Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412)

2026-05-04 20:06:27 +02:00 · 2017-02-27 12:49:35 -05:00 · 2017-02-27 12:49:35 -05:00 · 7c4e5a775c
commit 7c4e5a775c
parent adcc95d61a
9 changed files with 49 additions and 30 deletions
--- a/api/api_test.go
+++ b/api/api_test.go
@ -5,6 +5,8 @@ import (
 	"net"
 	"net/http"
 	"testing"
+
+	"golang.org/x/net/http2"
 )

 // testHTTPServer creates a test HTTP server that handles requests until
@ -17,6 +19,9 @@ func testHTTPServer(
 	}

 	server := &http.Server{Handler: handler}
+	if err := http2.ConfigureServer(server, nil); err != nil {
+		t.Fatal(err)
+	}
 	go server.Serve(ln)

 	config := DefaultConfig()
--- a/api/client.go
+++ b/api/client.go
@ -11,6 +11,8 @@ import (
 	"sync"
 	"time"

+	"golang.org/x/net/http2"
+
 	"github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/go-rootcerts"
 	"github.com/sethgrid/pester"
@ -84,8 +86,7 @@ type TLSConfig struct {
 // setting the `VAULT_ADDR` environment variable.
 func DefaultConfig() *Config {
 	config := &Config{
-		Address: "https://127.0.0.1:8200",
-
+		Address:    "https://127.0.0.1:8200",
 		HttpClient: cleanhttp.DefaultClient(),
 	}
 	config.HttpClient.Timeout = time.Second * 60
@ -104,7 +105,6 @@ func DefaultConfig() *Config {

 // ConfigureTLS takes a set of TLS configurations and applies those to the the HTTP client.
 func (c *Config) ConfigureTLS(t *TLSConfig) error {
-
 	if c.HttpClient == nil {
 		c.HttpClient = DefaultConfig().HttpClient
 	}
@ -247,6 +247,11 @@ func NewClient(c *Config) (*Client, error) {
 		c.HttpClient = DefaultConfig().HttpClient
 	}

+	tp := c.HttpClient.Transport.(*http.Transport)
+	if err := http2.ConfigureTransport(tp); err != nil {
+		return nil, err
+	}
+
 	redirFunc := func() {
 		// Ensure redirects are not automatically followed
 		// Note that this is sane for the API client as it has its own
--- a/api/ssh_agent_test.go
+++ b/api/ssh_agent_test.go
@ -2,9 +2,9 @@ package api

 import (
 	"fmt"
+	"net/http"
 	"strings"
 	"testing"
-	"net/http"
 )

 func TestSSH_CreateTLSClient(t *testing.T) {
--- a/command/server.go
+++ b/command/server.go
@ -16,6 +16,8 @@ import (
 	"syscall"
 	"time"

+	"golang.org/x/net/http2"
+
 	colorable "github.com/mattn/go-colorable"
 	log "github.com/mgutz/logxi/v1"

@ -597,6 +599,10 @@ CLUSTER_SYNTHESIS_COMPLETE:

 	// Initialize the HTTP server
 	server := &http.Server{}
+	if err := http2.ConfigureServer(server, nil); err != nil {
+		c.Ui.Output(fmt.Sprintf("Error configuring server for HTTP/2: %s", err))
+		return 1
+	}
 	server.Handler = handler
 	for _, ln := range lns {
 		go server.Serve(ln)
--- a/http/forwarding_test.go
+++ b/http/forwarding_test.go
@ -199,7 +199,9 @@ func testHTTP_Forwarding_Stress_Common(t *testing.T, rpc, parallel bool, num uin
 	transport := &http.Transport{
 		TLSClientConfig: cores[0].TLSConfig,
 	}
-	http2.ConfigureTransport(transport)
+	if err := http2.ConfigureTransport(transport); err != nil {
+		t.Fatal(err)
+	}

 	client := &http.Client{
 		Transport: transport,
@ -499,6 +501,9 @@ func TestHTTP_Forwarding_ClientTLS(t *testing.T) {

 	transport := cleanhttp.DefaultTransport()
 	transport.TLSClientConfig = cores[0].TLSConfig
+	if err := http2.ConfigureTransport(transport); err != nil {
+		t.Fatal(err)
+	}

 	client := &http.Client{
 		Transport: transport,
@ -558,13 +563,8 @@ func TestHTTP_Forwarding_ClientTLS(t *testing.T) {
 	//time.Sleep(4 * time.Hour)

 	for _, addr := range addrs {
-		config := api.DefaultConfig()
-		config.Address = addr
-		config.HttpClient = client
-		client, err := api.NewClient(config)
-		if err != nil {
-			t.Fatal(err)
-		}
+		client := cores[0].Client
+		client.SetAddress(addr)

 		secret, err := client.Logical().Write("auth/cert/login", nil)
 		if err != nil {
--- a/http/sys_wrapping_test.go
+++ b/http/sys_wrapping_test.go
@ -2,13 +2,11 @@ package http

 import (
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"reflect"
 	"testing"
 	"time"

-	cleanhttp "github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/helper/jsonutil"
 	"github.com/hashicorp/vault/vault"
@ -37,24 +35,11 @@ func TestHTTP_Wrapping(t *testing.T) {
 	vault.TestWaitActive(t, core)

 	root := cores[0].Root
-
-	transport := cleanhttp.DefaultTransport()
-	transport.TLSClientConfig = cores[0].TLSConfig
-	httpClient := &http.Client{
-		Transport: transport,
-	}
-	addr := fmt.Sprintf("https://127.0.0.1:%d", cores[0].Listeners[0].Address.Port)
-	config := api.DefaultConfig()
-	config.Address = addr
-	config.HttpClient = httpClient
-	client, err := api.NewClient(config)
-	if err != nil {
-		t.Fatal(err)
-	}
+	client := cores[0].Client
 	client.SetToken(root)

 	// Write a value that we will use with wrapping for lookup
-	_, err = client.Logical().Write("secret/foo", map[string]interface{}{
+	_, err := client.Logical().Write("secret/foo", map[string]interface{}{
 		"zip": "zap",
 	})
 	if err != nil {
--- a/http/testing.go
+++ b/http/testing.go
@ -6,6 +6,8 @@ import (
 	"net/http"
 	"testing"

+	"golang.org/x/net/http2"
+
 	"github.com/hashicorp/vault/vault"
 )

@ -36,6 +38,9 @@ func TestServerWithListener(t *testing.T, ln net.Listener, addr string, core *va
 		Addr:    ln.Addr().String(),
 		Handler: mux,
 	}
+	if err := http2.ConfigureServer(server, nil); err != nil {
+		t.Fatal(err)
+	}
 	go server.Serve(ln)
 }

--- a/physical/consul.go
+++ b/physical/consul.go
@ -12,6 +12,8 @@ import (
 	"sync/atomic"
 	"time"

+	"golang.org/x/net/http2"
+
 	log "github.com/mgutz/logxi/v1"

 	"crypto/tls"
@ -188,6 +190,9 @@ func newConsulBackend(conf map[string]string, logger log.Logger) (Backend, error
 		transport := cleanhttp.DefaultPooledTransport()
 		transport.MaxIdleConnsPerHost = consts.ExpirationRestoreWorkerCount
 		transport.TLSClientConfig = tlsClientConfig
+		if err := http2.ConfigureTransport(transport); err != nil {
+			return nil, err
+		}
 		consulConf.HttpClient.Transport = transport
 		logger.Debug("physical/consul: configured TLS")
 	}
--- a/vault/testing.go
+++ b/vault/testing.go
@ -620,6 +620,9 @@ func TestCluster(t testing.TB, handlers []http.Handler, base *CoreConfig, unseal
 	server1 := &http.Server{
 		Handler: handlers[0],
 	}
+	if err := http2.ConfigureServer(server1, nil); err != nil {
+		t.Fatal(err)
+	}
 	for _, ln := range c1lns {
 		go server1.Serve(ln)
 	}
@ -639,6 +642,9 @@ func TestCluster(t testing.TB, handlers []http.Handler, base *CoreConfig, unseal
 	server2 := &http.Server{
 		Handler: handlers[1],
 	}
+	if err := http2.ConfigureServer(server2, nil); err != nil {
+		t.Fatal(err)
+	}
 	for _, ln := range c2lns {
 		go server2.Serve(ln)
 	}
@ -658,6 +664,9 @@ func TestCluster(t testing.TB, handlers []http.Handler, base *CoreConfig, unseal
 	server3 := &http.Server{
 		Handler: handlers[2],
 	}
+	if err := http2.ConfigureServer(server3, nil); err != nil {
+		t.Fatal(err)
+	}
 	for _, ln := range c3lns {
 		go server3.Serve(ln)
 	}
@ -803,7 +812,6 @@ func TestCluster(t testing.TB, handlers []http.Handler, base *CoreConfig, unseal
 	getAPIClient := func(port int) *api.Client {
 		transport := cleanhttp.DefaultPooledTransport()
 		transport.TLSClientConfig = tlsConfig
-		http2.ConfigureTransport(transport)
 		client := &http.Client{
 			Transport: transport,
 			CheckRedirect: func(*http.Request, []*http.Request) error {