Add namespace in error (#12061)

* hghaf099-VAULT-1303-Adding namespace in error when it is set * casting ResponseWriter in handleMonitor to logical.NamespaceResponseWriter * Casting ResponseWriter conditionally for http.Flusher Adding changelog * Improving changlog message
2021-07-14 15:55:55 -04:00 · 2021-07-14 15:55:55 -04:00 · f7635ec1b8
parent 07e00882b8
commit f7635ec1b8
5 changed files with 38 additions and 5 deletions
--- a/api/response.go
+++ b/api/response.go
@ -41,12 +41,14 @@ func (r *Response) Error() error {

 	r.Body.Close()
 	r.Body = ioutil.NopCloser(bodyBuf)
+	ns := r.Header.Get("X-Vault-Namespace")

 	// Build up the error object
 	respErr := &ResponseError{
-		HTTPMethod: r.Request.Method,
-		URL:        r.Request.URL.String(),
-		StatusCode: r.StatusCode,
+		HTTPMethod:    r.Request.Method,
+		URL:           r.Request.URL.String(),
+		StatusCode:    r.StatusCode,
+		NamespacePath: ns,
 	}

 	// Decode the error response if we can. Note that we wrap the bodyBuf
@ -92,6 +94,10 @@ type ResponseError struct {

 	// Errors are the underlying errors returned by Vault.
 	Errors []string
+
+	// Namespace path to be reported to the client if it is set to anything other
+	// than root
+	NamespacePath string
 }

 // Error returns a human-readable error string for the response error.
@ -101,9 +107,15 @@ func (r *ResponseError) Error() string {
 		errString = "Raw Message"
 	}

+	ns := r.NamespacePath
+	if ns != "" && ns != "root" {
+		ns = "Namespace: " + ns + "\n"
+	}
+
 	var errBody bytes.Buffer
 	errBody.WriteString(fmt.Sprintf(
 		"Error making API request.\n\n"+
+			ns+
 			"URL: %s %s\n"+
 			"Code: %d. %s:\n\n",
 		r.HTTPMethod, r.URL, r.StatusCode, errString))
--- a/changelog/12061.txt
+++ b/changelog/12061.txt
@ -0,0 +1,3 @@
+```release-note:bug
+core (enterprise): namespace header included in responses, Go client uses it when displaying error messages
+```
--- a/http/handler.go
+++ b/http/handler.go
@ -350,7 +350,10 @@ func wrapGenericHandler(core *vault.Core, h http.Handler, props *vault.HandlerPr
 			return
 		}

-		h.ServeHTTP(w, r)
+		h.ServeHTTP(&logical.NamespaceResponseWriter{
+			ResponseWriter: w,
+			NamespacePath:  r.Header.Get("X-Vault-Namespace"),
+		}, r)

 		cancelFunc()
 		return
--- a/sdk/logical/response_util.go
+++ b/sdk/logical/response_util.go
@ -155,7 +155,17 @@ func AdjustErrorStatusCode(status *int, err error) {
 	}
 }

+type NamespaceResponseWriter struct {
+	http.ResponseWriter
+	NamespacePath string
+}
+
 func RespondError(w http.ResponseWriter, status int, err error) {
+	nw, ok := w.(*NamespaceResponseWriter)
+	if ok && nw.NamespacePath != "" && nw.NamespacePath != "root" {
+		nw.Header().Set("X-Vault-Namespace", nw.NamespacePath)
+	}
+
 	AdjustErrorStatusCode(&status, err)

 	w.Header().Set("Content-Type", "application/json")
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -2925,7 +2925,12 @@ func (b *SystemBackend) handleMonitor(ctx context.Context, req *logical.Request,

 	flusher, ok := w.ResponseWriter.(http.Flusher)
 	if !ok {
-		return logical.ErrorResponse("streaming not supported"), nil
+		// Casting the logical.ResponseWriter and try http.Flusher again
+		nw := w.ResponseWriter.(*logical.NamespaceResponseWriter)
+		flusher, ok = nw.ResponseWriter.(http.Flusher)
+		if !ok {
+			return logical.ErrorResponse("streaming not supported"), nil
+		}
 	}

 	isJson := b.Core.LogFormat() == "json"