Use mcdsl/terminal for all password prompts
Replace direct golang.org/x/term calls with mcdsl/terminal.ReadPassword across mciasctl (6 sites), mciasgrpcctl (1 site), and mciasdb (1 site). Aligns with the new CLI security standard in engineering-standards.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
58
vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go
generated
vendored
58
vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go
generated
vendored
@@ -22,11 +22,13 @@ package delegatingresolver
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"sync"
|
||||
|
||||
"google.golang.org/grpc/grpclog"
|
||||
"google.golang.org/grpc/internal/envconfig"
|
||||
"google.golang.org/grpc/internal/proxyattributes"
|
||||
"google.golang.org/grpc/internal/transport"
|
||||
"google.golang.org/grpc/internal/transport/networktype"
|
||||
@@ -40,6 +42,8 @@ var (
|
||||
HTTPSProxyFromEnvironment = http.ProxyFromEnvironment
|
||||
)
|
||||
|
||||
const defaultPort = "443"
|
||||
|
||||
// delegatingResolver manages both target URI and proxy address resolution by
|
||||
// delegating these tasks to separate child resolvers. Essentially, it acts as
|
||||
// an intermediary between the gRPC ClientConn and the child resolvers.
|
||||
@@ -107,10 +111,18 @@ func New(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOpti
|
||||
targetResolver: nopResolver{},
|
||||
}
|
||||
|
||||
addr := target.Endpoint()
|
||||
var err error
|
||||
r.proxyURL, err = proxyURLForTarget(target.Endpoint())
|
||||
if target.URL.Scheme == "dns" && !targetResolutionEnabled && envconfig.EnableDefaultPortForProxyTarget {
|
||||
addr, err = parseTarget(addr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("delegating_resolver: invalid target address %q: %v", target.Endpoint(), err)
|
||||
}
|
||||
}
|
||||
|
||||
r.proxyURL, err = proxyURLForTarget(addr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("delegating_resolver: failed to determine proxy URL for target %s: %v", target, err)
|
||||
return nil, fmt.Errorf("delegating_resolver: failed to determine proxy URL for target %q: %v", target, err)
|
||||
}
|
||||
|
||||
// proxy is not configured or proxy address excluded using `NO_PROXY` env
|
||||
@@ -132,8 +144,8 @@ func New(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOpti
|
||||
// bypass the target resolver and store the unresolved target address.
|
||||
if target.URL.Scheme == "dns" && !targetResolutionEnabled {
|
||||
r.targetResolverState = &resolver.State{
|
||||
Addresses: []resolver.Address{{Addr: target.Endpoint()}},
|
||||
Endpoints: []resolver.Endpoint{{Addresses: []resolver.Address{{Addr: target.Endpoint()}}}},
|
||||
Addresses: []resolver.Address{{Addr: addr}},
|
||||
Endpoints: []resolver.Endpoint{{Addresses: []resolver.Address{{Addr: addr}}}},
|
||||
}
|
||||
r.updateTargetResolverState(*r.targetResolverState)
|
||||
return r, nil
|
||||
@@ -202,6 +214,44 @@ func needsProxyResolver(state *resolver.State) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// parseTarget takes a target string and ensures it is a valid "host:port" target.
|
||||
//
|
||||
// It does the following:
|
||||
// 1. If the target already has a port (e.g., "host:port", "[ipv6]:port"),
|
||||
// it is returned as is.
|
||||
// 2. If the host part is empty (e.g., ":80"), it defaults to "localhost",
|
||||
// returning "localhost:80".
|
||||
// 3. If the target is missing a port (e.g., "host", "ipv6"), the defaultPort
|
||||
// is added.
|
||||
//
|
||||
// An error is returned for empty targets or targets with a trailing colon
|
||||
// but no port (e.g., "host:").
|
||||
func parseTarget(target string) (string, error) {
|
||||
if target == "" {
|
||||
return "", fmt.Errorf("missing address")
|
||||
}
|
||||
|
||||
host, port, err := net.SplitHostPort(target)
|
||||
if err != nil {
|
||||
// If SplitHostPort fails, it's likely because the port is missing.
|
||||
// We append the default port and return the result.
|
||||
return net.JoinHostPort(target, defaultPort), nil
|
||||
}
|
||||
|
||||
// If SplitHostPort succeeds, we check for edge cases.
|
||||
if port == "" {
|
||||
// A success with an empty port means the target had a trailing colon,
|
||||
// e.g., "host:", which is an error.
|
||||
return "", fmt.Errorf("missing port after port-separator colon")
|
||||
}
|
||||
if host == "" {
|
||||
// A success with an empty host means the target was like ":80".
|
||||
// We default the host to "localhost".
|
||||
host = "localhost"
|
||||
}
|
||||
return net.JoinHostPort(host, port), nil
|
||||
}
|
||||
|
||||
func skipProxy(address resolver.Address) bool {
|
||||
// Avoid proxy when network is not tcp.
|
||||
networkType, ok := networktype.Get(address)
|
||||
|
||||
35
vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
generated
vendored
35
vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go
generated
vendored
@@ -125,20 +125,23 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts
|
||||
// IP address.
|
||||
if ipAddr, err := formatIP(host); err == nil {
|
||||
addr := []resolver.Address{{Addr: ipAddr + ":" + port}}
|
||||
cc.UpdateState(resolver.State{Addresses: addr})
|
||||
cc.UpdateState(resolver.State{
|
||||
Addresses: addr,
|
||||
Endpoints: []resolver.Endpoint{{Addresses: addr}},
|
||||
})
|
||||
return deadResolver{}, nil
|
||||
}
|
||||
|
||||
// DNS address (non-IP).
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
d := &dnsResolver{
|
||||
host: host,
|
||||
port: port,
|
||||
ctx: ctx,
|
||||
cancel: cancel,
|
||||
cc: cc,
|
||||
rn: make(chan struct{}, 1),
|
||||
disableServiceConfig: opts.DisableServiceConfig,
|
||||
host: host,
|
||||
port: port,
|
||||
ctx: ctx,
|
||||
cancel: cancel,
|
||||
cc: cc,
|
||||
rn: make(chan struct{}, 1),
|
||||
enableServiceConfig: envconfig.EnableTXTServiceConfig && !opts.DisableServiceConfig,
|
||||
}
|
||||
|
||||
d.resolver, err = internal.NewNetResolver(target.URL.Host)
|
||||
@@ -181,8 +184,8 @@ type dnsResolver struct {
|
||||
// finishes, race detector sometimes will warn lookup (READ the lookup
|
||||
// function pointers) inside watcher() goroutine has data race with
|
||||
// replaceNetFunc (WRITE the lookup function pointers).
|
||||
wg sync.WaitGroup
|
||||
disableServiceConfig bool
|
||||
wg sync.WaitGroup
|
||||
enableServiceConfig bool
|
||||
}
|
||||
|
||||
// ResolveNow invoke an immediate resolution of the target that this
|
||||
@@ -342,11 +345,19 @@ func (d *dnsResolver) lookup() (*resolver.State, error) {
|
||||
return nil, hostErr
|
||||
}
|
||||
|
||||
state := resolver.State{Addresses: addrs}
|
||||
eps := make([]resolver.Endpoint, 0, len(addrs))
|
||||
for _, addr := range addrs {
|
||||
eps = append(eps, resolver.Endpoint{Addresses: []resolver.Address{addr}})
|
||||
}
|
||||
|
||||
state := resolver.State{
|
||||
Addresses: addrs,
|
||||
Endpoints: eps,
|
||||
}
|
||||
if len(srv) > 0 {
|
||||
state = grpclbstate.Set(state, &grpclbstate.State{BalancerAddresses: srv})
|
||||
}
|
||||
if !d.disableServiceConfig {
|
||||
if d.enableServiceConfig {
|
||||
state.ServiceConfig = d.lookupTXT(ctx)
|
||||
}
|
||||
return &state, nil
|
||||
|
||||
Reference in New Issue
Block a user