vault: Adding Untaint to router

2015-04-02 12:01:53 -07:00 · 2015-04-02 12:01:53 -07:00 · 3a8dc4dff9
parent bfe7a1e901
commit 3a8dc4dff9
2 changed files with 42 additions and 0 deletions
--- a/vault/router.go
+++ b/vault/router.go
@ -97,6 +97,17 @@ func (r *Router) Taint(path string) error {
 	return nil
 }

+// Untaint is used to unmark a path as tainted.
+func (r *Router) Untaint(path string) error {
+	r.l.Lock()
+	defer r.l.Unlock()
+	_, raw, ok := r.root.LongestPrefix(path)
+	if ok {
+		raw.(*mountEntry).tainted = false
+	}
+	return nil
+}
+
 // MatchingMount returns the mount prefix that would be used for a path
 func (r *Router) MatchingMount(path string) string {
 	r.l.RLock()
--- a/vault/router_test.go
+++ b/vault/router_test.go
@ -300,6 +300,37 @@ func TestRouter_Taint(t *testing.T) {
 	}
 }

+func TestRouter_Untaint(t *testing.T) {
+	r := NewRouter()
+	_, barrier, _ := mockBarrier(t)
+	view := NewBarrierView(barrier, "logical/")
+
+	n := &NoopBackend{}
+	err := r.Mount(n, "prod/aws/", view)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	err = r.Taint("prod/aws/")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	err = r.Untaint("prod/aws/")
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	req := &logical.Request{
+		Operation: logical.ReadOperation,
+		Path:      "prod/aws/foo",
+	}
+	_, err = r.Route(req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+}
+
 func TestPathsToRadix(t *testing.T) {
 	// Provide real paths
 	paths := []string{