Skip to content

Commit

Permalink
Pass BAO_ADDR to the token helper
Browse files Browse the repository at this point in the history 
Previously the token helper might inherit BAO_ADDR from the process,
but if the address was specified through an -address command-line flag,
then the token helper would not know the address, or it would use the
wrong one. Fix that by propagating the address everywhere, and then
setting BAO_ADDR explicitly in the token helper's environment.

Fixes #314.
  • Loading branch information
@ruuda
ruuda committed May 29, 2024
1 parent dec7a66 commit 38afe85
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 11 deletions.
6 changes: 3 additions & 3 deletions command/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ func (c *BaseCommand) Client() (*api.Client, error) {

// If we don't have a token, check the token helper
if token == "" {
helper, err := c.TokenHelper()
helper, err := c.TokenHelper(client.Address())
if err != nil {
return nil, errors.Wrap(err, "failed to get token helper")
}
Expand Down Expand Up @@ -216,12 +216,12 @@ func (c *BaseCommand) SetTokenHelper(th token.TokenHelper) {
}

// TokenHelper returns the token helper attached to the command.
func (c *BaseCommand) TokenHelper() (token.TokenHelper, error) {
func (c *BaseCommand) TokenHelper(vaultAddr string) (token.TokenHelper, error) {
if c.tokenHelper != nil {
return c.tokenHelper, nil
}

helper, err := DefaultTokenHelper()
helper, err := DefaultTokenHelper(vaultAddr)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion command/base_predict.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func (p *Predict) Client() *api.Client {
client, _ := api.NewClient(nil)

if client.Token() == "" {
helper, err := DefaultTokenHelper()
helper, err := DefaultTokenHelper(client.Address())
if err != nil {
return
}
Expand Down
11 changes: 9 additions & 2 deletions command/config/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (

// DefaultTokenHelper returns the token helper that is configured for Vault.
// This helper should only be used for non-server CLI commands.
func DefaultTokenHelper() (token.TokenHelper, error) {
func DefaultTokenHelper(vaultAddr string) (token.TokenHelper, error) {
config, err := LoadConfig("")
if err != nil {
return nil, err
Expand All @@ -24,5 +24,12 @@ func DefaultTokenHelper() (token.TokenHelper, error) {
if err != nil {
return nil, err
}
return &token.ExternalTokenHelper{BinaryPath: path}, nil

// If the user specifed the address to connect to on the command line instead
// of through an environment variable, we propagate the address to the token
// helper through an environment variable. Otherwise the token helper may
// read BAO_ADDR and assume a different address than the one we are using.
env := []string{"BAO_ADDR=" + vaultAddr}

return &token.ExternalTokenHelper{BinaryPath: path, Env: env}, nil
}
2 changes: 1 addition & 1 deletion command/login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ func (c *LoginCommand) Run(args []string) int {

if !c.flagNoStore {
// Grab the token helper so we can store
tokenHelper, err := c.TokenHelper()
tokenHelper, err := c.TokenHelper(client.Address())
if err != nil {
c.UI.Error(wrapAtLength(fmt.Sprintf(
"Error initializing token helper. Please verify that the token "+
Expand Down
4 changes: 2 additions & 2 deletions command/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1848,7 +1848,7 @@ func (c *ServerCommand) enableDev(core *vault.Core, coreConfig *vault.CoreConfig

// Set the token
if !c.flagDevNoStoreToken {
tokenHelper, err := c.TokenHelper()
tokenHelper, err := c.TokenHelper("dev-server")
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -1997,7 +1997,7 @@ func (c *ServerCommand) enableThreeNodeDevCluster(base *vault.CoreConfig, info m
}

// Set the token
tokenHelper, err := c.TokenHelper()
tokenHelper, err := c.TokenHelper("dev-server")
if err != nil {
c.UI.Error(fmt.Sprintf("Error getting token helper: %s", err))
return 1
Expand Down
4 changes: 2 additions & 2 deletions command/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ import (

// DefaultTokenHelper returns the token helper that is configured for Vault.
// This helper should only be used for non-server CLI commands.
func DefaultTokenHelper() (token.TokenHelper, error) {
return config.DefaultTokenHelper()
func DefaultTokenHelper(vaultAddr string) (token.TokenHelper, error) {
return config.DefaultTokenHelper(vaultAddr)
}

// RawField extracts the raw field from the given data and returns it as a
Expand Down

0 comments on commit 38afe85

Please sign in to comment.