Disable rollback on auth for now and add workaround for its auth/ adding to entry paths

vault/auth.go

@@ -251,11 +251,18 @@ func (c *Core) setupCredentials() error {
 	var backend logical.Backend
 	var view *BarrierView
 	var err error
+	var persistNeeded bool
 
 	c.authLock.Lock()
 	defer c.authLock.Unlock()
 
 	for _, entry := range c.auth.Entries {
+		// Work around some problematic code that existed in master for a while
+		if strings.HasPrefix(entry.Path, credentialRoutePrefix) {
+			entry.Path = strings.TrimPrefix(entry.Path, credentialRoutePrefix)
+			persistNeeded = true
+		}
+
 		// Create a barrier view using the UUID
 		view = NewBarrierView(c.barrier, credentialBarrierPrefix+entry.UUID+"/")
 
@@ -290,6 +297,11 @@ func (c *Core) setupCredentials() error {
 			c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend)
 		}
 	}
+
+	if persistNeeded {
+		return c.persistAuth(c.auth)
+	}
+
 	return nil
 }
 

vault/rollback.go

@@ -191,14 +191,19 @@ func (c *Core) startRollback() error {
 		for _, entry := range c.mounts.Entries {
 			ret = append(ret, entry)
 		}
-		c.authLock.RLock()
-		defer c.authLock.RUnlock()
-		for _, entry := range c.auth.Entries {
-			if !strings.HasPrefix(entry.Path, "auth/") {
-				entry.Path = "auth/" + entry.Path
+		// NOTE NOTE NOTE
+		// We cannot do the below this way. Modifying the mount entries leads
+		// to those modified entries being persisted and that's very very bad
+		/*
+			c.authLock.RLock()
+			defer c.authLock.RUnlock()
+			for _, entry := range c.auth.Entries {
+				if !strings.HasPrefix(entry.Path, "auth/") {
+					entry.Path = "auth/" + entry.Path
+				}
+				ret = append(ret, entry)
 			}
-			ret = append(ret, entry)
-		}
+		*/
 		return ret
 	}
 	c.rollback = NewRollbackManager(c.logger, backendsFunc, c.router)