mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-27 05:31:40 +01:00
Code Issues Projects Releases Wiki Activity

vault: Adding ClientToken

Browse Source
This commit is contained in:
Armon Dadgar 2015-03-24 11:09:25 -07:00
parent 3ccd20cb58
commit db2e1388fc
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
logical/request.go
View File

@ -26,6 +26,11 @@ type Request struct {
// Secret will be non-nil only for Revoke and Renew operations // Secret will be non-nil only for Revoke and Renew operations
// to represent the secret that was returned prior. // to represent the secret that was returned prior.
Secret *Secret Secret *Secret
// ClientToken is provided to the core so that the identity
// can be verified and ACLs applied. This value is not passed
// through to the logical backends.
ClientToken string
} }
// Get returns a data field and guards for nil Data // Get returns a data field and guards for nil Data

5
vault/router.go
View File

@ -109,15 +109,18 @@ func (r *Router) Route(req *logical.Request) (*logical.Response, error) {
} }
me := raw.(*mountEntry) me := raw.(*mountEntry)
// Adjust the path, attach the barrier view // Adjust the path, attach the barrier view, clear the token
original := req.Path original := req.Path
clientToken := req.ClientToken
req.Path = strings.TrimPrefix(req.Path, mount) req.Path = strings.TrimPrefix(req.Path, mount)
req.Storage = me.view req.Storage = me.view
req.ClientToken = ""
// Reset the request before returning // Reset the request before returning
defer func() { defer func() {
req.Path = original req.Path = original
req.Storage = nil req.Storage = nil
req.ClientToken = clientToken
}() }()
// Invoke the backend // Invoke the backend