Address some more review feedback

logical/framework/backend.go

@@ -75,7 +75,7 @@ type RollbackFunc func(*logical.Request, string, interface{}) error
 // CleanupFunc is the callback for backend unload.
 type CleanupFunc func()
 
-func (b *Backend) HandleExistenceCheck(req *logical.Request) (*bool, error) {
+func (b *Backend) HandleExistenceCheck(req *logical.Request) (checkFound bool, exists bool, err error) {
 	b.once.Do(b.init)
 
 	// Ensure we are only doing this when one of the correct operations is in play
@@ -83,19 +83,21 @@ func (b *Backend) HandleExistenceCheck(req *logical.Request) (*bool, error) {
 	case logical.CreateOperation:
 	case logical.UpdateOperation:
 	default:
-		return nil, fmt.Errorf("incorrect operation type %v for an existence check", req.Operation)
+		return false, false, fmt.Errorf("incorrect operation type %v for an existence check", req.Operation)
 	}
 
 	// Find the matching route
 	path, captures := b.route(req.Path)
 	if path == nil {
-		return nil, logical.ErrUnsupportedPath
+		return false, false, logical.ErrUnsupportedPath
 	}
 
 	if path.ExistenceCheck == nil {
-		return nil, nil
+		return false, false, nil
 	}
 
+	checkFound = true
+
 	// Build up the data for the route, with the URL taking priority
 	// for the fields over the PUT data.
 	raw := make(map[string]interface{}, len(path.Fields))
@@ -110,14 +112,14 @@ func (b *Backend) HandleExistenceCheck(req *logical.Request) (*bool, error) {
 		Raw:    raw,
 		Schema: path.Fields}
 
-	err := fd.Validate()
+	err = fd.Validate()
 	if err != nil {
-		return nil, err
+		return false, false, err
 	}
 
 	// Call the callback with the request and the data
-	ret, err := path.ExistenceCheck(req, &fd)
-	return &ret, err
+	exists, err = path.ExistenceCheck(req, &fd)
+	return
 }
 
 // logical.Backend impl.

logical/logical.go

@@ -30,9 +30,10 @@ type Backend interface {
 	// HandleExistenceCheck is used to handle a request and generate a response
 	// indicating whether the given path exists or not; this is used to
 	// understand whether the request must have a Create or Update capability
-	// ACL applied. A nil bool value indicates that no existence check has been
-	// set.
-	HandleExistenceCheck(*Request) (*bool, error)
+	// ACL applied. The first bool indicates whether an existence check
+	// function was found for the backend; the second indicates whether, if an
+	// existence check function was found, the item exists or not.
+	HandleExistenceCheck(*Request) (bool, bool, error)
 
 	Cleanup()
 }

vault/core.go

@@ -751,28 +751,25 @@ func (c *Core) checkToken(req *logical.Request) (*logical.Auth, *TokenEntry, err
 	// Check if this is a root protected path
 	rootPath := c.router.RootPath(req.Path)
 
-	resourceExists := new(bool)
 	if req.Operation == logical.CreateOperation || req.Operation == logical.UpdateOperation {
-		resourceExists, err = c.router.RouteExistenceCheck(req)
+		checkExists, resourceExists, err := c.router.RouteExistenceCheck(req)
 		if err != nil {
 			c.logger.Printf("[ERR] core: failed to run existence check: %v", err)
 			return nil, nil, ErrInternalError
 		}
 
 		switch {
-		case resourceExists == nil:
+		case checkExists == false:
 			// No existence check, so always treate it as an update operation, which is how it is pre 0.5
 			req.Operation = logical.UpdateOperation
-		case *resourceExists == true:
+		case resourceExists == true:
 			// It exists, so force an update operation
 			req.Operation = logical.UpdateOperation
-		case *resourceExists == false:
+		case resourceExists == false:
 			// It doesn't exist, force a create operation
 			req.Operation = logical.CreateOperation
 		default:
-			// ????
-			c.logger.Printf("[ERR] core: failed to check existence check value")
-			return nil, nil, ErrInternalError
+			panic("unreachable code")
 		}
 	}
 

vault/router.go

@@ -184,17 +184,17 @@ func (r *Router) MatchingSystemView(path string) logical.SystemView {
 
 // Route is used to route a given request
 func (r *Router) Route(req *logical.Request) (*logical.Response, error) {
-	resp, _, err := r.routeCommon(req, false)
+	resp, _, _, err := r.routeCommon(req, false)
 	return resp, err
 }
 
 // Route is used to route a given existence check request
-func (r *Router) RouteExistenceCheck(req *logical.Request) (*bool, error) {
-	_, exists, err := r.routeCommon(req, true)
-	return exists, err
+func (r *Router) RouteExistenceCheck(req *logical.Request) (bool, bool, error) {
+	_, ok, exists, err := r.routeCommon(req, true)
+	return ok, exists, err
 }
 
-func (r *Router) routeCommon(req *logical.Request, existenceCheck bool) (*logical.Response, *bool, error) {
+func (r *Router) routeCommon(req *logical.Request, existenceCheck bool) (*logical.Response, bool, bool, error) {
 	// Find the mount point
 	r.l.RLock()
 	mount, raw, ok := r.root.LongestPrefix(req.Path)
@@ -206,7 +206,7 @@ func (r *Router) routeCommon(req *logical.Request, existenceCheck bool) (*logica
 	}
 	r.l.RUnlock()
 	if !ok {
-		return logical.ErrorResponse(fmt.Sprintf("no handler for route '%s'", req.Path)), nil, logical.ErrUnsupportedPath
+		return logical.ErrorResponse(fmt.Sprintf("no handler for route '%s'", req.Path)), false, false, logical.ErrUnsupportedPath
 	}
 	defer metrics.MeasureSince([]string{"route", string(req.Operation),
 		strings.Replace(mount, "/", "-", -1)}, time.Now())
@@ -218,7 +218,7 @@ func (r *Router) routeCommon(req *logical.Request, existenceCheck bool) (*logica
 		switch req.Operation {
 		case logical.RevokeOperation, logical.RollbackOperation:
 		default:
-			return logical.ErrorResponse(fmt.Sprintf("no handler for route '%s'", req.Path)), nil, logical.ErrUnsupportedPath
+			return logical.ErrorResponse(fmt.Sprintf("no handler for route '%s'", req.Path)), false, false, logical.ErrUnsupportedPath
 		}
 	}
 
@@ -265,11 +265,11 @@ func (r *Router) routeCommon(req *logical.Request, existenceCheck bool) (*logica
 
 	// Invoke the backend
 	if existenceCheck {
-		exists, err := re.backend.HandleExistenceCheck(req)
-		return nil, exists, err
+		ok, exists, err := re.backend.HandleExistenceCheck(req)
+		return nil, ok, exists, err
 	} else {
 		resp, err := re.backend.HandleRequest(req)
-		return resp, nil, err
+		return resp, false, false, err
 	}
 }
 

vault/router_test.go

@@ -35,8 +35,8 @@ func (n *NoopBackend) HandleRequest(req *logical.Request) (*logical.Response, er
 	return n.Response, nil
 }
 
-func (n *NoopBackend) HandleExistenceCheck(req *logical.Request) (*bool, error) {
-	return new(bool), nil
+func (n *NoopBackend) HandleExistenceCheck(req *logical.Request) (bool, bool, error) {
+	return false, false, nil
 }
 
 func (n *NoopBackend) SpecialPaths() *logical.Paths {

vault/testing.go

@@ -286,8 +286,8 @@ func (n *rawHTTP) HandleRequest(req *logical.Request) (*logical.Response, error)
 	}, nil
 }
 
-func (n *rawHTTP) HandleExistenceCheck(req *logical.Request) (*bool, error) {
-	return new(bool), nil
+func (n *rawHTTP) HandleExistenceCheck(req *logical.Request) (bool, bool, error) {
+	return false, false, nil
 }
 
 func (n *rawHTTP) SpecialPaths() *logical.Paths {