From 36c8e042ac397df49b877b3c3f52b2f4d0c486d1 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 9 Mar 2016 11:07:13 -0500 Subject: [PATCH] Address review feedback --- vault/expiration.go | 9 +++++++-- vault/token_store.go | 20 +------------------- 2 files changed, 8 insertions(+), 21 deletions(-) diff --git a/vault/expiration.go b/vault/expiration.go index 23e860a1f5..a13bbfcc27 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -560,12 +560,17 @@ func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) return resp, nil } -// renewAuthEntry is used to attempt renew of an auth entry +// renewAuthEntry is used to attempt renew of an auth entry. Only the token +// store should get the actual token ID intact. func (m *ExpirationManager) renewAuthEntry(req *logical.Request, le *leaseEntry, increment time.Duration) (*logical.Response, error) { auth := *le.Auth auth.IssueTime = le.IssueTime auth.Increment = increment - auth.ClientToken = "" + if strings.HasPrefix(le.Path, "auth/token/") { + auth.ClientToken = le.ClientToken + } else { + auth.ClientToken = "" + } authReq := logical.RenewAuthRequest(le.Path, &auth, nil) authReq.Connection = req.Connection diff --git a/vault/token_store.go b/vault/token_store.go index fc3e764d51..ba76050226 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -861,9 +861,6 @@ func (ts *TokenStore) handleCreateCommon( Renewable: true, }, ClientToken: te.ID, - InternalData: map[string]interface{}{ - "id": te.ID, - }, }, } @@ -1072,24 +1069,9 @@ func (ts *TokenStore) authRenew( return nil, fmt.Errorf("request auth is nil") } - if req.Auth.ClientToken == "" { - panic("nil client token") - } - f := framework.LeaseExtend(req.Auth.Increment, 0, ts.System()) - idInt, ok := req.Auth.InternalData["id"] - if !ok { - // Fall back here; this is pre-roles so there are no stored IDs, so use previous behavior - return f(req, d) - } - - id, ok := idInt.(string) - if !ok { - return nil, fmt.Errorf("found id in internal data but could not interpret as string") - } - - te, err := ts.Lookup(id) + te, err := ts.Lookup(req.Auth.ClientToken) if err != nil { return nil, fmt.Errorf("error looking up token: %s", err) }