From 37cf3b756d7ee1c9ae7d9adc6bbc032ecb7e1ad5 Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Tue, 26 Jul 2022 09:37:15 +0100 Subject: [PATCH] various fixes --- .gitignore | 1 + common.go | 80 ++++++++++++++++++++++++++++++++++++++++++++--- mini-vault/tls.go | 2 +- token.go | 7 +---- 4 files changed, 78 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 4397a09..780188c 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,4 @@ flycheck_*.el # Go workspace file go.work +mini-vault/mini-vault diff --git a/common.go b/common.go index 91f7287..bf1453c 100644 --- a/common.go +++ b/common.go @@ -9,10 +9,11 @@ package libvault import ( "bytes" "encoding/json" + "errors" log "github.com/sirupsen/logrus" "io" "net/http" - "os" + // "os" "time" ) @@ -84,9 +85,9 @@ func (v *Vault) POST(t *Token, api string, request interface{}, return err } - var indent bytes.Buffer - json.Indent(&indent, rbody, "", " ") - indent.WriteTo(os.Stdout) + // var indent bytes.Buffer + // json.Indent(&indent, rbody, "", " ") + // indent.WriteTo(os.Stdout) // check status code if hresp.StatusCode != 200 { @@ -96,7 +97,7 @@ func (v *Vault) POST(t *Token, api string, request interface{}, "code": hresp.StatusCode, "body": string(rbody), }).Error("libvault: invalid status code on vault post request") - return err + return errors.New("libvault: invalid status code") } if response != nil { @@ -121,5 +122,74 @@ func (v *Vault) POST(t *Token, api string, request interface{}, return nil } +////////////////////////////////////////////////////////////////////////// +// make a vault GET call + +func (v *Vault) GET(t *Token, api string, + response interface{}) error { + + // create GET request + url := v.url(api) + hreq, err := http.NewRequest("GET", url, nil) + hreq.Header.Set("X-Vault-Token", t.Token) + + // and do it + hclient := &http.Client{} + hresp, err := hclient.Do(hreq) + if err != nil { + log.WithFields(log.Fields{ + "url": url, + "error": err, + }).Error("libvault: failed to make vault POST call") + return err + } + defer hresp.Body.Close() + + // read the response body + rbody, err := io.ReadAll(hresp.Body) + if err != nil { + log.WithFields(log.Fields{ + "url": url, + "error": err, + }).Error("libvault: failed to read response body") + return err + } + + // var indent bytes.Buffer + // json.Indent(&indent, rbody, "", " ") + // indent.WriteTo(os.Stdout) + + // check status code + if hresp.StatusCode != 200 { + log.WithFields(log.Fields{ + "url": url, + "status": hresp.Status, + "code": hresp.StatusCode, + "body": string(rbody), + }).Error("libvault: invalid status code on vault post request") + return errors.New("libvault: invalid status code") + } + + if response != nil { + if err := json.Unmarshal(rbody, response); err != nil { + log.WithFields(log.Fields{ + "url": url, + "body": string(rbody), + "response": response, + "error": err, + }).Error("libvault: failed to unmarshal response body") + return err + } + } + + log.WithFields(log.Fields{ + "api": api, + "url": url, + "response": string(rbody), + }).Debug("libvault: successful vault call") + + return nil +} + ////////////////////////////////////////////////////////////////////////// // end of file diff --git a/mini-vault/tls.go b/mini-vault/tls.go index 3f65711..9649b9c 100644 --- a/mini-vault/tls.go +++ b/mini-vault/tls.go @@ -126,7 +126,7 @@ func CmdTLSRenew(cmd *cobra.Command, args []string) { fmt.Printf(" - Certificate: %s\n", TLSCertPEM) if err := os.WriteFile( TLSCertPEM, - []byte(kc.Certificate+"\n"+kc.IssuingCA), + []byte(kc.Certificate+"\n"+kc.IssuingCA+"\n"), 0600, ); err != nil { fmt.Printf("ERROR: failed to write certificate: %s\n", err) diff --git a/token.go b/token.go index 07b7fc4..863cfa3 100644 --- a/token.go +++ b/token.go @@ -89,18 +89,13 @@ func (t *Token) Expires() (time.Time, error) { if t.expires.IsZero() { - // request and response json structures - req := &struct { - Token string `json:"token"` - }{Token: t.Token} - resp := &struct { Data *struct { ExpireTime time.Time `json:"expire_time"` } `json:"data"` }{} - if err := vault.POST(t, "/auth/token/lookup", req, resp); err != nil { + if err := vault.GET(t, "/auth/token/lookup-self", resp); err != nil { log.WithFields(log.Fields{ "token": t.Token, }).Error("libvault: failed to determine token expiry date")