1 files changed, 83 insertions, 19 deletions
diff --git a/vendor/github.com/hashicorp/vault/api/request.go b/vendor/github.com/hashicorp/vault/api/request.go
index 83a28bd..5bcff8c 100644
--- a/vendor/github.com/hashicorp/vault/api/request.go
+++ b/vendor/github.com/hashicorp/vault/api/request.go
@@ -4,54 +4,108 @@ import (
 	"bytes"
 	"encoding/json"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
+
+	retryablehttp "github.com/hashicorp/go-retryablehttp"
 )
 
 // Request is a raw request configuration structure used to initiate
 // API requests to the Vault server.
 type Request struct {
-	Method      string
-	URL         *url.URL
-	Params      url.Values
-	Headers     http.Header
-	ClientToken string
-	WrapTTL     string
-	Obj         interface{}
-	Body        io.Reader
-	BodySize    int64
+	Method        string
+	URL           *url.URL
+	Params        url.Values
+	Headers       http.Header
+	ClientToken   string
+	MFAHeaderVals []string
+	WrapTTL       string
+	Obj           interface{}
+
+	// When possible, use BodyBytes as it is more efficient due to how the
+	// retry logic works
+	BodyBytes []byte
+
+	// Fallback
+	Body     io.Reader
+	BodySize int64
+
+	// Whether to request overriding soft-mandatory Sentinel policies (RGPs and
+	// EGPs). If set, the override flag will take effect for all policies
+	// evaluated during the request.
+	PolicyOverride bool
 }
 
 // SetJSONBody is used to set a request body that is a JSON-encoded value.
 func (r *Request) SetJSONBody(val interface{}) error {
-	buf := bytes.NewBuffer(nil)
-	enc := json.NewEncoder(buf)
-	if err := enc.Encode(val); err != nil {
+	buf, err := json.Marshal(val)
+	if err != nil {
 		return err
 	}
 
 	r.Obj = val
-	r.Body = buf
-	r.BodySize = int64(buf.Len())
+	r.BodyBytes = buf
 	return nil
 }
 
 // ResetJSONBody is used to reset the body for a redirect
 func (r *Request) ResetJSONBody() error {
-	if r.Body == nil {
+	if r.BodyBytes == nil {
 		return nil
 	}
 	return r.SetJSONBody(r.Obj)
 }
 
-// ToHTTP turns this request into a valid *http.Request for use with the
-// net/http package.
+// DEPRECATED: ToHTTP turns this request into a valid *http.Request for use
+// with the net/http package.
 func (r *Request) ToHTTP() (*http.Request, error) {
+	req, err := r.toRetryableHTTP()
+	if err != nil {
+		return nil, err
+	}
+
+	switch {
+	case r.BodyBytes == nil && r.Body == nil:
+		// No body
+
+	case r.BodyBytes != nil:
+		req.Request.Body = ioutil.NopCloser(bytes.NewReader(r.BodyBytes))
+
+	default:
+		if c, ok := r.Body.(io.ReadCloser); ok {
+			req.Request.Body = c
+		} else {
+			req.Request.Body = ioutil.NopCloser(r.Body)
+		}
+	}
+
+	return req.Request, nil
+}
+
+func (r *Request) toRetryableHTTP() (*retryablehttp.Request, error) {
 	// Encode the query parameters
 	r.URL.RawQuery = r.Params.Encode()
 
-	// Create the HTTP request
-	req, err := http.NewRequest(r.Method, r.URL.RequestURI(), r.Body)
+	// Create the HTTP request, defaulting to retryable
+	var req *retryablehttp.Request
+
+	var err error
+	var body interface{}
+
+	switch {
+	case r.BodyBytes == nil && r.Body == nil:
+		// No body
+
+	case r.BodyBytes != nil:
+		// Use bytes, it's more efficient
+		body = r.BodyBytes
+
+	default:
+		body = r.Body
+	}
+
+	req, err = retryablehttp.NewRequest(r.Method, r.URL.RequestURI(), body)
 	if err != nil {
 		return nil, err
 	}
@@ -77,5 +131,15 @@ func (r *Request) ToHTTP() (*http.Request, error) {
 		req.Header.Set("X-Vault-Wrap-TTL", r.WrapTTL)
 	}
 
+	if len(r.MFAHeaderVals) != 0 {
+		for _, mfaHeaderVal := range r.MFAHeaderVals {
+			req.Header.Add("X-Vault-MFA", mfaHeaderVal)
+		}
+	}
+
+	if r.PolicyOverride {
+		req.Header.Set("X-Vault-Policy-Override", "true")
+	}
+
 	return req, nil
 }