-
Notifications
You must be signed in to change notification settings - Fork 9
/
issue_257.go
66 lines (56 loc) · 1.7 KB
/
issue_257.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Copyright 2022 Namespace Labs Inc; All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
package vault
import (
"bytes"
"encoding/json"
"io"
"net/http"
"strconv"
"strings"
"github.com/hashicorp/vault-client-go"
)
// Temporary workaround until the fix is merged:
// https://github.com/hashicorp/vault-client-go/pull/260
func withIssue257Workaround() vault.ClientOption {
c := vault.DefaultConfiguration().HTTPClient
c.Transport = fix257{rt: c.Transport}
return vault.WithHTTPClient(c)
}
type fix257 struct {
rt http.RoundTripper
}
func (w fix257) RoundTrip(req *http.Request) (*http.Response, error) {
if !strings.HasSuffix(req.URL.Path, "/secret-id") {
return w.rt.RoundTrip(req)
}
res, err := w.rt.RoundTrip(req)
if err != nil ||
res.StatusCode != http.StatusOK ||
strings.Split(res.Header.Get("content-type"), ";")[0] != "application/json" {
return res, err
}
// Only close the body if we consume & replace it here.
defer res.Body.Close()
contents, err := io.ReadAll(res.Body)
if err != nil {
return nil, err
}
body := map[string]any{}
// If JSON decoding fails, don't change the body.
if err := json.Unmarshal(contents, &body); err == nil {
if data, ok := body["data"].(map[string]any); ok {
if ttl, ok := data["secret_id_ttl"].(float64); ok {
// AppRoleWriteSecretIdResponse.data.secret_id_ttl is of type string.
data["secret_id_ttl"] = strconv.Itoa(int(ttl))
}
}
}
// If JSON re-encoding fails, also don't change the body.
if recoded, err := json.Marshal(body); err == nil {
contents = recoded
}
res.Body = io.NopCloser(bytes.NewReader(contents))
return res, err
}