Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core
GitHub
parent
1ca272a127
commit
f279de6704
|
|
@ -1253,13 +1253,8 @@ func (c *Core) handleRequest(ctx context.Context, req *logical.Request) (retResp
|
|||
NamespaceID: ns.ID,
|
||||
}
|
||||
|
||||
// Check for request role in context to role based quotas
|
||||
var role string
|
||||
if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
|
||||
role = reqRole.(string)
|
||||
}
|
||||
|
||||
if err := c.expiration.RegisterAuth(ctx, registeredTokenEntry, resp.Auth, role); err != nil {
|
||||
// Only logins apply to role based quotas, so we can omit the role here, as we are not logging in.
|
||||
if err := c.expiration.RegisterAuth(ctx, registeredTokenEntry, resp.Auth, ""); err != nil {
|
||||
// Best-effort clean up on error, so we log the cleanup error as
|
||||
// a warning but still return as internal error.
|
||||
if err := c.tokenStore.revokeOrphan(ctx, resp.Auth.ClientToken); err != nil {
|
||||
|
|
|
|||
|
|
@ -327,14 +327,9 @@ DONELISTHANDLING:
|
|||
},
|
||||
}
|
||||
|
||||
// Check for request role in context to role based quotas
|
||||
var role string
|
||||
if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
|
||||
role = reqRole.(string)
|
||||
}
|
||||
|
||||
// Register the wrapped token with the expiration manager
|
||||
if err := c.expiration.RegisterAuth(ctx, &te, wAuth, role); err != nil {
|
||||
// Register the wrapped token with the expiration manager. We skip the role
|
||||
// lookup here as we are not logging in, and only logins apply to role based quotas.
|
||||
if err := c.expiration.RegisterAuth(ctx, &te, wAuth, ""); err != nil {
|
||||
// Revoke since it's not yet being tracked for expiration
|
||||
c.tokenStore.revokeOrphan(ctx, te.ID)
|
||||
c.logger.Error("failed to register cubbyhole wrapping token lease", "request_path", req.Path, "error", err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue