luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

oss changes (#16407)

This commit is contained in:
Pratyoy Mukhopadhyay 2022-07-21 10:53:42 -07:00 committed by GitHub
parent 5062502756
commit 77ca499c6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vault/identity_store.go
View File

@ -1209,7 +1209,7 @@ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical.
// Update MemDB and persist entity object // Update MemDB and persist entity object
err = i.upsertEntityInTxn(ctx, txn, entity, nil, true) err = i.upsertEntityInTxn(ctx, txn, entity, nil, true)
if err != nil { if err != nil {
return nil, false, err return entity, entityCreated, err
} }
txn.Commit() txn.Commit()

21
vault/request_handling.go
View File

@ -1454,15 +1454,20 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
if err != nil { if err != nil {
switch auth.Alias.Local { switch auth.Alias.Local {
case true: case true:
entity, err = possiblyForwardEntityCreation(ctx, c, err, auth, entity) // Only create a new entity if the error was a readonly error and the creation flag is true
if err != nil && strings.Contains(err.Error(), errCreateEntityUnimplemented) { // i.e the entity was in the middle of being created
resp.AddWarning("primary cluster doesn't yet issue entities for local auth mounts; falling back to not issuing entities for local auth mounts") if entityCreated && errors.Is(err, logical.ErrReadOnly) {
goto CREATE_TOKEN entity, err = possiblyForwardEntityCreation(ctx, c, err, auth, nil)
} if err != nil {
// If the entity creation via forwarding was successful, update the bool flag if strings.Contains(err.Error(), errCreateEntityUnimplemented) {
if entity != nil && err == nil { resp.AddWarning("primary cluster doesn't yet issue entities for local auth mounts; falling back to not issuing entities for local auth mounts")
entityCreated = true goto CREATE_TOKEN
} else {
return nil, nil, err
}
}
} }
err = updateLocalAlias(ctx, c, auth, entity)
default: default:
entity, entityCreated, err = possiblyForwardAliasCreation(ctx, c, err, auth, entity) entity, entityCreated, err = possiblyForwardAliasCreation(ctx, c, err, auth, entity)
} }

4
vault/request_handling_util.go
View File

@ -60,6 +60,10 @@ func possiblyForwardEntityCreation(ctx context.Context, c *Core, inErr error, au
return entity, inErr return entity, inErr
} }
func updateLocalAlias(ctx context.Context, c *Core, auth *logical.Auth, entity *identity.Entity) error {
return nil
}
func possiblyForwardSaveCachedAuthResponse(ctx context.Context, c *Core, respAuth *MFACachedAuthResponse) error { func possiblyForwardSaveCachedAuthResponse(ctx context.Context, c *Core, respAuth *MFACachedAuthResponse) error {
err := c.SaveMFAResponseAuth(respAuth) err := c.SaveMFAResponseAuth(respAuth)
if err != nil { if err != nil {