Closed greglook closed 2 years ago
Merging #62 (4bd7049) into master (a8f5647) will not change coverage. The diff coverage is
36.84%
.
@@ Coverage Diff @@
## master #62 +/- ##
=======================================
Coverage 55.85% 55.85%
=======================================
Files 10 10
Lines 734 734
Branches 27 27
=======================================
Hits 410 410
Misses 297 297
Partials 27 27
Impacted Files | Coverage Δ | |
---|---|---|
src/vault/client/http.clj | 25.74% <0.00%> (ø) |
|
src/vault/authenticate.clj | 51.69% <63.63%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update a8f5647...4bd7049. Read the comment docs.
After upgrading to 1.1.0 to add support for the orphan token endpoint, we discovered that services were failing to authenticate with app-role with the new version of the library. This upgrade crossed the http-kit switchover, so I suspected that to be the cause. We were seeing errors like the following:
This is suspicious because one of the posted fields is
role_id
, which also begins with the letter "r". After a little investigation, I found thathttp-kit
always turns:form-params
into a query-string style body whereasclj-http
would up-convert them into JSON when the content type was specified. This means that the vault server was trying to parserole_id=123...&secret_id=456...
as JSON, which obviously fails with the observed error.To fix this, switch all references to
:form-params
to straight:body
data, which there is already logic to serialize as JSON in the API helper code. I tested this against our actual Vault server and was able to authenticate with app-role: