mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-16 15:01:13 +01:00
Code Issues Projects Releases Wiki Activity

Fix a bug in Agent's handling of consistency headers: they should be ignored when computing cache ID. (#11099)

Browse Source
This commit is contained in:
Nick Cabatoff 2021-03-12 12:42:06 -05:00 committed by GitHub
parent a4565ea916
commit 233aebeb95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
command/agent/cache/lease_cache.go vendored
View File

@ -23,6 +23,7 @@ import (
cachememdb "github.com/hashicorp/vault/command/agent/cache/cachememdb"
"github.com/hashicorp/vault/helper/namespace"
nshelper "github.com/hashicorp/vault/helper/namespace"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/cryptoutil"
@ -540,8 +541,12 @@ func (c *LeaseCache) updateLastRenewed(ctx context.Context, index *cachememdb.In
func computeIndexID(req *SendRequest) (string, error) {
var b bytes.Buffer
cloned := req.Request.Clone(context.Background())
cloned.Header.Del(vaulthttp.VaultIndexHeaderName)
cloned.Header.Del(vaulthttp.VaultForwardHeaderName)
cloned.Header.Del(vaulthttp.VaultInconsistentHeaderName)
// Serialize the request
if err := req.Request.Write(&b); err != nil {
if err := cloned.Write(&b); err != nil {
return "", fmt.Errorf("failed to serialize request: %v", err)
}

18
command/agent/cache/lease_cache_test.go vendored
View File

@ -20,6 +20,7 @@ import (
"github.com/hashicorp/vault/command/agent/cache/cacheboltdb"
"github.com/hashicorp/vault/command/agent/cache/cachememdb"
"github.com/hashicorp/vault/command/agent/cache/keymanager"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/stretchr/testify/assert"
@ -109,6 +110,23 @@ func TestCache_ComputeIndexID(t *testing.T) {
"7b5db388f211fd9edca8c6c254831fb01ad4e6fe624dbb62711f256b5e803717",
false,
},
{
"ignore consistency headers",
&SendRequest{
Request: &http.Request{
URL: &url.URL{
Path: "test",
},
Header: http.Header{
vaulthttp.VaultIndexHeaderName: []string{"foo"},
vaulthttp.VaultInconsistentHeaderName: []string{"foo"},
vaulthttp.VaultForwardHeaderName: []string{"foo"},
},
},
},
"7b5db388f211fd9edca8c6c254831fb01ad4e6fe624dbb62711f256b5e803717",
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {