Simplify readonly view logic

vault/audit.go

@@ -330,17 +330,16 @@ func (c *Core) setupAudits(ctx context.Context) error {
 		// ensure that it is reset after. This ensures that there will be no
 		// writes during the construction of the backend.
 		view.setReadOnlyErr(logical.ErrSetupReadOnly)
+		defer view.setReadOnlyErr(nil)
 
 		// Initialize the backend
 		backend, err := c.newAuditBackend(ctx, entry, view, entry.Options)
 		if err != nil {
 			c.logger.Error("core: failed to create audit entry", "path", entry.Path, "error", err)
-			view.setReadOnlyErr(nil)
 			continue
 		}
 		if backend == nil {
 			c.logger.Error("core: created audit entry was nil", "path", entry.Path, "type", entry.Type)
-			view.setReadOnlyErr(nil)
 			continue
 		}
 
@@ -348,8 +347,6 @@ func (c *Core) setupAudits(ctx context.Context) error {
 		broker.Register(entry.Path, backend, view)
 
 		successCount += 1
-
-		view.setReadOnlyErr(nil)
 	}
 
 	if len(c.audit.Entries) > 0 && successCount == 0 {

vault/auth.go

@@ -436,7 +436,6 @@ func (c *Core) persistAuth(ctx context.Context, table *MountTable, localOnly boo
 func (c *Core) setupCredentials(ctx context.Context) error {
 	var err error
 	var persistNeeded bool
-	var view *BarrierView
 	var backendType logical.BackendType
 
 	c.authLock.Lock()
@@ -452,12 +451,13 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 
 		// Create a barrier view using the UUID
 		viewPath := credentialBarrierPrefix + entry.UUID + "/"
-		view = NewBarrierView(c.barrier, viewPath)
+		view := NewBarrierView(c.barrier, viewPath)
 
 		// Mark the view as read-only until the mounting is complete and
 		// ensure that it is reset after. This ensures that there will be no
 		// writes during the construction of the backend.
 		view.setReadOnlyErr(logical.ErrSetupReadOnly)
+		defer view.setReadOnlyErr(nil)
 
 		// Initialize the backend
 		sysView := c.mountEntrySysView(entry)
@@ -476,18 +476,15 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 				c.logger.Warn("core: skipping plugin-based credential entry", "path", entry.Path)
 				goto ROUTER_MOUNT
 			}
-			view.setReadOnlyErr(nil)
 			return errLoadAuthFailed
 		}
 		if backend == nil {
-			view.setReadOnlyErr(nil)
 			return fmt.Errorf("nil backend returned from %q factory", entry.Type)
 		}
 
 		// Check for the correct backend type
 		backendType = backend.Type()
 		if entry.Type == "plugin" && backendType != logical.TypeCredential {
-			view.setReadOnlyErr(nil)
 			return fmt.Errorf("cannot mount '%s' of type '%s' as an auth backend", entry.Config.PluginName, backendType)
 		}
 
@@ -496,7 +493,6 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 		path := credentialRoutePrefix + entry.Path
 		err = c.router.Mount(backend, path, entry, view)
 		if err != nil {
-			view.setReadOnlyErr(nil)
 			c.logger.Error("core: failed to mount auth entry", "path", entry.Path, "error", err)
 			return errLoadAuthFailed
 		}
@@ -514,8 +510,6 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 			c.router.tokenStoreSaltFunc = c.tokenStore.Salt
 			c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend)
 		}
-
-		view.setReadOnlyErr(nil)
 	}
 
 	if persistNeeded {

vault/mount.go

@@ -728,7 +728,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
 	c.mountsLock.Lock()
 	defer c.mountsLock.Unlock()
 
-	var view *BarrierView
 	var backendType logical.BackendType
 
 	for _, entry := range c.mounts.Entries {
@@ -740,12 +739,13 @@ func (c *Core) setupMounts(ctx context.Context) error {
 		}
 
 		// Create a barrier view using the UUID
-		view = NewBarrierView(c.barrier, barrierPath)
+		view := NewBarrierView(c.barrier, barrierPath)
 
 		// Mark the view as read-only until the mounting is complete and
 		// ensure that it is reset after. This ensures that there will be no
 		// writes during the construction of the backend.
 		view.setReadOnlyErr(logical.ErrSetupReadOnly)
+		defer view.setReadOnlyErr(nil)
 
 		var backend logical.Backend
 		var err error
@@ -766,18 +766,15 @@ func (c *Core) setupMounts(ctx context.Context) error {
 				c.logger.Warn("core: skipping plugin-based mount entry", "path", entry.Path)
 				goto ROUTER_MOUNT
 			}
-			view.setReadOnlyErr(nil)
 			return errLoadMountsFailed
 		}
 		if backend == nil {
-			view.setReadOnlyErr(nil)
 			return fmt.Errorf("created mount entry of type %q is nil", entry.Type)
 		}
 
 		// Check for the correct backend type
 		backendType = backend.Type()
 		if entry.Type == "plugin" && backendType != logical.TypeLogical {
-			view.setReadOnlyErr(nil)
 			return fmt.Errorf("cannot mount '%s' of type '%s' as a logical backend", entry.Config.PluginName, backendType)
 		}
 
@@ -787,7 +784,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
 		// Mount the backend
 		err = c.router.Mount(backend, entry.Path, entry, view)
 		if err != nil {
-			view.setReadOnlyErr(nil)
 			c.logger.Error("core: failed to mount entry", "path", entry.Path, "error", err)
 			return errLoadMountsFailed
 		}
@@ -800,8 +796,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
 		if entry.Tainted {
 			c.router.Taint(entry.Path)
 		}
-
-		view.setReadOnlyErr(nil)
 	}
 	return nil
 }