don't ignore errors (#5087)

2018-08-10 22:32:10 -04:00 · 2018-08-10 22:32:10 -04:00 · 303b2f97ff
parent 68d27c7c38
commit 303b2f97ff
3 changed files with 9 additions and 6 deletions
--- a/vault/core.go
+++ b/vault/core.go
@ -1070,10 +1070,11 @@ func (c *Core) sealInitCommon(ctx context.Context, req *logical.Request) (retErr
 	})
 	if !authResults.Allowed {
 		c.stateLock.RUnlock()
+		retErr = multierror.Append(retErr, authResults.Error)
 		if authResults.Error.ErrorOrNil() == nil || authResults.DeniedError {
-			return logical.ErrPermissionDenied
+			retErr = multierror.Append(retErr, logical.ErrPermissionDenied)
 		}
-		return authResults.Error
+		return retErr
 	}

 	if te != nil && te.NumUses == tokenRevocationPending {
--- a/vault/ha.go
+++ b/vault/ha.go
@ -235,10 +235,11 @@ func (c *Core) StepDown(httpCtx context.Context, req *logical.Request) (retErr e
 	})
 	if !authResults.Allowed {
 		c.stateLock.RUnlock()
+		retErr = multierror.Append(retErr, authResults.Error)
 		if authResults.Error.ErrorOrNil() == nil || authResults.DeniedError {
-			return logical.ErrPermissionDenied
+			retErr = multierror.Append(retErr, logical.ErrPermissionDenied)
 		}
-		return authResults.Error
+		return retErr
 	}

 	if te != nil && te.NumUses == tokenRevocationPending {
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@ -262,10 +262,11 @@ func (c *Core) checkToken(ctx context.Context, req *logical.Request, unauth bool
 		RootPrivsRequired: rootPath,
 	})
 	if !authResults.Allowed {
+		retErr := authResults.Error
 		if authResults.Error.ErrorOrNil() == nil || authResults.DeniedError {
-			return auth, te, logical.ErrPermissionDenied
+			retErr = multierror.Append(retErr, logical.ErrPermissionDenied)
 		}
-		return auth, te, authResults.Error
+		return auth, te, retErr
 	}

 	return auth, te, nil