Add namespace in error (#12061)

* hghaf099-VAULT-1303-Adding namespace in error when it is set * casting ResponseWriter in handleMonitor to logical.NamespaceResponseWriter * Casting ResponseWriter conditionally for http.Flusher Adding changelog * Improving changlog message
2021-07-14 15:55:55 -04:00 · 2021-07-14 15:55:55 -04:00 · f7635ec1b8
parent 07e00882b8
commit f7635ec1b8
5 changed files with 38 additions and 5 deletions
--- a/api/response.go
+++ b/api/response.go
@ -41,12 +41,14 @@ func (r *Response) Error() error {
 	r.Body.Close()
 	r.Body = ioutil.NopCloser(bodyBuf)
 	ns := r.Header.Get("X-Vault-Namespace")
 	// Build up the error object
 	respErr := &ResponseError{
 		HTTPMethod:    r.Request.Method,
 		URL:           r.Request.URL.String(),
 		StatusCode:    r.StatusCode,
 		NamespacePath: ns,
 	}
 	// Decode the error response if we can. Note that we wrap the bodyBuf
@ -92,6 +94,10 @@ type ResponseError struct {
 	// Errors are the underlying errors returned by Vault.
 	Errors []string
 	// Namespace path to be reported to the client if it is set to anything other
 	// than root
 	NamespacePath string
 }
 // Error returns a human-readable error string for the response error.
@ -101,9 +107,15 @@ func (r *ResponseError) Error() string {
 		errString = "Raw Message"
 	}
 	ns := r.NamespacePath
 	if ns != "" && ns != "root" {
 		ns = "Namespace: " + ns + "\n"
 	}
 	var errBody bytes.Buffer
 	errBody.WriteString(fmt.Sprintf(
 		"Error making API request.\n\n"+
 			ns+
 			"URL: %s %s\n"+
 			"Code: %d. %s:\n\n",
 		r.HTTPMethod, r.URL, r.StatusCode, errString))
--- a/changelog/12061.txt
+++ b/changelog/12061.txt
@ -0,0 +1,3 @@
 ```release-note:bug
 core (enterprise): namespace header included in responses, Go client uses it when displaying error messages
 ```
--- a/http/handler.go
+++ b/http/handler.go
@ -350,7 +350,10 @@ func wrapGenericHandler(core *vault.Core, h http.Handler, props *vault.HandlerPr
 			return
 		}
-		h.ServeHTTP(w, r)
+		h.ServeHTTP(&logical.NamespaceResponseWriter{
 			ResponseWriter: w,
 			NamespacePath:  r.Header.Get("X-Vault-Namespace"),
 		}, r)
 		cancelFunc()
 		return
--- a/sdk/logical/response_util.go
+++ b/sdk/logical/response_util.go
@ -155,7 +155,17 @@ func AdjustErrorStatusCode(status *int, err error) {
 	}
 }
 type NamespaceResponseWriter struct {
 	http.ResponseWriter
 	NamespacePath string
 }
 func RespondError(w http.ResponseWriter, status int, err error) {
 	nw, ok := w.(*NamespaceResponseWriter)
 	if ok && nw.NamespacePath != "" && nw.NamespacePath != "root" {
 		nw.Header().Set("X-Vault-Namespace", nw.NamespacePath)
 	}
 	AdjustErrorStatusCode(&status, err)
 	w.Header().Set("Content-Type", "application/json")
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -2924,9 +2924,14 @@ func (b *SystemBackend) handleMonitor(ctx context.Context, req *logical.Request,
 	}
 	flusher, ok := w.ResponseWriter.(http.Flusher)
 	if !ok {
 		// Casting the logical.ResponseWriter and try http.Flusher again
 		nw := w.ResponseWriter.(*logical.NamespaceResponseWriter)
 		flusher, ok = nw.ResponseWriter.(http.Flusher)
 		if !ok {
 			return logical.ErrorResponse("streaming not supported"), nil
 		}
 	}
 	isJson := b.Core.LogFormat() == "json"
 	logger := b.Core.Logger().(log.InterceptLogger)