Use WriteWithContext in auth helpers (#14775)

This commit is contained in:
Anton Averchenkov 2022-04-06 11:20:34 -04:00 committed by GitHub
parent 78a9a50cc9
commit c74feaa6ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 43 additions and 12 deletions

View File

@ -100,6 +100,10 @@ func NewAppRoleAuth(roleID string, secretID *SecretID, opts ...LoginOption) (*Ap
} }
func (a *AppRoleAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *AppRoleAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
loginData := map[string]interface{}{ loginData := map[string]interface{}{
"role_id": a.roleID, "role_id": a.roleID,
} }
@ -125,7 +129,7 @@ func (a *AppRoleAuth) Login(ctx context.Context, client *api.Client) (*api.Secre
// if the caller indicated that the value was actually a wrapping token, unwrap it first // if the caller indicated that the value was actually a wrapping token, unwrap it first
if a.unwrap { if a.unwrap {
unwrappedToken, err := client.Logical().Unwrap(secretIDValue) unwrappedToken, err := client.Logical().UnwrapWithContext(ctx, secretIDValue)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to unwrap response wrapping token: %w", err) return nil, fmt.Errorf("unable to unwrap response wrapping token: %w", err)
} }
@ -135,7 +139,7 @@ func (a *AppRoleAuth) Login(ctx context.Context, client *api.Client) (*api.Secre
} }
path := fmt.Sprintf("auth/%s/login", a.mountPath) path := fmt.Sprintf("auth/%s/login", a.mountPath)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with app role auth: %w", err) return nil, fmt.Errorf("unable to log in with app role auth: %w", err)
} }

View File

@ -84,6 +84,10 @@ func NewAWSAuth(opts ...LoginOption) (*AWSAuth, error) {
// variables. To specify a path to a credentials file on disk instead, set // variables. To specify a path to a credentials file on disk instead, set
// the environment variable AWS_SHARED_CREDENTIALS_FILE. // the environment variable AWS_SHARED_CREDENTIALS_FILE.
func (a *AWSAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *AWSAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
loginData := make(map[string]interface{}) loginData := make(map[string]interface{})
switch a.authType { switch a.authType {
case ec2Type: case ec2Type:
@ -182,7 +186,7 @@ func (a *AWSAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, e
} }
path := fmt.Sprintf("auth/%s/login", a.mountPath) path := fmt.Sprintf("auth/%s/login", a.mountPath)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with AWS auth: %w", err) return nil, fmt.Errorf("unable to log in with AWS auth: %w", err)
} }

View File

@ -90,6 +90,10 @@ func NewAzureAuth(roleName string, opts ...LoginOption) (*AzureAuth, error) {
// Login sets up the required request body for the Azure auth method's /login // Login sets up the required request body for the Azure auth method's /login
// endpoint, and performs a write to it. // endpoint, and performs a write to it.
func (a *AzureAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *AzureAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
jwtResp, err := a.getJWT() jwtResp, err := a.getJWT()
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to get access token: %w", err) return nil, fmt.Errorf("unable to get access token: %w", err)
@ -110,7 +114,7 @@ func (a *AzureAuth) Login(ctx context.Context, client *api.Client) (*api.Secret,
} }
path := fmt.Sprintf("auth/%s/login", a.mountPath) path := fmt.Sprintf("auth/%s/login", a.mountPath)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with Azure auth: %w", err) return nil, fmt.Errorf("unable to log in with Azure auth: %w", err)
} }

View File

@ -67,6 +67,10 @@ func NewGCPAuth(roleName string, opts ...LoginOption) (*GCPAuth, error) {
// endpoint, and performs a write to it. This method defaults to the "gce" // endpoint, and performs a write to it. This method defaults to the "gce"
// auth type unless NewGCPAuth is called with WithIAMAuth(). // auth type unless NewGCPAuth is called with WithIAMAuth().
func (a *GCPAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *GCPAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
loginData := map[string]interface{}{ loginData := map[string]interface{}{
"role": a.roleName, "role": a.roleName,
} }
@ -86,7 +90,7 @@ func (a *GCPAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, e
} }
path := fmt.Sprintf("auth/%s/login", a.mountPath) path := fmt.Sprintf("auth/%s/login", a.mountPath)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with GCP auth: %w", err) return nil, fmt.Errorf("unable to log in with GCP auth: %w", err)
} }

View File

@ -68,13 +68,17 @@ func NewKubernetesAuth(roleName string, opts ...LoginOption) (*KubernetesAuth, e
} }
func (a *KubernetesAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *KubernetesAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
loginData := map[string]interface{}{ loginData := map[string]interface{}{
"jwt": a.serviceAccountToken, "jwt": a.serviceAccountToken,
"role": a.roleName, "role": a.roleName,
} }
path := fmt.Sprintf("auth/%s/login", a.mountPath) path := fmt.Sprintf("auth/%s/login", a.mountPath)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with Kubernetes auth: %w", err) return nil, fmt.Errorf("unable to log in with Kubernetes auth: %w", err)
} }

View File

@ -84,6 +84,10 @@ func NewLDAPAuth(username string, password *Password, opts ...LoginOption) (*LDA
} }
func (a *LDAPAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *LDAPAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
loginData := make(map[string]interface{}) loginData := make(map[string]interface{})
if a.passwordFile != "" { if a.passwordFile != "" {
@ -103,7 +107,7 @@ func (a *LDAPAuth) Login(ctx context.Context, client *api.Client) (*api.Secret,
} }
path := fmt.Sprintf("auth/%s/login/%s", a.mountPath, a.username) path := fmt.Sprintf("auth/%s/login/%s", a.mountPath, a.username)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with LDAP auth: %w", err) return nil, fmt.Errorf("unable to log in with LDAP auth: %w", err)
} }

View File

@ -88,6 +88,10 @@ func NewUserpassAuth(username string, password *Password, opts ...LoginOption) (
} }
func (a *UserpassAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) { func (a *UserpassAuth) Login(ctx context.Context, client *api.Client) (*api.Secret, error) {
if ctx == nil {
ctx = context.Background()
}
loginData := make(map[string]interface{}) loginData := make(map[string]interface{})
if a.passwordFile != "" { if a.passwordFile != "" {
@ -107,7 +111,7 @@ func (a *UserpassAuth) Login(ctx context.Context, client *api.Client) (*api.Secr
} }
path := fmt.Sprintf("auth/%s/login/%s", a.mountPath, a.username) path := fmt.Sprintf("auth/%s/login/%s", a.mountPath, a.username)
resp, err := client.Logical().Write(path, loginData) resp, err := client.Logical().WriteWithContext(ctx, path, loginData)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to log in with userpass auth: %w", err) return nil, fmt.Errorf("unable to log in with userpass auth: %w", err)
} }

3
changelog/14775.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
api: Use the context passed to the api/auth Login helpers.
```

View File

@ -138,7 +138,7 @@ func (a *approleMethod) Authenticate(ctx context.Context, client *api.Client) (s
} }
clonedClient.SetToken(stringSecretID) clonedClient.SetToken(stringSecretID)
// Validate the creation path // Validate the creation path
resp, err := clonedClient.Logical().Read("sys/wrapping/lookup") resp, err := clonedClient.Logical().ReadWithContext(ctx, "sys/wrapping/lookup")
if err != nil { if err != nil {
return "", nil, nil, fmt.Errorf("error looking up wrapped secret ID: %w", err) return "", nil, nil, fmt.Errorf("error looking up wrapped secret ID: %w", err)
} }
@ -161,7 +161,7 @@ func (a *approleMethod) Authenticate(ctx context.Context, client *api.Client) (s
return "", nil, nil, errors.New("unable to validate wrapping token creation path") return "", nil, nil, errors.New("unable to validate wrapping token creation path")
} }
// Now get the secret ID // Now get the secret ID
resp, err = clonedClient.Logical().Unwrap("") resp, err = clonedClient.Logical().UnwrapWithContext(ctx, "")
if err != nil { if err != nil {
return "", nil, nil, fmt.Errorf("error unwrapping secret ID: %w", err) return "", nil, nil, fmt.Errorf("error unwrapping secret ID: %w", err)
} }

View File

@ -172,7 +172,7 @@ func (ah *AuthHandler) Run(ctx context.Context, am AuthMethod) error {
ah.logger.Debug("lookup-self with preloaded token") ah.logger.Debug("lookup-self with preloaded token")
clientToUse.SetToken(ah.token) clientToUse.SetToken(ah.token)
secret, err = clientToUse.Logical().Read("auth/token/lookup-self") secret, err = clientToUse.Auth().Token().LookupSelfWithContext(ctx)
if err != nil { if err != nil {
ah.logger.Error("could not look up token", "err", err, "backoff", backoff) ah.logger.Error("could not look up token", "err", err, "backoff", backoff)
backoffOrQuit(ctx, backoff) backoffOrQuit(ctx, backoff)
@ -220,7 +220,7 @@ func (ah *AuthHandler) Run(ctx context.Context, am AuthMethod) error {
// This should only happen if there's no preloaded token (regular auto-auth login) // This should only happen if there's no preloaded token (regular auto-auth login)
// or if a preloaded token has expired and is now switching to auto-auth. // or if a preloaded token has expired and is now switching to auto-auth.
if secret.Auth == nil { if secret.Auth == nil {
secret, err = clientToUse.Logical().Write(path, data) secret, err = clientToUse.Logical().WriteWithContext(ctx, path, data)
// Check errors/sanity // Check errors/sanity
if err != nil { if err != nil {
ah.logger.Error("error authenticating", "error", err, "backoff", backoff) ah.logger.Error("error authenticating", "error", err, "backoff", backoff)