mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-03 20:17:59 +00:00
vault: Adding ClientToken
This commit is contained in:
Armon Dadgar
@@ -26,6 +26,11 @@ type Request struct {
|
|||||||
// Secret will be non-nil only for Revoke and Renew operations
|
// Secret will be non-nil only for Revoke and Renew operations
|
||||||
// to represent the secret that was returned prior.
|
// to represent the secret that was returned prior.
|
||||||
Secret *Secret
|
Secret *Secret
|
||||||
|
|
||||||
|
// ClientToken is provided to the core so that the identity
|
||||||
|
// can be verified and ACLs applied. This value is not passed
|
||||||
|
// through to the logical backends.
|
||||||
|
ClientToken string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get returns a data field and guards for nil Data
|
// Get returns a data field and guards for nil Data
|
||||||
|
|||||||
@@ -109,15 +109,18 @@ func (r *Router) Route(req *logical.Request) (*logical.Response, error) {
|
|||||||
}
|
}
|
||||||
me := raw.(*mountEntry)
|
me := raw.(*mountEntry)
|
||||||
|
|
||||||
// Adjust the path, attach the barrier view
|
// Adjust the path, attach the barrier view, clear the token
|
||||||
original := req.Path
|
original := req.Path
|
||||||
|
clientToken := req.ClientToken
|
||||||
req.Path = strings.TrimPrefix(req.Path, mount)
|
req.Path = strings.TrimPrefix(req.Path, mount)
|
||||||
req.Storage = me.view
|
req.Storage = me.view
|
||||||
|
req.ClientToken = ""
|
||||||
|
|
||||||
// Reset the request before returning
|
// Reset the request before returning
|
||||||
defer func() {
|
defer func() {
|
||||||
req.Path = original
|
req.Path = original
|
||||||
req.Storage = nil
|
req.Storage = nil
|
||||||
|
req.ClientToken = clientToken
|
||||||
}()
|
}()
|
||||||
|
|
||||||
// Invoke the backend
|
// Invoke the backend
|
||||||
|
|||||||
Reference in New Issue
Block a user