Remove unnecessary call to DetermineRoleFromLoginRequest (#22603)

* remove unnecessary call to DetermineRoleFromLoginRequest * add more context to comment
2026-04-21 22:27:16 -04:00 · 2023-08-29 09:56:34 -05:00 · 2023-08-29 09:56:34 -05:00 · 9b78fd64ac
commit 9b78fd64ac
parent 9cd0d919f5
2 changed files with 9 additions and 3 deletions
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@ -1253,7 +1253,7 @@ func (c *Core) handleRequest(ctx context.Context, req *logical.Request) (retResp
 						NamespaceID: ns.ID,
 					}

-					// Check for request role
+					// Check for request role in context to role based quotas
 					var role string
 					if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
 						role = reqRole.(string)
@ -1488,7 +1488,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
 			return
 		}

-		// Check for request role
+		// Check for request role in context to role based quotas
 		var role string
 		if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
 			role = reqRole.(string)
--- a/vault/wrapping.go
+++ b/vault/wrapping.go
@ -327,8 +327,14 @@ DONELISTHANDLING:
 		},
 	}

+	// Check for request role in context to role based quotas
+	var role string
+	if reqRole := ctx.Value(logical.CtxKeyRequestRole{}); reqRole != nil {
+		role = reqRole.(string)
+	}
+
 	// Register the wrapped token with the expiration manager
-	if err := c.expiration.RegisterAuth(ctx, &te, wAuth, c.DetermineRoleFromLoginRequest(req.MountPoint, req.Data, ctx)); err != nil {
+	if err := c.expiration.RegisterAuth(ctx, &te, wAuth, role); err != nil {
 		// Revoke since it's not yet being tracked for expiration
 		c.tokenStore.revokeOrphan(ctx, te.ID)
 		c.logger.Error("failed to register cubbyhole wrapping token lease", "request_path", req.Path, "error", err)