From 2cf4490b371c1fbe52a82e81f0342c68264b2fab Mon Sep 17 00:00:00 2001
From: "Nathan J. Mehl" <n@climate.com>
Date: Sun, 10 Jul 2016 15:57:47 -0700
Subject: [PATCH] use role name rather than token displayname in generated
 mysql usernames

If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.

See https://github.com/hashicorp/vault/pull/1603 for further discussion.
---
 builtin/logical/mysql/path_role_create.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/logical/mysql/path_role_create.go b/builtin/logical/mysql/path_role_create.go
index 5c10f9c87..4d0553176 100644
--- a/builtin/logical/mysql/path_role_create.go
+++ b/builtin/logical/mysql/path_role_create.go
@@ -51,7 +51,7 @@ func (b *backend) pathRoleCreateRead(
 	}
 
 	// Generate our username and password. MySQL limits user to 16 characters
-	displayName := req.DisplayName
+	displayName := name
 	if len(displayName) > 10 {
 		displayName = displayName[:10]
 	}