oss changes (#16407)

This commit is contained in:
Pratyoy Mukhopadhyay 2022-07-21 10:53:42 -07:00 committed by GitHub
parent 5062502756
commit 77ca499c6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 9 deletions

View File

@ -1209,7 +1209,7 @@ func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical.
// Update MemDB and persist entity object
err = i.upsertEntityInTxn(ctx, txn, entity, nil, true)
if err != nil {
return nil, false, err
return entity, entityCreated, err
}
txn.Commit()

View File

@ -1454,15 +1454,20 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
if err != nil {
switch auth.Alias.Local {
case true:
entity, err = possiblyForwardEntityCreation(ctx, c, err, auth, entity)
if err != nil && strings.Contains(err.Error(), errCreateEntityUnimplemented) {
// Only create a new entity if the error was a readonly error and the creation flag is true
// i.e the entity was in the middle of being created
if entityCreated && errors.Is(err, logical.ErrReadOnly) {
entity, err = possiblyForwardEntityCreation(ctx, c, err, auth, nil)
if err != nil {
if strings.Contains(err.Error(), errCreateEntityUnimplemented) {
resp.AddWarning("primary cluster doesn't yet issue entities for local auth mounts; falling back to not issuing entities for local auth mounts")
goto CREATE_TOKEN
} else {
return nil, nil, err
}
// If the entity creation via forwarding was successful, update the bool flag
if entity != nil && err == nil {
entityCreated = true
}
}
err = updateLocalAlias(ctx, c, auth, entity)
default:
entity, entityCreated, err = possiblyForwardAliasCreation(ctx, c, err, auth, entity)
}

View File

@ -60,6 +60,10 @@ func possiblyForwardEntityCreation(ctx context.Context, c *Core, inErr error, au
return entity, inErr
}
func updateLocalAlias(ctx context.Context, c *Core, auth *logical.Auth, entity *identity.Entity) error {
return nil
}
func possiblyForwardSaveCachedAuthResponse(ctx context.Context, c *Core, respAuth *MFACachedAuthResponse) error {
err := c.SaveMFAResponseAuth(respAuth)
if err != nil {