storage: storage,
Data: endpointData,
}
_, err = b.HandleRequest(endpointReq)
_, err = b.HandleRequest(context.Background(), endpointReq)
if err != nil {
t.Fatal(err)
}
endpointReq.Operation = logical.ReadOperation
resp, err := b.HandleRequest(endpointReq)
resp, err := b.HandleRequest(context.Background(), endpointReq)
if err != nil {
t.Fatal(err)
}
@ -558,7 +559,7 @@ func TestBackend_pathConfigCertificate(t *testing.T) {
Storage: storage,
Path: "config/certificate/cert1",
}
checkFound, exists, err := b.HandleExistenceCheck(certReq)
checkFound, exists, err := b.HandleExistenceCheck(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -595,14 +596,14 @@ MlpCclZOR3JOOU4yZjZST2swazlLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
certReq.Data = data
// test create operation
resp, err := b.HandleRequest(certReq)
resp, err := b.HandleRequest(context.Background(), certReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
certReq.Data = nil
// test existence check
checkFound, exists, err = b.HandleExistenceCheck(certReq)
checkFound, exists, err = b.HandleExistenceCheck(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -615,7 +616,7 @@ MlpCclZOR3JOOU4yZjZST2swazlLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
certReq.Operation = logical.ReadOperation
// test read operation
resp, err = b.HandleRequest(certReq)
resp, err = b.HandleRequest(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -646,7 +647,7 @@ vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
certReq.Path = "config/certificate/cert2"
certReq.Data = data
// create another entry to test the list operation
_, err = b.HandleRequest(certReq)
_, err = b.HandleRequest(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -654,7 +655,7 @@ vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
certReq.Operation = logical.ListOperation
certReq.Path = "config/certificates"
// test list operation
resp, err = b.HandleRequest(certReq)
resp, err = b.HandleRequest(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -668,13 +669,13 @@ vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
certReq.Operation = logical.DeleteOperation
certReq.Path = "config/certificate/cert1"
_, err = b.HandleRequest(certReq)
_, err = b.HandleRequest(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
certReq.Path = "config/certificate/cert2"
_, err = b.HandleRequest(certReq)
_, err = b.HandleRequest(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -682,7 +683,7 @@ vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
certReq.Operation = logical.ListOperation
certReq.Path = "config/certificates"
// test list operation
resp, err = b.HandleRequest(certReq)
resp, err = b.HandleRequest(context.Background(), certReq)
if err != nil {
t.Fatal(err)
}
@ -716,7 +717,7 @@ func TestBackend_parseAndVerifyRoleTagValue(t *testing.T) {
"role_tag": "VaultRole",
"bound_ami_id": "abcd-123",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/abcd-123",
Storage: storage,
@ -730,7 +731,7 @@ func TestBackend_parseAndVerifyRoleTagValue(t *testing.T) {
}
// verify that the entry is created
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/abcd-123",
Storage: storage,
@ -746,7 +747,7 @@ func TestBackend_parseAndVerifyRoleTagValue(t *testing.T) {
data2 := map[string]interface{}{
"policies": "p,q,r,s",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "role/abcd-123/tag",
Storage: storage,
@ -796,7 +797,7 @@ func TestBackend_PathRoleTag(t *testing.T) {
"role_tag": "VaultRole",
"bound_ami_id": "abcd-123",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/abcd-123",
Storage: storage,
@ -809,7 +810,7 @@ func TestBackend_PathRoleTag(t *testing.T) {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/abcd-123",
Storage: storage,
@ -821,7 +822,7 @@ func TestBackend_PathRoleTag(t *testing.T) {
t.Fatalf("failed to find a role entry for abcd-123")
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "role/abcd-123/tag",
Storage: storage,
@ -861,7 +862,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
"role_tag": "VaultRole",
"bound_ami_id": "abcd-123",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/abcd-123",
Storage: storage,
@ -878,7 +879,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
data2 := map[string]interface{}{
"policies": "p,q,r,s",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "role/abcd-123/tag",
Storage: storage,
@ -899,7 +900,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
}
// blacklist that role tag
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "roletag-blacklist/" + tag,
Storage: storage,
@ -912,7 +913,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
}
// read the blacklist entry
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "roletag-blacklist/" + tag,
Storage: storage,
@ -928,7 +929,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
}
// delete the blacklisted entry
_, err = b.HandleRequest(&logical.Request{
_, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.DeleteOperation,
Path: "roletag-blacklist/" + tag,
Storage: storage,
@ -1020,7 +1021,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
}
// store the credentials
_, err = b.HandleRequest(&logical.Request{
_, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Storage: storage,
Path: "config/client",
@ -1063,13 +1064,13 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
}
// Save the role with wrong AMI ID
resp, err := b.HandleRequest(roleReq)
resp, err := b.HandleRequest(context.Background(), roleReq)
if err != nil && (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr:%v", resp, err)
}
// Expect failure when tried to login with wrong AMI ID
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || (resp != nil && !resp.IsError()) {
t.Fatalf("bad: expected error response: resp:%#v\nerr:%v", resp, err)
}
@ -1078,13 +1079,13 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
roleReq.Operation = logical.UpdateOperation
data["bound_ami_id"] = amiID
data["bound_account_id"] = "wrong-account-id"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to create role: resp:%#v\nerr:%v", resp, err)
}
// Expect failure when tried to login with incorrect AccountID
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || (resp != nil && !resp.IsError()) {
t.Fatalf("bad: expected error response: resp:%#v\nerr:%v", resp, err)
}
@ -1092,26 +1093,26 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
// Place the correct AccountID, but make the wrong IAMRoleARN
data["bound_account_id"] = accountID
data["bound_iam_role_arn"] = "wrong_iam_role_arn"
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to create role: resp:%#v\nerr:%v", resp, err)
}
// Attempt to login and expect a fail because IAM Role ARN is wrong
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || (resp != nil && !resp.IsError()) {
t.Fatalf("bad: expected error response: resp:%#v\nerr:%v", resp, err)
}
// place the correct IAM role ARN
data["bound_iam_role_arn"] = iamARN
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to create role: resp:%#v\nerr:%v", resp, err)
}
// Now, the login attempt should succeed
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil {
t.Fatal(err)
}
@ -1132,7 +1133,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
loginInput["nonce"] = "changed-vault-client-nonce"
// try to login again with changed nonce
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil {
t.Fatal(err)
}
@ -1146,7 +1147,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
Path: "identity-whitelist/" + instanceID,
Storage: storage,
}
resp, err = b.HandleRequest(wlRequest)
resp, err = b.HandleRequest(context.Background(), wlRequest)
if err != nil {
t.Fatal(err)
}
@ -1156,7 +1157,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
// Delete the whitelist identity entry.
wlRequest.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(wlRequest)
resp, err = b.HandleRequest(context.Background(), wlRequest)
if err != nil {
t.Fatal(err)
}
@ -1167,7 +1168,7 @@ func TestBackendAcc_LoginWithInstanceIdentityDocAndWhitelistIdentity(t *testing.
// Allow a fresh login without supplying the nonce
delete(loginInput, "nonce")
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil {
t.Fatal(err)
}
@ -1198,7 +1199,7 @@ func TestBackend_pathStsConfig(t *testing.T) {
Storage: storage,
Path: "config/sts/account1",
}
checkFound, exists, err := b.HandleExistenceCheck(stsReq)
checkFound, exists, err := b.HandleExistenceCheck(context.Background(), stsReq)
if err != nil {
t.Fatal(err)
}
@ -1215,14 +1216,14 @@ func TestBackend_pathStsConfig(t *testing.T) {
stsReq.Data = data
// test create operation
resp, err := b.HandleRequest(stsReq)
resp, err := b.HandleRequest(context.Background(), stsReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
stsReq.Data = nil
// test existence check
checkFound, exists, err = b.HandleExistenceCheck(stsReq)
checkFound, exists, err = b.HandleExistenceCheck(context.Background(), stsReq)
if err != nil {
t.Fatal(err)
}
@ -1235,7 +1236,7 @@ func TestBackend_pathStsConfig(t *testing.T) {
stsReq.Operation = logical.ReadOperation
// test read operation
resp, err = b.HandleRequest(stsReq)
resp, err = b.HandleRequest(context.Background(), stsReq)
if err != nil {
t.Fatal(err)
}
@ -1248,7 +1249,7 @@ func TestBackend_pathStsConfig(t *testing.T) {
stsReq.Path = "config/sts/account2"
stsReq.Data = data
// create another entry to test the list operation
resp, err = b.HandleRequest(stsReq)
resp, err = b.HandleRequest(context.Background(), stsReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatal(err)
}
@ -1256,7 +1257,7 @@ func TestBackend_pathStsConfig(t *testing.T) {
stsReq.Operation = logical.ListOperation
stsReq.Path = "config/sts"
// test list operation
resp, err = b.HandleRequest(stsReq)
resp, err = b.HandleRequest(context.Background(), stsReq)
if err != nil {
t.Fatal(err)
}
@ -1270,13 +1271,13 @@ func TestBackend_pathStsConfig(t *testing.T) {
stsReq.Operation = logical.DeleteOperation
stsReq.Path = "config/sts/account1"
resp, err = b.HandleRequest(stsReq)
resp, err = b.HandleRequest(context.Background(), stsReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatal(err)
}
stsReq.Path = "config/sts/account2"
resp, err = b.HandleRequest(stsReq)
resp, err = b.HandleRequest(context.Background(), stsReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatal(err)
}
@ -1284,7 +1285,7 @@ func TestBackend_pathStsConfig(t *testing.T) {
stsReq.Operation = logical.ListOperation
stsReq.Path = "config/sts"
// test list operation
resp, err = b.HandleRequest(stsReq)
resp, err = b.HandleRequest(context.Background(), stsReq)
if err != nil {
t.Fatal(err)
}
@ -1401,7 +1402,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Storage: storage,
Data: clientConfigData,
}
_, err = b.HandleRequest(clientRequest)
_, err = b.HandleRequest(context.Background(), clientRequest)
if err != nil {
t.Fatal(err)
}
@ -1418,7 +1419,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Storage: storage,
Data: roleData,
}
resp, err := b.HandleRequest(roleRequest)
resp, err := b.HandleRequest(context.Background(), roleRequest)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to create role: resp:%#v\nerr:%v", resp, err)
}
@ -1435,7 +1436,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Storage: storage,
Data: roleDataEc2,
}
resp, err = b.HandleRequest(roleRequestEc2)
resp, err = b.HandleRequest(context.Background(), roleRequestEc2)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to create role; resp:%#v\nerr:%v", resp, err)
}
@ -1452,7 +1453,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
// now we're creating the invalid role we won't be able to login to
roleData["bound_iam_principal_arn"] = fakeArn
roleRequest.Path = "role/" + testInvalidRoleName
resp, err = b.HandleRequest(roleRequest)
resp, err = b.HandleRequest(context.Background(), roleRequest)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: didn't fail to create role: resp:%#v\nerr:%v", resp, err)
}
@ -1470,7 +1471,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Storage: storage,
Data: loginData,
}
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || !resp.IsError() {
t.Errorf("bad: expected failed login due to missing header: resp:%#v\nerr:%v", resp, err)
}
@ -1493,7 +1494,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Storage: storage,
Data: loginData,
}
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || !resp.IsError() {
t.Errorf("bad: expected failed login due to invalid header: resp:%#v\nerr:%v", resp, err)
}
@ -1512,13 +1513,13 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Storage: storage,
Data: loginData,
}
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || !resp.IsError() {
t.Errorf("bad: expected failed login due to invalid role: resp:%#v\nerr:%v", resp, err)
}
loginData["role"] = "ec2only"
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || !resp.IsError() {
t.Errorf("bad: expected failed login due to bad auth type: resp:%#v\nerr:%v", resp, err)
}
@ -1526,7 +1527,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
// finally, the happy path test :)
loginData["role"] = testValidRoleName
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil {
t.Fatal(err)
}
@ -1543,7 +1544,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
Schema: pathLogin(b).Fields,
}
// ensure we can renew
resp, err = b.pathLoginRenew(renewReq, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), renewReq, empty_login_fd)
if err != nil {
t.Fatal(err)
}
@ -1561,17 +1562,17 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
// pick up the fake user ID
roleData["bound_iam_principal_arn"] = entity.canonicalArn()
roleRequest.Path = "role/" + testValidRoleName
resp, err = b.HandleRequest(roleRequest)
resp, err = b.HandleRequest(context.Background(), roleRequest)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to recreate role: resp:%#v\nerr:%v", resp, err)
}
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil || resp == nil || !resp.IsError() {
t.Errorf("bad: expected failed login due to changed AWS role ID: resp: %#v\nerr:%v", resp, err)
}
// and ensure a renew no longer works
resp, err = b.pathLoginRenew(renewReq, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), renewReq, empty_login_fd)
if err == nil || (resp != nil && !resp.IsError()) {
t.Errorf("bad: expected failed renew due to changed AWS role ID: resp: %#v", resp, err)
}
@ -1584,13 +1585,13 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
wildcardEntity.FriendlyName = "*"
roleData["bound_iam_principal_arn"] = wildcardEntity.canonicalArn()
roleRequest.Path = "role/" + wildcardRoleName
resp, err = b.HandleRequest(roleRequest)
resp, err = b.HandleRequest(context.Background(), roleRequest)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: failed to create wildcard role: resp:%#v\nerr:%v", resp, err)
}
loginData["role"] = wildcardRoleName
resp, err = b.HandleRequest(loginRequest)
resp, err = b.HandleRequest(context.Background(), loginRequest)
if err != nil {
t.Fatal(err)
}
@ -1599,7 +1600,7 @@ func TestBackendAcc_LoginWithCallerIdentity(t *testing.T) {
}
// and ensure we can renew
renewReq = generateRenewRequest(storage, resp.Auth)
resp, err = b.pathLoginRenew(renewReq, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), renewReq, empty_login_fd)
if err != nil {
t.Fatal(err)
}

14
builtin/credential/aws/path_config_certificate.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"crypto/x509"
"encoding/base64"
"encoding/pem"
@ -124,7 +125,7 @@ vary. Defaults to "pkcs7".`,
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) pathConfigCertificateExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathConfigCertificateExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
certName := data.Get("cert_name").(string)
if certName == "" {
return false, fmt.Errorf("missing cert_name")
@ -138,8 +139,7 @@ func (b *backend) pathConfigCertificateExistenceCheck(req *logical.Request, data
}
// pathCertificatesList is used to list all the AWS public certificates registered with Vault
func (b *backend) pathCertificatesList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCertificatesList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.RLock()
defer b.configMutex.RUnlock()
@ -309,7 +309,7 @@ func (b *backend) nonLockedAWSPublicCertificateEntry(s logical.Storage, certName
// pathConfigCertificateDelete is used to delete the previously configured AWS
// Public Key that is used to verify the PKCS#7 signature of the instance
// identity document.
func (b *backend) pathConfigCertificateDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigCertificateDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()
@ -323,8 +323,7 @@ func (b *backend) pathConfigCertificateDelete(req *logical.Request, data *framew
// pathConfigCertificateRead is used to view the configured AWS Public Key that
// is used to verify the PKCS#7 signature of the instance identity document.
func (b *backend) pathConfigCertificateRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigCertificateRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
certName := data.Get("cert_name").(string)
if certName == "" {
return logical.ErrorResponse("missing cert_name"), nil
@ -345,8 +344,7 @@ func (b *backend) pathConfigCertificateRead(
// pathConfigCertificateCreateUpdate is used to register an AWS Public Key that
// is used to verify the PKCS#7 signature of the instance identity document.
func (b *backend) pathConfigCertificateCreateUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigCertificateCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
certName := data.Get("cert_name").(string)
if certName == "" {
return logical.ErrorResponse("missing certificate name"), nil

15
builtin/credential/aws/path_config_client.go
View File

@ -1,6 +1,8 @@
package awsauth
import (
"context"
"github.com/fatih/structs"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
@ -63,9 +65,7 @@ func pathConfigClient(b *backend) *framework.Path {
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) pathConfigClientExistenceCheck(
req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathConfigClientExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
entry, err := b.lockedClientConfigEntry(req.Storage)
if err != nil {
return false, err
@ -98,8 +98,7 @@ func (b *backend) nonLockedClientConfigEntry(s logical.Storage) (*clientConfig,
return &result, nil
}
func (b *backend) pathConfigClientRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigClientRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
clientConfig, err := b.lockedClientConfigEntry(req.Storage)
if err != nil {
return nil, err
@ -114,8 +113,7 @@ func (b *backend) pathConfigClientRead(
}, nil
}
func (b *backend) pathConfigClientDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigClientDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()
@ -137,8 +135,7 @@ func (b *backend) pathConfigClientDelete(
// pathConfigClientCreateUpdate is used to register the 'aws_secret_key' and 'aws_access_key'
// that can be used to interact with AWS EC2 API.
func (b *backend) pathConfigClientCreateUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigClientCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()

11
builtin/credential/aws/path_config_client_test.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"testing"
"github.com/hashicorp/vault/logical"
@ -22,7 +23,7 @@ func TestBackend_pathConfigClient(t *testing.T) {
// make sure we start with empty roles, which gives us confidence that the read later
// actually is the two roles we created
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "config/client",
Storage: storage,
@ -44,7 +45,7 @@ func TestBackend_pathConfigClient(t *testing.T) {
"sts_endpoint": "https://my-custom-sts-endpoint.example.com",
"iam_server_id_header_value": "vault_server_identification_314159",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "config/client",
Data: data,
@ -58,7 +59,7 @@ func TestBackend_pathConfigClient(t *testing.T) {
t.Fatal("failed to create the client config entry")
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "config/client",
Storage: storage,
@ -77,7 +78,7 @@ func TestBackend_pathConfigClient(t *testing.T) {
data = map[string]interface{}{
"iam_server_id_header_value": "vault_server_identification_2718281",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "config/client",
Data: data,
@ -91,7 +92,7 @@ func TestBackend_pathConfigClient(t *testing.T) {
t.Fatal("failed to update the client config entry")
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "config/client",
Storage: storage,

12
builtin/credential/aws/path_config_sts.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"fmt"
"github.com/fatih/structs"
@ -59,7 +60,7 @@ The Vault server must have permissions to assume this role.`,
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) pathConfigStsExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathConfigStsExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
accountID := data.Get("account_id").(string)
if accountID == "" {
return false, fmt.Errorf("missing account_id")
@ -74,8 +75,7 @@ func (b *backend) pathConfigStsExistenceCheck(req *logical.Request, data *framew
}
// pathStsList is used to list all the AWS STS role configurations
func (b *backend) pathStsList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathStsList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.RLock()
defer b.configMutex.RUnlock()
sts, err := req.Storage.List("config/sts/")
@ -155,7 +155,7 @@ func (b *backend) lockedAwsStsEntry(s logical.Storage, accountID string) (*awsSt
}
// pathConfigStsRead is used to return information about an STS role/AWS accountID association
func (b *backend) pathConfigStsRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigStsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
accountID := data.Get("account_id").(string)
if accountID == "" {
return logical.ErrorResponse("missing account id"), nil
@ -175,7 +175,7 @@ func (b *backend) pathConfigStsRead(req *logical.Request, data *framework.FieldD
}
// pathConfigStsCreateUpdate is used to associate an STS role with a given AWS accountID
func (b *backend) pathConfigStsCreateUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigStsCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
accountID := data.Get("account_id").(string)
if accountID == "" {
return logical.ErrorResponse("missing AWS account ID"), nil
@ -214,7 +214,7 @@ func (b *backend) pathConfigStsCreateUpdate(req *logical.Request, data *framewor
}
// pathConfigStsDelete is used to delete a previously configured STS configuration
func (b *backend) pathConfigStsDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigStsDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()

9
builtin/credential/aws/path_config_tidy_identity_whitelist.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"fmt"
"github.com/fatih/structs"
@ -43,7 +44,7 @@ expiration, before it is removed from the backend storage.`,
}
}
func (b *backend) pathConfigTidyIdentityWhitelistExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathConfigTidyIdentityWhitelistExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
entry, err := b.lockedConfigTidyIdentities(req.Storage)
if err != nil {
return false, err
@ -74,7 +75,7 @@ func (b *backend) nonLockedConfigTidyIdentities(s logical.Storage) (*tidyWhiteli
return &result, nil
}
func (b *backend) pathConfigTidyIdentityWhitelistCreateUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigTidyIdentityWhitelistCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()
@ -112,7 +113,7 @@ func (b *backend) pathConfigTidyIdentityWhitelistCreateUpdate(req *logical.Reque
return nil, nil
}
func (b *backend) pathConfigTidyIdentityWhitelistRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigTidyIdentityWhitelistRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
clientConfig, err := b.lockedConfigTidyIdentities(req.Storage)
if err != nil {
return nil, err
@ -126,7 +127,7 @@ func (b *backend) pathConfigTidyIdentityWhitelistRead(req *logical.Request, data
}, nil
}
func (b *backend) pathConfigTidyIdentityWhitelistDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigTidyIdentityWhitelistDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()

9
builtin/credential/aws/path_config_tidy_roletag_blacklist.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"fmt"
"github.com/fatih/structs"
@ -45,7 +46,7 @@ Defaults to 4320h (180 days).`,
}
}
func (b *backend) pathConfigTidyRoletagBlacklistExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathConfigTidyRoletagBlacklistExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
entry, err := b.lockedConfigTidyRoleTags(req.Storage)
if err != nil {
return false, err
@ -77,7 +78,7 @@ func (b *backend) nonLockedConfigTidyRoleTags(s logical.Storage) (*tidyBlacklist
return &result, nil
}
func (b *backend) pathConfigTidyRoletagBlacklistCreateUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigTidyRoletagBlacklistCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()
@ -113,7 +114,7 @@ func (b *backend) pathConfigTidyRoletagBlacklistCreateUpdate(req *logical.Reques
return nil, nil
}
func (b *backend) pathConfigTidyRoletagBlacklistRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigTidyRoletagBlacklistRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
clientConfig, err := b.lockedConfigTidyRoleTags(req.Storage)
if err != nil {
return nil, err
@ -127,7 +128,7 @@ func (b *backend) pathConfigTidyRoletagBlacklistRead(req *logical.Request, data
}, nil
}
func (b *backend) pathConfigTidyRoletagBlacklistDelete(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigTidyRoletagBlacklistDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.Lock()
defer b.configMutex.Unlock()

10
builtin/credential/aws/path_identity_whitelist.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"time"
"github.com/fatih/structs"
@ -44,8 +45,7 @@ func pathListIdentityWhitelist(b *backend) *framework.Path {
// pathWhitelistIdentitiesList is used to list all the instance IDs that are present
// in the identity whitelist. This will list both valid and expired entries.
func (b *backend) pathWhitelistIdentitiesList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathWhitelistIdentitiesList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
identities, err := req.Storage.List("whitelist/identity/")
if err != nil {
return nil, err
@ -85,8 +85,7 @@ func setWhitelistIdentityEntry(s logical.Storage, instanceID string, identity *w
}
// pathIdentityWhitelistDelete is used to delete an entry from the identity whitelist given an instance ID.
func (b *backend) pathIdentityWhitelistDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathIdentityWhitelistDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
instanceID := data.Get("instance_id").(string)
if instanceID == "" {
return logical.ErrorResponse("missing instance_id"), nil
@ -96,8 +95,7 @@ func (b *backend) pathIdentityWhitelistDelete(
}
// pathIdentityWhitelistRead is used to view an entry in the identity whitelist given an instance ID.
func (b *backend) pathIdentityWhitelistRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathIdentityWhitelistRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
instanceID := data.Get("instance_id").(string)
if instanceID == "" {
return logical.ErrorResponse("missing instance_id"), nil

32
builtin/credential/aws/path_login.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"crypto/subtle"
"crypto/x509"
"encoding/base64"
@ -345,8 +346,7 @@ func (b *backend) parseIdentityDocument(s logical.Storage, pkcs7B64 string) (*id
return &identityDoc, nil
}
func (b *backend) pathLoginUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
anyEc2, allEc2 := hasValuesForEc2Auth(data)
anyIam, allIam := hasValuesForIamAuth(data)
switch {
@ -355,11 +355,11 @@ func (b *backend) pathLoginUpdate(
case anyEc2 && !allEc2:
return logical.ErrorResponse("supplied some of the auth values for the ec2 auth type but not all"), nil
case anyEc2:
return b.pathLoginUpdateEc2(req, data)
return b.pathLoginUpdateEc2(ctx, req, data)
case anyIam && !allIam:
return logical.ErrorResponse("supplied some of the auth values for the iam auth type but not all"), nil
case anyIam:
return b.pathLoginUpdateIam(req, data)
return b.pathLoginUpdateIam(ctx, req, data)
default:
return logical.ErrorResponse("didn't supply required authentication values"), nil
}
@ -495,8 +495,7 @@ func (b *backend) verifyInstanceMeetsRoleRequirements(
// by providing the pkcs7 signature of the instance identity document
// and a client created nonce. Client nonce is optional if 'disallow_reauthentication'
// option is enabled on the registered role.
func (b *backend) pathLoginUpdateEc2(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginUpdateEc2(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
identityDocB64 := data.Get("identity").(string)
var identityDocBytes []byte
var err error
@ -870,8 +869,7 @@ func (b *backend) handleRoleTagLogin(s logical.Storage, roleName string, roleEnt
}
// pathLoginRenew is used to renew an authenticated token
func (b *backend) pathLoginRenew(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
authType, ok := req.Auth.Metadata["auth_type"]
if !ok {
// backwards compatibility for clients that have leases from before we added auth_type
@ -879,16 +877,15 @@ func (b *backend) pathLoginRenew(
}
if authType == ec2AuthType {
return b.pathLoginRenewEc2(req, data)
return b.pathLoginRenewEc2(ctx, req, data)
} else if authType == iamAuthType {
return b.pathLoginRenewIam(req, data)
return b.pathLoginRenewIam(ctx, req, data)
} else {
return nil, fmt.Errorf("unrecognized auth_type: %q", authType)
}
}
func (b *backend) pathLoginRenewIam(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenewIam(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
canonicalArn := req.Auth.Metadata["canonical_arn"]
if canonicalArn == "" {
return nil, fmt.Errorf("unable to retrieve canonical ARN from metadata during renewal")
@ -977,7 +974,7 @@ func (b *backend) pathLoginRenewIam(
}
}
resp, err := framework.LeaseExtend(roleEntry.TTL, roleEntry.MaxTTL, b.System())(req, data)
resp, err := framework.LeaseExtend(roleEntry.TTL, roleEntry.MaxTTL, b.System())(ctx, req, data)
if err != nil {
return nil, err
}
@ -985,8 +982,7 @@ func (b *backend) pathLoginRenewIam(
return resp, nil
}
func (b *backend) pathLoginRenewEc2(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenewEc2(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
instanceID := req.Auth.Metadata["instance_id"]
if instanceID == "" {
return nil, fmt.Errorf("unable to fetch instance ID from metadata during renewal")
@ -1063,7 +1059,7 @@ func (b *backend) pathLoginRenewEc2(
return nil, err
}
resp, err := framework.LeaseExtend(roleEntry.TTL, shortestMaxTTL, b.System())(req, data)
resp, err := framework.LeaseExtend(roleEntry.TTL, shortestMaxTTL, b.System())(ctx, req, data)
if err != nil {
return nil, err
}
@ -1071,9 +1067,7 @@ func (b *backend) pathLoginRenewEc2(
return resp, nil
}
func (b *backend) pathLoginUpdateIam(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
method := data.Get("iam_http_request_method").(string)
if method == "" {
return logical.ErrorResponse("missing iam_http_request_method"), nil

16
builtin/credential/aws/path_role.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"fmt"
"strings"
"time"
@ -202,7 +203,7 @@ func pathListRoles(b *backend) *framework.Path {
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) pathRoleExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) pathRoleExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
entry, err := b.lockedAWSRole(req.Storage, strings.ToLower(data.Get("role").(string)))
if err != nil {
return false, err
@ -370,8 +371,7 @@ func (b *backend) nonLockedAWSRole(s logical.Storage, roleName string) (*awsRole
}
// pathRoleDelete is used to delete the information registered for a given AMI ID.
func (b *backend) pathRoleDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role").(string)
if roleName == "" {
return logical.ErrorResponse("missing role"), nil
@ -384,8 +384,7 @@ func (b *backend) pathRoleDelete(
}
// pathRoleList is used to list all the AMI IDs registered with Vault.
func (b *backend) pathRoleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.roleMutex.RLock()
defer b.roleMutex.RUnlock()
@ -397,8 +396,7 @@ func (b *backend) pathRoleList(
}
// pathRoleRead is used to view the information registered for a given AMI ID.
func (b *backend) pathRoleRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleEntry, err := b.lockedAWSRole(req.Storage, strings.ToLower(data.Get("role").(string)))
if err != nil {
return nil, err
@ -424,9 +422,7 @@ func (b *backend) pathRoleRead(
}
// pathRoleCreateUpdate is used to associate Vault policies to a given AMI ID.
func (b *backend) pathRoleCreateUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := strings.ToLower(data.Get("role").(string))
if roleName == "" {
return logical.ErrorResponse("missing role"), nil

5
builtin/credential/aws/path_role_tag.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"crypto/hmac"
"crypto/sha256"
"crypto/subtle"
@ -69,9 +70,7 @@ If set, the created tag can only be used by the instance with the given ID.`,
// pathRoleTagUpdate is used to create an EC2 instance tag which will
// identify the Vault resources that the instance will be authorized for.
func (b *backend) pathRoleTagUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleTagUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := strings.ToLower(data.Get("role").(string))
if roleName == "" {
return logical.ErrorResponse("missing role"), nil

59
builtin/credential/aws/path_role_test.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"reflect"
"strings"
"testing"
@ -30,7 +31,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
"max_ttl": "2h",
"bound_ami_id": "ami-abcd123",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/ami-abcd123",
Data: data,
@ -43,7 +44,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/ami-abcd123",
Storage: storage,
@ -60,7 +61,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
data["allow_instance_migration"] = true
data["disallow_reauthentication"] = true
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "role/ami-abcd123",
Data: data,
@ -73,7 +74,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
t.Fatalf("expected failure to create role with both allow_instance_migration true and disallow_reauthentication true")
}
data["disallow_reauthentication"] = false
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "role/ami-abcd123",
Data: data,
@ -85,7 +86,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
if resp != nil && resp.IsError() {
t.Fatalf("failure to update role: %v", resp.Data["error"])
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/ami-abcd123",
Storage: storage,
@ -103,7 +104,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
// add another entry, to test listing of role entries
data["bound_ami_id"] = "ami-abcd456"
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/ami-abcd456",
Data: data,
@ -116,7 +117,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "roles",
Storage: storage,
@ -132,7 +133,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
t.Fatalf("bad: keys: %#v\n", keys)
}
_, err = b.HandleRequest(&logical.Request{
_, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.DeleteOperation,
Path: "role/ami-abcd123",
Storage: storage,
@ -141,7 +142,7 @@ func TestBackend_pathRoleEc2(t *testing.T) {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/ami-abcd123",
Storage: storage,
@ -179,7 +180,7 @@ func Test_enableIamIDResolution(t *testing.T) {
}
submitRequest := func(roleName string, op logical.Operation) (*logical.Response, error) {
return b.HandleRequest(&logical.Request{
return b.HandleRequest(context.Background(), &logical.Request{
Operation: op,
Path: "role/" + roleName,
Data: data,
@ -245,7 +246,7 @@ func TestBackend_pathIam(t *testing.T) {
// make sure we start with empty roles, which gives us confidence that the read later
// actually is the two roles we created
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "roles",
Storage: storage,
@ -267,7 +268,7 @@ func TestBackend_pathIam(t *testing.T) {
"bound_iam_principal_arn": "n:aws:iam::123456789012:user/MyUserName",
"resolve_aws_unique_ids": false,
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/MyRoleName",
Data: data,
@ -281,7 +282,7 @@ func TestBackend_pathIam(t *testing.T) {
t.Fatalf("failed to create the role entry; resp: %#v", resp)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/MyRoleName",
Storage: storage,
@ -297,7 +298,7 @@ func TestBackend_pathIam(t *testing.T) {
}
data["inferred_entity_type"] = "invalid"
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/ShouldNeverExist",
Data: data,
@ -311,7 +312,7 @@ func TestBackend_pathIam(t *testing.T) {
}
data["inferred_entity_type"] = ec2EntityType
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/ShouldNeverExist",
Data: data,
@ -326,7 +327,7 @@ func TestBackend_pathIam(t *testing.T) {
delete(data, "bound_iam_principal_arn")
data["inferred_aws_region"] = "us-east-1"
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.CreateOperation,
Path: "role/ShouldNeverExist",
Data: data,
@ -347,7 +348,7 @@ func TestBackend_pathIam(t *testing.T) {
Data: data,
Storage: storage,
}
resp, err = b.HandleRequest(secondRole)
resp, err = b.HandleRequest(context.Background(), secondRole)
if err != nil {
t.Fatal(err)
}
@ -355,7 +356,7 @@ func TestBackend_pathIam(t *testing.T) {
t.Fatalf("failed to create additional role: %v", *secondRole)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "roles",
Storage: storage,
@ -371,7 +372,7 @@ func TestBackend_pathIam(t *testing.T) {
t.Fatalf("bad: keys %#v\n", keys)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.DeleteOperation,
Path: "role/MyOtherRoleName",
Storage: storage,
@ -380,7 +381,7 @@ func TestBackend_pathIam(t *testing.T) {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ReadOperation,
Path: "role/MyOtherRoleName",
Storage: storage,
@ -414,7 +415,7 @@ func TestBackend_pathRoleMixedTypes(t *testing.T) {
}
submitRequest := func(roleName string, op logical.Operation) (*logical.Response, error) {
return b.HandleRequest(&logical.Request{
return b.HandleRequest(context.Background(), &logical.Request{
Operation: op,
Path: "role/" + roleName,
Data: data,
@ -526,7 +527,7 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
Data: role1Data,
}
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
@ -553,14 +554,14 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
roleReq.Path = "role/testrole"
roleReq.Data = roleData
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
@ -595,14 +596,14 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
roleData["bound_vpc_id"] = "newvpcid"
roleReq.Operation = logical.UpdateOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
@ -615,7 +616,7 @@ func TestAwsEc2_RoleCrud(t *testing.T) {
roleReq.Operation = logical.DeleteOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
@ -655,14 +656,14 @@ func TestAwsEc2_RoleDurationSeconds(t *testing.T) {
Data: roleData,
}
resp, err := b.HandleRequest(roleReq)
resp, err := b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}
roleReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("resp: %#v, err: %v", resp, err)
}

15
builtin/credential/aws/path_roletag_blacklist.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"encoding/base64"
"time"
@ -45,8 +46,7 @@ func pathListRoletagBlacklist(b *backend) *framework.Path {
}
// Lists all the blacklisted role tags.
func (b *backend) pathRoletagBlacklistsList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoletagBlacklistsList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.blacklistMutex.RLock()
defer b.blacklistMutex.RUnlock()
@ -95,8 +95,7 @@ func (b *backend) nonLockedBlacklistRoleTagEntry(s logical.Storage, tag string)
}
// Deletes an entry from the role tag blacklist for a given tag.
func (b *backend) pathRoletagBlacklistDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoletagBlacklistDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.blacklistMutex.Lock()
defer b.blacklistMutex.Unlock()
@ -110,9 +109,7 @@ func (b *backend) pathRoletagBlacklistDelete(
// If the given role tag is blacklisted, returns the details of the blacklist entry.
// Returns 'nil' otherwise.
func (b *backend) pathRoletagBlacklistRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoletagBlacklistRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
tag := data.Get("role_tag").(string)
if tag == "" {
return logical.ErrorResponse("missing role_tag"), nil
@ -137,9 +134,7 @@ func (b *backend) pathRoletagBlacklistRead(
// pathRoletagBlacklistUpdate is used to blacklist a given role tag.
// Before a role tag is blacklisted, the correctness of the plaintext part
// in the role tag is verified using the associated HMAC.
func (b *backend) pathRoletagBlacklistUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoletagBlacklistUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// The role_tag value provided, optionally can be base64 encoded.
tagInput := data.Get("role_tag").(string)
if tagInput == "" {

4
builtin/credential/aws/path_tidy_identity_whitelist.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"fmt"
"sync/atomic"
"time"
@ -76,8 +77,7 @@ func (b *backend) tidyWhitelistIdentity(s logical.Storage, safety_buffer int) er
}
// pathTidyIdentityWhitelistUpdate is used to delete entries in the whitelist that are expired.
func (b *backend) pathTidyIdentityWhitelistUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathTidyIdentityWhitelistUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return nil, b.tidyWhitelistIdentity(req.Storage, data.Get("safety_buffer").(int))
}

4
builtin/credential/aws/path_tidy_roletag_blacklist.go
View File

@ -1,6 +1,7 @@
package awsauth
import (
"context"
"fmt"
"sync/atomic"
"time"
@ -75,8 +76,7 @@ func (b *backend) tidyBlacklistRoleTag(s logical.Storage, safety_buffer int) err
}
// pathTidyRoletagBlacklistUpdate is used to clean-up the entries in the role tag blacklist.
func (b *backend) pathTidyRoletagBlacklistUpdate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathTidyRoletagBlacklistUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return nil, b.tidyBlacklistRoleTag(req.Storage, data.Get("safety_buffer").(int))
}

51
builtin/credential/cert/backend_test.go
View File

@ -1,6 +1,7 @@
package cert
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
@ -324,7 +325,7 @@ func TestBackend_NonCAExpiry(t *testing.T) {
Data: certData,
}
resp, err = b.HandleRequest(certReq)
resp, err = b.HandleRequest(context.Background(), certReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -345,7 +346,7 @@ func TestBackend_NonCAExpiry(t *testing.T) {
}
// Login when the certificate is still valid. Login should succeed.
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -354,7 +355,7 @@ func TestBackend_NonCAExpiry(t *testing.T) {
time.Sleep(5 * time.Second)
// Login attempt after certificate expiry should fail
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err == nil {
t.Fatalf("expected error due to expired certificate")
}
@ -389,7 +390,7 @@ func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
Data: certData,
}
resp, err := b.HandleRequest(certReq)
resp, err := b.HandleRequest(context.Background(), certReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -409,7 +410,7 @@ func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
},
}
// Login should succeed.
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -428,13 +429,13 @@ func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
Path: "crls/issuedcrl",
Data: crlData,
}
resp, err = b.HandleRequest(crlReq)
resp, err = b.HandleRequest(context.Background(), crlReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
// Attempt login with the same connection state but with the CRL registered
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil {
t.Fatal(err)
}
@ -472,7 +473,7 @@ func TestBackend_CRLs(t *testing.T) {
Data: certData,
}
resp, err := b.HandleRequest(certReq)
resp, err := b.HandleRequest(context.Background(), certReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -491,7 +492,7 @@ func TestBackend_CRLs(t *testing.T) {
ConnState: &connState,
},
}
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -505,7 +506,7 @@ func TestBackend_CRLs(t *testing.T) {
loginReq.Connection.ConnState = &connState
// Attempt login with the updated connection
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -525,13 +526,13 @@ func TestBackend_CRLs(t *testing.T) {
Path: "crls/issuedcrl",
Data: crlData,
}
resp, err = b.HandleRequest(crlReq)
resp, err = b.HandleRequest(context.Background(), crlReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
// Attempt login with the revoked certificate.
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil {
t.Fatal(err)
}
@ -545,7 +546,7 @@ func TestBackend_CRLs(t *testing.T) {
t.Fatal(err)
}
certData["certificate"] = clientCA2
resp, err = b.HandleRequest(certReq)
resp, err = b.HandleRequest(context.Background(), certReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -558,7 +559,7 @@ func TestBackend_CRLs(t *testing.T) {
loginReq.Connection.ConnState = &connState
// Attempt login with the updated connection
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -569,13 +570,13 @@ func TestBackend_CRLs(t *testing.T) {
t.Fatal(err)
}
crlData["crl"] = rootCRL
resp, err = b.HandleRequest(crlReq)
resp, err = b.HandleRequest(context.Background(), crlReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
// Attempt login with the same connection state but with the CRL registered
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil {
t.Fatal(err)
}
@ -1173,7 +1174,7 @@ func Test_Renew(t *testing.T) {
Schema: pathCerts(b).Fields,
}
resp, err := b.pathCertWrite(req, fd)
resp, err := b.pathCertWrite(context.Background(), req, fd)
if err != nil {
t.Fatal(err)
}
@ -1182,7 +1183,7 @@ func Test_Renew(t *testing.T) {
Raw: map[string]interface{}{},
Schema: pathLogin(b).Fields,
}
resp, err = b.pathLogin(req, empty_login_fd)
resp, err = b.pathLogin(context.Background(), req, empty_login_fd)
if err != nil {
t.Fatal(err)
}
@ -1196,7 +1197,7 @@ func Test_Renew(t *testing.T) {
req.Auth.IssueTime = time.Now()
// Normal renewal
resp, err = b.pathLoginRenew(req, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), req, empty_login_fd)
if err != nil {
t.Fatal(err)
}
@ -1209,24 +1210,24 @@ func Test_Renew(t *testing.T) {
// Change the policies -- this should fail
fd.Raw["policies"] = "zip,zap"
resp, err = b.pathCertWrite(req, fd)
resp, err = b.pathCertWrite(context.Background(), req, fd)
if err != nil {
t.Fatal(err)
}
resp, err = b.pathLoginRenew(req, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), req, empty_login_fd)
if err == nil {
t.Fatal("expected error")
}
// Put the policies back, this shold be okay
fd.Raw["policies"] = "bar,foo"
resp, err = b.pathCertWrite(req, fd)
resp, err = b.pathCertWrite(context.Background(), req, fd)
if err != nil {
t.Fatal(err)
}
resp, err = b.pathLoginRenew(req, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), req, empty_login_fd)
if err != nil {
t.Fatal(err)
}
@ -1238,12 +1239,12 @@ func Test_Renew(t *testing.T) {
}
// Delete CA, make sure we can't renew
resp, err = b.pathCertDelete(req, fd)
resp, err = b.pathCertDelete(context.Background(), req, fd)
if err != nil {
t.Fatal(err)
}
resp, err = b.pathLoginRenew(req, empty_login_fd)
resp, err = b.pathLoginRenew(context.Background(), req, empty_login_fd)
if err != nil {
t.Fatal(err)
}

13
builtin/credential/cert/path_certs.go
View File

@ -1,6 +1,7 @@
package cert
import (
"context"
"crypto/x509"
"fmt"
"strings"
@ -116,8 +117,7 @@ func (b *backend) Cert(s logical.Storage, n string) (*CertEntry, error) {
return &result, nil
}
func (b *backend) pathCertDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCertDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("cert/" + strings.ToLower(d.Get("name").(string)))
if err != nil {
return nil, err
@ -125,8 +125,7 @@ func (b *backend) pathCertDelete(
return nil, nil
}
func (b *backend) pathCertList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCertList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
certs, err := req.Storage.List("cert/")
if err != nil {
return nil, err
@ -134,8 +133,7 @@ func (b *backend) pathCertList(
return logical.ListResponse(certs), nil
}
func (b *backend) pathCertRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCertRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
cert, err := b.Cert(req.Storage, strings.ToLower(d.Get("name").(string)))
if err != nil {
return nil, err
@ -156,8 +154,7 @@ func (b *backend) pathCertRead(
}, nil
}
func (b *backend) pathCertWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := strings.ToLower(d.Get("name").(string))
certificate := d.Get("certificate").(string)
displayName := d.Get("display_name").(string)

4
builtin/credential/cert/path_config.go
View File

@ -1,6 +1,7 @@
package cert
import (
"context"
"fmt"
"github.com/hashicorp/vault/logical"
@ -24,8 +25,7 @@ func pathConfig(b *backend) *framework.Path {
}
}
func (b *backend) pathConfigWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
disableBinding := data.Get("disable_binding").(bool)
entry, err := logical.StorageEntryJSON("config", config{

10
builtin/credential/cert/path_crls.go
View File

@ -1,6 +1,7 @@
package cert
import (
"context"
"crypto/x509"
"fmt"
"math/big"
@ -122,8 +123,7 @@ func parseSerialString(input string) (*big.Int, error) {
return ret, nil
}
func (b *backend) pathCRLDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCRLDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := strings.ToLower(d.Get("name").(string))
if name == "" {
return logical.ErrorResponse(`"name" parameter cannot be empty`), nil
@ -154,8 +154,7 @@ func (b *backend) pathCRLDelete(
return nil, nil
}
func (b *backend) pathCRLRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCRLRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := strings.ToLower(d.Get("name").(string))
if name == "" {
return logical.ErrorResponse(`"name" parameter must be set`), nil
@ -184,8 +183,7 @@ func (b *backend) pathCRLRead(
}, nil
}
func (b *backend) pathCRLWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := strings.ToLower(d.Get("name").(string))
if name == "" {
return logical.ErrorResponse(`"name" parameter cannot be empty`), nil

13
builtin/credential/cert/path_login.go
View File

@ -2,6 +2,7 @@ package cert
import (
"bytes"
"context"
"crypto/tls"
"crypto/x509"
"encoding/asn1"
@ -42,8 +43,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
clientCerts := req.Connection.ConnState.PeerCertificates
if len(clientCerts) == 0 {
return nil, fmt.Errorf("no client certificate found")
@ -58,9 +58,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
var matched *ParsedCert
if verifyResp, resp, err := b.verifyCredentials(req, data); err != nil {
return nil, err
@ -129,8 +127,7 @@ func (b *backend) pathLogin(
return resp, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
config, err := b.Config(req.Storage)
if err != nil {
return nil, err
@ -178,7 +175,7 @@ func (b *backend) pathLoginRenew(
return nil, fmt.Errorf("policies have changed, not renewing")
}
resp, err := framework.LeaseExtend(cert.TTL, cert.MaxTTL, b.System())(req, d)
resp, err := framework.LeaseExtend(cert.TTL, cert.MaxTTL, b.System())(ctx, req, d)
if err != nil {
return nil, err
}

6
builtin/credential/github/path_config.go
View File

@ -1,6 +1,7 @@
package github
import (
"context"
"fmt"
"net/url"
"time"
@ -42,8 +43,7 @@ API-compatible authentication server.`,
}
}
func (b *backend) pathConfigWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
organization := data.Get("organization").(string)
baseURL := data.Get("base_url").(string)
if len(baseURL) != 0 {
@ -94,7 +94,7 @@ func (b *backend) pathConfigWrite(
return nil, nil
}
func (b *backend) pathConfigRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
config, err := b.Config(req.Storage)
if err != nil {
return nil, err

12
builtin/credential/github/path_login.go
View File

@ -29,8 +29,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
token := data.Get("token").(string)
var verifyResp *verifyCredentialsResp
@ -51,8 +50,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
token := data.Get("token").(string)
var verifyResp *verifyCredentialsResp
@ -107,9 +105,7 @@ func (b *backend) pathLogin(
return resp, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
if req.Auth == nil {
return nil, fmt.Errorf("request auth was nil")
}
@ -137,7 +133,7 @@ func (b *backend) pathLoginRenew(
return nil, err
}
resp, err := framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(req, d)
resp, err := framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(ctx, req, d)
if err != nil {
return nil, err
}

9
builtin/credential/ldap/backend_test.go
View File

@ -1,6 +1,7 @@
package ldap
import (
"context"
"fmt"
"reflect"
"sort"
@ -49,7 +50,7 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) {
},
Storage: storage,
}
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -62,7 +63,7 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) {
Path: "groups/engineers",
Storage: storage,
}
resp, err = b.HandleRequest(groupReq)
resp, err = b.HandleRequest(context.Background(), groupReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -77,7 +78,7 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) {
Storage: storage,
}
resp, err = b.HandleRequest(userReq)
resp, err = b.HandleRequest(context.Background(), userReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
@ -91,7 +92,7 @@ func TestLdapAuthBackend_UserPolicies(t *testing.T) {
Storage: storage,
}
resp, err = b.HandleRequest(loginReq)
resp, err = b.HandleRequest(context.Background(), loginReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}

9
builtin/credential/ldap/path_config.go
View File

@ -1,6 +1,7 @@
package ldap
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/pem"
@ -163,9 +164,7 @@ func (b *backend) Config(req *logical.Request) (*ConfigEntry, error) {
return result, nil
}
func (b *backend) pathConfigRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
cfg, err := b.Config(req)
if err != nil {
return nil, err
@ -289,9 +288,7 @@ func (b *backend) newConfigEntry(d *framework.FieldData) (*ConfigEntry, error) {
return cfg, nil
}
func (b *backend) pathConfigWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Build a ConfigEntry struct out of the supplied FieldData
cfg, err := b.newConfigEntry(d)
if err != nil {

14
builtin/credential/ldap/path_groups.go
View File

@ -1,6 +1,8 @@
package ldap
import (
"context"
"github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
@ -62,8 +64,7 @@ func (b *backend) Group(s logical.Storage, n string) (*GroupEntry, error) {
return &result, nil
}
func (b *backend) pathGroupDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("group/" + d.Get("name").(string))
if err != nil {
return nil, err
@ -72,8 +73,7 @@ func (b *backend) pathGroupDelete(
return nil, nil
}
func (b *backend) pathGroupRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
group, err := b.Group(req.Storage, d.Get("name").(string))
if err != nil {
return nil, err
@ -89,8 +89,7 @@ func (b *backend) pathGroupRead(
}, nil
}
func (b *backend) pathGroupWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Store it
entry, err := logical.StorageEntryJSON("group/"+d.Get("name").(string), &GroupEntry{
Policies: policyutil.ParsePolicies(d.Get("policies")),
@ -105,8 +104,7 @@ func (b *backend) pathGroupWrite(
return nil, nil
}
func (b *backend) pathGroupList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
groups, err := req.Storage.List("group/")
if err != nil {
return nil, err

13
builtin/credential/ldap/path_login.go
View File

@ -1,6 +1,7 @@
package ldap
import (
"context"
"fmt"
"sort"
@ -34,8 +35,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
if username == "" {
return nil, fmt.Errorf("missing username")
@ -50,8 +50,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
password := d.Get("password").(string)
@ -99,9 +98,7 @@ func (b *backend) pathLogin(
return resp, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := req.Auth.Metadata["username"]
password := req.Auth.InternalData["password"].(string)
@ -114,7 +111,7 @@ func (b *backend) pathLoginRenew(
return nil, fmt.Errorf("policies have changed, not renewing")
}
resp, err = framework.LeaseExtend(0, 0, b.System())(req, d)
resp, err = framework.LeaseExtend(0, 0, b.System())(ctx, req, d)
if err != nil {
return nil, err
}

13
builtin/credential/ldap/path_users.go
View File

@ -1,6 +1,7 @@
package ldap
import (
"context"
"strings"
"github.com/hashicorp/vault/helper/policyutil"
@ -70,8 +71,7 @@ func (b *backend) User(s logical.Storage, n string) (*UserEntry, error) {
return &result, nil
}
func (b *backend) pathUserDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("user/" + d.Get("name").(string))
if err != nil {
return nil, err
@ -80,8 +80,7 @@ func (b *backend) pathUserDelete(
return nil, nil
}
func (b *backend) pathUserRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
user, err := b.User(req.Storage, d.Get("name").(string))
if err != nil {
return nil, err
@ -98,8 +97,7 @@ func (b *backend) pathUserRead(
}, nil
}
func (b *backend) pathUserWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
groups := strutil.RemoveDuplicates(strutil.ParseStringSlice(d.Get("groups").(string), ","), false)
policies := policyutil.ParsePolicies(d.Get("policies"))
@ -122,8 +120,7 @@ func (b *backend) pathUserWrite(
return nil, nil
}
func (b *backend) pathUserList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List("user/")
if err != nil {
return nil, err

11
builtin/credential/okta/path_config.go
View File

@ -1,6 +1,7 @@
package okta
import (
"context"
"fmt"
"net/url"
@ -87,9 +88,7 @@ func (b *backend) Config(s logical.Storage) (*ConfigEntry, error) {
return &result, nil
}
func (b *backend) pathConfigRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
cfg, err := b.Config(req.Storage)
if err != nil {
return nil, err
@ -116,8 +115,7 @@ func (b *backend) pathConfigRead(
return resp, nil
}
func (b *backend) pathConfigWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
cfg, err := b.Config(req.Storage)
if err != nil {
return nil, err
@ -202,8 +200,7 @@ func (b *backend) pathConfigWrite(
return nil, nil
}
func (b *backend) pathConfigExistenceCheck(
req *logical.Request, d *framework.FieldData) (bool, error) {
func (b *backend) pathConfigExistenceCheck(ctx context.Context, req *logical.Request, d *framework.FieldData) (bool, error) {
cfg, err := b.Config(req.Storage)
if err != nil {
return false, err

13
builtin/credential/okta/path_groups.go
View File

@ -1,6 +1,7 @@
package okta
import (
"context"
"strings"
"github.com/hashicorp/vault/helper/policyutil"
@ -83,8 +84,7 @@ func (b *backend) Group(s logical.Storage, n string) (*GroupEntry, string, error
return &result, canonicalName, nil
}
func (b *backend) pathGroupDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if len(name) == 0 {
return logical.ErrorResponse("'name' must be supplied"), nil
@ -104,8 +104,7 @@ func (b *backend) pathGroupDelete(
return nil, nil
}
func (b *backend) pathGroupRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if len(name) == 0 {
return logical.ErrorResponse("'name' must be supplied"), nil
@ -126,8 +125,7 @@ func (b *backend) pathGroupRead(
}, nil
}
func (b *backend) pathGroupWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if len(name) == 0 {
return logical.ErrorResponse("'name' must be supplied"), nil
@ -158,8 +156,7 @@ func (b *backend) pathGroupWrite(
return nil, nil
}
func (b *backend) pathGroupList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGroupList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
groups, err := req.Storage.List("group/")
if err != nil {
return nil, err

13
builtin/credential/okta/path_login.go
View File

@ -1,6 +1,7 @@
package okta
import (
"context"
"fmt"
"sort"
"strings"
@ -36,8 +37,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
if username == "" {
return nil, fmt.Errorf("missing username")
@ -52,8 +52,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
password := d.Get("password").(string)
@ -109,9 +108,7 @@ func (b *backend) pathLogin(
return resp, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := req.Auth.Metadata["username"]
password := req.Auth.InternalData["password"].(string)
@ -129,7 +126,7 @@ func (b *backend) pathLoginRenew(
return nil, err
}
resp, err = framework.LeaseExtend(cfg.TTL, cfg.MaxTTL, b.System())(req, d)
resp, err = framework.LeaseExtend(cfg.TTL, cfg.MaxTTL, b.System())(ctx, req, d)
if err != nil {
return nil, err
}

13
builtin/credential/okta/path_users.go
View File

@ -1,6 +1,7 @@
package okta
import (
"context"
"strings"
"github.com/hashicorp/vault/logical"
@ -68,8 +69,7 @@ func (b *backend) User(s logical.Storage, n string) (*UserEntry, error) {
return &result, nil
}
func (b *backend) pathUserDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if len(name) == 0 {
return logical.ErrorResponse("Error empty name"), nil
@ -83,8 +83,7 @@ func (b *backend) pathUserDelete(
return nil, nil
}
func (b *backend) pathUserRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if len(name) == 0 {
return logical.ErrorResponse("Error empty name"), nil
@ -106,8 +105,7 @@ func (b *backend) pathUserRead(
}, nil
}
func (b *backend) pathUserWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if len(name) == 0 {
return logical.ErrorResponse("Error empty name"), nil
@ -138,8 +136,7 @@ func (b *backend) pathUserWrite(
return nil, nil
}
func (b *backend) pathUserList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List("user/")
if err != nil {
return nil, err

11
builtin/credential/radius/path_config.go
View File

@ -1,6 +1,7 @@
package radius
import (
"context"
"strings"
"github.com/fatih/structs"
@ -63,7 +64,7 @@ func pathConfig(b *backend) *framework.Path {
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) configExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) configExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
entry, err := b.Config(req)
if err != nil {
return false, err
@ -94,9 +95,7 @@ func (b *backend) Config(req *logical.Request) (*ConfigEntry, error) {
return &result, nil
}
func (b *backend) pathConfigRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
cfg, err := b.Config(req)
if err != nil {
return nil, err
@ -112,9 +111,7 @@ func (b *backend) pathConfigRead(
return resp, nil
}
func (b *backend) pathConfigCreateUpdate(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigCreateUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Build a ConfigEntry struct out of the supplied FieldData
cfg, err := b.Config(req)
if err != nil {

11
builtin/credential/radius/path_login.go
View File

@ -46,8 +46,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
if username == "" {
return nil, fmt.Errorf("missing username")
@ -62,8 +61,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
password := d.Get("password").(string)
@ -110,8 +108,7 @@ func (b *backend) pathLogin(
return resp, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
var err error
username := req.Auth.Metadata["username"]
@ -129,7 +126,7 @@ func (b *backend) pathLoginRenew(
return nil, fmt.Errorf("policies have changed, not renewing")
}
return framework.LeaseExtend(0, 0, b.System())(req, d)
return framework.LeaseExtend(0, 0, b.System())(ctx, req, d)
}
func (b *backend) RadiusLogin(req *logical.Request, username string, password string) ([]string, *logical.Response, error) {

15
builtin/credential/radius/path_users.go
View File

@ -1,6 +1,7 @@
package radius
import (
"context"
"fmt"
"strings"
@ -51,7 +52,7 @@ func pathUsers(b *backend) *framework.Path {
}
}
func (b *backend) userExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) userExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
userEntry, err := b.user(req.Storage, data.Get("name").(string))
if err != nil {
return false, err
@ -81,8 +82,7 @@ func (b *backend) user(s logical.Storage, username string) (*UserEntry, error) {
return &result, nil
}
func (b *backend) pathUserDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("user/" + d.Get("name").(string))
if err != nil {
return nil, err
@ -91,8 +91,7 @@ func (b *backend) pathUserDelete(
return nil, nil
}
func (b *backend) pathUserRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
user, err := b.user(req.Storage, d.Get("name").(string))
if err != nil {
return nil, err
@ -108,8 +107,7 @@ func (b *backend) pathUserRead(
}, nil
}
func (b *backend) pathUserWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
var policies = policyutil.ParsePolicies(d.Get("policies"))
for _, policy := range policies {
@ -132,8 +130,7 @@ func (b *backend) pathUserWrite(
return nil, nil
}
func (b *backend) pathUserList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List("user/")
if err != nil {
return nil, err

12
builtin/credential/userpass/path_login.go
View File

@ -1,6 +1,7 @@
package userpass
import (
"context"
"crypto/subtle"
"fmt"
"strings"
@ -36,8 +37,7 @@ func pathLogin(b *backend) *framework.Path {
}
}
func (b *backend) pathLoginAliasLookahead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginAliasLookahead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := strings.ToLower(d.Get("username").(string))
if username == "" {
return nil, fmt.Errorf("missing username")
@ -52,8 +52,7 @@ func (b *backend) pathLoginAliasLookahead(
}, nil
}
func (b *backend) pathLogin(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := strings.ToLower(d.Get("username").(string))
password := d.Get("password").(string)
@ -101,8 +100,7 @@ func (b *backend) pathLogin(
}, nil
}
func (b *backend) pathLoginRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the user
user, err := b.user(req.Storage, req.Auth.Metadata["username"])
if err != nil {
@ -117,7 +115,7 @@ func (b *backend) pathLoginRenew(
return nil, fmt.Errorf("policies have changed, not renewing")
}
return framework.LeaseExtend(user.TTL, user.MaxTTL, b.System())(req, d)
return framework.LeaseExtend(user.TTL, user.MaxTTL, b.System())(ctx, req, d)
}
const pathLoginSyn = `

5
builtin/credential/userpass/path_user_password.go
View File

@ -1,6 +1,7 @@
package userpass
import (
"context"
"fmt"
"golang.org/x/crypto/bcrypt"
@ -33,9 +34,7 @@ func pathUserPassword(b *backend) *framework.Path {
}
}
func (b *backend) pathUserPasswordUpdate(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserPasswordUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
userEntry, err := b.user(req.Storage, username)

5
builtin/credential/userpass/path_user_policies.go
View File

@ -1,6 +1,7 @@
package userpass
import (
"context"
"fmt"
"github.com/hashicorp/vault/helper/policyutil"
@ -31,9 +32,7 @@ func pathUserPolicies(b *backend) *framework.Path {
}
}
func (b *backend) pathUserPoliciesUpdate(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserPoliciesUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := d.Get("username").(string)
userEntry, err := b.user(req.Storage, username)

19
builtin/credential/userpass/path_users.go
View File

@ -1,6 +1,7 @@
package userpass
import (
"context"
"fmt"
"strings"
"time"
@ -67,7 +68,7 @@ func pathUsers(b *backend) *framework.Path {
}
}
func (b *backend) userExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) userExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
userEntry, err := b.user(req.Storage, data.Get("username").(string))
if err != nil {
return false, err
@ -106,8 +107,7 @@ func (b *backend) setUser(s logical.Storage, username string, userEntry *UserEnt
return s.Put(entry)
}
func (b *backend) pathUserList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List("user/")
if err != nil {
return nil, err
@ -115,8 +115,7 @@ func (b *backend) pathUserList(
return logical.ListResponse(users), nil
}
func (b *backend) pathUserDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("user/" + strings.ToLower(d.Get("username").(string)))
if err != nil {
return nil, err
@ -125,8 +124,7 @@ func (b *backend) pathUserDelete(
return nil, nil
}
func (b *backend) pathUserRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
user, err := b.user(req.Storage, strings.ToLower(d.Get("username").(string)))
if err != nil {
return nil, err
@ -144,7 +142,7 @@ func (b *backend) pathUserRead(
}, nil
}
func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) userCreateUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
username := strings.ToLower(d.Get("username").(string))
userEntry, err := b.user(req.Storage, username)
if err != nil {
@ -187,13 +185,12 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
return nil, b.setUser(req.Storage, username, userEntry)
}
func (b *backend) pathUserWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
password := d.Get("password").(string)
if req.Operation == logical.CreateOperation && password == "" {
return logical.ErrorResponse("missing password"), logical.ErrInvalidRequest
}
return b.userCreateUpdate(req, d)
return b.userCreateUpdate(ctx, req, d)
}
type UserEntry struct {

7
builtin/logical/aws/path_config_lease.go
View File

@ -1,6 +1,7 @@
package aws
import (
"context"
"fmt"
"time"
@ -51,8 +52,7 @@ func (b *backend) Lease(s logical.Storage) (*configLease, error) {
return &result, nil
}
func (b *backend) pathLeaseWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
leaseRaw := d.Get("lease").(string)
leaseMaxRaw := d.Get("lease_max").(string)
@ -89,8 +89,7 @@ func (b *backend) pathLeaseWrite(
return nil, nil
}
func (b *backend) pathLeaseRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
lease, err := b.Lease(req.Storage)
if err != nil {

5
builtin/logical/aws/path_config_root.go
View File

@ -1,6 +1,8 @@
package aws
import (
"context"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@ -42,8 +44,7 @@ func pathConfigRoot() *framework.Path {
}
}
func pathConfigRootWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func pathConfigRootWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
region := data.Get("region").(string)
iamendpoint := data.Get("iam_endpoint").(string)
stsendpoint := data.Get("sts_endpoint").(string)

13
builtin/logical/aws/path_roles.go
View File

@ -2,6 +2,7 @@ package aws
import (
"bytes"
"context"
"encoding/json"
"fmt"
@ -56,8 +57,7 @@ func pathRoles() *framework.Path {
}
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("policy/")
if err != nil {
return nil, err
@ -65,8 +65,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func pathRolesDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func pathRolesDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("policy/" + d.Get("name").(string))
if err != nil {
return nil, err
@ -75,8 +74,7 @@ func pathRolesDelete(
return nil, nil
}
func pathRolesRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func pathRolesRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entry, err := req.Storage.Get("policy/" + d.Get("name").(string))
if err != nil {
return nil, err
@ -113,8 +111,7 @@ func useInlinePolicy(d *framework.FieldData) (bool, error) {
return bp, nil
}
func pathRolesWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func pathRolesWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
var buf bytes.Buffer
uip, err := useInlinePolicy(d)

7
builtin/logical/aws/path_roles_test.go
View File

@ -1,6 +1,7 @@
package aws
import (
"context"
"strconv"
"testing"
@ -30,13 +31,13 @@ func TestBackend_PathListRoles(t *testing.T) {
for i := 1; i <= 10; i++ {
roleReq.Path = "roles/testrole" + strconv.Itoa(i)
resp, err = b.HandleRequest(roleReq)
resp, err = b.HandleRequest(context.Background(), roleReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: role creation failed. resp:%#v\n err:%v", resp, err)
}
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "roles",
Storage: config.StorageView,
@ -49,7 +50,7 @@ func TestBackend_PathListRoles(t *testing.T) {
t.Fatalf("failed to list all 10 roles")
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "roles/",
Storage: config.StorageView,

4
builtin/logical/aws/path_sts.go
View File

@ -1,6 +1,7 @@
package aws
import (
"context"
"fmt"
"strings"
@ -39,8 +40,7 @@ the session for AWS account owners defaults to one hour.`,
}
}
func (b *backend) pathSTSRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathSTSRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
policyName := d.Get("name").(string)
ttl := int64(d.Get("ttl").(int))

4
builtin/logical/aws/path_user.go
View File

@ -1,6 +1,7 @@
package aws
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go/aws"
@ -29,8 +30,7 @@ func pathUser(b *backend) *framework.Path {
}
}
func (b *backend) pathUserRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
policyName := d.Get("name").(string)
// Read the policy

10
builtin/logical/aws/secret_access_keys.go
View File

@ -1,6 +1,7 @@
package aws
import (
"context"
"fmt"
"math/rand"
"regexp"
@ -249,9 +250,7 @@ func (b *backend) secretAccessKeysCreate(
return resp, nil
}
func (b *backend) secretAccessKeysRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretAccessKeysRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// STS already has a lifetime, and we don't support renewing it
isSTSRaw, ok := req.Secret.InternalData["is_sts"]
if ok {
@ -272,11 +271,10 @@ func (b *backend) secretAccessKeysRenew(
}
f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, b.System())
return f(req, d)
return f(ctx, req, d)
}
func secretAccessKeysRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func secretAccessKeysRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// STS cleans up after itself so we can skip this if is_sts internal data
// element set to true. If is_sts is not set, assumes old version

7
builtin/logical/cassandra/path_config_connection.go
View File

@ -1,6 +1,7 @@
package cassandra
import (
"context"
"fmt"
"github.com/fatih/structs"
@ -85,8 +86,7 @@ take precedence.`,
}
}
func (b *backend) pathConnectionRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entry, err := req.Storage.Get("config/connection")
if err != nil {
return nil, err
@ -110,8 +110,7 @@ func (b *backend) pathConnectionRead(
}, nil
}
func (b *backend) pathConnectionWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
hosts := data.Get("hosts").(string)
username := data.Get("username").(string)
password := data.Get("password").(string)

4
builtin/logical/cassandra/path_creds_create.go
View File

@ -1,6 +1,7 @@
package cassandra
import (
"context"
"fmt"
"strings"
"time"
@ -31,8 +32,7 @@ func pathCredsCreate(b *backend) *framework.Path {
}
}
func (b *backend) pathCredsCreateRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCredsCreateRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get the role

10
builtin/logical/cassandra/path_roles.go
View File

@ -1,6 +1,7 @@
package cassandra
import (
"context"
"fmt"
"time"
@ -91,8 +92,7 @@ func getRole(s logical.Storage, n string) (*roleEntry, error) {
return &result, nil
}
func (b *backend) pathRoleDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("role/" + data.Get("name").(string))
if err != nil {
return nil, err
@ -101,8 +101,7 @@ func (b *backend) pathRoleDelete(
return nil, nil
}
func (b *backend) pathRoleRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
role, err := getRole(req.Storage, data.Get("name").(string))
if err != nil {
return nil, err
@ -116,8 +115,7 @@ func (b *backend) pathRoleRead(
}, nil
}
func (b *backend) pathRoleCreate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
creationCQL := data.Get("creation_cql").(string)

9
builtin/logical/cassandra/secret_creds.go
View File

@ -1,6 +1,7 @@
package cassandra
import (
"context"
"fmt"
"github.com/hashicorp/vault/logical"
@ -30,8 +31,7 @@ func secretCreds(b *backend) *framework.Secret {
}
}
func (b *backend) secretCredsRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the lease information
roleRaw, ok := req.Secret.InternalData["role"]
if !ok {
@ -47,11 +47,10 @@ func (b *backend) secretCredsRenew(
return nil, fmt.Errorf("unable to load role: %s", err)
}
return framework.LeaseExtend(role.Lease, 0, b.System())(req, d)
return framework.LeaseExtend(role.Lease, 0, b.System())(ctx, req, d)
}
func (b *backend) secretCredsRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the username from the internal data
usernameRaw, ok := req.Secret.InternalData["username"]
if !ok {

15
builtin/logical/consul/backend_test.go
View File

@ -1,6 +1,7 @@
package consul
import (
"context"
"encoding/base64"
"fmt"
"log"
@ -103,13 +104,13 @@ func TestBackend_config_access(t *testing.T) {
Data: connData,
}
resp, err := b.HandleRequest(confReq)
resp, err := b.HandleRequest(context.Background(), confReq)
if err != nil || (resp != nil && resp.IsError()) || resp != nil {
t.Fatalf("failed to write configuration: resp:%#v err:%s", resp, err)
}
confReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(confReq)
resp, err = b.HandleRequest(context.Background(), confReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("failed to write configuration: resp:%#v err:%s", resp, err)
}
@ -176,7 +177,7 @@ func TestBackend_renew_revoke(t *testing.T) {
Path: "config/access",
Data: connData,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -186,14 +187,14 @@ func TestBackend_renew_revoke(t *testing.T) {
"policy": base64.StdEncoding.EncodeToString([]byte(testPolicy)),
"lease": "6h",
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
req.Operation = logical.ReadOperation
req.Path = "creds/test"
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -236,7 +237,7 @@ func TestBackend_renew_revoke(t *testing.T) {
req.Operation = logical.RenewOperation
req.Secret = generatedSecret
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -245,7 +246,7 @@ func TestBackend_renew_revoke(t *testing.T) {
}
req.Operation = logical.RevokeOperation
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}

7
builtin/logical/consul/path_config.go
View File

@ -1,6 +1,7 @@
package consul
import (
"context"
"fmt"
"github.com/hashicorp/vault/logical"
@ -58,8 +59,7 @@ func readConfigAccess(storage logical.Storage) (*accessConfig, error, error) {
return conf, nil, nil
}
func pathConfigAccessRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func pathConfigAccessRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
conf, userErr, intErr := readConfigAccess(req.Storage)
if intErr != nil {
return nil, intErr
@ -79,8 +79,7 @@ func pathConfigAccessRead(
}, nil
}
func pathConfigAccessWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func pathConfigAccessWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entry, err := logical.StorageEntryJSON("config/access", accessConfig{
Address: data.Get("address").(string),
Scheme: data.Get("scheme").(string),

13
builtin/logical/consul/path_roles.go
View File

@ -1,6 +1,7 @@
package consul
import (
"context"
"encoding/base64"
"fmt"
"time"
@ -57,8 +58,7 @@ Defaults to 'client'.`,
}
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("policy/")
if err != nil {
return nil, err
@ -67,8 +67,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func pathRolesRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func pathRolesRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
entry, err := req.Storage.Get("policy/" + name)
@ -101,8 +100,7 @@ func pathRolesRead(
return resp, nil
}
func pathRolesWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func pathRolesWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
tokenType := d.Get("token_type").(string)
switch tokenType {
@ -151,8 +149,7 @@ func pathRolesWrite(
return nil, nil
}
func pathRolesDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func pathRolesDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if err := req.Storage.Delete("policy/" + name); err != nil {
return nil, err

4
builtin/logical/consul/path_token.go
View File

@ -1,6 +1,7 @@
package consul
import (
"context"
"fmt"
"time"
@ -25,8 +26,7 @@ func pathToken(b *backend) *framework.Path {
}
}
func (b *backend) pathTokenRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathTokenRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
role := d.Get("role").(string)
entry, err := req.Storage.Get("policy/" + role)

13
builtin/logical/consul/secret_token.go
View File

@ -1,6 +1,7 @@
package consul
import (
"context"
"fmt"
"github.com/hashicorp/vault/logical"
@ -26,16 +27,15 @@ func secretToken(b *backend) *framework.Secret {
}
}
func (b *backend) secretTokenRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretTokenRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
roleRaw, ok := req.Secret.InternalData["role"]
if !ok || roleRaw == nil {
return framework.LeaseExtend(0, 0, b.System())(req, d)
return framework.LeaseExtend(0, 0, b.System())(ctx, req, d)
}
role, ok := roleRaw.(string)
if !ok {
return framework.LeaseExtend(0, 0, b.System())(req, d)
return framework.LeaseExtend(0, 0, b.System())(ctx, req, d)
}
entry, err := req.Storage.Get("policy/" + role)
@ -51,11 +51,10 @@ func (b *backend) secretTokenRenew(
return nil, err
}
return framework.LeaseExtend(result.Lease, 0, b.System())(req, d)
return framework.LeaseExtend(result.Lease, 0, b.System())(ctx, req, d)
}
func secretTokenRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func secretTokenRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
c, userErr, intErr := client(req.Storage)
if intErr != nil {
return nil, intErr

65
builtin/logical/database/backend_test.go
View File

@ -1,6 +1,7 @@
package database
import (
"context"
"database/sql"
"fmt"
"log"
@ -51,7 +52,7 @@ func preparePostgresTestContainer(t *testing.T, s logical.Storage, b logical.Bac
// exponential backoff-retry
if err = pool.Retry(func() error {
// This will cause a validation to run
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Storage: s,
Operation: logical.UpdateOperation,
Path: "config/postgresql",
@ -194,7 +195,7 @@ func TestBackend_config_connection(t *testing.T) {
Storage: config.StorageView,
Data: configData,
}
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -207,7 +208,7 @@ func TestBackend_config_connection(t *testing.T) {
"allowed_roles": []string{"*"},
}
configReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -220,7 +221,7 @@ func TestBackend_config_connection(t *testing.T) {
configReq.Operation = logical.ListOperation
configReq.Data = nil
configReq.Path = "config/"
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil {
t.Fatal(err)
}
@ -260,7 +261,7 @@ func TestBackend_basic(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -278,7 +279,7 @@ func TestBackend_basic(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -291,7 +292,7 @@ func TestBackend_basic(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err := b.HandleRequest(req)
credsResp, err := b.HandleRequest(context.Background(), req)
if err != nil || (credsResp != nil && credsResp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, credsResp)
}
@ -301,7 +302,7 @@ func TestBackend_basic(t *testing.T) {
}
// Revoke creds
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.RevokeOperation,
Storage: config.StorageView,
Secret: &logical.Secret{
@ -351,7 +352,7 @@ func TestBackend_connectionCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -370,7 +371,7 @@ func TestBackend_connectionCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -387,7 +388,7 @@ func TestBackend_connectionCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -401,7 +402,7 @@ func TestBackend_connectionCrud(t *testing.T) {
"allowed_roles": []string{"plugin-role-test"},
}
req.Operation = logical.ReadOperation
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -419,7 +420,7 @@ func TestBackend_connectionCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -432,7 +433,7 @@ func TestBackend_connectionCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err := b.HandleRequest(req)
credsResp, err := b.HandleRequest(context.Background(), req)
if err != nil || (credsResp != nil && credsResp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, credsResp)
}
@ -449,14 +450,14 @@ func TestBackend_connectionCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
// Read connection
req.Operation = logical.ReadOperation
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -495,7 +496,7 @@ func TestBackend_roleCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -514,7 +515,7 @@ func TestBackend_roleCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -527,7 +528,7 @@ func TestBackend_roleCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -556,7 +557,7 @@ func TestBackend_roleCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -569,7 +570,7 @@ func TestBackend_roleCrud(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -607,7 +608,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -625,7 +626,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -642,7 +643,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -655,7 +656,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err := b.HandleRequest(req)
credsResp, err := b.HandleRequest(context.Background(), req)
if err != logical.ErrPermissionDenied {
t.Fatalf("expected error to be:%s got:%#v\n", logical.ErrPermissionDenied, err)
}
@ -672,7 +673,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -685,7 +686,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err = b.HandleRequest(req)
credsResp, err = b.HandleRequest(context.Background(), req)
if err != nil || (credsResp != nil && credsResp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, credsResp)
}
@ -706,7 +707,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -719,7 +720,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err = b.HandleRequest(req)
credsResp, err = b.HandleRequest(context.Background(), req)
if err != nil || (credsResp != nil && credsResp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, credsResp)
}
@ -740,7 +741,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
@ -753,7 +754,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err = b.HandleRequest(req)
credsResp, err = b.HandleRequest(context.Background(), req)
if err != logical.ErrPermissionDenied {
t.Fatalf("expected error to be:%s got:%#v\n", logical.ErrPermissionDenied, err)
}
@ -766,7 +767,7 @@ func TestBackend_allowedRoles(t *testing.T) {
Storage: config.StorageView,
Data: data,
}
credsResp, err = b.HandleRequest(req)
credsResp, err = b.HandleRequest(context.Background(), req)
if err != nil || (credsResp != nil && credsResp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, credsResp)
}

14
builtin/logical/database/path_config_connection.go
View File

@ -49,7 +49,7 @@ func pathResetConnection(b *databaseBackend) *framework.Path {
// pathConnectionReset resets a plugin by closing the existing instance and
// creating a new one.
func (b *databaseBackend) pathConnectionReset() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
if name == "" {
return logical.ErrorResponse(respErrEmptyName), nil
@ -63,7 +63,7 @@ func (b *databaseBackend) pathConnectionReset() framework.OperationFunc {
b.clearConnection(name)
// Execute plugin again, we don't need the object so throw away.
_, err := b.createDBObj(context.TODO(), req.Storage, name)
_, err := b.createDBObj(ctx, req.Storage, name)
if err != nil {
return nil, err
}
@ -130,7 +130,7 @@ func pathListPluginConnection(b *databaseBackend) *framework.Path {
}
func (b *databaseBackend) connectionListHandler() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("config/")
if err != nil {
return nil, err
@ -142,7 +142,7 @@ func (b *databaseBackend) connectionListHandler() framework.OperationFunc {
// connectionReadHandler reads out the connection configuration
func (b *databaseBackend) connectionReadHandler() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
if name == "" {
return logical.ErrorResponse(respErrEmptyName), nil
@ -168,7 +168,7 @@ func (b *databaseBackend) connectionReadHandler() framework.OperationFunc {
// connectionDeleteHandler deletes the connection configuration
func (b *databaseBackend) connectionDeleteHandler() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
if name == "" {
return logical.ErrorResponse(respErrEmptyName), nil
@ -198,7 +198,7 @@ func (b *databaseBackend) connectionDeleteHandler() framework.OperationFunc {
// connectionWriteHandler returns a handler function for creating and updating
// both builtin and plugin database types.
func (b *databaseBackend) connectionWriteHandler() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
pluginName := data.Get("plugin_name").(string)
if pluginName == "" {
return logical.ErrorResponse(respErrEmptyPluginName), nil
@ -231,7 +231,7 @@ func (b *databaseBackend) connectionWriteHandler() framework.OperationFunc {
return logical.ErrorResponse(fmt.Sprintf("error creating database object: %s", err)), nil
}
err = db.Initialize(context.TODO(), config.ConnectionDetails, verifyConnection)
err = db.Initialize(ctx, config.ConnectionDetails, verifyConnection)
if err != nil {
db.Close()
return logical.ErrorResponse(fmt.Sprintf("error creating database object: %s", err)), nil

6
builtin/logical/database/path_creds_create.go
View File

@ -31,7 +31,7 @@ func pathCredsCreate(b *databaseBackend) *framework.Path {
}
func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get the role
@ -67,7 +67,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
unlockFunc = b.Unlock
// Create a new DB object
db, err = b.createDBObj(context.TODO(), req.Storage, role.DBName)
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
if err != nil {
unlockFunc()
return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
@ -82,7 +82,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
}
// Create the user
username, password, err := db.CreateUser(context.TODO(), role.Statements, usernameConfig, expiration)
username, password, err := db.CreateUser(ctx, role.Statements, usernameConfig, expiration)
// Unlock
unlockFunc()
if err != nil {

9
builtin/logical/database/path_roles.go
View File

@ -1,6 +1,7 @@
package database
import (
"context"
"time"
"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
@ -85,7 +86,7 @@ func pathRoles(b *databaseBackend) *framework.Path {
}
func (b *databaseBackend) pathRoleDelete() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("role/" + data.Get("name").(string))
if err != nil {
return nil, err
@ -96,7 +97,7 @@ func (b *databaseBackend) pathRoleDelete() framework.OperationFunc {
}
func (b *databaseBackend) pathRoleRead() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
role, err := b.Role(req.Storage, data.Get("name").(string))
if err != nil {
return nil, err
@ -120,7 +121,7 @@ func (b *databaseBackend) pathRoleRead() framework.OperationFunc {
}
func (b *databaseBackend) pathRoleList() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
@ -131,7 +132,7 @@ func (b *databaseBackend) pathRoleList() framework.OperationFunc {
}
func (b *databaseBackend) pathRoleCreate() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
if name == "" {
return logical.ErrorResponse("empty role name attribute given"), nil

14
builtin/logical/database/secret_creds.go
View File

@ -21,7 +21,7 @@ func secretCreds(b *databaseBackend) *framework.Secret {
}
func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Get the username from the internal data
usernameRaw, ok := req.Secret.InternalData["username"]
if !ok {
@ -43,7 +43,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
}
f := framework.LeaseExtend(role.DefaultTTL, role.MaxTTL, b.System())
resp, err := f(req, data)
resp, err := f(ctx, req, data)
if err != nil {
return nil, err
}
@ -61,7 +61,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
unlockFunc = b.Unlock
// Create a new DB object
db, err = b.createDBObj(context.TODO(), req.Storage, role.DBName)
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
if err != nil {
unlockFunc()
return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
@ -70,7 +70,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
// Make sure we increase the VALID UNTIL endpoint for this user.
if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() {
err := db.RenewUser(context.TODO(), role.Statements, username, expireTime)
err := db.RenewUser(ctx, role.Statements, username, expireTime)
// Unlock
unlockFunc()
if err != nil {
@ -84,7 +84,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
}
func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
return func(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
return func(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Get the username from the internal data
usernameRaw, ok := req.Secret.InternalData["username"]
if !ok {
@ -120,14 +120,14 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
unlockFunc = b.Unlock
// Create a new DB object
db, err = b.createDBObj(context.TODO(), req.Storage, role.DBName)
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
if err != nil {
unlockFunc()
return nil, fmt.Errorf("cound not retrieve db with name: %s, got error: %s", role.DBName, err)
}
}
err = db.RevokeUser(context.TODO(), role.Statements, username)
err = db.RevokeUser(ctx, role.Statements, username)
// Unlock
unlockFunc()
if err != nil {

7
builtin/logical/mongodb/backend_test.go
View File

@ -1,6 +1,7 @@
package mongodb
import (
"context"
"fmt"
"log"
"os"
@ -36,7 +37,7 @@ func prepareTestContainer(t *testing.T, s logical.Storage, b logical.Backend) (c
cid, connErr := dockertest.ConnectToMongoDB(60, 500*time.Millisecond, func(connURI string) bool {
connURI = "mongodb://" + connURI
// This will cause a validation to run
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Storage: s,
Operation: logical.UpdateOperation,
Path: "config/connection",
@ -91,13 +92,13 @@ func TestBackend_config_connection(t *testing.T) {
Storage: config.StorageView,
Data: configData,
}
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
configReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}

5
builtin/logical/mongodb/path_config_connection.go
View File

@ -1,6 +1,7 @@
package mongodb
import (
"context"
"fmt"
"github.com/fatih/structs"
@ -33,7 +34,7 @@ func pathConfigConnection(b *backend) *framework.Path {
}
// pathConnectionRead reads out the connection configuration
func (b *backend) pathConnectionRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entry, err := req.Storage.Get("config/connection")
if err != nil {
return nil, fmt.Errorf("failed to read connection configuration")
@ -51,7 +52,7 @@ func (b *backend) pathConnectionRead(req *logical.Request, data *framework.Field
}, nil
}
func (b *backend) pathConnectionWrite(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
uri := data.Get("uri").(string)
if uri == "" {
return logical.ErrorResponse("uri parameter is required"), nil

8
builtin/logical/mongodb/path_config_lease.go
View File

@ -1,6 +1,7 @@
package mongodb
import (
"context"
"time"
"github.com/hashicorp/vault/logical"
@ -32,9 +33,7 @@ func pathConfigLease(b *backend) *framework.Path {
}
}
func (b *backend) pathConfigLeaseWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigLeaseWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entry, err := logical.StorageEntryJSON("config/lease", &configLease{
TTL: time.Second * time.Duration(d.Get("ttl").(int)),
MaxTTL: time.Second * time.Duration(d.Get("max_ttl").(int)),
@ -49,8 +48,7 @@ func (b *backend) pathConfigLeaseWrite(
return nil, nil
}
func (b *backend) pathConfigLeaseRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
leaseConfig, err := b.LeaseConfig(req.Storage)
if err != nil {

3
builtin/logical/mongodb/path_creds_create.go
View File

@ -1,6 +1,7 @@
package mongodb
import (
"context"
"fmt"
"github.com/hashicorp/go-uuid"
@ -27,7 +28,7 @@ func pathCredsCreate(b *backend) *framework.Path {
}
}
func (b *backend) pathCredsCreateRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCredsCreateRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get the role

14
builtin/logical/mongodb/path_roles.go
View File

@ -1,6 +1,7 @@
package mongodb
import (
"context"
"encoding/json"
"github.com/hashicorp/vault/logical"
@ -66,8 +67,7 @@ func (b *backend) Role(s logical.Storage, n string) (*roleStorageEntry, error) {
return &result, nil
}
func (b *backend) pathRoleDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("role/" + data.Get("name").(string))
if err != nil {
return nil, err
@ -76,8 +76,7 @@ func (b *backend) pathRoleDelete(
return nil, nil
}
func (b *backend) pathRoleRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
role, err := b.Role(req.Storage, data.Get("name").(string))
if err != nil {
return nil, err
@ -99,8 +98,7 @@ func (b *backend) pathRoleRead(
}, nil
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
@ -109,9 +107,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func (b *backend) pathRoleCreate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
if name == "" {
return logical.ErrorResponse("Missing name"), nil

7
builtin/logical/mongodb/secret_creds.go
View File

@ -1,6 +1,7 @@
package mongodb
import (
"context"
"fmt"
"github.com/hashicorp/vault/logical"
@ -30,7 +31,7 @@ func secretCreds(b *backend) *framework.Secret {
}
}
func (b *backend) secretCredsRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the lease information
leaseConfig, err := b.LeaseConfig(req.Storage)
if err != nil {
@ -41,10 +42,10 @@ func (b *backend) secretCredsRenew(req *logical.Request, d *framework.FieldData)
}
f := framework.LeaseExtend(leaseConfig.TTL, leaseConfig.MaxTTL, b.System())
return f(req, d)
return f(ctx, req, d)
}
func (b *backend) secretCredsRevoke(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the username from the internal data
usernameRaw, ok := req.Secret.InternalData["username"]
if !ok {

5
builtin/logical/mssql/backend_test.go
View File

@ -1,6 +1,7 @@
package mssql
import (
"context"
"fmt"
"log"
"os"
@ -34,13 +35,13 @@ func TestBackend_config_connection(t *testing.T) {
Storage: config.StorageView,
Data: configData,
}
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
configReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}

5
builtin/logical/mssql/path_config_connection.go
View File

@ -1,6 +1,7 @@
package mssql
import (
"context"
"database/sql"
"fmt"
@ -39,7 +40,7 @@ func pathConfigConnection(b *backend) *framework.Path {
}
// pathConnectionRead reads out the connection configuration
func (b *backend) pathConnectionRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entry, err := req.Storage.Get("config/connection")
if err != nil {
return nil, fmt.Errorf("failed to read connection configuration")
@ -58,7 +59,7 @@ func (b *backend) pathConnectionRead(req *logical.Request, data *framework.Field
}
// pathConnectionWrite stores the connection configuration
func (b *backend) pathConnectionWrite(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
connString := data.Get("connection_string").(string)
maxOpenConns := data.Get("max_open_connections").(int)

7
builtin/logical/mssql/path_config_lease.go
View File

@ -1,6 +1,7 @@
package mssql
import (
"context"
"fmt"
"time"
@ -39,8 +40,7 @@ time a credential is valid for.`,
}
}
func (b *backend) pathConfigLeaseWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigLeaseWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
ttlRaw := d.Get("ttl").(string)
ttlMaxRaw := d.Get("max_ttl").(string)
if len(ttlMaxRaw) == 0 {
@ -73,8 +73,7 @@ func (b *backend) pathConfigLeaseWrite(
return nil, nil
}
func (b *backend) pathConfigLeaseRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
leaseConfig, err := b.LeaseConfig(req.Storage)
if err != nil {

4
builtin/logical/mssql/path_creds_create.go
View File

@ -1,6 +1,7 @@
package mssql
import (
"context"
"fmt"
"strings"
@ -29,8 +30,7 @@ func pathCredsCreate(b *backend) *framework.Path {
}
}
func (b *backend) pathCredsCreateRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCredsCreateRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get the role

13
builtin/logical/mssql/path_roles.go
View File

@ -1,6 +1,7 @@
package mssql
import (
"context"
"fmt"
"strings"
@ -65,8 +66,7 @@ func (b *backend) Role(s logical.Storage, n string) (*roleEntry, error) {
return &result, nil
}
func (b *backend) pathRoleDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("role/" + data.Get("name").(string))
if err != nil {
return nil, err
@ -75,8 +75,7 @@ func (b *backend) pathRoleDelete(
return nil, nil
}
func (b *backend) pathRoleRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
role, err := b.Role(req.Storage, data.Get("name").(string))
if err != nil {
return nil, err
@ -92,8 +91,7 @@ func (b *backend) pathRoleRead(
}, nil
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
@ -102,8 +100,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func (b *backend) pathRoleCreate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
sql := data.Get("sql").(string)

9
builtin/logical/mssql/secret_creds.go
View File

@ -1,6 +1,7 @@
package mssql
import (
"context"
"database/sql"
"fmt"
@ -30,8 +31,7 @@ func secretCreds(b *backend) *framework.Secret {
}
}
func (b *backend) secretCredsRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the lease information
leaseConfig, err := b.LeaseConfig(req.Storage)
if err != nil {
@ -42,11 +42,10 @@ func (b *backend) secretCredsRenew(
}
f := framework.LeaseExtend(leaseConfig.TTL, leaseConfig.TTLMax, b.System())
return f(req, d)
return f(ctx, req, d)
}
func (b *backend) secretCredsRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the username from the internal data
usernameRaw, ok := req.Secret.InternalData["username"]
if !ok {

7
builtin/logical/mysql/backend_test.go
View File

@ -1,6 +1,7 @@
package mysql
import (
"context"
"fmt"
"log"
"os"
@ -35,7 +36,7 @@ func prepareTestContainer(t *testing.T, s logical.Storage, b logical.Backend) (c
cid, connErr := dockertest.ConnectToMySQL(60, 500*time.Millisecond, func(connURL string) bool {
// This will cause a validation to run
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Storage: s,
Operation: logical.UpdateOperation,
Path: "config/connection",
@ -93,13 +94,13 @@ func TestBackend_config_connection(t *testing.T) {
Storage: config.StorageView,
Data: configData,
}
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
configReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(configReq)
resp, err = b.HandleRequest(context.Background(), configReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}

6
builtin/logical/mysql/path_config_connection.go
View File

@ -1,6 +1,7 @@
package mysql
import (
"context"
"database/sql"
"fmt"
@ -49,7 +50,7 @@ This name is deprecated.`,
}
// pathConnectionRead reads out the connection configuration
func (b *backend) pathConnectionRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entry, err := req.Storage.Get("config/connection")
if err != nil {
return nil, fmt.Errorf("failed to read connection configuration")
@ -67,8 +68,7 @@ func (b *backend) pathConnectionRead(req *logical.Request, data *framework.Field
}, nil
}
func (b *backend) pathConnectionWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConnectionWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
connValue := data.Get("value").(string)
connURL := data.Get("connection_url").(string)
if connURL == "" {

7
builtin/logical/mysql/path_config_lease.go
View File

@ -1,6 +1,7 @@
package mysql
import (
"context"
"fmt"
"time"
@ -33,8 +34,7 @@ func pathConfigLease(b *backend) *framework.Path {
}
}
func (b *backend) pathLeaseWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
leaseRaw := d.Get("lease").(string)
leaseMaxRaw := d.Get("lease_max").(string)
@ -64,8 +64,7 @@ func (b *backend) pathLeaseWrite(
return nil, nil
}
func (b *backend) pathLeaseRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
lease, err := b.Lease(req.Storage)
if err != nil {

4
builtin/logical/mysql/path_role_create.go
View File

@ -1,6 +1,7 @@
package mysql
import (
"context"
"fmt"
"strings"
@ -30,8 +31,7 @@ func pathRoleCreate(b *backend) *framework.Path {
}
}
func (b *backend) pathRoleCreateRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreateRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get the role

13
builtin/logical/mysql/path_roles.go
View File

@ -1,6 +1,7 @@
package mysql
import (
"context"
"fmt"
"strings"
@ -95,8 +96,7 @@ func (b *backend) Role(s logical.Storage, n string) (*roleEntry, error) {
return &result, nil
}
func (b *backend) pathRoleDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("role/" + data.Get("name").(string))
if err != nil {
return nil, err
@ -105,8 +105,7 @@ func (b *backend) pathRoleDelete(
return nil, nil
}
func (b *backend) pathRoleRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
role, err := b.Role(req.Storage, data.Get("name").(string))
if err != nil {
return nil, err
@ -123,8 +122,7 @@ func (b *backend) pathRoleRead(
}, nil
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
@ -133,8 +131,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func (b *backend) pathRoleCreate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get our connection

9
builtin/logical/mysql/secret_creds.go
View File

@ -1,6 +1,7 @@
package mysql
import (
"context"
"fmt"
"strings"
@ -41,8 +42,7 @@ func secretCreds(b *backend) *framework.Secret {
}
}
func (b *backend) secretCredsRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Get the lease information
lease, err := b.Lease(req.Storage)
if err != nil {
@ -53,11 +53,10 @@ func (b *backend) secretCredsRenew(
}
f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, b.System())
return f(req, d)
return f(ctx, req, d)
}
func (b *backend) secretCredsRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretCredsRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
var resp *logical.Response
// Get the username from the internal data

19
builtin/logical/nomad/backend_test.go
View File

@ -1,6 +1,7 @@
package nomad
import (
"context"
"fmt"
"os"
"reflect"
@ -129,13 +130,13 @@ func TestBackend_config_access(t *testing.T) {
Data: connData,
}
resp, err := b.HandleRequest(confReq)
resp, err := b.HandleRequest(context.Background(), confReq)
if err != nil || (resp != nil && resp.IsError()) || resp != nil {
t.Fatalf("failed to write configuration: resp:%#v err:%s", resp, err)
}
confReq.Operation = logical.ReadOperation
resp, err = b.HandleRequest(confReq)
resp, err = b.HandleRequest(context.Background(), confReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("failed to write configuration: resp:%#v err:%s", resp, err)
}
@ -172,7 +173,7 @@ func TestBackend_renew_revoke(t *testing.T) {
Path: "config/access",
Data: connData,
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -182,14 +183,14 @@ func TestBackend_renew_revoke(t *testing.T) {
"policies": []string{"policy"},
"lease": "6h",
}
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
req.Operation = logical.ReadOperation
req.Path = "creds/test"
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -230,7 +231,7 @@ func TestBackend_renew_revoke(t *testing.T) {
req.Operation = logical.RenewOperation
req.Secret = generatedSecret
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -239,7 +240,7 @@ func TestBackend_renew_revoke(t *testing.T) {
}
req.Operation = logical.RevokeOperation
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -277,7 +278,7 @@ func TestBackend_CredsCreateEnvVar(t *testing.T) {
"policies": []string{"policy"},
"lease": "6h",
}
resp, err := b.HandleRequest(req)
resp, err := b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}
@ -289,7 +290,7 @@ func TestBackend_CredsCreateEnvVar(t *testing.T) {
req.Operation = logical.ReadOperation
req.Path = "creds/test"
resp, err = b.HandleRequest(req)
resp, err = b.HandleRequest(context.Background(), req)
if err != nil {
t.Fatal(err)
}

13
builtin/logical/nomad/path_config_access.go
View File

@ -1,6 +1,8 @@
package nomad
import (
"context"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
@ -34,7 +36,7 @@ func pathConfigAccess(b *backend) *framework.Path {
}
}
func (b *backend) configExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
func (b *backend) configExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
entry, err := b.readConfigAccess(req.Storage)
if err != nil {
return false, err
@ -60,8 +62,7 @@ func (b *backend) readConfigAccess(storage logical.Storage) (*accessConfig, erro
return conf, nil
}
func (b *backend) pathConfigAccessRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigAccessRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
conf, err := b.readConfigAccess(req.Storage)
if err != nil {
return nil, err
@ -77,8 +78,7 @@ func (b *backend) pathConfigAccessRead(
}, nil
}
func (b *backend) pathConfigAccessWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigAccessWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
conf, err := b.readConfigAccess(req.Storage)
if err != nil {
return nil, err
@ -107,8 +107,7 @@ func (b *backend) pathConfigAccessWrite(
return nil, nil
}
func (b *backend) pathConfigAccessDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathConfigAccessDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
if err := req.Storage.Delete(configAccessKey); err != nil {
return nil, err
}

7
builtin/logical/nomad/path_config_lease.go
View File

@ -1,6 +1,7 @@
package nomad
import (
"context"
"time"
"github.com/hashicorp/vault/logical"
@ -35,7 +36,7 @@ func pathConfigLease(b *backend) *framework.Path {
}
// Sets the lease configuration parameters
func (b *backend) pathLeaseUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entry, err := logical.StorageEntryJSON("config/lease", &configLease{
TTL: time.Second * time.Duration(d.Get("ttl").(int)),
MaxTTL: time.Second * time.Duration(d.Get("max_ttl").(int)),
@ -50,7 +51,7 @@ func (b *backend) pathLeaseUpdate(req *logical.Request, d *framework.FieldData)
return nil, nil
}
func (b *backend) pathLeaseDelete(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
if err := req.Storage.Delete(leaseConfigKey); err != nil {
return nil, err
}
@ -59,7 +60,7 @@ func (b *backend) pathLeaseDelete(req *logical.Request, d *framework.FieldData)
}
// Returns the lease configuration parameters
func (b *backend) pathLeaseRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathLeaseRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
lease, err := b.LeaseConfig(req.Storage)
if err != nil {
return nil, err

4
builtin/logical/nomad/path_creds_create.go
View File

@ -1,6 +1,7 @@
package nomad
import (
"context"
"fmt"
"time"
@ -26,8 +27,7 @@ func pathCredsCreate(b *backend) *framework.Path {
}
}
func (b *backend) pathTokenRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathTokenRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
role, err := b.Role(req.Storage, name)

15
builtin/logical/nomad/path_roles.go
View File

@ -1,6 +1,7 @@
package nomad
import (
"context"
"errors"
"github.com/hashicorp/errwrap"
@ -60,7 +61,7 @@ Defaults to 'client'.`,
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
// Returning 'true' forces an UpdateOperation, CreateOperation otherwise.
func (b *backend) rolesExistenceCheck(req *logical.Request, d *framework.FieldData) (bool, error) {
func (b *backend) rolesExistenceCheck(ctx context.Context, req *logical.Request, d *framework.FieldData) (bool, error) {
name := d.Get("name").(string)
entry, err := b.Role(req.Storage, name)
if err != nil {
@ -89,8 +90,7 @@ func (b *backend) Role(storage logical.Storage, name string) (*roleConfig, error
return &result, nil
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
@ -99,8 +99,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func (b *backend) pathRolesRead(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolesRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
role, err := b.Role(req.Storage, name)
@ -122,8 +121,7 @@ func (b *backend) pathRolesRead(
return resp, nil
}
func (b *backend) pathRolesWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolesWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
role, err := b.Role(req.Storage, name)
@ -173,8 +171,7 @@ func (b *backend) pathRolesWrite(
return nil, nil
}
func (b *backend) pathRolesDelete(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRolesDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
name := d.Get("name").(string)
if err := req.Storage.Delete("role/" + name); err != nil {
return nil, err

9
builtin/logical/nomad/secret_token.go
View File

@ -1,6 +1,7 @@
package nomad
import (
"context"
"errors"
"fmt"
@ -27,8 +28,7 @@ func secretToken(b *backend) *framework.Secret {
}
}
func (b *backend) secretTokenRenew(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretTokenRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
lease, err := b.LeaseConfig(req.Storage)
if err != nil {
return nil, err
@ -37,11 +37,10 @@ func (b *backend) secretTokenRenew(
lease = &configLease{}
}
return framework.LeaseExtend(lease.TTL, lease.MaxTTL, b.System())(req, d)
return framework.LeaseExtend(lease.TTL, lease.MaxTTL, b.System())(ctx, req, d)
}
func (b *backend) secretTokenRevoke(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) secretTokenRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
c, err := b.client(req.Storage)
if err != nil {
return nil, err

35
builtin/logical/pki/backend_test.go
View File

@ -2,6 +2,7 @@ package pki
import (
"bytes"
"context"
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
@ -1903,7 +1904,7 @@ func TestBackend_PathFetchCertList(t *testing.T) {
"ttl": "6h",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "root/generate/internal",
Storage: storage,
@ -1922,7 +1923,7 @@ func TestBackend_PathFetchCertList(t *testing.T) {
"crl_distribution_points": "http://127.0.0.1:8200/v1/pki/crl",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "config/urls",
Storage: storage,
@ -1942,7 +1943,7 @@ func TestBackend_PathFetchCertList(t *testing.T) {
"max_ttl": "4h",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "roles/test-example",
Storage: storage,
@ -1961,7 +1962,7 @@ func TestBackend_PathFetchCertList(t *testing.T) {
certData := map[string]interface{}{
"common_name": "example.test.com",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "issue/test-example",
Storage: storage,
@ -1978,7 +1979,7 @@ func TestBackend_PathFetchCertList(t *testing.T) {
}
// list certs
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "certs",
Storage: storage,
@ -1995,7 +1996,7 @@ func TestBackend_PathFetchCertList(t *testing.T) {
}
// list certs/
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.ListOperation,
Path: "certs/",
Storage: storage,
@ -2030,7 +2031,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
"ttl": "172800",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "root/generate/internal",
Storage: storage,
@ -2068,7 +2069,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
t.Fatal("pem csr is empty")
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "sign-verbatim",
Storage: storage,
@ -2091,7 +2092,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
"ttl": "4h",
"max_ttl": "8h",
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "roles/test",
Storage: storage,
@ -2103,7 +2104,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
if err != nil {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "sign-verbatim/test",
Storage: storage,
@ -2121,7 +2122,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
if resp.Secret != nil {
t.Fatal("got a lease when we should not have")
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "sign-verbatim/test",
Storage: storage,
@ -2162,7 +2163,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
"max_ttl": "8h",
"generate_lease": true,
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "roles/test",
Storage: storage,
@ -2174,7 +2175,7 @@ func TestBackend_SignVerbatim(t *testing.T) {
if err != nil {
t.Fatal(err)
}
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "sign-verbatim/test",
Storage: storage,
@ -2574,7 +2575,7 @@ func TestBackend_SignSelfIssued(t *testing.T) {
"ttl": "172800",
}
resp, err := b.HandleRequest(&logical.Request{
resp, err := b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "root/generate/internal",
Storage: storage,
@ -2618,7 +2619,7 @@ func TestBackend_SignSelfIssued(t *testing.T) {
}
ss, _ := getSelfSigned(template, template)
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "root/sign-self-issued",
Storage: storage,
@ -2648,7 +2649,7 @@ func TestBackend_SignSelfIssued(t *testing.T) {
BasicConstraintsValid: true,
}
ss, ssCert := getSelfSigned(template, issuer)
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "root/sign-self-issued",
Storage: storage,
@ -2667,7 +2668,7 @@ func TestBackend_SignSelfIssued(t *testing.T) {
}
ss, ssCert = getSelfSigned(template, template)
resp, err = b.HandleRequest(&logical.Request{
resp, err = b.HandleRequest(context.Background(), &logical.Request{
Operation: logical.UpdateOperation,
Path: "root/sign-self-issued",
Storage: storage,

4
builtin/logical/pki/path_config_ca.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"fmt"
"github.com/hashicorp/vault/helper/certutil"
@ -29,8 +30,7 @@ secret key and certificate.`,
}
}
func (b *backend) pathCAWrite(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCAWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
pemBundle := data.Get("pem_bundle").(string)
parsedBundle, err := certutil.ParsePEMBundle(pemBundle)

7
builtin/logical/pki/path_config_crl.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"fmt"
"time"
@ -52,8 +53,7 @@ func (b *backend) CRL(s logical.Storage) (*crlConfig, error) {
return &result, nil
}
func (b *backend) pathCRLRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCRLRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
config, err := b.CRL(req.Storage)
if err != nil {
return nil, err
@ -69,8 +69,7 @@ func (b *backend) pathCRLRead(
}, nil
}
func (b *backend) pathCRLWrite(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
expiry := d.Get("expiry").(string)
_, err := time.ParseDuration(expiry)

7
builtin/logical/pki/path_config_urls.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"fmt"
"github.com/asaskevich/govalidator"
@ -86,8 +87,7 @@ func writeURLs(req *logical.Request, entries *urlEntries) error {
return nil
}
func (b *backend) pathReadURL(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathReadURL(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entries, err := getURLs(req)
if err != nil {
return nil, err
@ -103,8 +103,7 @@ func (b *backend) pathReadURL(
return resp, nil
}
func (b *backend) pathWriteURL(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathWriteURL(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
entries, err := getURLs(req)
if err != nil {
return nil, err

5
builtin/logical/pki/path_fetch.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"encoding/pem"
"fmt"
@ -101,7 +102,7 @@ func pathFetchListCerts(b *backend) *framework.Path {
}
}
func (b *backend) pathFetchCertList(req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) {
func (b *backend) pathFetchCertList(ctx context.Context, req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) {
entries, err := req.Storage.List("certs/")
if err != nil {
return nil, err
@ -110,7 +111,7 @@ func (b *backend) pathFetchCertList(req *logical.Request, data *framework.FieldD
return logical.ListResponse(entries), nil
}
func (b *backend) pathFetchRead(req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) {
func (b *backend) pathFetchRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) {
var serial, pemType, contentType string
var certEntry, revokedEntry *logical.StorageEntry
var funcErr error

7
builtin/logical/pki/path_intermediate.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"encoding/base64"
"fmt"
@ -53,8 +54,7 @@ endpoint.`,
return ret
}
func (b *backend) pathGenerateIntermediate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathGenerateIntermediate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
var err error
exported, format, role, errorResp := b.getGenerationParams(data)
@ -129,8 +129,7 @@ func (b *backend) pathGenerateIntermediate(
return resp, nil
}
func (b *backend) pathSetSignedIntermediate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathSetSignedIntermediate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
cert := data.Get("certificate").(string)
if cert == "" {

13
builtin/logical/pki/path_issue_sign.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"encoding/base64"
"fmt"
"time"
@ -78,8 +79,7 @@ basic constraints.`,
// pathIssue issues a certificate and private key from given parameters,
// subject to role restrictions
func (b *backend) pathIssue(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathIssue(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role").(string)
// Get the role
@ -96,8 +96,7 @@ func (b *backend) pathIssue(
// pathSign issues a certificate from a submitted CSR, subject to role
// restrictions
func (b *backend) pathSign(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathSign(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role").(string)
// Get the role
@ -114,8 +113,7 @@ func (b *backend) pathSign(
// pathSignVerbatim issues a certificate from a submitted CSR, *not* subject to
// role restrictions
func (b *backend) pathSignVerbatim(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("role").(string)
@ -159,8 +157,7 @@ func (b *backend) pathSignVerbatim(
return b.pathIssueSignCert(req, data, entry, true, true)
}
func (b *backend) pathIssueSignCert(
req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) {
func (b *backend) pathIssueSignCert(req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) {
format := getFormat(data)
if format == "" {
return logical.ErrorResponse(

5
builtin/logical/pki/path_revoke.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"fmt"
"strings"
@ -42,7 +43,7 @@ func pathRotateCRL(b *backend) *framework.Path {
}
}
func (b *backend) pathRevokeWrite(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRevokeWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
serial := data.Get("serial_number").(string)
if len(serial) == 0 {
return logical.ErrorResponse("The serial number must be provided"), nil
@ -58,7 +59,7 @@ func (b *backend) pathRevokeWrite(req *logical.Request, data *framework.FieldDat
return revokeCert(b, req, serial, false)
}
func (b *backend) pathRotateCRLRead(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRotateCRLRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.revokeStorageLock.RLock()
defer b.revokeStorageLock.RUnlock()

13
builtin/logical/pki/path_roles.go
View File

@ -1,6 +1,7 @@
package pki
import (
"context"
"crypto/x509"
"fmt"
"strings"
@ -318,8 +319,7 @@ func (b *backend) getRole(s logical.Storage, n string) (*roleEntry, error) {
return &result, nil
}
func (b *backend) pathRoleDelete(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
err := req.Storage.Delete("role/" + data.Get("name").(string))
if err != nil {
return nil, err
@ -328,8 +328,7 @@ func (b *backend) pathRoleDelete(
return nil, nil
}
func (b *backend) pathRoleRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
roleName := data.Get("name").(string)
if roleName == "" {
return logical.ErrorResponse("missing role name"), nil
@ -362,8 +361,7 @@ func (b *backend) pathRoleRead(
return resp, nil
}
func (b *backend) pathRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("role/")
if err != nil {
return nil, err
@ -372,8 +370,7 @@ func (b *backend) pathRoleList(
return logical.ListResponse(entries), nil
}
func (b *backend) pathRoleCreate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
var err error
name := data.Get("name").(string)

Some files were not shown because too many files have changed in this diff Show More