Don't defer revocation when sealing, and clear out response/auth if there is a token use error
This commit is contained in:
parent
0e8e3660ff
commit
db79dd8c22
|
@ -410,6 +410,8 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
|
||||||
// Attempt to use the token (decrement num_uses)
|
// Attempt to use the token (decrement num_uses)
|
||||||
if err := c.tokenStore.UseToken(te); err != nil {
|
if err := c.tokenStore.UseToken(te); err != nil {
|
||||||
c.logger.Printf("[ERR] core: failed to use token: %v", err)
|
c.logger.Printf("[ERR] core: failed to use token: %v", err)
|
||||||
|
retResp = nil
|
||||||
|
retAuth = nil
|
||||||
retErr = ErrInternalError
|
retErr = ErrInternalError
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
@ -965,20 +967,25 @@ func (c *Core) Seal(token string) (retErr error) {
|
||||||
// Validate the token is a root token
|
// Validate the token is a root token
|
||||||
_, te, err := c.checkToken(logical.WriteOperation, "sys/seal", token)
|
_, te, err := c.checkToken(logical.WriteOperation, "sys/seal", token)
|
||||||
if te != nil {
|
if te != nil {
|
||||||
defer func() {
|
// Attempt to use the token (decrement num_uses)
|
||||||
// Attempt to use the token (decrement num_uses)
|
if err := c.tokenStore.UseToken(te); err != nil {
|
||||||
if err := c.tokenStore.UseToken(te); err != nil {
|
c.logger.Printf("[ERR] core: failed to use token: %v", err)
|
||||||
c.logger.Printf("[ERR] core: failed to use token: %v", err)
|
retErr = ErrInternalError
|
||||||
retErr = ErrInternalError
|
}
|
||||||
}
|
|
||||||
}()
|
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Seal the Vault
|
// Seal the Vault
|
||||||
return c.sealInternal()
|
err = c.sealInternal()
|
||||||
|
if err == nil && retErr == ErrInternalError {
|
||||||
|
c.logger.Printf("[ERR] core: core is successfully sealed but another error occurred during the operation")
|
||||||
|
} else {
|
||||||
|
retErr = err
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// sealInternal is an internal method used to seal the vault.
|
// sealInternal is an internal method used to seal the vault.
|
||||||
|
|
Loading…
Reference in a new issue