mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 12:26:34 +02:00
Code Issues Projects Releases Wiki Activity

Harden mount/auth filter evaluation error handling (#7754)

Browse Source
This commit is contained in:
Michel Vocks 2019-10-29 17:42:13 +01:00 committed by GitHub
parent 33bf63ab06
commit 706e2b5f09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vault/auth.go
View File

@ -56,6 +56,11 @@ func (c *Core) enableCredential(ctx context.Context, entry *MountEntry) error {
// Re-evaluate filtered paths
if err := runFilteredPathsEvaluation(ctx, c); err != nil {
c.logger.Error("failed to evaluate filtered paths", "error", err)
// We failed to evaluate filtered paths so we are undoing the mount operation
if disableCredentialErr := c.disableCredentialInternal(ctx, entry.Path, MountTableUpdateStorage); disableCredentialErr != nil {
c.logger.Error("failed to disable credential", "error", disableCredentialErr)
}
return err
}
return nil

5
vault/mount.go
View File

@ -383,6 +383,11 @@ func (c *Core) mount(ctx context.Context, entry *MountEntry) error {
// Re-evaluate filtered paths
if err := runFilteredPathsEvaluation(ctx, c); err != nil {
c.logger.Error("failed to evaluate filtered paths", "error", err)
// We failed to evaluate filtered paths so we are undoing the mount operation
if unmountInternalErr := c.unmountInternal(ctx, entry.Path, MountTableUpdateStorage); unmountInternalErr != nil {
c.logger.Error("failed to unmount", "error", unmountInternalErr)
}
return err
}