use role name rather than token displayname in generated mysql usernames

If a single token generates multiple myself roles, the generated mysql username was previously prepended with the displayname of the vault user; this makes the output of `show processlist` in mysql potentially difficult to correlate with the roles actually in use without cross- checking against the vault audit log. See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00 · 2016-07-10 15:57:47 -07:00 · 2cf4490b37
parent 7a224ec0bd
commit 2cf4490b37
1 changed files with 1 additions and 1 deletions
--- a/builtin/logical/mysql/path_role_create.go
+++ b/builtin/logical/mysql/path_role_create.go
@ -51,7 +51,7 @@ func (b *backend) pathRoleCreateRead(
 	}

 	// Generate our username and password. MySQL limits user to 16 characters
-	displayName := req.DisplayName
+	displayName := name
 	if len(displayName) > 10 {
 		displayName = displayName[:10]
 	}