Directly pass the cubbyhole backend to the token store and bypass logic in router

2015-09-15 13:49:53 -04:00 · 2015-09-15 13:49:53 -04:00 · e7d5a18e94
parent 849b78daee
commit e7d5a18e94
4 changed files with 15 additions and 20 deletions
--- a/vault/auth.go
+++ b/vault/auth.go
@ -269,12 +269,7 @@ func (c *Core) setupCredentials() error {

 			// this is loaded *after* the normal mounts, including cubbyhole
 			c.router.tokenStoreSalt = backend.(*TokenStore).salt
-
-			c.tokenStore.cubbyConfig = cubbyholeConfig{
-				revokeFunc:  c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend).revoke,
-				storageView: c.router.MatchingStorageView("cubbyhole/"),
-				saltUUID:    c.router.MatchingMountEntry("cubbyhole/").UUID,
-			}
+			c.tokenStore.cubbyholeBackend = c.router.MatchingBackend("cubbyhole/").(*CubbyholeBackend)
 		}
 	}
 	return nil
--- a/vault/logical_cubbyhole.go
+++ b/vault/logical_cubbyhole.go
@ -46,14 +46,17 @@ func CubbyholeBackendFactory(conf *logical.BackendConfig) (logical.Backend, erro
 // storage view. The view is removed when the token expires.
 type CubbyholeBackend struct {
 	*framework.Backend
+
+	saltUUID    string
+	storageView logical.Storage
 }

-func (b *CubbyholeBackend) revoke(saltedToken string, storageView logical.Storage) error {
+func (b *CubbyholeBackend) revoke(saltedToken string) error {
 	if saltedToken == "" {
 		return fmt.Errorf("[ERR] cubbyhole: client token empty during revocation")
 	}

-	if err := ClearView(storageView.(*BarrierView).SubView(saltedToken + "/")); err != nil {
+	if err := ClearView(b.storageView.(*BarrierView).SubView(saltedToken + "/")); err != nil {
 		return err
 	}

--- a/vault/mount.go
+++ b/vault/mount.go
@ -456,8 +456,13 @@ func (c *Core) setupMounts() error {
 			return errLoadMountsFailed
 		}

-		if entry.Type == "system" {
+		switch entry.Type {
+		case "system":
 			c.systemBarrierView = view
+		case "cubbyhole":
+			ch := backend.(*CubbyholeBackend)
+			ch.saltUUID = entry.UUID
+			ch.storageView = view
 		}

 		// Mount the backend
--- a/vault/token_store.go
+++ b/vault/token_store.go
@ -34,14 +34,6 @@ var (
 	displayNameSanitize = regexp.MustCompile("[^a-zA-Z0-9-]")
 )

-// cubbyholeConfig is used to store information necessary for telling the
-// cubbyhole backend to remove the tree for the token
-type cubbyholeConfig struct {
-	revokeFunc  func(string, logical.Storage) error
-	storageView *BarrierView
-	saltUUID    string
-}
-
 // TokenStore is used to manage client tokens. Tokens are used for
 // clients to authenticate, and each token is mapped to an applicable
 // set of policy which is used for authorization.
@ -53,7 +45,7 @@ type TokenStore struct {

 	expiration *ExpirationManager

-	cubbyConfig cubbyholeConfig
+	cubbyholeBackend *CubbyholeBackend
 }

 // NewTokenStore is used to construct a token store that is
@ -714,11 +706,11 @@ func (ts *TokenStore) handleRenew(
 }

 func (ts *TokenStore) destroyCubbyhole(saltedID string) error {
-	if ts.cubbyConfig.revokeFunc == nil {
+	if ts.cubbyholeBackend == nil {
 		// Should only ever happen in testing
 		return nil
 	}
-	return ts.cubbyConfig.revokeFunc(salt.SaltID(ts.cubbyConfig.saltUUID, saltedID, salt.SHA1Hash), ts.cubbyConfig.storageView)
+	return ts.cubbyholeBackend.revoke(salt.SaltID(ts.cubbyholeBackend.saltUUID, saltedID, salt.SHA1Hash))
 }

 const (