From 1c4baa56e9882449ed70c0021100336a3465ea58 Mon Sep 17 00:00:00 2001 From: Chris Hoffman Date: Thu, 5 Oct 2017 11:17:50 -0400 Subject: [PATCH] only inject data into top level for existing sys/ paths (#3426) --- http/handler.go | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/http/handler.go b/http/handler.go index 6290768398a7..41ae094b9004 100644 --- a/http/handler.go +++ b/http/handler.go @@ -48,9 +48,6 @@ func Handler(core *vault.Core) http.Handler { mux.Handle("/v1/sys/seal", handleSysSeal(core)) mux.Handle("/v1/sys/step-down", handleRequestForwarding(core, handleSysStepDown(core))) mux.Handle("/v1/sys/unseal", handleSysUnseal(core)) - mux.Handle("/v1/sys/renew", handleRequestForwarding(core, handleLogical(core, false, nil))) - mux.Handle("/v1/sys/renew/", handleRequestForwarding(core, handleLogical(core, false, nil))) - mux.Handle("/v1/sys/leases/", handleRequestForwarding(core, handleLogical(core, false, nil))) mux.Handle("/v1/sys/leader", handleSysLeader(core)) mux.Handle("/v1/sys/health", handleSysHealth(core)) mux.Handle("/v1/sys/generate-root/attempt", handleRequestForwarding(core, handleSysGenerateRootAttempt(core))) @@ -62,8 +59,10 @@ func Handler(core *vault.Core) http.Handler { mux.Handle("/v1/sys/wrapping/lookup", handleRequestForwarding(core, handleLogical(core, false, wrappingVerificationFunc))) mux.Handle("/v1/sys/wrapping/rewrap", handleRequestForwarding(core, handleLogical(core, false, wrappingVerificationFunc))) mux.Handle("/v1/sys/wrapping/unwrap", handleRequestForwarding(core, handleLogical(core, false, wrappingVerificationFunc))) - mux.Handle("/v1/sys/capabilities-self", handleRequestForwarding(core, handleLogical(core, true, nil))) - mux.Handle("/v1/sys/", handleRequestForwarding(core, handleLogical(core, true, nil))) + for _, path := range injectDataIntoTopRoutes { + mux.Handle(path, handleRequestForwarding(core, handleLogical(core, true, nil))) + } + mux.Handle("/v1/sys/", handleRequestForwarding(core, handleLogical(core, false, nil))) mux.Handle("/v1/", handleRequestForwarding(core, handleLogical(core, false, nil))) // Wrap the handler in another handler to trigger all help paths. @@ -353,3 +352,27 @@ func respondOk(w http.ResponseWriter, body interface{}) { type ErrorResponse struct { Errors []string `json:"errors"` } + +var injectDataIntoTopRoutes = []string{ + "/v1/sys/audit", + "/v1/sys/audit/", + "/v1/sys/audit-hash/", + "/v1/sys/auth", + "/v1/sys/auth/", + "/v1/sys/config/cors", + "/v1/sys/config/auditing/request-headers/", + "/v1/sys/config/auditing/request-headers", + "/v1/sys/capabilities", + "/v1/sys/capabilities-accessor", + "/v1/sys/capabilities-self", + "/v1/sys/key-status", + "/v1/sys/mounts", + "/v1/sys/mounts/", + "/v1/sys/policy", + "/v1/sys/policy/", + "/v1/sys/rekey/backup", + "/v1/sys/rekey/recovery-key-backup", + "/v1/sys/remount", + "/v1/sys/rotate", + "/v1/sys/wrapping/wrap", +}