From 5c5871ee5aa7556a28b01b8906dbab6b9f99c01c Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Wed, 28 Sep 2016 15:24:19 -0400
Subject: [PATCH] Don't reset the deprecated value yet

---
 builtin/credential/approle/path_role.go  | 2 +-
 builtin/credential/approle/validation.go | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 02f3bb3371..4ad0dfc6dd 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -906,7 +906,7 @@ func (b *backend) secretIDCommon(s logical.Storage, entryIndex, secretIDHMAC str
 	}
 
 	if _, ok := d["SecretIDNumUses"]; ok {
-		resp.AddWarning("The field SecretIDNumUses is deprecated and will be removed in a future release")
+		resp.AddWarning("The field SecretIDNumUses is deprecated and will be removed in a future release; refer to secret_id_num_uses instead")
 	}
 
 	return resp, nil
diff --git a/builtin/credential/approle/validation.go b/builtin/credential/approle/validation.go
index d3dedaf795..ec49c56012 100644
--- a/builtin/credential/approle/validation.go
+++ b/builtin/credential/approle/validation.go
@@ -368,9 +368,12 @@ func (b *backend) nonLockedSecretIDStorageEntry(s logical.Storage, roleNameHMAC,
 		if result.SecretIDNumUses == 0 ||
 			result.SecretIDNumUsesDeprecated < result.SecretIDNumUses {
 			result.SecretIDNumUses = result.SecretIDNumUsesDeprecated
+			persistNeeded = true
+		}
+		if result.SecretIDNumUses < result.SecretIDNumUsesDeprecated {
+			result.SecretIDNumUsesDeprecated = result.SecretIDNumUses
+			persistNeeded = true
 		}
-		result.SecretIDNumUsesDeprecated = 0
-		persistNeeded = true
 	}
 
 	if persistNeeded {