From c212a86606e65689d3ccdb74ac13dbcd1ae77b4b Mon Sep 17 00:00:00 2001
From: Calvin Leung Huang <cleung2010@gmail.com>
Date: Tue, 12 Jun 2018 12:38:08 -0400
Subject: [PATCH] Move checkHCLKeys into hclutil (#4749)

---
 api/ssh_agent.go         | 30 ++----------------------------
 command/config.go        | 31 -------------------------------
 command/config/config.go | 31 ++-----------------------------
 command/server/config.go | 36 +++++-------------------------------
 helper/hclutil/hcl.go    | 36 ++++++++++++++++++++++++++++++++++++
 vault/policy.go          | 32 +++-----------------------------
 6 files changed, 48 insertions(+), 148 deletions(-)
 create mode 100644 helper/hclutil/hcl.go

diff --git a/api/ssh_agent.go b/api/ssh_agent.go
index 8027001f14..032fb436c7 100644
--- a/api/ssh_agent.go
+++ b/api/ssh_agent.go
@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/go-rootcerts"
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/hcl/hcl/ast"
+	"github.com/hashicorp/vault/helper/hclutil"
 	"github.com/mitchellh/mapstructure"
 )
 
@@ -160,7 +161,7 @@ func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error) {
 		"tls_skip_verify",
 		"tls_server_name",
 	}
-	if err := checkHCLKeys(list, valid); err != nil {
+	if err := hclutil.CheckHCLKeys(list, valid); err != nil {
 		return nil, multierror.Prefix(err, "ssh_helper:")
 	}
 
@@ -228,30 +229,3 @@ func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error) {
 	}
 	return &verifyResp, nil
 }
-
-func checkHCLKeys(node ast.Node, valid []string) error {
-	var list *ast.ObjectList
-	switch n := node.(type) {
-	case *ast.ObjectList:
-		list = n
-	case *ast.ObjectType:
-		list = n.List
-	default:
-		return fmt.Errorf("cannot check HCL keys of type %T", n)
-	}
-
-	validMap := make(map[string]struct{}, len(valid))
-	for _, v := range valid {
-		validMap[v] = struct{}{}
-	}
-
-	var result error
-	for _, item := range list.Items {
-		key := item.Keys[0].Token.Value().(string)
-		if _, ok := validMap[key]; !ok {
-			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
-		}
-	}
-
-	return result
-}
diff --git a/command/config.go b/command/config.go
index 71b5cbc9d2..b46581fc80 100644
--- a/command/config.go
+++ b/command/config.go
@@ -1,10 +1,6 @@
 package command
 
 import (
-	"fmt"
-
-	"github.com/hashicorp/go-multierror"
-	"github.com/hashicorp/hcl/hcl/ast"
 	"github.com/hashicorp/vault/command/config"
 )
 
@@ -56,30 +52,3 @@ func ParseConfig(contents string) (*DefaultConfig, error) {
 	conf, err := config.ParseConfig(contents)
 	return (*DefaultConfig)(conf), err
 }
-
-func checkHCLKeys(node ast.Node, valid []string) error {
-	var list *ast.ObjectList
-	switch n := node.(type) {
-	case *ast.ObjectList:
-		list = n
-	case *ast.ObjectType:
-		list = n.List
-	default:
-		return fmt.Errorf("cannot check HCL keys of type %T", n)
-	}
-
-	validMap := make(map[string]struct{}, len(valid))
-	for _, v := range valid {
-		validMap[v] = struct{}{}
-	}
-
-	var result error
-	for _, item := range list.Items {
-		key := item.Keys[0].Token.Value().(string)
-		if _, ok := validMap[key]; !ok {
-			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
-		}
-	}
-
-	return result
-}
diff --git a/command/config/config.go b/command/config/config.go
index ebee11ecb8..d9ed7b6922 100644
--- a/command/config/config.go
+++ b/command/config/config.go
@@ -6,9 +6,9 @@ import (
 	"os"
 
 	"github.com/hashicorp/errwrap"
-	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/hcl/hcl/ast"
+	"github.com/hashicorp/vault/helper/hclutil"
 	"github.com/mitchellh/go-homedir"
 )
 
@@ -89,7 +89,7 @@ func ParseConfig(contents string) (*DefaultConfig, error) {
 	valid := []string{
 		"token_helper",
 	}
-	if err := checkHCLKeys(list, valid); err != nil {
+	if err := hclutil.CheckHCLKeys(list, valid); err != nil {
 		return nil, err
 	}
 
@@ -99,30 +99,3 @@ func ParseConfig(contents string) (*DefaultConfig, error) {
 	}
 	return &c, nil
 }
-
-func checkHCLKeys(node ast.Node, valid []string) error {
-	var list *ast.ObjectList
-	switch n := node.(type) {
-	case *ast.ObjectList:
-		list = n
-	case *ast.ObjectType:
-		list = n.List
-	default:
-		return fmt.Errorf("cannot check HCL keys of type %T", n)
-	}
-
-	validMap := make(map[string]struct{}, len(valid))
-	for _, v := range valid {
-		validMap[v] = struct{}{}
-	}
-
-	var result error
-	for _, item := range list.Items {
-		key := item.Keys[0].Token.Value().(string)
-		if _, ok := validMap[key]; !ok {
-			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
-		}
-	}
-
-	return result
-}
diff --git a/command/server/config.go b/command/server/config.go
index 3d8606422d..33c98db4a6 100644
--- a/command/server/config.go
+++ b/command/server/config.go
@@ -16,6 +16,7 @@ import (
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/hcl/hcl/ast"
+	"github.com/hashicorp/vault/helper/hclutil"
 	"github.com/hashicorp/vault/helper/parseutil"
 )
 
@@ -438,7 +439,7 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) {
 		"disable_clustering",
 		"disable_sealwrap",
 	}
-	if err := checkHCLKeys(list, valid); err != nil {
+	if err := hclutil.CheckHCLKeys(list, valid); err != nil {
 		return nil, err
 	}
 
@@ -769,7 +770,7 @@ func parseSeal(result *Config, list *ast.ObjectList, blockName string) error {
 		return fmt.Errorf("invalid seal type %q", key)
 	}
 
-	if err := checkHCLKeys(item.Val, valid); err != nil {
+	if err := hclutil.CheckHCLKeys(item.Val, valid); err != nil {
 		return multierror.Prefix(err, fmt.Sprintf("%s.%s:", blockName, key))
 	}
 
@@ -817,7 +818,7 @@ func parseListeners(result *Config, list *ast.ObjectList) error {
 			"tls_client_ca_file",
 			"token",
 		}
-		if err := checkHCLKeys(item.Val, valid); err != nil {
+		if err := hclutil.CheckHCLKeys(item.Val, valid); err != nil {
 			return multierror.Prefix(err, fmt.Sprintf("listeners.%s:", key))
 		}
 
@@ -867,7 +868,7 @@ func parseTelemetry(result *Config, list *ast.ObjectList) error {
 		"statsd_address",
 		"statsite_address",
 	}
-	if err := checkHCLKeys(item.Val, valid); err != nil {
+	if err := hclutil.CheckHCLKeys(item.Val, valid); err != nil {
 		return multierror.Prefix(err, "telemetry:")
 	}
 
@@ -885,30 +886,3 @@ func parseTelemetry(result *Config, list *ast.ObjectList) error {
 	}
 	return nil
 }
-
-func checkHCLKeys(node ast.Node, valid []string) error {
-	var list *ast.ObjectList
-	switch n := node.(type) {
-	case *ast.ObjectList:
-		list = n
-	case *ast.ObjectType:
-		list = n.List
-	default:
-		return fmt.Errorf("cannot check HCL keys of type %T", n)
-	}
-
-	validMap := make(map[string]struct{}, len(valid))
-	for _, v := range valid {
-		validMap[v] = struct{}{}
-	}
-
-	var result error
-	for _, item := range list.Items {
-		key := item.Keys[0].Token.Value().(string)
-		if _, ok := validMap[key]; !ok {
-			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
-		}
-	}
-
-	return result
-}
diff --git a/helper/hclutil/hcl.go b/helper/hclutil/hcl.go
new file mode 100644
index 0000000000..0b120367d5
--- /dev/null
+++ b/helper/hclutil/hcl.go
@@ -0,0 +1,36 @@
+package hclutil
+
+import (
+	"fmt"
+
+	multierror "github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/hcl/hcl/ast"
+)
+
+// CheckHCLKeys checks whether the keys in the AST list contains any of the valid keys provided.
+func CheckHCLKeys(node ast.Node, valid []string) error {
+	var list *ast.ObjectList
+	switch n := node.(type) {
+	case *ast.ObjectList:
+		list = n
+	case *ast.ObjectType:
+		list = n.List
+	default:
+		return fmt.Errorf("cannot check HCL keys of type %T", n)
+	}
+
+	validMap := make(map[string]struct{}, len(valid))
+	for _, v := range valid {
+		validMap[v] = struct{}{}
+	}
+
+	var result error
+	for _, item := range list.Items {
+		key := item.Keys[0].Token.Value().(string)
+		if _, ok := validMap[key]; !ok {
+			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
+		}
+	}
+
+	return result
+}
diff --git a/vault/policy.go b/vault/policy.go
index d92a4043e5..c74d9f3c86 100644
--- a/vault/policy.go
+++ b/vault/policy.go
@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/hcl/hcl/ast"
+	"github.com/hashicorp/vault/helper/hclutil"
 	"github.com/hashicorp/vault/helper/parseutil"
 	"github.com/mitchellh/copystructure"
 )
@@ -168,7 +169,7 @@ func ParseACLPolicy(rules string) (*Policy, error) {
 		"name",
 		"path",
 	}
-	if err := checkHCLKeys(list, valid); err != nil {
+	if err := hclutil.CheckHCLKeys(list, valid); err != nil {
 		return nil, errwrap.Wrapf("failed to parse policy: {{err}}", err)
 	}
 
@@ -205,7 +206,7 @@ func parsePaths(result *Policy, list *ast.ObjectList) error {
 			"min_wrapping_ttl",
 			"max_wrapping_ttl",
 		}
-		if err := checkHCLKeys(item.Val, valid); err != nil {
+		if err := hclutil.CheckHCLKeys(item.Val, valid); err != nil {
 			return multierror.Prefix(err, fmt.Sprintf("path %q:", key))
 		}
 
@@ -305,30 +306,3 @@ func parsePaths(result *Policy, list *ast.ObjectList) error {
 	result.Paths = paths
 	return nil
 }
-
-func checkHCLKeys(node ast.Node, valid []string) error {
-	var list *ast.ObjectList
-	switch n := node.(type) {
-	case *ast.ObjectList:
-		list = n
-	case *ast.ObjectType:
-		list = n.List
-	default:
-		return fmt.Errorf("cannot check HCL keys of type %T", n)
-	}
-
-	validMap := make(map[string]struct{}, len(valid))
-	for _, v := range valid {
-		validMap[v] = struct{}{}
-	}
-
-	var result error
-	for _, item := range list.Items {
-		key := item.Keys[0].Token.Value().(string)
-		if _, ok := validMap[key]; !ok {
-			result = multierror.Append(result, fmt.Errorf("invalid key %q on line %d", key, item.Assign.Line))
-		}
-	}
-
-	return result
-}