Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
This commit is contained in:
parent
1ca272a127
commit
f279de6704
|
@ -1253,13 +1253,8 @@ func (c *Core) handleRequest(ctx context.Context, req *logical.Request) (retResp
|
||||||
NamespaceID: ns.ID,
|
NamespaceID: ns.ID,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for request role in context to role based quotas
|
// Only logins apply to role based quotas, so we can omit the role here, as we are not logging in.
|
||||||
var role string
|
if err := c.expiration.RegisterAuth(ctx, registeredTokenEntry, resp.Auth, ""); err != nil {
|
||||||
if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
|
|
||||||
role = reqRole.(string)
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := c.expiration.RegisterAuth(ctx, registeredTokenEntry, resp.Auth, role); err != nil {
|
|
||||||
// Best-effort clean up on error, so we log the cleanup error as
|
// Best-effort clean up on error, so we log the cleanup error as
|
||||||
// a warning but still return as internal error.
|
// a warning but still return as internal error.
|
||||||
if err := c.tokenStore.revokeOrphan(ctx, resp.Auth.ClientToken); err != nil {
|
if err := c.tokenStore.revokeOrphan(ctx, resp.Auth.ClientToken); err != nil {
|
||||||
|
|
|
@ -327,14 +327,9 @@ DONELISTHANDLING:
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for request role in context to role based quotas
|
// Register the wrapped token with the expiration manager. We skip the role
|
||||||
var role string
|
// lookup here as we are not logging in, and only logins apply to role based quotas.
|
||||||
if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
|
if err := c.expiration.RegisterAuth(ctx, &te, wAuth, ""); err != nil {
|
||||||
role = reqRole.(string)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Register the wrapped token with the expiration manager
|
|
||||||
if err := c.expiration.RegisterAuth(ctx, &te, wAuth, role); err != nil {
|
|
||||||
// Revoke since it's not yet being tracked for expiration
|
// Revoke since it's not yet being tracked for expiration
|
||||||
c.tokenStore.revokeOrphan(ctx, te.ID)
|
c.tokenStore.revokeOrphan(ctx, te.ID)
|
||||||
c.logger.Error("failed to register cubbyhole wrapping token lease", "request_path", req.Path, "error", err)
|
c.logger.Error("failed to register cubbyhole wrapping token lease", "request_path", req.Path, "error", err)
|
||||||
|
|
Loading…
Reference in New Issue