Merge pull request #6914 from hashicorp/vagrant_cloud_validate_auth_token

post-processor/vagrant-cloud: validate vagrant cloud auth token doing an auth request
2018-10-26 12:27:03 +02:00 · 2018-10-26 12:27:03 +02:00 · 8e10d7257e
parent c393ccb7ca 7b10079507
commit 8e10d7257e
3 changed files with 93 additions and 41 deletions
--- a/post-processor/vagrant-cloud/client.go
+++ b/post-processor/vagrant-cloud/client.go
@ -7,7 +7,6 @@ import (
 	"io"
 	"log"
 	"net/http"
-	"net/url"
 	"os"
 	"strings"
 )
@ -36,7 +35,7 @@ func (v VagrantCloudErrors) FormatErrors() string {
 	return strings.Join(errs, ". ")
 }

-func (v VagrantCloudClient) New(baseUrl string, token string) *VagrantCloudClient {
+func (v VagrantCloudClient) New(baseUrl string, token string) (*VagrantCloudClient, error) {
 	c := &VagrantCloudClient{
 		client: &http.Client{
 			Transport: &http.Transport{
@ -46,7 +45,8 @@ func (v VagrantCloudClient) New(baseUrl string, token string) *VagrantCloudClien
 		BaseURL:     baseUrl,
 		AccessToken: token,
 	}
-	return c
+
+	return c, c.ValidateAuthentication()
 }

 func decodeBody(resp *http.Response, out interface{}) error {
@ -65,17 +65,27 @@ func encodeBody(obj interface{}) (io.Reader, error) {
 	return buf, nil
 }

-func (v VagrantCloudClient) Get(path string) (*http.Response, error) {
-	params := url.Values{}
-	params.Set("access_token", v.AccessToken)
-	reqUrl := fmt.Sprintf("%s/%s?%s", v.BaseURL, path, params.Encode())
+func (v *VagrantCloudClient) ValidateAuthentication() error {
+	resp, err := v.Get("authenticate")
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != 200 {
+		return fmt.Errorf(resp.Status)
+	}
+	return nil
+}

-	// Scrub API key for logs
-	scrubbedUrl := strings.Replace(reqUrl, v.AccessToken, "ACCESS_TOKEN", -1)
-	log.Printf("Post-Processor Vagrant Cloud API GET: %s", scrubbedUrl)
+func (v *VagrantCloudClient) Get(path string) (*http.Response, error) {
+	reqUrl := fmt.Sprintf("%s/%s", v.BaseURL, path)

-	req, err := http.NewRequest("GET", reqUrl, nil)
-	req.Header.Add("Content-Type", "application/json")
+	log.Printf("Post-Processor Vagrant Cloud API GET: %s", reqUrl)
+
+	req, err := v.newRequest("GET", reqUrl, nil)
+	if err != nil {
+		return nil, err
+	}
 	resp, err := v.client.Do(req)

 	log.Printf("Post-Processor Vagrant Cloud API Response: \n\n%+v", resp)
@ -83,17 +93,19 @@ func (v VagrantCloudClient) Get(path string) (*http.Response, error) {
 	return resp, err
 }

-func (v VagrantCloudClient) Delete(path string) (*http.Response, error) {
-	params := url.Values{}
-	params.Set("access_token", v.AccessToken)
-	reqUrl := fmt.Sprintf("%s/%s?%s", v.BaseURL, path, params.Encode())
+func (v *VagrantCloudClient) Delete(path string) (*http.Response, error) {
+	reqUrl := fmt.Sprintf("%s/%s", v.BaseURL, path)

 	// Scrub API key for logs
 	scrubbedUrl := strings.Replace(reqUrl, v.AccessToken, "ACCESS_TOKEN", -1)
 	log.Printf("Post-Processor Vagrant Cloud API DELETE: %s", scrubbedUrl)

 	req, err := http.NewRequest("DELETE", reqUrl, nil)
+	if err != nil {
+		return nil, err
+	}
 	req.Header.Add("Content-Type", "application/json")
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", v.AccessToken))
 	resp, err := v.client.Do(req)

 	log.Printf("Post-Processor Vagrant Cloud API Response: \n\n%+v", resp)
@ -101,7 +113,7 @@ func (v VagrantCloudClient) Delete(path string) (*http.Response, error) {
 	return resp, err
 }

-func (v VagrantCloudClient) Upload(path string, url string) (*http.Response, error) {
+func (v *VagrantCloudClient) Upload(path string, url string) (*http.Response, error) {
 	file, err := os.Open(path)

 	if err != nil {
@ -116,7 +128,7 @@ func (v VagrantCloudClient) Upload(path string, url string) (*http.Response, err

 	defer file.Close()

-	request, err := http.NewRequest("PUT", url, file)
+	request, err := v.newRequest("PUT", url, file)

 	if err != nil {
 		return nil, fmt.Errorf("Error preparing upload request: %s", err)
@ -132,10 +144,8 @@ func (v VagrantCloudClient) Upload(path string, url string) (*http.Response, err
 	return resp, err
 }

-func (v VagrantCloudClient) Post(path string, body interface{}) (*http.Response, error) {
-	params := url.Values{}
-	params.Set("access_token", v.AccessToken)
-	reqUrl := fmt.Sprintf("%s/%s?%s", v.BaseURL, path, params.Encode())
+func (v *VagrantCloudClient) Post(path string, body interface{}) (*http.Response, error) {
+	reqUrl := fmt.Sprintf("%s/%s", v.BaseURL, path)

 	encBody, err := encodeBody(body)

@ -143,12 +153,12 @@ func (v VagrantCloudClient) Post(path string, body interface{}) (*http.Response,
 		return nil, fmt.Errorf("Error encoding body for request: %s", err)
 	}

-	// Scrub API key for logs
-	scrubbedUrl := strings.Replace(reqUrl, v.AccessToken, "ACCESS_TOKEN", -1)
-	log.Printf("Post-Processor Vagrant Cloud API POST: %s. \n\n Body: %s", scrubbedUrl, encBody)
+	log.Printf("Post-Processor Vagrant Cloud API POST: %s. \n\n Body: %s", reqUrl, encBody)

-	req, err := http.NewRequest("POST", reqUrl, encBody)
-	req.Header.Add("Content-Type", "application/json")
+	req, err := v.newRequest("POST", reqUrl, encBody)
+	if err != nil {
+		return nil, err
+	}

 	resp, err := v.client.Do(req)

@ -157,17 +167,15 @@ func (v VagrantCloudClient) Post(path string, body interface{}) (*http.Response,
 	return resp, err
 }

-func (v VagrantCloudClient) Put(path string) (*http.Response, error) {
-	params := url.Values{}
-	params.Set("access_token", v.AccessToken)
-	reqUrl := fmt.Sprintf("%s/%s?%s", v.BaseURL, path, params.Encode())
+func (v *VagrantCloudClient) Put(path string) (*http.Response, error) {
+	reqUrl := fmt.Sprintf("%s/%s", v.BaseURL, path)

-	// Scrub API key for logs
-	scrubbedUrl := strings.Replace(reqUrl, v.AccessToken, "ACCESS_TOKEN", -1)
-	log.Printf("Post-Processor Vagrant Cloud API PUT: %s", scrubbedUrl)
+	log.Printf("Post-Processor Vagrant Cloud API PUT: %s", reqUrl)

-	req, err := http.NewRequest("PUT", reqUrl, nil)
-	req.Header.Add("Content-Type", "application/json")
+	req, err := v.newRequest("PUT", reqUrl, nil)
+	if err != nil {
+		return nil, err
+	}

 	resp, err := v.client.Do(req)

@ -175,3 +183,13 @@ func (v VagrantCloudClient) Put(path string) (*http.Response, error) {

 	return resp, err
 }
+
+func (v *VagrantCloudClient) newRequest(method, url string, body io.Reader) (*http.Request, error) {
+	req, err := http.NewRequest(method, url, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-Type", "application/json")
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", v.AccessToken))
+	return req, err
+}
--- a/post-processor/vagrant-cloud/post-processor.go
+++ b/post-processor/vagrant-cloud/post-processor.go
@ -94,6 +94,13 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
 		}
 	}

+	// create the HTTP client
+	p.client, err = VagrantCloudClient{}.New(p.config.VagrantCloudUrl, p.config.AccessToken)
+	if err != nil {
+		errs = packer.MultiErrorAppend(
+			errs, fmt.Errorf("Failed to verify authentication token: %v", err))
+	}
+
 	if len(errs.Errors) > 0 {
 		return errs
 	}
@ -118,9 +125,6 @@ func (p *PostProcessor) PostProcess(ui packer.Ui, artifact packer.Artifact) (pac
 		ui.Message("Warning: Using Vagrant Cloud token found in ATLAS_TOKEN. Please make sure it is correct, or set VAGRANT_CLOUD_TOKEN")
 	}

-	// create the HTTP client
-	p.client = VagrantCloudClient{}.New(p.config.VagrantCloudUrl, p.config.AccessToken)
-
 	// The name of the provider for vagrant cloud, and vagrant
 	providerName := providerFromBuilderName(artifact.Id())

--- a/post-processor/vagrant-cloud/post-processor_test.go
+++ b/post-processor/vagrant-cloud/post-processor_test.go
@ -2,6 +2,9 @@ package vagrantcloud

 import (
 	"bytes"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"os"
 	"testing"

@ -25,9 +28,25 @@ func testBadConfig() map[string]interface{} {
 	}
 }

+func newSecureServer(token string, handler http.HandlerFunc) *httptest.Server {
+	token = fmt.Sprintf("Bearer %s", token)
+	return httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		if req.Header.Get("authorization") != token {
+			http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+			return
+		}
+		if handler != nil {
+			handler(rw, req)
+		}
+	}))
+}
+
 func TestPostProcessor_Configure_fromVagrantEnv(t *testing.T) {
 	var p PostProcessor
 	config := testGoodConfig()
+	server := newSecureServer("bar", nil)
+	defer server.Close()
+	config["vagrant_cloud_url"] = server.URL
 	config["access_token"] = ""
 	os.Setenv("VAGRANT_CLOUD_TOKEN", "bar")
 	defer func() {
@ -48,6 +67,9 @@ func TestPostProcessor_Configure_fromAtlasEnv(t *testing.T) {
 	var p PostProcessor
 	config := testGoodConfig()
 	config["access_token"] = ""
+	server := newSecureServer("foo", nil)
+	defer server.Close()
+	config["vagrant_cloud_url"] = server.URL
 	os.Setenv("ATLAS_TOKEN", "foo")
 	defer func() {
 		os.Setenv("ATLAS_TOKEN", "")
@ -68,15 +90,23 @@ func TestPostProcessor_Configure_fromAtlasEnv(t *testing.T) {
 }

 func TestPostProcessor_Configure_Good(t *testing.T) {
+	config := testGoodConfig()
+	server := newSecureServer("foo", nil)
+	defer server.Close()
+	config["vagrant_cloud_url"] = server.URL
 	var p PostProcessor
-	if err := p.Configure(testGoodConfig()); err != nil {
+	if err := p.Configure(config); err != nil {
 		t.Fatalf("err: %s", err)
 	}
 }

 func TestPostProcessor_Configure_Bad(t *testing.T) {
+	config := testBadConfig()
+	server := newSecureServer("foo", nil)
+	defer server.Close()
+	config["vagrant_cloud_url"] = server.URL
 	var p PostProcessor
-	if err := p.Configure(testBadConfig()); err == nil {
+	if err := p.Configure(config); err == nil {
 		t.Fatalf("should have err")
 	}
 }