WriteOperation -> UpdateOperation

audit/format_json_test.go

@@ -20,7 +20,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 		"auth, request": {
 			&logical.Auth{ClientToken: "foo", Policies: []string{"root"}},
 			&logical.Request{
-				Operation: logical.WriteOperation,
+				Operation: logical.UpdateOperation,
 				Path:      "/foo",
 				Connection: &logical.Connection{
 					RemoteAddr: "127.0.0.1",

builtin/credential/app-id/backend_test.go

@@ -110,7 +110,7 @@ func TestBackend_upgradeToSalted(t *testing.T) {
 
 func testAccStepMapAppId(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/app-id/foo",
 		Data: map[string]interface{}{
 			"value": "foo,bar",
@@ -120,7 +120,7 @@ func testAccStepMapAppId(t *testing.T) logicaltest.TestStep {
 
 func testAccStepMapAppIdDisplayName(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/app-id/foo",
 		Data: map[string]interface{}{
 			"display_name": "tubbin",
@@ -131,7 +131,7 @@ func testAccStepMapAppIdDisplayName(t *testing.T) logicaltest.TestStep {
 
 func testAccStepMapUserId(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/user-id/42",
 		Data: map[string]interface{}{
 			"value": "foo",
@@ -148,7 +148,7 @@ func testAccStepDeleteUserId(t *testing.T) logicaltest.TestStep {
 
 func testAccStepMapUserIdCidr(t *testing.T, cidr string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/user-id/42",
 		Data: map[string]interface{}{
 			"value":      "foo",
@@ -159,7 +159,7 @@ func testAccStepMapUserIdCidr(t *testing.T, cidr string) logicaltest.TestStep {
 
 func testAccLogin(t *testing.T, display string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login",
 		Data: map[string]interface{}{
 			"app_id":  "foo",
@@ -181,7 +181,7 @@ func testAccLoginCidr(t *testing.T, ip string, err bool) logicaltest.TestStep {
 	}
 
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login",
 		Data: map[string]interface{}{
 			"app_id":  "foo",
@@ -197,7 +197,7 @@ func testAccLoginCidr(t *testing.T, ip string, err bool) logicaltest.TestStep {
 
 func testAccLoginInvalid(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login",
 		Data: map[string]interface{}{
 			"app_id":  "foo",
@@ -212,7 +212,7 @@ func testAccLoginInvalid(t *testing.T) logicaltest.TestStep {
 
 func testAccLoginDeleted(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login",
 		Data: map[string]interface{}{
 			"app_id":  "foo",

builtin/credential/app-id/path_login.go

@@ -28,7 +28,7 @@ func pathLogin(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathLogin,
+			logical.UpdateOperation: b.pathLogin,
 		},
 
 		HelpSynopsis:    pathLoginSyn,

builtin/credential/cert/backend_test.go

@@ -105,7 +105,7 @@ func TestBackend_untrusted(t *testing.T) {
 
 func testAccStepAddCRL(t *testing.T, crl []byte, connState tls.ConnectionState) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "crls/test",
 		ConnState: &connState,
 		Data: map[string]interface{}{
@@ -146,7 +146,7 @@ func testAccStepDeleteCRL(t *testing.T, connState tls.ConnectionState) logicalte
 
 func testAccStepLogin(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation:       logical.WriteOperation,
+		Operation:       logical.UpdateOperation,
 		Path:            "login",
 		Unauthenticated: true,
 		ConnState:       &connState,
@@ -163,7 +163,7 @@ func testAccStepLogin(t *testing.T, connState tls.ConnectionState) logicaltest.T
 
 func testAccStepLoginDefaultLease(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation:       logical.WriteOperation,
+		Operation:       logical.UpdateOperation,
 		Path:            "login",
 		Unauthenticated: true,
 		ConnState:       &connState,
@@ -180,7 +180,7 @@ func testAccStepLoginDefaultLease(t *testing.T, connState tls.ConnectionState) l
 
 func testAccStepLoginInvalid(t *testing.T, connState tls.ConnectionState) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation:       logical.WriteOperation,
+		Operation:       logical.UpdateOperation,
 		Path:            "login",
 		Unauthenticated: true,
 		ConnState:       &connState,
@@ -197,7 +197,7 @@ func testAccStepLoginInvalid(t *testing.T, connState tls.ConnectionState) logica
 func testAccStepCert(
 	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
 		Data: map[string]interface{}{
 			"certificate":  string(cert),
@@ -211,7 +211,7 @@ func testAccStepCert(
 func testAccStepCertLease(
 	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
 		Data: map[string]interface{}{
 			"certificate":  string(cert),
@@ -225,7 +225,7 @@ func testAccStepCertLease(
 func testAccStepCertTTL(
 	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
 		Data: map[string]interface{}{
 			"certificate":  string(cert),
@@ -239,7 +239,7 @@ func testAccStepCertTTL(
 func testAccStepCertNoLease(
 	t *testing.T, name string, cert []byte, policies string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "certs/" + name,
 		Data: map[string]interface{}{
 			"certificate":  string(cert),

builtin/credential/cert/path_certs.go

@@ -51,7 +51,7 @@ Defaults to system/backend default TTL time.`,
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: b.pathCertDelete,
 			logical.ReadOperation:   b.pathCertRead,
-			logical.WriteOperation:  b.pathCertWrite,
+			logical.UpdateOperation:  b.pathCertWrite,
 		},
 
 		HelpSynopsis:    pathCertHelpSyn,

builtin/credential/cert/path_crls.go

@@ -33,7 +33,7 @@ using the same name as specified here.`,
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: b.pathCRLDelete,
 			logical.ReadOperation:   b.pathCRLRead,
-			logical.WriteOperation:  b.pathCRLWrite,
+			logical.UpdateOperation:  b.pathCRLWrite,
 		},
 
 		HelpSynopsis:    pathCRLsHelpSyn,

builtin/credential/cert/path_login.go

@@ -22,7 +22,7 @@ func pathLogin(b *backend) *framework.Path {
 		Pattern: "login",
 		Fields:  map[string]*framework.FieldSchema{},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathLogin,
+			logical.UpdateOperation: b.pathLogin,
 		},
 	}
 }

builtin/credential/github/backend_test.go

@@ -62,7 +62,7 @@ func TestBackend_Config(t *testing.T) {
 
 func testLoginWrite(t *testing.T, d map[string]interface{}, expectedTTL int64, expectFail bool) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login",
 		ErrorOk:   true,
 		Data:      d,
@@ -82,7 +82,7 @@ func testLoginWrite(t *testing.T, d map[string]interface{}, expectedTTL int64, e
 
 func testConfigWrite(t *testing.T, d map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config",
 		Data:      d,
 	}
@@ -134,7 +134,7 @@ func testAccPreCheck(t *testing.T) {
 
 func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config",
 		Data: map[string]interface{}{
 			"organization": os.Getenv("GITHUB_ORG"),
@@ -144,7 +144,7 @@ func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 
 func testAccStepConfigWithBaseURL(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config",
 		Data: map[string]interface{}{
 			"organization": os.Getenv("GITHUB_ORG"),
@@ -155,7 +155,7 @@ func testAccStepConfigWithBaseURL(t *testing.T) logicaltest.TestStep {
 
 func testAccMap(t *testing.T, k string, v string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/teams/" + k,
 		Data: map[string]interface{}{
 			"value": v,
@@ -165,7 +165,7 @@ func testAccMap(t *testing.T, k string, v string) logicaltest.TestStep {
 
 func testAccLogin(t *testing.T, keys []string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login",
 		Data: map[string]interface{}{
 			"token": os.Getenv("GITHUB_TOKEN"),

builtin/credential/github/path_config.go

@@ -35,7 +35,7 @@ API-compatible authentication server.`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathConfigWrite,
+			logical.UpdateOperation: b.pathConfigWrite,
 		},
 	}
 }

builtin/credential/github/path_login.go

@@ -20,7 +20,7 @@ func pathLogin(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathLogin,
+			logical.UpdateOperation: b.pathLogin,
 		},
 	}
 }

builtin/credential/ldap/backend_test.go

@@ -57,7 +57,7 @@ func TestBackend_groupCrud(t *testing.T) {
 
 func testAccStepConfigUrl(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config",
 		Data: map[string]interface{}{
 			// Online LDAP test server
@@ -72,7 +72,7 @@ func testAccStepConfigUrl(t *testing.T) logicaltest.TestStep {
 
 func testAccStepGroup(t *testing.T, group string, policies string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "groups/" + group,
 		Data: map[string]interface{}{
 			"policies": policies,
@@ -131,7 +131,7 @@ func TestBackend_userCrud(t *testing.T) {
 
 func testAccStepUser(t *testing.T, user string, groups string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "users/" + user,
 		Data: map[string]interface{}{
 			"groups": groups,
@@ -176,7 +176,7 @@ func testAccStepDeleteUser(t *testing.T, user string) logicaltest.TestStep {
 
 func testAccStepLogin(t *testing.T, user string, pass string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login/" + user,
 		Data: map[string]interface{}{
 			"password": pass,

builtin/credential/ldap/path_config.go

@@ -53,7 +53,7 @@ func pathConfig(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:  b.pathConfigRead,
-			logical.WriteOperation: b.pathConfigWrite,
+			logical.UpdateOperation: b.pathConfigWrite,
 		},
 
 		HelpSynopsis:    pathConfigHelpSyn,

builtin/credential/ldap/path_groups.go

@@ -25,7 +25,7 @@ func pathGroups(b *backend) *framework.Path {
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: b.pathGroupDelete,
 			logical.ReadOperation:   b.pathGroupRead,
-			logical.WriteOperation:  b.pathGroupWrite,
+			logical.UpdateOperation:  b.pathGroupWrite,
 		},
 
 		HelpSynopsis:    pathGroupHelpSyn,

builtin/credential/ldap/path_login.go

@@ -25,7 +25,7 @@ func pathLogin(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathLogin,
+			logical.UpdateOperation: b.pathLogin,
 		},
 
 		HelpSynopsis:    pathLoginSyn,

builtin/credential/ldap/path_users.go

@@ -25,7 +25,7 @@ func pathUsers(b *backend) *framework.Path {
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: b.pathUserDelete,
 			logical.ReadOperation:   b.pathUserRead,
-			logical.WriteOperation:  b.pathUserWrite,
+			logical.UpdateOperation:  b.pathUserWrite,
 		},
 
 		HelpSynopsis:    pathUserHelpSyn,

builtin/credential/userpass/backend_test.go

@@ -91,7 +91,7 @@ func TestBackend_userCrud(t *testing.T) {
 
 func testUsersWrite(t *testing.T, user string, data map[string]interface{}, expectError bool) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "users/" + user,
 		Data:      data,
 		ErrorOk:   true,
@@ -106,7 +106,7 @@ func testUsersWrite(t *testing.T, user string, data map[string]interface{}, expe
 
 func testLoginWrite(t *testing.T, user string, data map[string]interface{}, expectError bool) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login/" + user,
 		Data:      data,
 		ErrorOk:   true,
@@ -121,7 +121,7 @@ func testLoginWrite(t *testing.T, user string, data map[string]interface{}, expe
 
 func testAccStepLogin(t *testing.T, user string, pass string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "login/" + user,
 		Data: map[string]interface{}{
 			"password": pass,
@@ -135,7 +135,7 @@ func testAccStepLogin(t *testing.T, user string, pass string) logicaltest.TestSt
 func testAccStepUser(
 	t *testing.T, name string, password string, policies string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "users/" + name,
 		Data: map[string]interface{}{
 			"password": password,

builtin/credential/userpass/path_login.go

@@ -25,7 +25,7 @@ func pathLogin(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathLogin,
+			logical.UpdateOperation: b.pathLogin,
 		},
 
 		HelpSynopsis:    pathLoginSyn,

builtin/credential/userpass/path_users.go

@@ -43,7 +43,7 @@ func pathUsers(b *backend) *framework.Path {
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: b.pathUserDelete,
 			logical.ReadOperation:   b.pathUserRead,
-			logical.WriteOperation:  b.pathUserWrite,
+			logical.UpdateOperation:  b.pathUserWrite,
 		},
 
 		HelpSynopsis:    pathUserHelpSyn,

builtin/logical/aws/backend_test.go

@@ -71,7 +71,7 @@ func testAccPreCheck(t *testing.T) {
 
 func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/root",
 		Data: map[string]interface{}{
 			"access_key": os.Getenv("AWS_ACCESS_KEY_ID"),
@@ -121,7 +121,7 @@ func testAccStepReadUser(t *testing.T, name string) logicaltest.TestStep {
 
 func testAccStepWritePolicy(t *testing.T, name string, policy string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/" + name,
 		Data: map[string]interface{}{
 			"policy": testPolicy,

builtin/logical/aws/path_config_lease.go

@@ -25,7 +25,7 @@ func pathConfigLease(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:  b.pathLeaseRead,
-			logical.WriteOperation: b.pathLeaseWrite,
+			logical.UpdateOperation: b.pathLeaseWrite,
 		},
 
 		HelpSynopsis:    pathConfigLeaseHelpSyn,

builtin/logical/aws/path_config_root.go

@@ -26,7 +26,7 @@ func pathConfigRoot() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathConfigRootWrite,
+			logical.UpdateOperation: pathConfigRootWrite,
 		},
 
 		HelpSynopsis:    pathConfigRootHelpSyn,

builtin/logical/aws/path_roles.go

@@ -27,7 +27,7 @@ func pathRoles() *framework.Path {
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.DeleteOperation: pathRolesDelete,
 			logical.ReadOperation:   pathRolesRead,
-			logical.WriteOperation:  pathRolesWrite,
+			logical.UpdateOperation:  pathRolesWrite,
 		},
 
 		HelpSynopsis:    pathRolesHelpSyn,

builtin/logical/cassandra/backend_test.go

@@ -49,7 +49,7 @@ func testAccPreCheck(t *testing.T) {
 
 func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/connection",
 		Data: map[string]interface{}{
 			"hosts":    os.Getenv("CASSANDRA_HOST"),
@@ -61,7 +61,7 @@ func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 
 func testAccStepRole(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/test",
 		Data: map[string]interface{}{
 			"creation_cql": testRole,

builtin/logical/cassandra/path_config_connection.go

@@ -59,7 +59,7 @@ take precedence.`,
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:  b.pathConnectionRead,
-			logical.WriteOperation: b.pathConnectionWrite,
+			logical.UpdateOperation: b.pathConnectionWrite,
 		},
 
 		HelpSynopsis:    pathConfigConnectionHelpSyn,

builtin/logical/cassandra/path_roles.go

@@ -65,7 +65,7 @@ one hour`,
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:   b.pathRoleRead,
-			logical.WriteOperation:  b.pathRoleCreate,
+			logical.UpdateOperation:  b.pathRoleCreate,
 			logical.DeleteOperation: b.pathRoleDelete,
 		},
 

builtin/logical/consul/backend_test.go

@@ -153,7 +153,7 @@ func testAccPreCheck(t *testing.T) {
 func testAccStepConfig(
 	t *testing.T, config map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/access",
 		Data:      config,
 	}
@@ -235,7 +235,7 @@ func testAccStepReadManagementToken(
 
 func testAccStepWritePolicy(t *testing.T, name string, policy string, lease string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/" + name,
 		Data: map[string]interface{}{
 			"policy": base64.StdEncoding.EncodeToString([]byte(policy)),
@@ -246,7 +246,7 @@ func testAccStepWritePolicy(t *testing.T, name string, policy string, lease stri
 
 func testAccStepWriteManagementPolicy(t *testing.T, name string, lease string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/" + name,
 		Data: map[string]interface{}{
 			"token_type": "management",

builtin/logical/consul/path_config.go

@@ -31,7 +31,7 @@ func pathConfigAccess() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathConfigAccessWrite,
+			logical.UpdateOperation: pathConfigAccessWrite,
 		},
 	}
 }

builtin/logical/consul/path_roles.go

@@ -41,7 +41,7 @@ Defaults to 'client'.`,
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:   pathRolesRead,
-			logical.WriteOperation:  pathRolesWrite,
+			logical.UpdateOperation:  pathRolesWrite,
 			logical.DeleteOperation: pathRolesDelete,
 		},
 	}

builtin/logical/mysql/backend_test.go

@@ -64,7 +64,7 @@ func testAccPreCheck(t *testing.T) {
 
 func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/connection",
 		Data: map[string]interface{}{
 			"value": os.Getenv("MYSQL_DSN"),
@@ -74,7 +74,7 @@ func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 
 func testAccStepRole(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/web",
 		Data: map[string]interface{}{
 			"sql": testRole,
@@ -139,7 +139,7 @@ func testAccStepReadRole(t *testing.T, name string, sql string) logicaltest.Test
 
 func testAccStepWriteLease(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/lease",
 		Data: map[string]interface{}{
 			"lease":     "1h5m",

builtin/logical/mysql/path_config_connection.go

@@ -30,7 +30,7 @@ func pathConfigConnection(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathConnectionWrite,
+			logical.UpdateOperation: b.pathConnectionWrite,
 		},
 
 		HelpSynopsis:    pathConfigConnectionHelpSyn,

builtin/logical/mysql/path_config_lease.go

@@ -25,7 +25,7 @@ func pathConfigLease(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:  b.pathLeaseRead,
-			logical.WriteOperation: b.pathLeaseWrite,
+			logical.UpdateOperation: b.pathLeaseWrite,
 		},
 
 		HelpSynopsis:    pathConfigLeaseHelpSyn,

builtin/logical/mysql/path_roles.go

@@ -25,7 +25,7 @@ func pathRoles(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:   b.pathRoleRead,
-			logical.WriteOperation:  b.pathRoleCreate,
+			logical.UpdateOperation:  b.pathRoleCreate,
 			logical.DeleteOperation: b.pathRoleDelete,
 		},
 

builtin/logical/pki/backend_test.go

@@ -168,7 +168,7 @@ func TestBackend_RSARoles(t *testing.T) {
 		Backend: b,
 		Steps: []logicaltest.TestStep{
 			logicaltest.TestStep{
-				Operation: logical.WriteOperation,
+				Operation: logical.UpdateOperation,
 				Path:      "config/ca",
 				Data: map[string]interface{}{
 					"pem_bundle": rsaCAKey + rsaCACert,
@@ -211,7 +211,7 @@ func TestBackend_ECRoles(t *testing.T) {
 		Backend: b,
 		Steps: []logicaltest.TestStep{
 			logicaltest.TestStep{
-				Operation: logical.WriteOperation,
+				Operation: logical.UpdateOperation,
 				Path:      "config/ca",
 				Data: map[string]interface{}{
 					"pem_bundle": ecCAKey + ecCACert,
@@ -340,7 +340,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 
 	ret := []logicaltest.TestStep{
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/generate/exported",
 			Data: map[string]interface{}{
 				"common_name": "Root Cert",
@@ -349,7 +349,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/urls",
 			Data: map[string]interface{}{
 				"issuing_certificates":    strings.Join(expected.IssuingCertificates, ","),
@@ -380,7 +380,7 @@ func generateURLSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/sign-intermediate",
 			Data: map[string]interface{}{
 				"common_name": "Intermediate Cert",
@@ -450,7 +450,7 @@ func generateCSRSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 
 	ret := []logicaltest.TestStep{
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/generate/exported",
 			Data: map[string]interface{}{
 				"common_name":     "Root Cert",
@@ -460,7 +460,7 @@ func generateCSRSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/sign-intermediate",
 			Data: map[string]interface{}{
 				"use_csr_values": true,
@@ -471,7 +471,7 @@ func generateCSRSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/generate/exported",
 			Data: map[string]interface{}{
 				"common_name":     "Root Cert",
@@ -481,7 +481,7 @@ func generateCSRSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/sign-intermediate",
 			Data: map[string]interface{}{
 				"use_csr_values": true,
@@ -536,7 +536,7 @@ func generateCSRSteps(t *testing.T, caCert, caKey string, intdata, reqdata map[s
 func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, intdata, reqdata map[string]interface{}) []logicaltest.TestStep {
 	ret := []logicaltest.TestStep{
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data: map[string]interface{}{
 				"pem_bundle": caKey + caCert,
@@ -544,7 +544,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/crl",
 			Data: map[string]interface{}{
 				"expiry": "16h",
@@ -614,7 +614,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		// Ensure that both parts of the PEM bundle are required
 		// Here, just the cert
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data: map[string]interface{}{
 				"pem_bundle": caCert,
@@ -624,7 +624,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// Here, just the key
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data: map[string]interface{}{
 				"pem_bundle": caKey,
@@ -683,7 +683,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// Test a bunch of generation stuff
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/generate/exported",
 			Data: map[string]interface{}{
 				"common_name": "Root Cert",
@@ -698,7 +698,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "intermediate/generate/exported",
 			Data: map[string]interface{}{
 				"common_name": "Intermediate Cert",
@@ -712,7 +712,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// Re-load the root key in so we can sign it
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -726,7 +726,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/sign-intermediate",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -743,7 +743,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// First load in this way to populate the private key
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -754,7 +754,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// Now test setting the intermediate, signed CA cert
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "intermediate/set-signed",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -764,7 +764,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "revoke",
 			Data:      reqdata,
 		},
@@ -794,7 +794,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// Do it all again, with EC keys and DER format
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/generate/exported",
 			Data: map[string]interface{}{
 				"common_name": "Root Cert",
@@ -822,7 +822,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "intermediate/generate/exported",
 			Data: map[string]interface{}{
 				"format":      "der",
@@ -848,7 +848,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -862,7 +862,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "root/sign-intermediate",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -879,7 +879,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// First load in this way to populate the private key
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "config/ca",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -890,7 +890,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 
 		// Now test setting the intermediate, signed CA cert
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "intermediate/set-signed",
 			Data:      reqdata,
 			Check: func(resp *logical.Response) error {
@@ -900,7 +900,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 		},
 
 		logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "revoke",
 			Data:      reqdata,
 		},
@@ -950,18 +950,18 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
 	ret := []logicaltest.TestStep{}
 
 	roleTestStep := logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/test",
 	}
 	var issueTestStep logicaltest.TestStep
 	if useCSRs {
 		issueTestStep = logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "sign/test",
 		}
 	} else {
 		issueTestStep = logicaltest.TestStep{
-			Operation: logical.WriteOperation,
+			Operation: logical.UpdateOperation,
 			Path:      "issue/test",
 		}
 	}

builtin/logical/pki/path_config_ca.go

@@ -22,7 +22,7 @@ endpoint, just the signed certificate.`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathCAWrite,
+			logical.UpdateOperation: b.pathCAWrite,
 		},
 
 		HelpSynopsis:    pathConfigCAHelpSyn,

builtin/logical/pki/path_config_crl.go

@@ -27,7 +27,7 @@ valid; defaults to 72 hours`,
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:  b.pathCRLRead,
-			logical.WriteOperation: b.pathCRLWrite,
+			logical.UpdateOperation: b.pathCRLWrite,
 		},
 
 		HelpSynopsis:    pathConfigCRLHelpSyn,

builtin/logical/pki/path_config_urls.go

@@ -34,7 +34,7 @@ for the OCSP servers attribute`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathWriteURL,
+			logical.UpdateOperation: b.pathWriteURL,
 			logical.ReadOperation:  b.pathReadURL,
 		},
 

builtin/logical/pki/path_intermediate.go

@@ -14,7 +14,7 @@ func pathGenerateIntermediate(b *backend) *framework.Path {
 		Pattern: "intermediate/generate/" + framework.GenericNameRegex("exported"),
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathGenerateIntermediate,
+			logical.UpdateOperation: b.pathGenerateIntermediate,
 		},
 
 		HelpSynopsis:    pathGenerateIntermediateHelpSyn,
@@ -42,7 +42,7 @@ endpoint.`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathSetSignedIntermediate,
+			logical.UpdateOperation: b.pathSetSignedIntermediate,
 		},
 
 		HelpSynopsis:    pathSetSignedIntermediateHelpSyn,

builtin/logical/pki/path_issue_sign.go

@@ -15,7 +15,7 @@ func pathIssue(b *backend) *framework.Path {
 		Pattern: "issue/" + framework.GenericNameRegex("role"),
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathIssue,
+			logical.UpdateOperation: b.pathIssue,
 		},
 
 		HelpSynopsis:    pathIssueHelpSyn,
@@ -32,7 +32,7 @@ func pathSign(b *backend) *framework.Path {
 		Pattern: "sign/" + framework.GenericNameRegex("role"),
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathSign,
+			logical.UpdateOperation: b.pathSign,
 		},
 
 		HelpSynopsis:    pathSignHelpSyn,
@@ -55,7 +55,7 @@ func pathSignVerbatim(b *backend) *framework.Path {
 		Pattern: "sign-verbatim/" + framework.GenericNameRegex("role"),
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathSignVerbatim,
+			logical.UpdateOperation: b.pathSignVerbatim,
 		},
 
 		HelpSynopsis:    pathSignHelpSyn,

builtin/logical/pki/path_revoke.go

@@ -20,7 +20,7 @@ hyphen-separated octal`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathRevokeWrite,
+			logical.UpdateOperation: b.pathRevokeWrite,
 		},
 
 		HelpSynopsis:    pathRevokeHelpSyn,

builtin/logical/pki/path_roles.go

@@ -146,7 +146,7 @@ Names. Defaults to true.`,
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:   b.pathRoleRead,
-			logical.WriteOperation:  b.pathRoleCreate,
+			logical.UpdateOperation:  b.pathRoleCreate,
 			logical.DeleteOperation: b.pathRoleDelete,
 		},
 

builtin/logical/pki/path_root.go

@@ -15,7 +15,7 @@ func pathGenerateRoot(b *backend) *framework.Path {
 		Pattern: "root/generate/" + framework.GenericNameRegex("exported"),
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathCAGenerateRoot,
+			logical.UpdateOperation: b.pathCAGenerateRoot,
 		},
 
 		HelpSynopsis:    pathGenerateRootHelpSyn,
@@ -34,7 +34,7 @@ func pathSignIntermediate(b *backend) *framework.Path {
 		Pattern: "root/sign-intermediate",
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathCASignIntermediate,
+			logical.UpdateOperation: b.pathCASignIntermediate,
 		},
 
 		HelpSynopsis:    pathSignIntermediateHelpSyn,

builtin/logical/postgresql/backend_test.go

@@ -52,7 +52,7 @@ func testAccPreCheck(t *testing.T) {
 
 func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/connection",
 		Data: map[string]interface{}{
 			"value": os.Getenv("PG_URL"),
@@ -62,7 +62,7 @@ func testAccStepConfig(t *testing.T) logicaltest.TestStep {
 
 func testAccStepRole(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/web",
 		Data: map[string]interface{}{
 			"sql": testRole,

builtin/logical/postgresql/path_config_connection.go

@@ -30,7 +30,7 @@ func pathConfigConnection(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathConnectionWrite,
+			logical.UpdateOperation: b.pathConnectionWrite,
 		},
 
 		HelpSynopsis:    pathConfigConnectionHelpSyn,

builtin/logical/postgresql/path_config_lease.go

@@ -25,7 +25,7 @@ func pathConfigLease(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:  b.pathLeaseRead,
-			logical.WriteOperation: b.pathLeaseWrite,
+			logical.UpdateOperation: b.pathLeaseWrite,
 		},
 
 		HelpSynopsis:    pathConfigLeaseHelpSyn,

builtin/logical/postgresql/path_roles.go

@@ -24,7 +24,7 @@ func pathRoles(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:   b.pathRoleRead,
-			logical.WriteOperation:  b.pathRoleCreate,
+			logical.UpdateOperation:  b.pathRoleCreate,
 			logical.DeleteOperation: b.pathRoleDelete,
 		},
 

builtin/logical/ssh/backend_test.go

@@ -311,7 +311,7 @@ func testConfigZeroAddressDelete(t *testing.T) logicaltest.TestStep {
 
 func testConfigZeroAddressWrite(t *testing.T, data map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "config/zeroaddress",
 		Data:      data,
 	}
@@ -343,7 +343,7 @@ func testConfigZeroAddressRead(t *testing.T, expected map[string]interface{}) lo
 
 func testVerifyWrite(t *testing.T, data map[string]interface{}, expected map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      fmt.Sprintf("verify"),
 		Data:      data,
 		Check: func(resp *logical.Response) error {
@@ -366,7 +366,7 @@ func testVerifyWrite(t *testing.T, data map[string]interface{}, expected map[str
 
 func testNamedKeysWrite(t *testing.T, name, key string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      fmt.Sprintf("keys/%s", name),
 		Data: map[string]interface{}{
 			"key": key,
@@ -383,7 +383,7 @@ func testNamedKeysDelete(t *testing.T) logicaltest.TestStep {
 
 func testLookupRead(t *testing.T, data map[string]interface{}, expected []string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "lookup",
 		Data:      data,
 		Check: func(resp *logical.Response) error {
@@ -400,7 +400,7 @@ func testLookupRead(t *testing.T, data map[string]interface{}, expected []string
 
 func testRoleWrite(t *testing.T, name string, data map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "roles/" + name,
 		Data:      data,
 	}
@@ -444,7 +444,7 @@ func testRoleDelete(t *testing.T, name string) logicaltest.TestStep {
 
 func testCredsWrite(t *testing.T, roleName string, data map[string]interface{}, expectError bool) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      fmt.Sprintf("creds/%s", roleName),
 		Data:      data,
 		ErrorOk:   true,

builtin/logical/ssh/path_config_zeroaddress.go

@@ -25,7 +25,7 @@ func pathConfigZeroAddress(b *backend) *framework.Path {
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation:  b.pathConfigZeroAddressWrite,
+			logical.UpdateOperation:  b.pathConfigZeroAddressWrite,
 			logical.ReadOperation:   b.pathConfigZeroAddressRead,
 			logical.DeleteOperation: b.pathConfigZeroAddressDelete,
 		},

builtin/logical/ssh/path_creds_create.go

@@ -34,7 +34,7 @@ func pathCredsCreate(b *backend) *framework.Path {
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathCredsCreateWrite,
+			logical.UpdateOperation: b.pathCredsCreateWrite,
 		},
 		HelpSynopsis:    pathCredsCreateHelpSyn,
 		HelpDescription: pathCredsCreateHelpDesc,

builtin/logical/ssh/path_keys.go

@@ -27,7 +27,7 @@ func pathKeys(b *backend) *framework.Path {
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation:  b.pathKeysWrite,
+			logical.UpdateOperation:  b.pathKeysWrite,
 			logical.DeleteOperation: b.pathKeysDelete,
 		},
 		HelpSynopsis:    pathKeysSyn,

builtin/logical/ssh/path_lookup.go

@@ -18,7 +18,7 @@ func pathLookup(b *backend) *framework.Path {
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathLookupWrite,
+			logical.UpdateOperation: b.pathLookupWrite,
 		},
 		HelpSynopsis:    pathLookupSyn,
 		HelpDescription: pathLookupDesc,

builtin/logical/ssh/path_roles.go

@@ -134,7 +134,7 @@ func pathRoles(b *backend) *framework.Path {
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.ReadOperation:   b.pathRoleRead,
-			logical.WriteOperation:  b.pathRoleWrite,
+			logical.UpdateOperation:  b.pathRoleWrite,
 			logical.DeleteOperation: b.pathRoleDelete,
 		},
 

builtin/logical/ssh/path_verify.go

@@ -16,7 +16,7 @@ func pathVerify(b *backend) *framework.Path {
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: b.pathVerifyWrite,
+			logical.UpdateOperation: b.pathVerifyWrite,
 		},
 		HelpSynopsis:    pathVerifyHelpSyn,
 		HelpDescription: pathVerifyHelpDesc,

builtin/logical/transit/backend_test.go

@@ -145,7 +145,7 @@ func TestBackend_basic_derived(t *testing.T) {
 
 func testAccStepWritePolicy(t *testing.T, name string, derived bool) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "keys/" + name,
 		Data: map[string]interface{}{
 			"derived": derived,
@@ -155,7 +155,7 @@ func testAccStepWritePolicy(t *testing.T, name string, derived bool) logicaltest
 
 func testAccStepAdjustPolicy(t *testing.T, name string, minVer int) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "keys/" + name + "/config",
 		Data: map[string]interface{}{
 			"min_decryption_version": minVer,
@@ -165,7 +165,7 @@ func testAccStepAdjustPolicy(t *testing.T, name string, minVer int) logicaltest.
 
 func testAccStepDisableDeletion(t *testing.T, name string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "keys/" + name + "/config",
 		Data: map[string]interface{}{
 			"deletion_allowed": false,
@@ -175,7 +175,7 @@ func testAccStepDisableDeletion(t *testing.T, name string) logicaltest.TestStep
 
 func testAccStepEnableDeletion(t *testing.T, name string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "keys/" + name + "/config",
 		Data: map[string]interface{}{
 			"deletion_allowed": true,
@@ -263,7 +263,7 @@ func testAccStepReadPolicy(t *testing.T, name string, expectNone, derived bool)
 func testAccStepEncrypt(
 	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
 		Data: map[string]interface{}{
 			"plaintext": base64.StdEncoding.EncodeToString([]byte(plaintext)),
@@ -287,7 +287,7 @@ func testAccStepEncrypt(
 func testAccStepEncryptContext(
 	t *testing.T, name, plaintext, context string, decryptData map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
 		Data: map[string]interface{}{
 			"plaintext": base64.StdEncoding.EncodeToString([]byte(plaintext)),
@@ -313,7 +313,7 @@ func testAccStepEncryptContext(
 func testAccStepDecrypt(
 	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
 		Data:      decryptData,
 		Check: func(resp *logical.Response) error {
@@ -341,7 +341,7 @@ func testAccStepDecrypt(
 func testAccStepRewrap(
 	t *testing.T, name string, decryptData map[string]interface{}, expectedVer int) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "rewrap/" + name,
 		Data:      decryptData,
 		Check: func(resp *logical.Response) error {
@@ -373,7 +373,7 @@ func testAccStepEncryptVX(
 	t *testing.T, name, plaintext string, decryptData map[string]interface{},
 	ver int, encryptHistory map[int]map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "encrypt/" + name,
 		Data: map[string]interface{}{
 			"plaintext": base64.StdEncoding.EncodeToString([]byte(plaintext)),
@@ -417,7 +417,7 @@ func testAccStepLoadVX(
 func testAccStepDecryptExpectFailure(
 	t *testing.T, name, plaintext string, decryptData map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
 		Data:      decryptData,
 		ErrorOk:   true,
@@ -432,7 +432,7 @@ func testAccStepDecryptExpectFailure(
 
 func testAccStepRotate(t *testing.T, name string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "keys/" + name + "/rotate",
 	}
 }
@@ -449,7 +449,7 @@ func testAccStepWriteDatakey(t *testing.T, name string,
 		data["bits"] = bits
 	}
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "datakey/" + subPath + "/" + name,
 		Data:      data,
 		Check: func(resp *logical.Response) error {
@@ -485,7 +485,7 @@ func testAccStepWriteDatakey(t *testing.T, name string,
 func testAccStepDecryptDatakey(t *testing.T, name string,
 	dataKeyInfo map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "decrypt/" + name,
 		Data:      dataKeyInfo,
 		Check: func(resp *logical.Response) error {

builtin/logical/transit/path_config.go

@@ -29,7 +29,7 @@ to be decrypted.`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathConfigWrite,
+			logical.UpdateOperation: pathConfigWrite,
 		},
 
 		HelpSynopsis:    pathConfigHelpSyn,

builtin/logical/transit/path_datakey.go

@@ -39,7 +39,7 @@ and 512 bits are supported. Defaults to 256.`,
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathDatakeyWrite,
+			logical.UpdateOperation: pathDatakeyWrite,
 		},
 
 		HelpSynopsis:    pathDatakeyHelpSyn,

builtin/logical/transit/path_decrypt.go

@@ -30,7 +30,7 @@ func pathDecrypt() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathDecryptWrite,
+			logical.UpdateOperation: pathDecryptWrite,
 		},
 
 		HelpSynopsis:    pathDecryptHelpSyn,

builtin/logical/transit/path_encrypt.go

@@ -30,7 +30,7 @@ func pathEncrypt() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathEncryptWrite,
+			logical.UpdateOperation: pathEncryptWrite,
 		},
 
 		HelpSynopsis:    pathEncryptHelpSyn,

builtin/logical/transit/path_keys.go

@@ -24,7 +24,7 @@ func pathKeys() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation:  pathPolicyWrite,
+			logical.UpdateOperation:  pathPolicyWrite,
 			logical.DeleteOperation: pathPolicyDelete,
 			logical.ReadOperation:   pathPolicyRead,
 		},

builtin/logical/transit/path_rewrap.go

@@ -30,7 +30,7 @@ func pathRewrap() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathRewrapWrite,
+			logical.UpdateOperation: pathRewrapWrite,
 		},
 
 		HelpSynopsis:    pathRewrapHelpSyn,

builtin/logical/transit/path_rotate.go

@@ -18,7 +18,7 @@ func pathRotate() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathRotateWrite,
+			logical.UpdateOperation: pathRotateWrite,
 		},
 
 		HelpSynopsis:    pathRotateHelpSyn,

helper/mfa/duo/path_duo_access.go

@@ -34,7 +34,7 @@ func pathDuoAccess() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation:  pathDuoAccessWrite,
+			logical.UpdateOperation:  pathDuoAccessWrite,
 		},
 
 		HelpSynopsis:    pathDuoAccessHelpSyn,

helper/mfa/duo/path_duo_config.go

@@ -23,7 +23,7 @@ func pathDuoConfig() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: pathDuoConfigWrite,
+			logical.UpdateOperation: pathDuoConfigWrite,
 			logical.ReadOperation: pathDuoConfigRead,
 		},
 

helper/mfa/mfa.go

@@ -56,8 +56,8 @@ func wrapLoginPath(b *backend, loginPath *framework.Path) *framework.Path {
 		Description: "Multi-factor auth method to use (optional)",
 	}
 	// wrap write callback to do MFA after auth
-	loginHandler := loginPath.Callbacks[logical.WriteOperation]
-	loginPath.Callbacks[logical.WriteOperation] = b.wrapLoginHandler(loginHandler)
+	loginHandler := loginPath.Callbacks[logical.UpdateOperation]
+	loginPath.Callbacks[logical.UpdateOperation] = b.wrapLoginHandler(loginHandler)
 	return loginPath
 }
 

helper/mfa/mfa_test.go

@@ -38,7 +38,7 @@ func testPathLogin() *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation: testPathLoginHandler,
+			logical.UpdateOperation: testPathLoginHandler,
 		},
 	}
 }
@@ -92,7 +92,7 @@ func TestMFALoginDenied(t *testing.T) {
 
 func testAccStepEnableMFA(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path: "mfa_config",
 		Data: map[string]interface{}{
 			"type": "test",
@@ -102,7 +102,7 @@ func testAccStepEnableMFA(t *testing.T) logicaltest.TestStep {
 
 func testAccStepLogin(t *testing.T, username string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path: "login",
 		Data: map[string]interface{}{
 			"method": "accept",
@@ -115,7 +115,7 @@ func testAccStepLogin(t *testing.T, username string) logicaltest.TestStep {
 
 func testAccStepLoginDenied(t *testing.T, username string) logicaltest.TestStep {
 	return logicaltest.TestStep{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path: "login",
 		Data: map[string]interface{}{
 			"method": "deny",

helper/mfa/path_mfa_config.go

@@ -16,7 +16,7 @@ func pathMFAConfig(b *backend) *framework.Path {
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
-			logical.WriteOperation:  b.pathMFAConfigWrite,
+			logical.UpdateOperation:  b.pathMFAConfigWrite,
 			logical.ReadOperation: b.pathMFAConfigRead,
 		},
 

http/logical.go

@@ -33,7 +33,7 @@ func handleLogical(core *vault.Core, dataOnly bool) http.Handler {
 		case "POST":
 			fallthrough
 		case "PUT":
-			op = logical.WriteOperation
+			op = logical.UpdateOperation
 		default:
 			respondError(w, http.StatusMethodNotAllowed, nil)
 			return
@@ -41,7 +41,7 @@ func handleLogical(core *vault.Core, dataOnly bool) http.Handler {
 
 		// Parse the request if we can
 		var req map[string]interface{}
-		if op == logical.WriteOperation {
+		if op == logical.UpdateOperation {
 			err := parseRequest(r, &req)
 			if err == io.EOF {
 				req = nil

http/sys_policy.go

@@ -127,7 +127,7 @@ func handleSysWritePolicy(core *vault.Core, w http.ResponseWriter, r *http.Reque
 	}
 
 	_, ok := request(core, w, r, requestAuth(r, &logical.Request{
-		Operation:  logical.WriteOperation,
+		Operation:  logical.UpdateOperation,
 		Path:       "sys/policy/" + path,
 		Connection: getConnection(r),
 		Data: map[string]interface{}{

logical/framework/backend_test.go

@@ -94,14 +94,14 @@ func TestBackendHandleRequest_badwrite(t *testing.T) {
 					"value": &FieldSchema{Type: TypeBool},
 				},
 				Callbacks: map[logical.Operation]OperationFunc{
-					logical.WriteOperation: callback,
+					logical.UpdateOperation: callback,
 				},
 			},
 		},
 	}
 
 	_, err := b.HandleRequest(&logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "foo/bar",
 		Data:      map[string]interface{}{"value": "3false3"},
 	})
@@ -390,7 +390,7 @@ func TestBackendHandleRequest_unsupportedOperation(t *testing.T) {
 	}
 
 	_, err := b.HandleRequest(&logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "foo/bar",
 		Data:      map[string]interface{}{"value": "84"},
 	})

logical/framework/path_map.go

@@ -122,7 +122,7 @@ func (p *PathMap) Paths() []*Path {
 			Fields: schema,
 
 			Callbacks: map[logical.Operation]OperationFunc{
-				logical.WriteOperation:  p.pathSingleWrite,
+				logical.UpdateOperation:  p.pathSingleWrite,
 				logical.ReadOperation:   p.pathSingleRead,
 				logical.DeleteOperation: p.pathSingleDelete,
 			},

logical/framework/path_map_test.go

@@ -14,7 +14,7 @@ func TestPathMap(t *testing.T) {
 
 	// Write via HTTP
 	_, err := b.HandleRequest(&logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/foo/a",
 		Data: map[string]interface{}{
 			"value": "bar",
@@ -136,7 +136,7 @@ func TestPathMap_Salted(t *testing.T) {
 
 	// Write via HTTP
 	_, err = b.HandleRequest(&logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "map/foo/a",
 		Data: map[string]interface{}{
 			"value": "bar",

logical/framework/path_struct.go

@@ -64,7 +64,7 @@ func (p *PathStruct) Paths() []*Path {
 		Fields:  p.Schema,
 
 		Callbacks: map[logical.Operation]OperationFunc{
-			logical.WriteOperation:  p.pathWrite,
+			logical.UpdateOperation:  p.pathWrite,
 			logical.DeleteOperation: p.pathDelete,
 		},
 

logical/framework/path_struct_test.go

@@ -21,7 +21,7 @@ func TestPathStruct(t *testing.T) {
 
 	// Write via HTTP
 	_, err := b.HandleRequest(&logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "bar",
 		Data: map[string]interface{}{
 			"value": "baz",

logical/request.go

@@ -122,7 +122,7 @@ type Operation string
 const (
 	// The operations below are called per path
 	ReadOperation   Operation = "read"
-	WriteOperation            = "write"
+	UpdateOperation            = "write"
 	DeleteOperation           = "delete"
 	ListOperation             = "list"
 	HelpOperation             = "help"

logical/testing/testing.go

@@ -206,7 +206,7 @@ func Test(t TestT, c TestCase) {
 		if resp != nil && resp.Secret != nil {
 			// Revoke this secret later
 			revoke = append(revoke, &logical.Request{
-				Operation: logical.WriteOperation,
+				Operation: logical.UpdateOperation,
 				Path:      "sys/revoke/" + resp.Secret.LeaseID,
 			})
 		}

vault/acl.go

@@ -15,7 +15,7 @@ var (
 	// into the set of policies that allow the operation.
 	permittedPolicyLevels = map[logical.Operation][]string{
 		logical.ReadOperation:     readWriteSudo,
-		logical.WriteOperation:    writeSudo,
+		logical.UpdateOperation:    writeSudo,
 		logical.DeleteOperation:   writeSudo,
 		logical.ListOperation:     readWriteSudo,
 		logical.HelpOperation:     anyPolicy,

vault/acl_test.go

@@ -17,7 +17,7 @@ func TestACL_Root(t *testing.T) {
 	if !acl.RootPrivilege("sys/mount/foo") {
 		t.Fatalf("expected root")
 	}
-	if !acl.AllowOperation(logical.WriteOperation, "sys/mount/foo") {
+	if !acl.AllowOperation(logical.UpdateOperation, "sys/mount/foo") {
 		t.Fatalf("expected permission")
 	}
 }
@@ -47,14 +47,14 @@ func TestACL_Single(t *testing.T) {
 		{logical.HelpOperation, "root", true},
 
 		{logical.ReadOperation, "dev/foo", true},
-		{logical.WriteOperation, "dev/foo", true},
+		{logical.UpdateOperation, "dev/foo", true},
 
 		{logical.DeleteOperation, "stage/foo", true},
-		{logical.WriteOperation, "stage/aws/foo", false},
-		{logical.WriteOperation, "stage/aws/policy/foo", true},
+		{logical.UpdateOperation, "stage/aws/foo", false},
+		{logical.UpdateOperation, "stage/aws/policy/foo", true},
 
 		{logical.DeleteOperation, "prod/foo", false},
-		{logical.WriteOperation, "prod/foo", false},
+		{logical.UpdateOperation, "prod/foo", false},
 		{logical.ReadOperation, "prod/foo", true},
 		{logical.ListOperation, "prod/foo", true},
 		{logical.ReadOperation, "prod/aws/foo", false},
@@ -101,20 +101,20 @@ func testLayeredACL(t *testing.T, acl *ACL) {
 		{logical.HelpOperation, "root", true},
 
 		{logical.ReadOperation, "dev/hide/foo", false},
-		{logical.WriteOperation, "dev/hide/foo", false},
+		{logical.UpdateOperation, "dev/hide/foo", false},
 
 		{logical.DeleteOperation, "stage/foo", true},
-		{logical.WriteOperation, "stage/aws/foo", false},
-		{logical.WriteOperation, "stage/aws/policy/foo", false},
+		{logical.UpdateOperation, "stage/aws/foo", false},
+		{logical.UpdateOperation, "stage/aws/policy/foo", false},
 
 		{logical.DeleteOperation, "prod/foo", true},
-		{logical.WriteOperation, "prod/foo", true},
+		{logical.UpdateOperation, "prod/foo", true},
 		{logical.ReadOperation, "prod/foo", true},
 		{logical.ListOperation, "prod/foo", true},
 		{logical.ReadOperation, "prod/aws/foo", false},
 
 		{logical.ReadOperation, "sys/status", false},
-		{logical.WriteOperation, "sys/seal", true},
+		{logical.UpdateOperation, "sys/seal", true},
 	}
 
 	for _, tc := range tcases {

vault/core.go

@@ -1115,7 +1115,7 @@ func (c *Core) Seal(token string) (retErr error) {
 	}
 
 	// Validate the token is a root token
-	_, te, err := c.checkToken(logical.WriteOperation, "sys/seal", token)
+	_, te, err := c.checkToken(logical.UpdateOperation, "sys/seal", token)
 	if te != nil {
 		// Attempt to use the token (decrement num_uses)
 		if err := c.tokenStore.UseToken(te); err != nil {

vault/core_test.go

@@ -379,7 +379,7 @@ func TestCore_HandleRequest_Lease(t *testing.T) {
 	c, _, root := TestCoreUnsealed(t)
 
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -420,7 +420,7 @@ func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) {
 	c, _, root := TestCoreUnsealed(t)
 
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -461,7 +461,7 @@ func TestCore_HandleRequest_Lease_DefaultLength(t *testing.T) {
 	c, _, root := TestCoreUnsealed(t)
 
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -502,7 +502,7 @@ func TestCore_HandleRequest_MissingToken(t *testing.T) {
 	c, _, _ := TestCoreUnsealed(t)
 
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -522,7 +522,7 @@ func TestCore_HandleRequest_InvalidToken(t *testing.T) {
 	c, _, _ := TestCoreUnsealed(t)
 
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -579,7 +579,7 @@ func TestCore_HandleRequest_RootPath_WithSudo(t *testing.T) {
 
 	// Set the 'test' policy object to permit access to sys/policy
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "sys/policy/test", // root protected!
 		Data: map[string]interface{}{
 			"rules": `path "sys/policy" { policy = "sudo" }`,
@@ -616,7 +616,7 @@ func TestCore_HandleRequest_PermissionDenied(t *testing.T) {
 	testCoreMakeToken(t, c, root, "child", "", []string{"test"})
 
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -637,7 +637,7 @@ func TestCore_HandleRequest_PermissionAllowed(t *testing.T) {
 
 	// Set the 'test' policy object to permit access to secret/
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "sys/policy/test",
 		Data: map[string]interface{}{
 			"rules": `path "secret/*" { policy = "write" }`,
@@ -654,7 +654,7 @@ func TestCore_HandleRequest_PermissionAllowed(t *testing.T) {
 
 	// Write should work now
 	req = &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -681,7 +681,7 @@ func TestCore_HandleRequest_NoConnection(t *testing.T) {
 	}
 
 	// Enable the logical backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/mounts/foo")
 	req.Data["type"] = "noop"
 	req.Data["description"] = "foo"
 	req.ClientToken = root
@@ -714,7 +714,7 @@ func TestCore_HandleRequest_NoClientToken(t *testing.T) {
 	}
 
 	// Enable the logical backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/mounts/foo")
 	req.Data["type"] = "noop"
 	req.Data["description"] = "foo"
 	req.ClientToken = root
@@ -749,7 +749,7 @@ func TestCore_HandleRequest_ConnOnLogin(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/auth/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -790,7 +790,7 @@ func TestCore_HandleLogin_Token(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/auth/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -853,7 +853,7 @@ func TestCore_HandleRequest_AuditTrail(t *testing.T) {
 	}
 
 	// Enable the audit backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/audit/noop")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/audit/noop")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	resp, err := c.HandleRequest(req)
@@ -863,7 +863,7 @@ func TestCore_HandleRequest_AuditTrail(t *testing.T) {
 
 	// Make a request
 	req = &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -935,7 +935,7 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/auth/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -944,7 +944,7 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) {
 	}
 
 	// Enable the audit backend
-	req = logical.TestRequest(t, logical.WriteOperation, "sys/audit/noop")
+	req = logical.TestRequest(t, logical.UpdateOperation, "sys/audit/noop")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err = c.HandleRequest(req)
@@ -998,7 +998,7 @@ func TestCore_HandleRequest_CreateToken_Lease(t *testing.T) {
 	c, _, root := TestCoreUnsealed(t)
 
 	// Create a new credential
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/token/create")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 	resp, err := c.HandleRequest(req)
@@ -1041,7 +1041,7 @@ func TestCore_HandleRequest_CreateToken_NoDefaultPolicy(t *testing.T) {
 	c, _, root := TestCoreUnsealed(t)
 
 	// Create a new credential
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/token/create")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 	req.Data["no_default_policy"] = true
@@ -1079,7 +1079,7 @@ func TestCore_LimitedUseToken(t *testing.T) {
 	c, _, root := TestCoreUnsealed(t)
 
 	// Create a new credential
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/token/create")
 	req.ClientToken = root
 	req.Data["num_uses"] = "1"
 	resp, err := c.HandleRequest(req)
@@ -1089,7 +1089,7 @@ func TestCore_LimitedUseToken(t *testing.T) {
 
 	// Put a secret
 	req = &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/foo",
 		Data: map[string]interface{}{
 			"foo": "bar",
@@ -1297,7 +1297,7 @@ func testCore_Standby_Common(t *testing.T, inm physical.Backend, inmha physical.
 
 	// Put a secret
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/foo",
 		Data: map[string]interface{}{
 			"foo": "bar",
@@ -1456,7 +1456,7 @@ func TestCore_HandleRequest_Login_InternalData(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/auth/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -1500,7 +1500,7 @@ func TestCore_HandleRequest_InternalData(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/mounts/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -1543,7 +1543,7 @@ func TestCore_HandleLogin_ReturnSecret(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/auth/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -1567,7 +1567,7 @@ func TestCore_RenewSameLease(t *testing.T) {
 
 	// Create a leasable secret
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -1596,7 +1596,7 @@ func TestCore_RenewSameLease(t *testing.T) {
 	original := resp.Secret.LeaseID
 
 	// Renew the lease
-	req = logical.TestRequest(t, logical.WriteOperation, "sys/renew/"+resp.Secret.LeaseID)
+	req = logical.TestRequest(t, logical.UpdateOperation, "sys/renew/"+resp.Secret.LeaseID)
 	req.ClientToken = root
 	resp, err = c.HandleRequest(req)
 	if err != nil {
@@ -1615,7 +1615,7 @@ func TestCore_RenewToken_SingleRegister(t *testing.T) {
 
 	// Create a new token
 	req := &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "auth/token/create",
 		Data: map[string]interface{}{
 			"lease": "1h",
@@ -1629,7 +1629,7 @@ func TestCore_RenewToken_SingleRegister(t *testing.T) {
 	newClient := resp.Auth.ClientToken
 
 	// Renew the token
-	req = logical.TestRequest(t, logical.WriteOperation, "auth/token/renew/"+newClient)
+	req = logical.TestRequest(t, logical.UpdateOperation, "auth/token/renew/"+newClient)
 	req.ClientToken = newClient
 	resp, err = c.HandleRequest(req)
 	if err != nil {
@@ -1637,7 +1637,7 @@ func TestCore_RenewToken_SingleRegister(t *testing.T) {
 	}
 
 	// Revoke using the renew prefix
-	req = logical.TestRequest(t, logical.WriteOperation, "sys/revoke-prefix/auth/token/renew/")
+	req = logical.TestRequest(t, logical.UpdateOperation, "sys/revoke-prefix/auth/token/renew/")
 	req.ClientToken = root
 	resp, err = c.HandleRequest(req)
 	if err != nil {
@@ -1675,7 +1675,7 @@ func TestCore_EnableDisableCred_WithLease(t *testing.T) {
 	}
 
 	// Enable the credential backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/auth/foo")
 	req.Data["type"] = "noop"
 	req.ClientToken = root
 	_, err := c.HandleRequest(req)
@@ -1694,7 +1694,7 @@ func TestCore_EnableDisableCred_WithLease(t *testing.T) {
 
 	// Create a leasable secret
 	req = &logical.Request{
-		Operation: logical.WriteOperation,
+		Operation: logical.UpdateOperation,
 		Path:      "secret/test",
 		Data: map[string]interface{}{
 			"foo":   "bar",
@@ -1722,7 +1722,7 @@ func TestCore_EnableDisableCred_WithLease(t *testing.T) {
 	}
 
 	// Renew the lease
-	req = logical.TestRequest(t, logical.WriteOperation, "sys/renew/"+resp.Secret.LeaseID)
+	req = logical.TestRequest(t, logical.UpdateOperation, "sys/renew/"+resp.Secret.LeaseID)
 	req.ClientToken = lresp.Auth.ClientToken
 	_, err = c.HandleRequest(req)
 	if err != nil {
@@ -1748,7 +1748,7 @@ func TestCore_HandleRequest_MountPoint(t *testing.T) {
 	}
 
 	// Enable the logical backend
-	req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "sys/mounts/foo")
 	req.Data["type"] = "noop"
 	req.Data["description"] = "foo"
 	req.ClientToken = root
@@ -2121,7 +2121,7 @@ func TestCore_Standby_Rotate(t *testing.T) {
 
 	// Rotate the encryption key
 	req := &logical.Request{
-		Operation:   logical.WriteOperation,
+		Operation:   logical.UpdateOperation,
 		Path:        "sys/rotate",
 		ClientToken: root,
 	}

vault/logical_cubbyhole.go

@@ -21,7 +21,7 @@ func CubbyholeBackendFactory(conf *logical.BackendConfig) (logical.Backend, erro
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
 					logical.ReadOperation:   b.handleRead,
-					logical.WriteOperation:  b.handleWrite,
+					logical.UpdateOperation:  b.handleWrite,
 					logical.DeleteOperation: b.handleDelete,
 					logical.ListOperation:   b.handleList,
 				},

vault/logical_cubbyhole_test.go

@@ -20,7 +20,7 @@ func TestCubbyholeBackend_RootPaths(t *testing.T) {
 
 func TestCubbyholeBackend_Write(t *testing.T) {
 	b := testCubbyholeBackend()
-	req := logical.TestRequest(t, logical.WriteOperation, "foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 	clientToken := uuid.GenerateUUID()
 	req.ClientToken = clientToken
 	storage := req.Storage
@@ -45,7 +45,7 @@ func TestCubbyholeBackend_Write(t *testing.T) {
 
 func TestCubbyholeBackend_Read(t *testing.T) {
 	b := testCubbyholeBackend()
-	req := logical.TestRequest(t, logical.WriteOperation, "foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 	req.Data["raw"] = "test"
 	storage := req.Storage
 	clientToken := uuid.GenerateUUID()
@@ -77,7 +77,7 @@ func TestCubbyholeBackend_Read(t *testing.T) {
 
 func TestCubbyholeBackend_Delete(t *testing.T) {
 	b := testCubbyholeBackend()
-	req := logical.TestRequest(t, logical.WriteOperation, "foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 	req.Data["raw"] = "test"
 	storage := req.Storage
 	clientToken := uuid.GenerateUUID()
@@ -112,7 +112,7 @@ func TestCubbyholeBackend_Delete(t *testing.T) {
 
 func TestCubbyholeBackend_List(t *testing.T) {
 	b := testCubbyholeBackend()
-	req := logical.TestRequest(t, logical.WriteOperation, "foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 	clientToken := uuid.GenerateUUID()
 	req.Data["raw"] = "test"
 	req.ClientToken = clientToken
@@ -122,7 +122,7 @@ func TestCubbyholeBackend_List(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	req = logical.TestRequest(t, logical.WriteOperation, "bar")
+	req = logical.TestRequest(t, logical.UpdateOperation, "bar")
 	req.Data["raw"] = "baz"
 	req.ClientToken = clientToken
 	req.Storage = storage
@@ -157,7 +157,7 @@ func TestCubbyholeIsolation(t *testing.T) {
 	var storageB logical.Storage
 
 	// Populate and test A entries
-	req := logical.TestRequest(t, logical.WriteOperation, "foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 	req.ClientToken = clientTokenA
 	storageA = req.Storage
 	req.Data["raw"] = "test"
@@ -189,7 +189,7 @@ func TestCubbyholeIsolation(t *testing.T) {
 	}
 
 	// Populate and test B entries
-	req = logical.TestRequest(t, logical.WriteOperation, "bar")
+	req = logical.TestRequest(t, logical.UpdateOperation, "bar")
 	req.ClientToken = clientTokenB
 	storageB = req.Storage
 	req.Data["raw"] = "baz"

vault/logical_passthrough.go

@@ -47,7 +47,7 @@ func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases bool) (
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
 					logical.ReadOperation:   b.handleRead,
-					logical.WriteOperation:  b.handleWrite,
+					logical.UpdateOperation:  b.handleWrite,
 					logical.DeleteOperation: b.handleDelete,
 					logical.ListOperation:   b.handleList,
 				},

vault/logical_passthrough_test.go

@@ -23,7 +23,7 @@ func TestPassthroughBackend_RootPaths(t *testing.T) {
 
 func TestPassthroughBackend_Write(t *testing.T) {
 	test := func(b logical.Backend) {
-		req := logical.TestRequest(t, logical.WriteOperation, "foo")
+		req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 		req.Data["raw"] = "test"
 
 		resp, err := b.HandleRequest(req)
@@ -50,7 +50,7 @@ func TestPassthroughBackend_Write(t *testing.T) {
 
 func TestPassthroughBackend_Read(t *testing.T) {
 	test := func(b logical.Backend, ttlType string, leased bool) {
-		req := logical.TestRequest(t, logical.WriteOperation, "foo")
+		req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 		req.Data["raw"] = "test"
 		req.Data[ttlType] = "1h"
 		storage := req.Storage
@@ -99,7 +99,7 @@ func TestPassthroughBackend_Read(t *testing.T) {
 
 func TestPassthroughBackend_Delete(t *testing.T) {
 	test := func(b logical.Backend) {
-		req := logical.TestRequest(t, logical.WriteOperation, "foo")
+		req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 		req.Data["raw"] = "test"
 		storage := req.Storage
 
@@ -135,7 +135,7 @@ func TestPassthroughBackend_Delete(t *testing.T) {
 
 func TestPassthroughBackend_List(t *testing.T) {
 	test := func(b logical.Backend) {
-		req := logical.TestRequest(t, logical.WriteOperation, "foo")
+		req := logical.TestRequest(t, logical.UpdateOperation, "foo")
 		req.Data["raw"] = "test"
 		storage := req.Storage
 

vault/logical_system.go

@@ -75,7 +75,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
 					logical.ReadOperation:  b.handleMountTuneRead,
-					logical.WriteOperation: b.handleMountTuneWrite,
+					logical.UpdateOperation: b.handleMountTuneWrite,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["mount_tune"][0]),
@@ -105,7 +105,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation:  b.handleMount,
+					logical.UpdateOperation:  b.handleMount,
 					logical.DeleteOperation: b.handleUnmount,
 				},
 
@@ -139,7 +139,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: b.handleRemount,
+					logical.UpdateOperation: b.handleRemount,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["remount"][0]),
@@ -161,7 +161,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: b.handleRenew,
+					logical.UpdateOperation: b.handleRenew,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["renew"][0]),
@@ -179,7 +179,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: b.handleRevoke,
+					logical.UpdateOperation: b.handleRevoke,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["revoke"][0]),
@@ -197,7 +197,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: b.handleRevokePrefix,
+					logical.UpdateOperation: b.handleRevokePrefix,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["revoke-prefix"][0]),
@@ -234,7 +234,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation:  b.handleEnableAuth,
+					logical.UpdateOperation:  b.handleEnableAuth,
 					logical.DeleteOperation: b.handleDisableAuth,
 				},
 
@@ -269,7 +269,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
 					logical.ReadOperation:   b.handlePolicyRead,
-					logical.WriteOperation:  b.handlePolicySet,
+					logical.UpdateOperation:  b.handlePolicySet,
 					logical.DeleteOperation: b.handlePolicyDelete,
 				},
 
@@ -292,7 +292,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: b.handleAuditHash,
+					logical.UpdateOperation: b.handleAuditHash,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["audit-hash"][0]),
@@ -333,7 +333,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation:  b.handleEnableAudit,
+					logical.UpdateOperation:  b.handleEnableAudit,
 					logical.DeleteOperation: b.handleDisableAudit,
 				},
 
@@ -355,7 +355,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
 					logical.ReadOperation:   b.handleRawRead,
-					logical.WriteOperation:  b.handleRawWrite,
+					logical.UpdateOperation:  b.handleRawWrite,
 					logical.DeleteOperation: b.handleRawDelete,
 				},
 			},
@@ -375,7 +375,7 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend
 				Pattern: "rotate$",
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: b.handleRotate,
+					logical.UpdateOperation: b.handleRotate,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(sysHelp["rotate"][0]),

vault/logical_system_test.go

@@ -75,7 +75,7 @@ func TestSystemBackend_mounts(t *testing.T) {
 func TestSystemBackend_mount(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "mounts/prod/secret/")
+	req := logical.TestRequest(t, logical.UpdateOperation, "mounts/prod/secret/")
 	req.Data["type"] = "generic"
 
 	resp, err := b.HandleRequest(req)
@@ -90,7 +90,7 @@ func TestSystemBackend_mount(t *testing.T) {
 func TestSystemBackend_mount_invalid(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "mounts/prod/secret/")
+	req := logical.TestRequest(t, logical.UpdateOperation, "mounts/prod/secret/")
 	req.Data["type"] = "nope"
 	resp, err := b.HandleRequest(req)
 	if err != logical.ErrInvalidRequest {
@@ -130,7 +130,7 @@ func TestSystemBackend_unmount_invalid(t *testing.T) {
 func TestSystemBackend_remount(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "remount")
+	req := logical.TestRequest(t, logical.UpdateOperation, "remount")
 	req.Data["from"] = "secret"
 	req.Data["to"] = "foo"
 	req.Data["config"] = structs.Map(MountConfig{})
@@ -146,7 +146,7 @@ func TestSystemBackend_remount(t *testing.T) {
 func TestSystemBackend_remount_invalid(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "remount")
+	req := logical.TestRequest(t, logical.UpdateOperation, "remount")
 	req.Data["from"] = "unknown"
 	req.Data["to"] = "foo"
 	req.Data["config"] = structs.Map(MountConfig{})
@@ -162,7 +162,7 @@ func TestSystemBackend_remount_invalid(t *testing.T) {
 func TestSystemBackend_remount_system(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "remount")
+	req := logical.TestRequest(t, logical.UpdateOperation, "remount")
 	req.Data["from"] = "sys"
 	req.Data["to"] = "foo"
 	resp, err := b.HandleRequest(req)
@@ -178,7 +178,7 @@ func TestSystemBackend_renew(t *testing.T) {
 	core, b, root := testCoreSystemBackend(t)
 
 	// Create a key with a lease
-	req := logical.TestRequest(t, logical.WriteOperation, "secret/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
 	req.Data["foo"] = "bar"
 	req.ClientToken = root
 	resp, err := core.HandleRequest(req)
@@ -201,7 +201,7 @@ func TestSystemBackend_renew(t *testing.T) {
 	}
 
 	// Attempt renew
-	req2 := logical.TestRequest(t, logical.WriteOperation, "renew/"+resp.Secret.LeaseID)
+	req2 := logical.TestRequest(t, logical.UpdateOperation, "renew/"+resp.Secret.LeaseID)
 	req2.Data["increment"] = "100s"
 	resp2, err := b.HandleRequest(req2)
 	if err != logical.ErrInvalidRequest {
@@ -218,7 +218,7 @@ func TestSystemBackend_renew_invalidID(t *testing.T) {
 	b := testSystemBackend(t)
 
 	// Attempt renew
-	req := logical.TestRequest(t, logical.WriteOperation, "renew/foobarbaz")
+	req := logical.TestRequest(t, logical.UpdateOperation, "renew/foobarbaz")
 	resp, err := b.HandleRequest(req)
 	if err != logical.ErrInvalidRequest {
 		t.Fatalf("err: %v", err)
@@ -232,7 +232,7 @@ func TestSystemBackend_revoke(t *testing.T) {
 	core, b, root := testCoreSystemBackend(t)
 
 	// Create a key with a lease
-	req := logical.TestRequest(t, logical.WriteOperation, "secret/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
 	req.Data["foo"] = "bar"
 	req.Data["lease"] = "1h"
 	req.ClientToken = root
@@ -256,7 +256,7 @@ func TestSystemBackend_revoke(t *testing.T) {
 	}
 
 	// Attempt revoke
-	req2 := logical.TestRequest(t, logical.WriteOperation, "revoke/"+resp.Secret.LeaseID)
+	req2 := logical.TestRequest(t, logical.UpdateOperation, "revoke/"+resp.Secret.LeaseID)
 	resp2, err := b.HandleRequest(req2)
 	if err != nil {
 		t.Fatalf("err: %v %#v", err, resp2)
@@ -266,7 +266,7 @@ func TestSystemBackend_revoke(t *testing.T) {
 	}
 
 	// Attempt renew
-	req3 := logical.TestRequest(t, logical.WriteOperation, "renew/"+resp.Secret.LeaseID)
+	req3 := logical.TestRequest(t, logical.UpdateOperation, "renew/"+resp.Secret.LeaseID)
 	resp3, err := b.HandleRequest(req3)
 	if err != logical.ErrInvalidRequest {
 		t.Fatalf("err: %v", err)
@@ -280,7 +280,7 @@ func TestSystemBackend_revoke_invalidID(t *testing.T) {
 	b := testSystemBackend(t)
 
 	// Attempt renew
-	req := logical.TestRequest(t, logical.WriteOperation, "revoke/foobarbaz")
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke/foobarbaz")
 	resp, err := b.HandleRequest(req)
 	if err != nil {
 		t.Fatalf("err: %v", err)
@@ -294,7 +294,7 @@ func TestSystemBackend_revokePrefix(t *testing.T) {
 	core, b, root := testCoreSystemBackend(t)
 
 	// Create a key with a lease
-	req := logical.TestRequest(t, logical.WriteOperation, "secret/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
 	req.Data["foo"] = "bar"
 	req.Data["lease"] = "1h"
 	req.ClientToken = root
@@ -318,7 +318,7 @@ func TestSystemBackend_revokePrefix(t *testing.T) {
 	}
 
 	// Attempt revoke
-	req2 := logical.TestRequest(t, logical.WriteOperation, "revoke-prefix/secret/")
+	req2 := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/secret/")
 	resp2, err := b.HandleRequest(req2)
 	if err != nil {
 		t.Fatalf("err: %v %#v", err, resp2)
@@ -328,7 +328,7 @@ func TestSystemBackend_revokePrefix(t *testing.T) {
 	}
 
 	// Attempt renew
-	req3 := logical.TestRequest(t, logical.WriteOperation, "renew/"+resp.Secret.LeaseID)
+	req3 := logical.TestRequest(t, logical.UpdateOperation, "renew/"+resp.Secret.LeaseID)
 	resp3, err := b.HandleRequest(req3)
 	if err != logical.ErrInvalidRequest {
 		t.Fatalf("err: %v", err)
@@ -363,7 +363,7 @@ func TestSystemBackend_enableAuth(t *testing.T) {
 		return &NoopBackend{}, nil
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/foo")
 	req.Data["type"] = "noop"
 
 	resp, err := b.HandleRequest(req)
@@ -377,7 +377,7 @@ func TestSystemBackend_enableAuth(t *testing.T) {
 
 func TestSystemBackend_enableAuth_invalid(t *testing.T) {
 	b := testSystemBackend(t)
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/foo")
 	req.Data["type"] = "nope"
 	resp, err := b.HandleRequest(req)
 	if err != logical.ErrInvalidRequest {
@@ -395,7 +395,7 @@ func TestSystemBackend_disableAuth(t *testing.T) {
 	}
 
 	// Register the backend
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/foo")
 	req.Data["type"] = "noop"
 	b.HandleRequest(req)
 
@@ -444,7 +444,7 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
 
 	// Create the policy
 	rules := `path "foo/" { policy = "read" }`
-	req := logical.TestRequest(t, logical.WriteOperation, "policy/Foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "policy/Foo")
 	req.Data["rules"] = rules
 	resp, err := b.HandleRequest(req)
 	if err != nil {
@@ -533,7 +533,7 @@ func TestSystemBackend_enableAudit(t *testing.T) {
 		}, nil
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "audit/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
 	req.Data["type"] = "noop"
 
 	resp, err := b.HandleRequest(req)
@@ -566,7 +566,7 @@ func TestSystemBackend_auditHash(t *testing.T) {
 		}, nil
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "audit/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
 	req.Data["type"] = "noop"
 
 	resp, err := b.HandleRequest(req)
@@ -577,7 +577,7 @@ func TestSystemBackend_auditHash(t *testing.T) {
 		t.Fatalf("bad: %v", resp)
 	}
 
-	req = logical.TestRequest(t, logical.WriteOperation, "audit-hash/foo")
+	req = logical.TestRequest(t, logical.UpdateOperation, "audit-hash/foo")
 	req.Data["input"] = "bar"
 
 	resp, err = b.HandleRequest(req)
@@ -598,7 +598,7 @@ func TestSystemBackend_auditHash(t *testing.T) {
 
 func TestSystemBackend_enableAudit_invalid(t *testing.T) {
 	b := testSystemBackend(t)
-	req := logical.TestRequest(t, logical.WriteOperation, "audit/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
 	req.Data["type"] = "nope"
 	resp, err := b.HandleRequest(req)
 	if err != logical.ErrInvalidRequest {
@@ -617,7 +617,7 @@ func TestSystemBackend_auditTable(t *testing.T) {
 		}, nil
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "audit/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
 	req.Data["type"] = "noop"
 	req.Data["description"] = "testing"
 	req.Data["options"] = map[string]interface{}{
@@ -653,7 +653,7 @@ func TestSystemBackend_disableAudit(t *testing.T) {
 		}, nil
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "audit/foo")
+	req := logical.TestRequest(t, logical.UpdateOperation, "audit/foo")
 	req.Data["type"] = "noop"
 	req.Data["description"] = "testing"
 	req.Data["options"] = map[string]interface{}{
@@ -711,7 +711,7 @@ func TestSystemBackend_rawRead(t *testing.T) {
 func TestSystemBackend_rawWrite_Protected(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "raw/"+keyringPath)
+	req := logical.TestRequest(t, logical.UpdateOperation, "raw/"+keyringPath)
 	_, err := b.HandleRequest(req)
 	if err != logical.ErrInvalidRequest {
 		t.Fatalf("err: %v", err)
@@ -721,7 +721,7 @@ func TestSystemBackend_rawWrite_Protected(t *testing.T) {
 func TestSystemBackend_rawWrite(t *testing.T) {
 	c, b, _ := testCoreSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "raw/sys/policy/test")
+	req := logical.TestRequest(t, logical.UpdateOperation, "raw/sys/policy/test")
 	req.Data["value"] = `path "secret/" { policy = "read" }`
 	resp, err := b.HandleRequest(req)
 	if err != nil {
@@ -805,7 +805,7 @@ func TestSystemBackend_keyStatus(t *testing.T) {
 func TestSystemBackend_rotate(t *testing.T) {
 	b := testSystemBackend(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "rotate")
+	req := logical.TestRequest(t, logical.UpdateOperation, "rotate")
 	resp, err := b.HandleRequest(req)
 	if err != nil {
 		t.Fatalf("err: %v", err)

vault/token_store.go

@@ -94,7 +94,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				Pattern: "create-orphan$",
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleCreateOrphan,
+					logical.UpdateOperation: t.handleCreateOrphan,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenCreateOrphanHelp),
@@ -105,7 +105,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				Pattern: "create$",
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleCreate,
+					logical.UpdateOperation: t.handleCreate,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenCreateHelp),
@@ -152,7 +152,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				Pattern: "revoke-self$",
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleRevokeSelf,
+					logical.UpdateOperation: t.handleRevokeSelf,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenRevokeSelfHelp),
@@ -170,7 +170,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleRevokeTree,
+					logical.UpdateOperation: t.handleRevokeTree,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenRevokeHelp),
@@ -188,7 +188,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleRevokeOrphan,
+					logical.UpdateOperation: t.handleRevokeOrphan,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenRevokeOrphanHelp),
@@ -206,7 +206,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleRevokePrefix,
+					logical.UpdateOperation: t.handleRevokePrefix,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenRevokePrefixHelp),
@@ -228,7 +228,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleRenewSelf,
+					logical.UpdateOperation: t.handleRenewSelf,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenRenewSelfHelp),
@@ -250,7 +250,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 				},
 
 				Callbacks: map[logical.Operation]framework.OperationFunc{
-					logical.WriteOperation: t.handleRenew,
+					logical.UpdateOperation: t.handleRenew,
 				},
 
 				HelpSynopsis:    strings.TrimSpace(tokenRenewHelp),

vault/token_store_test.go

@@ -379,7 +379,7 @@ func TestTokenStore_RevokeSelf(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "revoke-self")
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke-self")
 	req.ClientToken = ent1.ID
 
 	resp, err := ts.HandleRequest(req)
@@ -402,7 +402,7 @@ func TestTokenStore_RevokeSelf(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_DisplayName(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["display_name"] = "foo_bar.baz!"
 
@@ -432,7 +432,7 @@ func TestTokenStore_HandleRequest_CreateToken_DisplayName(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_NumUses(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["num_uses"] = "1"
 
@@ -463,7 +463,7 @@ func TestTokenStore_HandleRequest_CreateToken_NumUses(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_NumUses_Invalid(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["num_uses"] = "-1"
 
@@ -476,7 +476,7 @@ func TestTokenStore_HandleRequest_CreateToken_NumUses_Invalid(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_NumUses_Restricted(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["num_uses"] = "1"
 
@@ -496,7 +496,7 @@ func TestTokenStore_HandleRequest_CreateToken_NumUses_Restricted(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_NoPolicy(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 
 	resp, err := ts.HandleRequest(req)
@@ -525,7 +525,7 @@ func TestTokenStore_HandleRequest_CreateToken_NoPolicy(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_BadParent(t *testing.T) {
 	_, ts, _ := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = "random"
 
 	resp, err := ts.HandleRequest(req)
@@ -540,7 +540,7 @@ func TestTokenStore_HandleRequest_CreateToken_BadParent(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 
@@ -556,7 +556,7 @@ func TestTokenStore_HandleRequest_CreateToken(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_RootID(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["id"] = "foobar"
 	req.Data["policies"] = []string{"foo"}
@@ -574,7 +574,7 @@ func TestTokenStore_HandleRequest_CreateToken_NonRootID(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 	testMakeToken(t, ts, root, "client", "", []string{"foo"})
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = "client"
 	req.Data["id"] = "foobar"
 	req.Data["policies"] = []string{"foo"}
@@ -592,7 +592,7 @@ func TestTokenStore_HandleRequest_CreateToken_NonRoot_Subset(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 	testMakeToken(t, ts, root, "client", "", []string{"foo", "bar"})
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = "client"
 	req.Data["policies"] = []string{"foo"}
 
@@ -609,7 +609,7 @@ func TestTokenStore_HandleRequest_CreateToken_NonRoot_InvalidSubset(t *testing.T
 	_, ts, root := mockTokenStore(t)
 	testMakeToken(t, ts, root, "client", "", []string{"foo", "bar"})
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = "client"
 	req.Data["policies"] = []string{"foo", "bar", "baz"}
 
@@ -626,7 +626,7 @@ func TestTokenStore_HandleRequest_CreateToken_NonRoot_NoParent(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 	testMakeToken(t, ts, root, "client", "", []string{"foo"})
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = "client"
 	req.Data["no_parent"] = true
 	req.Data["policies"] = []string{"foo"}
@@ -643,7 +643,7 @@ func TestTokenStore_HandleRequest_CreateToken_NonRoot_NoParent(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_Root_NoParent(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["no_parent"] = true
 	req.Data["policies"] = []string{"foo"}
@@ -665,7 +665,7 @@ func TestTokenStore_HandleRequest_CreateToken_Root_NoParent(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_PathBased_NoParent(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create-orphan")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create-orphan")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 
@@ -686,7 +686,7 @@ func TestTokenStore_HandleRequest_CreateToken_PathBased_NoParent(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_Metadata(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 	meta := map[string]string{
@@ -712,7 +712,7 @@ func TestTokenStore_HandleRequest_CreateToken_Metadata(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_Lease(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 	req.Data["lease"] = "1h"
@@ -735,7 +735,7 @@ func TestTokenStore_HandleRequest_CreateToken_Lease(t *testing.T) {
 func TestTokenStore_HandleRequest_CreateToken_TTL(t *testing.T) {
 	_, ts, root := mockTokenStore(t)
 
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["policies"] = []string{"foo"}
 	req.Data["ttl"] = "1h"
@@ -760,7 +760,7 @@ func TestTokenStore_HandleRequest_Revoke(t *testing.T) {
 	testMakeToken(t, ts, root, "child", "", []string{"root", "foo"})
 	testMakeToken(t, ts, "child", "sub-child", "", []string{"foo"})
 
-	req := logical.TestRequest(t, logical.WriteOperation, "revoke/child")
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke/child")
 	resp, err := ts.HandleRequest(req)
 	if err != nil {
 		t.Fatalf("err: %v %v", err, resp)
@@ -792,7 +792,7 @@ func TestTokenStore_HandleRequest_RevokeOrphan(t *testing.T) {
 	testMakeToken(t, ts, root, "child", "", []string{"root", "foo"})
 	testMakeToken(t, ts, "child", "sub-child", "", []string{"foo"})
 
-	req := logical.TestRequest(t, logical.WriteOperation, "revoke-orphan/child")
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke-orphan/child")
 	req.ClientToken = root
 	resp, err := ts.HandleRequest(req)
 	if err != nil {
@@ -832,7 +832,7 @@ func TestTokenStore_HandleRequest_RevokeOrphan_NonRoot(t *testing.T) {
 		t.Fatalf("bad: %v", out)
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "revoke-orphan/child")
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke-orphan/child")
 	req.ClientToken = "child"
 	resp, err := ts.HandleRequest(req)
 	if err != logical.ErrInvalidRequest {
@@ -912,7 +912,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
 	}
 
 	// Test last_renewal_time functionality
-	req = logical.TestRequest(t, logical.WriteOperation, "renew/client")
+	req = logical.TestRequest(t, logical.UpdateOperation, "renew/client")
 	resp, err = ts.HandleRequest(req)
 	if err != nil {
 		t.Fatalf("err: %v %v", err, resp)
@@ -957,7 +957,7 @@ func TestTokenStore_HandleRequest_RevokePrefix(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	req := logical.TestRequest(t, logical.WriteOperation, "revoke-prefix/auth/github/")
+	req := logical.TestRequest(t, logical.UpdateOperation, "revoke-prefix/auth/github/")
 	resp, err := ts.HandleRequest(req)
 	if err != nil {
 		t.Fatalf("err: %v %v", err, resp)
@@ -1035,7 +1035,7 @@ func TestTokenStore_HandleRequest_Renew(t *testing.T) {
 	originalExpire := auth.ExpirationTime()
 
 	beforeRenew := time.Now().UTC()
-	req := logical.TestRequest(t, logical.WriteOperation, "renew/"+root.ID)
+	req := logical.TestRequest(t, logical.UpdateOperation, "renew/"+root.ID)
 	req.Data["increment"] = "3600s"
 	resp, err := ts.HandleRequest(req)
 	if err != nil {
@@ -1079,7 +1079,7 @@ func TestTokenStore_HandleRequest_RenewSelf(t *testing.T) {
 	originalExpire := auth.ExpirationTime()
 
 	beforeRenew := time.Now().UTC()
-	req := logical.TestRequest(t, logical.WriteOperation, "renew-self")
+	req := logical.TestRequest(t, logical.UpdateOperation, "renew-self")
 	req.ClientToken = auth.ClientToken
 	req.Data["increment"] = "3600s"
 	resp, err := ts.HandleRequest(req)
@@ -1098,7 +1098,7 @@ func TestTokenStore_HandleRequest_RenewSelf(t *testing.T) {
 }
 
 func testMakeToken(t *testing.T, ts *TokenStore, root, client, ttl string, policy []string) {
-	req := logical.TestRequest(t, logical.WriteOperation, "create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "create")
 	req.ClientToken = root
 	req.Data["id"] = client
 	req.Data["policies"] = policy
@@ -1114,7 +1114,7 @@ func testMakeToken(t *testing.T, ts *TokenStore, root, client, ttl string, polic
 }
 
 func testCoreMakeToken(t *testing.T, c *Core, root, client, ttl string, policy []string) {
-	req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
+	req := logical.TestRequest(t, logical.UpdateOperation, "auth/token/create")
 	req.ClientToken = root
 	req.Data["id"] = client
 	req.Data["policies"] = policy