Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid invoking token helper on login #313

Merged
merged 2 commits into from
May 3, 2024
Merged

Avoid invoking token helper on login #313

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
163885b
Avoid invoking token helper on login
ruuda Sep 21, 2023
adc5226
Add changelog entry for #313
ruuda Sep 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog/313.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
cli/login: Avoid calling the token helper in `get` mode.
```
63 changes: 40 additions & 23 deletions command/base.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,10 @@ type BaseCommand struct {
client *api.Client
}

// Client returns the HTTP API client. The client is cached on the command to
// save performance on future calls.
func (c *BaseCommand) Client() (*api.Client, error) {
// Construct the HTTP API client, but do not set the token on it yet. This is to
// avoid invoking the token helper for calls that do not need a token, such as
// `vault login`.
func (c *BaseCommand) ClientWithoutToken() (*api.Client, error) {
// Read the test client if present
if c.client != nil {
return c.client, nil
Expand Down Expand Up @@ -133,26 +134,6 @@ func (c *BaseCommand) Client() (*api.Client, error) {
// Set the wrapping function
client.SetWrappingLookupFunc(c.DefaultWrappingLookupFunc)

// Get the token if it came in from the environment
token := client.Token()

// If we don't have a token, check the token helper
if token == "" {
helper, err := c.TokenHelper()
if err != nil {
return nil, errors.Wrap(err, "failed to get token helper")
}
token, err = helper.Get()
if err != nil {
return nil, errors.Wrap(err, "failed to get token from token helper")
}
}

// Set the token
if token != "" {
client.SetToken(token)
}

client.SetMFACreds(c.flagMFA)

// flagNS takes precedence over flagNamespace. After resolution, point both
Expand Down Expand Up @@ -184,6 +165,42 @@ func (c *BaseCommand) Client() (*api.Client, error) {
}
}

return client, nil
}

// Client returns the HTTP API client. The client is cached on the command to
// save performance on future calls.
func (c *BaseCommand) Client() (*api.Client, error) {
// Read the test client if present
if c.client != nil {
return c.client, nil
}

client, err := c.ClientWithoutToken()
if err != nil {
return nil, err
}

// Get the token if it came in from the environment
token := client.Token()

// If we don't have a token, check the token helper
if token == "" {
helper, err := c.TokenHelper()
if err != nil {
return nil, errors.Wrap(err, "failed to get token helper")
}
token, err = helper.Get()
if err != nil {
return nil, errors.Wrap(err, "failed to get token from token helper")
}
}

// Set the token
if token != "" {
client.SetToken(token)
}

c.client = client

return client, nil
Expand Down
2 changes: 1 addition & 1 deletion command/login.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ func (c *LoginCommand) Run(args []string) int {
}

// Create the client
client, err := c.Client()
client, err := c.ClientWithoutToken()
Copy link
Member

@cipherboy cipherboy Apr 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In particular, down below where token is cleared when the authMethod != "token", I'd add an else condition to re-trigger the helper logic on (new) lines 187...197 above in command/base.go.

Other than that, LGTM!

if err != nil {
c.UI.Error(err.Error())
return 2
Expand Down
Loading