From 561da9624db046576d1a7deeea9ea742917d3cba Mon Sep 17 00:00:00 2001 From: peteski22 Date: Wed, 28 Sep 2022 20:06:03 +0100 Subject: [PATCH 01/10] Added flag and env var which will disable client redirection --- api/client.go | 80 ++++++++++++++++--------- api/client_test.go | 44 ++++++++++++++ command/base.go | 36 +++++++---- command/commands.go | 2 + website/content/docs/commands/index.mdx | 9 +++ 5 files changed, 130 insertions(+), 41 deletions(-) diff --git a/api/client.go b/api/client.go index 7c17981059fb..c6843348e58e 100644 --- a/api/client.go +++ b/api/client.go @@ -33,29 +33,30 @@ import ( ) const ( - EnvVaultAddress = "VAULT_ADDR" - EnvVaultAgentAddr = "VAULT_AGENT_ADDR" - EnvVaultCACert = "VAULT_CACERT" - EnvVaultCACertBytes = "VAULT_CACERT_BYTES" - EnvVaultCAPath = "VAULT_CAPATH" - EnvVaultClientCert = "VAULT_CLIENT_CERT" - EnvVaultClientKey = "VAULT_CLIENT_KEY" - EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT" - EnvVaultSRVLookup = "VAULT_SRV_LOOKUP" - EnvVaultSkipVerify = "VAULT_SKIP_VERIFY" - EnvVaultNamespace = "VAULT_NAMESPACE" - EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME" - EnvVaultWrapTTL = "VAULT_WRAP_TTL" - EnvVaultMaxRetries = "VAULT_MAX_RETRIES" - EnvVaultToken = "VAULT_TOKEN" - EnvVaultMFA = "VAULT_MFA" - EnvRateLimit = "VAULT_RATE_LIMIT" - EnvHTTPProxy = "VAULT_HTTP_PROXY" - EnvVaultProxyAddr = "VAULT_PROXY_ADDR" - HeaderIndex = "X-Vault-Index" - HeaderForward = "X-Vault-Forward" - HeaderInconsistent = "X-Vault-Inconsistent" - TLSErrorString = "This error usually means that the server is running with TLS disabled\n" + + EnvVaultAddress = "VAULT_ADDR" + EnvVaultAgentAddr = "VAULT_AGENT_ADDR" + EnvVaultCACert = "VAULT_CACERT" + EnvVaultCACertBytes = "VAULT_CACERT_BYTES" + EnvVaultCAPath = "VAULT_CAPATH" + EnvVaultClientCert = "VAULT_CLIENT_CERT" + EnvVaultClientKey = "VAULT_CLIENT_KEY" + EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT" + EnvVaultSRVLookup = "VAULT_SRV_LOOKUP" + EnvVaultSkipVerify = "VAULT_SKIP_VERIFY" + EnvVaultNamespace = "VAULT_NAMESPACE" + EnvVaultTLSServerName = "VAULT_TLS_SERVER_NAME" + EnvVaultWrapTTL = "VAULT_WRAP_TTL" + EnvVaultMaxRetries = "VAULT_MAX_RETRIES" + EnvVaultToken = "VAULT_TOKEN" + EnvVaultMFA = "VAULT_MFA" + EnvRateLimit = "VAULT_RATE_LIMIT" + EnvHTTPProxy = "VAULT_HTTP_PROXY" + EnvVaultProxyAddr = "VAULT_PROXY_ADDR" + EnvVaultDisableRedirects = "VAULT_DISABLE_REDIRECTS" + HeaderIndex = "X-Vault-Index" + HeaderForward = "X-Vault-Forward" + HeaderInconsistent = "X-Vault-Inconsistent" + TLSErrorString = "This error usually means that the server is running with TLS disabled\n" + "but the client is configured to use TLS. Please either enable TLS\n" + "on the server or run the client with -address set to an address\n" + "that uses the http protocol:\n\n" + @@ -176,6 +177,16 @@ type Config struct { // since there will be a performance penalty paid upon each request. // This feature requires Enterprise server-side. ReadYourWrites bool + + // DisableRedirects when set to true, will prevent the client from + // automatically following a (single) redirect response to its initial + // request. This behavior may be desirable if using Vault CLI on the server + // side. + // + // Note: Disabling redirect following behavior could cause issues with + // commands such as 'vault operator raft snapshot' as this redirects to the + // primary node. + DisableRedirects bool } // TLSConfig contains the parameters needed to configure TLS on the HTTP client @@ -340,6 +351,7 @@ func (c *Config) ReadEnvironment() error { var envSRVLookup bool var limit *rate.Limiter var envVaultProxy string + var envVaultDisableRedirects bool // Parse the environment variables if v := os.Getenv(EnvVaultAddress); v != "" { @@ -388,7 +400,7 @@ func (c *Config) ReadEnvironment() error { var err error envInsecure, err = strconv.ParseBool(v) if err != nil { - return fmt.Errorf("could not parse VAULT_SKIP_VERIFY") + return fmt.Errorf("could not parse %s", EnvVaultSkipVerify) } } if v := os.Getenv(EnvVaultSRVLookup); v != "" { @@ -412,6 +424,16 @@ func (c *Config) ReadEnvironment() error { envVaultProxy = v } + if v := os.Getenv(EnvVaultDisableRedirects); v != "" { + var err error + envVaultDisableRedirects, err = strconv.ParseBool(v) + if err != nil { + return fmt.Errorf("could not parse %s", EnvVaultDisableRedirects) + } + + c.DisableRedirects = envVaultDisableRedirects + } + // Configure the HTTP clients TLS configuration. t := &TLSConfig{ CACert: envCACert, @@ -1270,6 +1292,7 @@ func (c *Client) rawRequestWithContext(ctx context.Context, r *Request) (*Respon outputCurlString := c.config.OutputCurlString outputPolicy := c.config.OutputPolicy logger := c.config.Logger + disableRedirects := c.config.DisableRedirects c.config.modifyLock.RUnlock() c.modifyLock.RUnlock() @@ -1363,8 +1386,8 @@ START: return result, err } - // Check for a redirect, only allowing for a single redirect - if (resp.StatusCode == 301 || resp.StatusCode == 302 || resp.StatusCode == 307) && redirectCount == 0 { + // Check for a redirect, only allowing for a single redirect (if redirects aren't disabled) + if (resp.StatusCode == 301 || resp.StatusCode == 302 || resp.StatusCode == 307) && redirectCount == 0 && !disableRedirects { // Parse the updated location respLoc, err := resp.Location() if err != nil { @@ -1423,6 +1446,7 @@ func (c *Client) httpRequestWithContext(ctx context.Context, r *Request) (*Respo httpClient := c.config.HttpClient outputCurlString := c.config.OutputCurlString outputPolicy := c.config.OutputPolicy + disableRedirects := c.config.DisableRedirects // add headers if c.headers != nil { @@ -1495,8 +1519,8 @@ func (c *Client) httpRequestWithContext(ctx context.Context, r *Request) (*Respo return result, err } - // Check for a redirect, only allowing for a single redirect - if resp.StatusCode == 301 || resp.StatusCode == 302 || resp.StatusCode == 307 { + // Check for a redirect, only allowing for a single redirect, if redirects aren't disabled + if (resp.StatusCode == 301 || resp.StatusCode == 302 || resp.StatusCode == 307) && !disableRedirects { // Parse the updated location respLoc, err := resp.Location() if err != nil { diff --git a/api/client_test.go b/api/client_test.go index 2305d42fe787..a5c3150a5496 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -209,6 +209,44 @@ func TestClientBadToken(t *testing.T) { } } +func TestClientRedirectWhenDisabled(t *testing.T) { + tests := map[string]struct { + statusCode int + }{ + "Moved permanently": {statusCode: 301}, + "Found": {statusCode: 302}, + "Temporary Redirect": {statusCode: 307}, + } + + for name, tc := range tests { + func() { + respFunc := func(w http.ResponseWriter, req *http.Request) { + w.Header().Set("Location", DefaultConfig().Address) + w.WriteHeader(tc.statusCode) + } + + config, ln := testHTTPServer(t, http.HandlerFunc(respFunc)) + config.DisableRedirects = true + defer ln.Close() + + client, err := NewClient(config) + if err != nil { + t.Fatalf("err: %s", err) + } + + req := client.NewRequest("GET", "/") + resp, err := client.rawRequestWithContext(context.Background(), req) + if err != nil { + t.Fatalf("err: %s", err) + } + + if resp.StatusCode != tc.statusCode { + t.Errorf("Expected %s and status code %v got %v", name, tc.statusCode, resp.StatusCode) + } + }() + } +} + func TestClientRedirect(t *testing.T) { primary := func(w http.ResponseWriter, req *http.Request) { w.Write([]byte("test")) @@ -320,6 +358,7 @@ func TestClientEnvSettings(t *testing.T) { oldClientKey := os.Getenv(EnvVaultClientKey) oldSkipVerify := os.Getenv(EnvVaultSkipVerify) oldMaxRetries := os.Getenv(EnvVaultMaxRetries) + oldDisableRedirects := os.Getenv(EnvVaultDisableRedirects) os.Setenv(EnvVaultCACert, cwd+"/test-fixtures/keys/cert.pem") os.Setenv(EnvVaultCACertBytes, string(caCertBytes)) @@ -328,6 +367,7 @@ func TestClientEnvSettings(t *testing.T) { os.Setenv(EnvVaultClientKey, cwd+"/test-fixtures/keys/key.pem") os.Setenv(EnvVaultSkipVerify, "true") os.Setenv(EnvVaultMaxRetries, "5") + os.Setenv(EnvVaultDisableRedirects, "true") defer func() { os.Setenv(EnvVaultCACert, oldCACert) @@ -337,6 +377,7 @@ func TestClientEnvSettings(t *testing.T) { os.Setenv(EnvVaultClientKey, oldClientKey) os.Setenv(EnvVaultSkipVerify, oldSkipVerify) os.Setenv(EnvVaultMaxRetries, oldMaxRetries) + os.Setenv(EnvVaultDisableRedirects, oldDisableRedirects) }() config := DefaultConfig() @@ -354,6 +395,9 @@ func TestClientEnvSettings(t *testing.T) { if tlsConfig.InsecureSkipVerify != true { t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify) } + if config.DisableRedirects != true { + t.Fatalf("bad: expected disable redirects to be true: %v", config.DisableRedirects) + } } func TestClientDeprecatedEnvSettings(t *testing.T) { diff --git a/command/base.go b/command/base.go index c4dd042b12b7..3aa5bb749d75 100644 --- a/command/base.go +++ b/command/base.go @@ -40,19 +40,20 @@ type BaseCommand struct { flags *FlagSets flagsOnce sync.Once - flagAddress string - flagAgentAddress string - flagCACert string - flagCAPath string - flagClientCert string - flagClientKey string - flagNamespace string - flagNS string - flagPolicyOverride bool - flagTLSServerName string - flagTLSSkipVerify bool - flagWrapTTL time.Duration - flagUnlockKey string + flagAddress string + flagAgentAddress string + flagCACert string + flagCAPath string + flagClientCert string + flagClientKey string + flagNamespace string + flagNS string + flagPolicyOverride bool + flagTLSServerName string + flagTLSSkipVerify bool + flagDisableRedirects bool + flagWrapTTL time.Duration + flagUnlockKey string flagFormat string flagField string @@ -427,6 +428,15 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets { "transmissions to and from the Vault server.", }) + f.BoolVar(&BoolVar{ + Name: flagNameDisableRedirects, + Target: &c.flagDisableRedirects, + Default: false, + EnvVar: api.EnvVaultDisableRedirects, + Usage: "Disable the default client behavior, which honors a single " + + "redirect response from a request", + }) + f.BoolVar(&BoolVar{ Name: "policy-override", Target: &c.flagPolicyOverride, diff --git a/command/commands.go b/command/commands.go index d4ce6b6ca38b..82b4919e05b9 100644 --- a/command/commands.go +++ b/command/commands.go @@ -126,6 +126,8 @@ const ( flagNameAllowedManagedKeys = "allowed-managed-keys" // flagNamePluginVersion selects what version of a plugin should be used. flagNamePluginVersion = "plugin-version" + // flagNameDisableRedirects is used to prevent the client from honoring a single redirect as a response to a request + flagNameDisableRedirects = "disable-redirects" ) var ( diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index e476a687699d..692244474acd 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -419,6 +419,15 @@ All requests will resolve the specified proxy; there is no way to exclude ~> Note: If both `VAULT_HTTP_PROXY` and `VAULT_PROXY_ADDR` environment variables are supplied, `VAULT_PROXY_ADDR` will be prioritized and preferred. +### `VAULT_DISABLE_REDIRECTS` + +Disables the default client behavior, which honors a single redirect response from a request. + +Disables the default behavior of the Vault client, Prevent the Vault client from +Do not verify Vault's presented certificate before communicating with it. +Setting this variable is not recommended and voids Vault's [security +model](/docs/internals/security). + ## Flags There are different CLI flags that are available depending on subcommands. Some From 60c62168ef9c6afa489433a3072f3eccca9ff10b Mon Sep 17 00:00:00 2001 From: peteski22 Date: Wed, 28 Sep 2022 20:09:55 +0100 Subject: [PATCH 02/10] Added changelog --- changelog/17352.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/17352.txt diff --git a/changelog/17352.txt b/changelog/17352.txt new file mode 100644 index 000000000000..6ef23143e9df --- /dev/null +++ b/changelog/17352.txt @@ -0,0 +1,3 @@ +```release-note:improvement +api: Support VAULT_DISABLE_REDIRECTS environment variable (and ==disable-redirects flag) to disable default client behavior and prevent the client following any redirection responses. +``` \ No newline at end of file From 2935d1786a03ed1b60500ced09fcabaa0fd25944 Mon Sep 17 00:00:00 2001 From: peteski22 Date: Wed, 28 Sep 2022 21:20:31 +0100 Subject: [PATCH 03/10] Typo in changelog --- changelog/17352.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/17352.txt b/changelog/17352.txt index 6ef23143e9df..a5b5ca5ea497 100644 --- a/changelog/17352.txt +++ b/changelog/17352.txt @@ -1,3 +1,3 @@ ```release-note:improvement -api: Support VAULT_DISABLE_REDIRECTS environment variable (and ==disable-redirects flag) to disable default client behavior and prevent the client following any redirection responses. +api: Support VAULT_DISABLE_REDIRECTS environment variable (and --disable-redirects flag) to disable default client behavior and prevent the client following any redirection responses. ``` \ No newline at end of file From 7ad54a159e4278426dee8077f4e2600f97e47110 Mon Sep 17 00:00:00 2001 From: peteski22 Date: Thu, 29 Sep 2022 08:10:30 +0100 Subject: [PATCH 04/10] Docs fix for unsaved file, and test single request made --- api/client_test.go | 8 +++++++- website/content/docs/commands/index.mdx | 8 +++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/api/client_test.go b/api/client_test.go index a5c3150a5496..2f20b74c0e79 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -220,7 +220,9 @@ func TestClientRedirectWhenDisabled(t *testing.T) { for name, tc := range tests { func() { + numReqs := 0 respFunc := func(w http.ResponseWriter, req *http.Request) { + numReqs++ w.Header().Set("Location", DefaultConfig().Address) w.WriteHeader(tc.statusCode) } @@ -240,8 +242,12 @@ func TestClientRedirectWhenDisabled(t *testing.T) { t.Fatalf("err: %s", err) } + if numReqs != 1 { + t.Fatalf("expected a single request but got %v", numReqs) + } + if resp.StatusCode != tc.statusCode { - t.Errorf("Expected %s and status code %v got %v", name, tc.statusCode, resp.StatusCode) + t.Fatalf("Expected %s and status code %v got %v", name, tc.statusCode, resp.StatusCode) } }() } diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index 692244474acd..4a5b99432e16 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -421,12 +421,10 @@ variables are supplied, `VAULT_PROXY_ADDR` will be prioritized and preferred. ### `VAULT_DISABLE_REDIRECTS` -Disables the default client behavior, which honors a single redirect response from a request. +Disables the default client behavior, and prevents the client from automatically following a single redirect receieved in response to a client issued request. +This behavior may be desirable if using Vault CLI on the server side. -Disables the default behavior of the Vault client, Prevent the Vault client from -Do not verify Vault's presented certificate before communicating with it. -Setting this variable is not recommended and voids Vault's [security -model](/docs/internals/security). +~> Note: Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this redirects to the primary node. ## Flags From 3c2f85205cb462b8a605f60e6e4078fe9a3b2c54 Mon Sep 17 00:00:00 2001 From: peteski22 Date: Thu, 29 Sep 2022 16:41:24 +0100 Subject: [PATCH 05/10] Updated test for case when redirect is enabled, updated docs based on suggestions --- api/client_test.go | 24 ++++++++++++++++-------- website/content/docs/commands/index.mdx | 5 ++--- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/api/client_test.go b/api/client_test.go index 2f20b74c0e79..a58761bb5d6a 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -209,26 +209,34 @@ func TestClientBadToken(t *testing.T) { } } -func TestClientRedirectWhenDisabled(t *testing.T) { +func TestClientDisableRedirects(t *testing.T) { tests := map[string]struct { - statusCode int + statusCode int + expectedNumReqs int + disableRedirects bool }{ - "Moved permanently": {statusCode: 301}, - "Found": {statusCode: 302}, - "Temporary Redirect": {statusCode: 307}, + "Disabled redirects: Moved permanently": {statusCode: 301, expectedNumReqs: 1, disableRedirects: true}, + "Disabled redirects: Redirect On: Found": {statusCode: 302, expectedNumReqs: 1, disableRedirects: true}, + "Disabled redirects: Redirect On: Temporary Redirect": {statusCode: 307, expectedNumReqs: 1, disableRedirects: true}, + "Enable redirects: Moved permanently": {statusCode: 301, expectedNumReqs: 2, disableRedirects: false}, } for name, tc := range tests { func() { numReqs := 0 + var config *Config + respFunc := func(w http.ResponseWriter, req *http.Request) { + // Track how many requests the server has handled numReqs++ - w.Header().Set("Location", DefaultConfig().Address) + // Send back the relevant status code + // we will get the address after the server is created + w.Header().Set("Location", config.Address) w.WriteHeader(tc.statusCode) } config, ln := testHTTPServer(t, http.HandlerFunc(respFunc)) - config.DisableRedirects = true + config.DisableRedirects = tc.disableRedirects defer ln.Close() client, err := NewClient(config) @@ -242,7 +250,7 @@ func TestClientRedirectWhenDisabled(t *testing.T) { t.Fatalf("err: %s", err) } - if numReqs != 1 { + if numReqs != tc.expectedNumReqs { t.Fatalf("expected a single request but got %v", numReqs) } diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index 4a5b99432e16..81c5984e272f 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -421,10 +421,9 @@ variables are supplied, `VAULT_PROXY_ADDR` will be prioritized and preferred. ### `VAULT_DISABLE_REDIRECTS` -Disables the default client behavior, and prevents the client from automatically following a single redirect receieved in response to a client issued request. -This behavior may be desirable if using Vault CLI on the server side. +Prevents the Vault client from following redirects. By default, Vault client will automatically follow a single redirect. -~> Note: Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this redirects to the primary node. +~> Note: Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this command redirects the request to the cluster's primary node. ## Flags From 70bdccda07542d7fee1b48487a1a45665bd2715a Mon Sep 17 00:00:00 2001 From: peteski22 Date: Thu, 29 Sep 2022 16:58:38 +0100 Subject: [PATCH 06/10] Adjusted sub tests to use t.Run --- api/client_test.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/api/client_test.go b/api/client_test.go index a58761bb5d6a..83f0698b0283 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -215,14 +215,14 @@ func TestClientDisableRedirects(t *testing.T) { expectedNumReqs int disableRedirects bool }{ - "Disabled redirects: Moved permanently": {statusCode: 301, expectedNumReqs: 1, disableRedirects: true}, - "Disabled redirects: Redirect On: Found": {statusCode: 302, expectedNumReqs: 1, disableRedirects: true}, - "Disabled redirects: Redirect On: Temporary Redirect": {statusCode: 307, expectedNumReqs: 1, disableRedirects: true}, - "Enable redirects: Moved permanently": {statusCode: 301, expectedNumReqs: 2, disableRedirects: false}, + "Disabled redirects: Moved permanently": {statusCode: 301, expectedNumReqs: 1, disableRedirects: true}, + "Disabled redirects: Found": {statusCode: 302, expectedNumReqs: 1, disableRedirects: true}, + "Disabled redirects: Temporary Redirect": {statusCode: 307, expectedNumReqs: 1, disableRedirects: true}, + "Enable redirects: Moved permanently": {statusCode: 301, expectedNumReqs: 2, disableRedirects: false}, } for name, tc := range tests { - func() { + t.Run(name, func(t *testing.T) { numReqs := 0 var config *Config @@ -241,23 +241,23 @@ func TestClientDisableRedirects(t *testing.T) { client, err := NewClient(config) if err != nil { - t.Fatalf("err: %s", err) + t.Fatalf("%s: error %v", name, err) } req := client.NewRequest("GET", "/") resp, err := client.rawRequestWithContext(context.Background(), req) if err != nil { - t.Fatalf("err: %s", err) + t.Fatalf("%s: error %v", name, err) } if numReqs != tc.expectedNumReqs { - t.Fatalf("expected a single request but got %v", numReqs) + t.Fatalf("%s: expected %v request(s) but got %v", name, tc.expectedNumReqs, numReqs) } if resp.StatusCode != tc.statusCode { - t.Fatalf("Expected %s and status code %v got %v", name, tc.statusCode, resp.StatusCode) + t.Fatalf("%s: expected status code %v got %v", name, tc.statusCode, resp.StatusCode) } - }() + }) } } From f56b7f545b7790e2864d0879adbd391cf2faf601 Mon Sep 17 00:00:00 2001 From: peteski22 Date: Thu, 29 Sep 2022 18:06:32 +0100 Subject: [PATCH 07/10] Added checks to see if the redirect location is different from the initial request url --- api/client_test.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/api/client_test.go b/api/client_test.go index 83f0698b0283..502a21a058b2 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -231,7 +231,7 @@ func TestClientDisableRedirects(t *testing.T) { numReqs++ // Send back the relevant status code // we will get the address after the server is created - w.Header().Set("Location", config.Address) + w.Header().Set("Location", fmt.Sprintf(config.Address+"/reqs/%v", numReqs)) w.WriteHeader(tc.statusCode) } @@ -257,6 +257,14 @@ func TestClientDisableRedirects(t *testing.T) { if resp.StatusCode != tc.statusCode { t.Fatalf("%s: expected status code %v got %v", name, tc.statusCode, resp.StatusCode) } + + location, err := resp.Location() + if err != nil { + t.Fatalf("%s error %v", name, err) + } + if req.URL.String() == location.String() { + t.Fatalf("%s: expected request URL %v to be different from redirect URL %v", name, req.URL, resp.Request.URL) + } }) } } From 64438b8ec292dd77e365edc59b620d8623961ba5 Mon Sep 17 00:00:00 2001 From: peteski22 Date: Thu, 29 Sep 2022 19:11:58 +0100 Subject: [PATCH 08/10] Capture range var for tests and parallelise --- api/client_test.go | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/api/client_test.go b/api/client_test.go index 502a21a058b2..844dcadd94fb 100644 --- a/api/client_test.go +++ b/api/client_test.go @@ -222,21 +222,22 @@ func TestClientDisableRedirects(t *testing.T) { } for name, tc := range tests { + test := tc t.Run(name, func(t *testing.T) { + t.Parallel() numReqs := 0 var config *Config respFunc := func(w http.ResponseWriter, req *http.Request) { // Track how many requests the server has handled numReqs++ - // Send back the relevant status code - // we will get the address after the server is created + // Send back the relevant status code and generate a location w.Header().Set("Location", fmt.Sprintf(config.Address+"/reqs/%v", numReqs)) - w.WriteHeader(tc.statusCode) + w.WriteHeader(test.statusCode) } config, ln := testHTTPServer(t, http.HandlerFunc(respFunc)) - config.DisableRedirects = tc.disableRedirects + config.DisableRedirects = test.disableRedirects defer ln.Close() client, err := NewClient(config) @@ -250,12 +251,12 @@ func TestClientDisableRedirects(t *testing.T) { t.Fatalf("%s: error %v", name, err) } - if numReqs != tc.expectedNumReqs { - t.Fatalf("%s: expected %v request(s) but got %v", name, tc.expectedNumReqs, numReqs) + if numReqs != test.expectedNumReqs { + t.Fatalf("%s: expected %v request(s) but got %v", name, test.expectedNumReqs, numReqs) } - if resp.StatusCode != tc.statusCode { - t.Fatalf("%s: expected status code %v got %v", name, tc.statusCode, resp.StatusCode) + if resp.StatusCode != test.statusCode { + t.Fatalf("%s: expected status code %v got %v", name, test.statusCode, resp.StatusCode) } location, err := resp.Location() From 6c3a4695c3be61a699e1d93b9e2cd6c436e2b2f5 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Thu, 29 Sep 2022 20:48:03 +0100 Subject: [PATCH 09/10] Update website/content/docs/commands/index.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> --- website/content/docs/commands/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index 81c5984e272f..5100ef44b05a 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -421,7 +421,7 @@ variables are supplied, `VAULT_PROXY_ADDR` will be prioritized and preferred. ### `VAULT_DISABLE_REDIRECTS` -Prevents the Vault client from following redirects. By default, Vault client will automatically follow a single redirect. +Prevents the Vault client from following redirects. By default, the Vault client will automatically follow a single redirect. ~> Note: Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this command redirects the request to the cluster's primary node. From 2d52c155bd404223bf9bc0843a48f85ceddf4bcf Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Thu, 29 Sep 2022 20:48:13 +0100 Subject: [PATCH 10/10] Update website/content/docs/commands/index.mdx Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> --- website/content/docs/commands/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/commands/index.mdx b/website/content/docs/commands/index.mdx index 5100ef44b05a..1a5282c1345f 100644 --- a/website/content/docs/commands/index.mdx +++ b/website/content/docs/commands/index.mdx @@ -423,7 +423,7 @@ variables are supplied, `VAULT_PROXY_ADDR` will be prioritized and preferred. Prevents the Vault client from following redirects. By default, the Vault client will automatically follow a single redirect. -~> Note: Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this command redirects the request to the cluster's primary node. +~> **Note:** Disabling redirect following behavior could cause issues with commands such as 'vault operator raft snapshot' as this command redirects the request to the cluster's primary node. ## Flags