Seal wrap all root tokens and their leases (#3540)
This commit is contained in:
parent
2af5b9274f
commit
119607dcb7
|
@ -1104,6 +1104,9 @@ func (m *ExpirationManager) persistEntry(le *leaseEntry) error {
|
|||
Key: le.LeaseID,
|
||||
Value: buf,
|
||||
}
|
||||
if le.Auth != nil && len(le.Auth.Policies) == 1 && le.Auth.Policies[0] == "root" {
|
||||
ent.SealWrap = true
|
||||
}
|
||||
if err := m.idView.Put(&ent); err != nil {
|
||||
return fmt.Errorf("failed to persist lease entry: %v", err)
|
||||
}
|
||||
|
|
|
@ -838,6 +838,9 @@ func (ts *TokenStore) storeCommon(entry *TokenEntry, writeSecondary bool) error
|
|||
// Write the primary ID
|
||||
path := lookupPrefix + saltedId
|
||||
le := &logical.StorageEntry{Key: path, Value: enc}
|
||||
if len(entry.Policies) == 1 && entry.Policies[0] == "root" {
|
||||
le.SealWrap = true
|
||||
}
|
||||
if err := ts.view.Put(le); err != nil {
|
||||
return fmt.Errorf("failed to persist entry: %v", err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue