Simplify readonly view logic
This commit is contained in:
Jeff Mitchell
parent
bf66dc2841
commit
847e499261
|
|
@ -330,17 +330,16 @@ func (c *Core) setupAudits(ctx context.Context) error {
|
||||||
// ensure that it is reset after. This ensures that there will be no
|
// ensure that it is reset after. This ensures that there will be no
|
||||||
// writes during the construction of the backend.
|
// writes during the construction of the backend.
|
||||||
view.setReadOnlyErr(logical.ErrSetupReadOnly)
|
view.setReadOnlyErr(logical.ErrSetupReadOnly)
|
||||||
|
defer view.setReadOnlyErr(nil)
|
||||||
|
|
||||||
// Initialize the backend
|
// Initialize the backend
|
||||||
backend, err := c.newAuditBackend(ctx, entry, view, entry.Options)
|
backend, err := c.newAuditBackend(ctx, entry, view, entry.Options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.logger.Error("core: failed to create audit entry", "path", entry.Path, "error", err)
|
c.logger.Error("core: failed to create audit entry", "path", entry.Path, "error", err)
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if backend == nil {
|
if backend == nil {
|
||||||
c.logger.Error("core: created audit entry was nil", "path", entry.Path, "type", entry.Type)
|
c.logger.Error("core: created audit entry was nil", "path", entry.Path, "type", entry.Type)
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -348,8 +347,6 @@ func (c *Core) setupAudits(ctx context.Context) error {
|
||||||
broker.Register(entry.Path, backend, view)
|
broker.Register(entry.Path, backend, view)
|
||||||
|
|
||||||
successCount += 1
|
successCount += 1
|
||||||
|
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(c.audit.Entries) > 0 && successCount == 0 {
|
if len(c.audit.Entries) > 0 && successCount == 0 {
|
||||||
|
|
|
||||||
|
|
@ -436,7 +436,6 @@ func (c *Core) persistAuth(ctx context.Context, table *MountTable, localOnly boo
|
||||||
func (c *Core) setupCredentials(ctx context.Context) error {
|
func (c *Core) setupCredentials(ctx context.Context) error {
|
||||||
var err error
|
var err error
|
||||||
var persistNeeded bool
|
var persistNeeded bool
|
||||||
var view *BarrierView
|
|
||||||
var backendType logical.BackendType
|
var backendType logical.BackendType
|
||||||
|
|
||||||
c.authLock.Lock()
|
c.authLock.Lock()
|
||||||
|
|
@ -452,12 +451,13 @@ func (c *Core) setupCredentials(ctx context.Context) error {
|
||||||
|
|
||||||
// Create a barrier view using the UUID
|
// Create a barrier view using the UUID
|
||||||
viewPath := credentialBarrierPrefix + entry.UUID + "/"
|
viewPath := credentialBarrierPrefix + entry.UUID + "/"
|
||||||
view = NewBarrierView(c.barrier, viewPath)
|
view := NewBarrierView(c.barrier, viewPath)
|
||||||
|
|
||||||
// Mark the view as read-only until the mounting is complete and
|
// Mark the view as read-only until the mounting is complete and
|
||||||
// ensure that it is reset after. This ensures that there will be no
|
// ensure that it is reset after. This ensures that there will be no
|
||||||
// writes during the construction of the backend.
|
// writes during the construction of the backend.
|
||||||
view.setReadOnlyErr(logical.ErrSetupReadOnly)
|
view.setReadOnlyErr(logical.ErrSetupReadOnly)
|
||||||
|
defer view.setReadOnlyErr(nil)
|
||||||
|
|
||||||
// Initialize the backend
|
// Initialize the backend
|
||||||
sysView := c.mountEntrySysView(entry)
|
sysView := c.mountEntrySysView(entry)
|
||||||
|
|
@ -476,18 +476,15 @@ func (c *Core) setupCredentials(ctx context.Context) error {
|
||||||
c.logger.Warn("core: skipping plugin-based credential entry", "path", entry.Path)
|
c.logger.Warn("core: skipping plugin-based credential entry", "path", entry.Path)
|
||||||
goto ROUTER_MOUNT
|
goto ROUTER_MOUNT
|
||||||
}
|
}
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
return errLoadAuthFailed
|
return errLoadAuthFailed
|
||||||
}
|
}
|
||||||
if backend == nil {
|
if backend == nil {
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
return fmt.Errorf("nil backend returned from %q factory", entry.Type)
|
return fmt.Errorf("nil backend returned from %q factory", entry.Type)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for the correct backend type
|
// Check for the correct backend type
|
||||||
backendType = backend.Type()
|
backendType = backend.Type()
|
||||||
if entry.Type == "plugin" && backendType != logical.TypeCredential {
|
if entry.Type == "plugin" && backendType != logical.TypeCredential {
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
return fmt.Errorf("cannot mount '%s' of type '%s' as an auth backend", entry.Config.PluginName, backendType)
|
return fmt.Errorf("cannot mount '%s' of type '%s' as an auth backend", entry.Config.PluginName, backendType)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -496,7 +493,6 @@ func (c *Core) setupCredentials(ctx context.Context) error {
|
||||||
path := credentialRoutePrefix + entry.Path
|
path := credentialRoutePrefix + entry.Path
|
||||||
err = c.router.Mount(backend, path, entry, view)
|
err = c.router.Mount(backend, path, entry, view)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
c.logger.Error("core: failed to mount auth entry", "path", entry.Path, "error", err)
|
c.logger.Error("core: failed to mount auth entry", "path", entry.Path, "error", err)
|
||||||
return errLoadAuthFailed
|
return errLoadAuthFailed
|
||||||
}
|
}
|
||||||
|
|
@ -514,8 +510,6 @@ func (c *Core) setupCredentials(ctx context.Context) error {
|
||||||
c.router.tokenStoreSaltFunc = c.tokenStore.Salt
|
c.router.tokenStoreSaltFunc = c.tokenStore.Salt
|
||||||
c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend)
|
c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend)
|
||||||
}
|
}
|
||||||
|
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if persistNeeded {
|
if persistNeeded {
|
||||||
|
|
|
||||||
|
|
@ -728,7 +728,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
|
||||||
c.mountsLock.Lock()
|
c.mountsLock.Lock()
|
||||||
defer c.mountsLock.Unlock()
|
defer c.mountsLock.Unlock()
|
||||||
|
|
||||||
var view *BarrierView
|
|
||||||
var backendType logical.BackendType
|
var backendType logical.BackendType
|
||||||
|
|
||||||
for _, entry := range c.mounts.Entries {
|
for _, entry := range c.mounts.Entries {
|
||||||
|
|
@ -740,12 +739,13 @@ func (c *Core) setupMounts(ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a barrier view using the UUID
|
// Create a barrier view using the UUID
|
||||||
view = NewBarrierView(c.barrier, barrierPath)
|
view := NewBarrierView(c.barrier, barrierPath)
|
||||||
|
|
||||||
// Mark the view as read-only until the mounting is complete and
|
// Mark the view as read-only until the mounting is complete and
|
||||||
// ensure that it is reset after. This ensures that there will be no
|
// ensure that it is reset after. This ensures that there will be no
|
||||||
// writes during the construction of the backend.
|
// writes during the construction of the backend.
|
||||||
view.setReadOnlyErr(logical.ErrSetupReadOnly)
|
view.setReadOnlyErr(logical.ErrSetupReadOnly)
|
||||||
|
defer view.setReadOnlyErr(nil)
|
||||||
|
|
||||||
var backend logical.Backend
|
var backend logical.Backend
|
||||||
var err error
|
var err error
|
||||||
|
|
@ -766,18 +766,15 @@ func (c *Core) setupMounts(ctx context.Context) error {
|
||||||
c.logger.Warn("core: skipping plugin-based mount entry", "path", entry.Path)
|
c.logger.Warn("core: skipping plugin-based mount entry", "path", entry.Path)
|
||||||
goto ROUTER_MOUNT
|
goto ROUTER_MOUNT
|
||||||
}
|
}
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
return errLoadMountsFailed
|
return errLoadMountsFailed
|
||||||
}
|
}
|
||||||
if backend == nil {
|
if backend == nil {
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
return fmt.Errorf("created mount entry of type %q is nil", entry.Type)
|
return fmt.Errorf("created mount entry of type %q is nil", entry.Type)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for the correct backend type
|
// Check for the correct backend type
|
||||||
backendType = backend.Type()
|
backendType = backend.Type()
|
||||||
if entry.Type == "plugin" && backendType != logical.TypeLogical {
|
if entry.Type == "plugin" && backendType != logical.TypeLogical {
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
return fmt.Errorf("cannot mount '%s' of type '%s' as a logical backend", entry.Config.PluginName, backendType)
|
return fmt.Errorf("cannot mount '%s' of type '%s' as a logical backend", entry.Config.PluginName, backendType)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -787,7 +784,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
|
||||||
// Mount the backend
|
// Mount the backend
|
||||||
err = c.router.Mount(backend, entry.Path, entry, view)
|
err = c.router.Mount(backend, entry.Path, entry, view)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
c.logger.Error("core: failed to mount entry", "path", entry.Path, "error", err)
|
c.logger.Error("core: failed to mount entry", "path", entry.Path, "error", err)
|
||||||
return errLoadMountsFailed
|
return errLoadMountsFailed
|
||||||
}
|
}
|
||||||
|
|
@ -800,8 +796,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
|
||||||
if entry.Tainted {
|
if entry.Tainted {
|
||||||
c.router.Taint(entry.Path)
|
c.router.Taint(entry.Path)
|
||||||
}
|
}
|
||||||
|
|
||||||
view.setReadOnlyErr(nil)
|
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue