vault: validate advertise addr is valid URL [GH-106]
This commit is contained in:
parent
83af64dbd1
commit
727e0e90cd
|
@ -15,6 +15,7 @@ BUG FIXES:
|
||||||
* core: if token helper isn't absolute, prepend with path to Vault
|
* core: if token helper isn't absolute, prepend with path to Vault
|
||||||
executable, not "vault" (which requires PATH) [GH-60]
|
executable, not "vault" (which requires PATH) [GH-60]
|
||||||
* core: Any "mapping" routes allow hyphens in keys [GH-119]
|
* core: Any "mapping" routes allow hyphens in keys [GH-119]
|
||||||
|
* core: Validate `advertise_addr` is a valid URL with scheme [GH-106]
|
||||||
* command/auth: Using an invalid token won't crash [GH-75]
|
* command/auth: Using an invalid token won't crash [GH-75]
|
||||||
* credential/app-id: app and user IDs can have hyphens in keys [GH-119]
|
* credential/app-id: app and user IDs can have hyphens in keys [GH-119]
|
||||||
* helper/password: import proper DLL for Windows to ask password [GH-83]
|
* helper/password: import proper DLL for Windows to ask password [GH-83]
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -215,6 +216,18 @@ func NewCore(conf *CoreConfig) (*Core, error) {
|
||||||
return nil, fmt.Errorf("missing advertisement address")
|
return nil, fmt.Errorf("missing advertisement address")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate the advertise addr if its given to us
|
||||||
|
if conf.AdvertiseAddr != "" {
|
||||||
|
u, err := url.Parse(conf.AdvertiseAddr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("advertisement address is not valid url: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if u.Scheme == "" {
|
||||||
|
return nil, fmt.Errorf("advertisement address must include scheme (ex. 'http')")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Wrap the backend in a cache unless disabled
|
// Wrap the backend in a cache unless disabled
|
||||||
if !conf.DisableCache {
|
if !conf.DisableCache {
|
||||||
_, isCache := conf.Physical.(*physical.Cache)
|
_, isCache := conf.Physical.(*physical.Cache)
|
||||||
|
|
|
@ -15,6 +15,18 @@ var (
|
||||||
invalidKey = []byte("abcdefghijklmnopqrstuvwxyz")[:17]
|
invalidKey = []byte("abcdefghijklmnopqrstuvwxyz")[:17]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func TestNewCore_badAdvertiseAddr(t *testing.T) {
|
||||||
|
conf := &CoreConfig{
|
||||||
|
AdvertiseAddr: "127.0.0.1:8200",
|
||||||
|
Physical: physical.NewInmem(),
|
||||||
|
DisableMlock: true,
|
||||||
|
}
|
||||||
|
_, err := NewCore(conf)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("should error")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestCore_Init(t *testing.T) {
|
func TestCore_Init(t *testing.T) {
|
||||||
inm := physical.NewInmem()
|
inm := physical.NewInmem()
|
||||||
conf := &CoreConfig{
|
conf := &CoreConfig{
|
||||||
|
@ -1026,9 +1038,10 @@ func TestCore_LimitedUseToken(t *testing.T) {
|
||||||
func TestCore_Standby(t *testing.T) {
|
func TestCore_Standby(t *testing.T) {
|
||||||
// Create the first core and initialize it
|
// Create the first core and initialize it
|
||||||
inm := physical.NewInmemHA()
|
inm := physical.NewInmemHA()
|
||||||
|
advertiseOriginal := "http://127.0.0.1:8200"
|
||||||
core, err := NewCore(&CoreConfig{
|
core, err := NewCore(&CoreConfig{
|
||||||
Physical: inm,
|
Physical: inm,
|
||||||
AdvertiseAddr: "foo",
|
AdvertiseAddr: advertiseOriginal,
|
||||||
DisableMlock: true,
|
DisableMlock: true,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1086,14 +1099,15 @@ func TestCore_Standby(t *testing.T) {
|
||||||
if !isLeader {
|
if !isLeader {
|
||||||
t.Fatalf("should be leader")
|
t.Fatalf("should be leader")
|
||||||
}
|
}
|
||||||
if advertise != "foo" {
|
if advertise != advertiseOriginal {
|
||||||
t.Fatalf("Bad advertise: %v", advertise)
|
t.Fatalf("Bad advertise: %v", advertise)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a second core, attached to same in-memory store
|
// Create a second core, attached to same in-memory store
|
||||||
|
advertiseOriginal2 := "http://127.0.0.1:8500"
|
||||||
core2, err := NewCore(&CoreConfig{
|
core2, err := NewCore(&CoreConfig{
|
||||||
Physical: inm,
|
Physical: inm,
|
||||||
AdvertiseAddr: "bar",
|
AdvertiseAddr: advertiseOriginal2,
|
||||||
DisableMlock: true,
|
DisableMlock: true,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1135,7 +1149,7 @@ func TestCore_Standby(t *testing.T) {
|
||||||
if isLeader {
|
if isLeader {
|
||||||
t.Fatalf("should not be leader")
|
t.Fatalf("should not be leader")
|
||||||
}
|
}
|
||||||
if advertise != "foo" {
|
if advertise != advertiseOriginal {
|
||||||
t.Fatalf("Bad advertise: %v", advertise)
|
t.Fatalf("Bad advertise: %v", advertise)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1193,7 +1207,7 @@ func TestCore_Standby(t *testing.T) {
|
||||||
if !isLeader {
|
if !isLeader {
|
||||||
t.Fatalf("should be leader")
|
t.Fatalf("should be leader")
|
||||||
}
|
}
|
||||||
if advertise != "bar" {
|
if advertise != advertiseOriginal2 {
|
||||||
t.Fatalf("Bad advertise: %v", advertise)
|
t.Fatalf("Bad advertise: %v", advertise)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue