fix: Use url.JoinPath() to more flexibly handle extraneous slashes

hashicorp · Jan 24, 2025 · b9a79ce · b9a79ce
1 parent bf40cb4
commit b9a79ce
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 21 deletions.
diff --git a/sdk/auth/client_credentials.go b/sdk/auth/client_credentials.go
@@ -276,7 +276,11 @@ func (a *ClientAssertionAuthorizer) Token(ctx context.Context, _ *http.Request)
 		if a.conf.Environment.Authorization == nil {
 			return nil, fmt.Errorf("no `authorization` configuration was found for this environment")
 		}
-		tokenUrl = tokenEndpoint(*a.conf.Environment.Authorization, a.conf.TenantID)
+		var err error
+		tokenUrl, err = tokenEndpoint(*a.conf.Environment.Authorization, a.conf.TenantID)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return a.token(ctx, tokenUrl)
@@ -300,7 +304,11 @@ func (a *ClientAssertionAuthorizer) AuxiliaryTokens(ctx context.Context, _ *http
 			if a.conf.Environment.Authorization == nil {
 				return nil, fmt.Errorf("no `authorization` configuration was found for this environment")
 			}
-			tokenUrl = tokenEndpoint(*a.conf.Environment.Authorization, tenantId)
+			var err error
+			tokenUrl, err = tokenEndpoint(*a.conf.Environment.Authorization, tenantId)
+			if err != nil {
+				return tokens, err
+			}
 		}
 
 		token, err := a.token(ctx, tokenUrl)
@@ -374,9 +382,13 @@ func clientCredentialsToken(ctx context.Context, endpoint string, params *url.Va
 	return token, nil
 }
 
-func tokenEndpoint(endpoint environments.Authorization, tenant string) string {
+func tokenEndpoint(endpoint environments.Authorization, tenant string) (string, error) {
 	if tenant == "" {
 		tenant = "common"
 	}
-	return fmt.Sprintf("%s/%s/oauth2/v2.0/token", endpoint.LoginEndpoint, tenant)
+	uri, err := url.JoinPath(endpoint.LoginEndpoint, tenant, "oauth2/v2.0/token")
+	if err != nil {
+		return "", fmt.Errorf("parsing loginEndpoint: %w", err)
+	}
+	return uri, nil
 }
diff --git a/sdk/auth/client_secret_authorizer.go b/sdk/auth/client_secret_authorizer.go
@@ -83,7 +83,11 @@ func (a *ClientSecretAuthorizer) Token(ctx context.Context, _ *http.Request) (*o
 		if a.conf.Environment.Authorization == nil {
 			return nil, fmt.Errorf("no `authorization` configuration was found for this environment")
 		}
-		tokenUrl = tokenEndpoint(*a.conf.Environment.Authorization, a.conf.TenantID)
+		var err error
+		tokenUrl, err = tokenEndpoint(*a.conf.Environment.Authorization, a.conf.TenantID)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return clientCredentialsToken(ctx, tokenUrl, &v)
@@ -118,7 +122,11 @@ func (a *ClientSecretAuthorizer) AuxiliaryTokens(ctx context.Context, _ *http.Re
 			if a.conf.Environment.Authorization == nil {
 				return nil, fmt.Errorf("no `authorization` configuration was found for this environment")
 			}
-			tokenUrl = tokenEndpoint(*a.conf.Environment.Authorization, tenantId)
+			var err error
+			tokenUrl, err = tokenEndpoint(*a.conf.Environment.Authorization, tenantId)
+			if err != nil {
+				return nil, err
+			}
 		}
 
 		token, err := clientCredentialsToken(ctx, tokenUrl, &v)

diff --git a/sdk/client/client.go b/sdk/client/client.go
@@ -377,11 +377,14 @@ func (c *Client) ClearResponseMiddlewares() {
 
 // NewRequest configures a new *Request
 func (c *Client) NewRequest(ctx context.Context, input RequestOptions) (*Request, error) {
-	req := (&http.Request{}).WithContext(ctx)
-
-	req.Method = input.HttpMethod
-
-	req.Header = make(http.Header)
+	uri, err := url.JoinPath(c.BaseUri, input.Path)
+	if err != nil {
+		return nil, fmt.Errorf("parsing URI: %w", err)
+	}
+	req, err := http.NewRequestWithContext(ctx, input.HttpMethod, uri, nil)
+	if err != nil {
+		return nil, err
+	}
 
 	if input.ContentType != "" {
 		req.Header.Add("Content-Type", input.ContentType)
@@ -394,15 +397,6 @@ func (c *Client) NewRequest(ctx context.Context, input RequestOptions) (*Request
 		req.Header.Add("X-Ms-Correlation-Request-Id", c.CorrelationId)
 	}
 
-	path := strings.TrimPrefix(input.Path, "/")
-	u, err := url.ParseRequestURI(fmt.Sprintf("%s/%s", c.BaseUri, path))
-	if err != nil {
-		return nil, err
-	}
-
-	req.Host = u.Host
-	req.URL = u
-
 	ret := Request{
 		Client:           c,
 		Request:          req,

diff --git a/sdk/internal/metadata/client.go b/sdk/internal/metadata/client.go
@@ -13,6 +13,7 @@ import (
 	"log"
 	"net"
 	"net/http"
+	"net/url"
 	"runtime"
 	"time"
 )
@@ -52,7 +53,12 @@ func (c *Client) GetMetaData(ctx context.Context) (*MetaData, error) {
 			MaxIdleConnsPerHost:   runtime.GOMAXPROCS(0) + 1,
 		},
 	}
-	uri := fmt.Sprintf("%s/metadata/endpoints?api-version=2022-09-01", c.endpoint)
+	uri, err := url.JoinPath(c.endpoint, "/metadata/endpoints")
+	if err != nil {
+		return nil, fmt.Errorf("parsing endpoint: %+v", err)
+	}
+	uri += "?api-version=2022-09-01"
+
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
 	if err != nil {
 		return nil, fmt.Errorf("preparing request: %+v", err)