Server panic on AppRole authentication

[mp911de]

Version: 0.8.0-beta1
Invoked action: Login using approle without secret_id (role_id only)

HTTP activity:

Create Role

POST /v1/auth/approle/role/no-secret-id HTTP/1.1
Accept: application/json, application/*+json
Content-Type: application/json;charset=UTF-8
X-Vault-Token: 00000000-0000-0000-0000-000000000000
Content-Length: 75
Host: localhost:8200
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_121)
Accept-Encoding: gzip,deflate

{"bind_secret_id":"false","bound_cidr_list":"0.0.0.0/0","policies":"dummy"}

HTTP/1.1 204 No Content
Cache-Control: no-store
Content-Type: application/json
Date: Wed, 26 Jul 2017 18:57:54 GMT

Get RoleId

GET /v1/auth/approle/role/no-secret-id/role-id HTTP/1.1
Accept: application/json, application/*+json
X-Vault-Token: 00000000-0000-0000-0000-000000000000
Host: localhost:8200
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_121)
Accept-Encoding: gzip,deflate

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: application/json
Date: Wed, 26 Jul 2017 18:57:54 GMT
Content-Length: 208
 {"request_id":"084cf895-31bd-f81d-11c7-da83fb3e6267","lease_id":"","renewable":false,"lease_duration":0,"data":{"role_id":"ed3a71d9-57b6-9a99-56ed-c58e1042ad1c"},"wrap_info":null,"warnings":null,"auth":null}

Login

POST /v1/auth/approle/login HTTP/1.1
Accept: application/json, application/*+json
Content-Type: application/json;charset=UTF-8
Content-Length: 50
Host: localhost:8200
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_121)
Accept-Encoding: gzip,deflate

{"role_id":"ed3a71d9-57b6-9a99-56ed-c58e1042ad1c"}

Trace

2017/07/26 21:00:50 http: panic serving 127.0.0.1:56459: assignment to entry in nil map
goroutine 951 [running]:
net/http.(*conn).serve.func1(0xc4209fcbe0)
	/goroot/src/net/http/server.go:1721 +0xd0
panic(0x247afc0, 0xc420907310)
	/goroot/src/runtime/panic.go:489 +0x2cf
github.com/hashicorp/vault/builtin/credential/approle.(*backend).pathLoginUpdate(0xc4200c0300, 0xc420a19340, 0xc420907170, 0x6000103, 0x0, 0xffffffffffffffff)
	/gopath/src/github.com/hashicorp/vault/builtin/credential/approle/path_login.go:42 +0x2ef
github.com/hashicorp/vault/builtin/credential/approle.(*backend).(github.com/hashicorp/vault/builtin/credential/approle.pathLoginUpdate)-fm(0xc420a19340, 0xc420907170, 0x0, 0x6, 0xc4204e0638)
	/gopath/src/github.com/hashicorp/vault/builtin/credential/approle/path_login.go:26 +0x3e
github.com/hashicorp/vault/logical/framework.(*Backend).HandleRequest(0xc420215500, 0xc420a19340, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/logical/framework/backend.go:231 +0x4c8
github.com/hashicorp/vault/vault.(*Router).routeCommon(0xc4201e9540, 0xc420a19340, 0x0, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/router.go:389 +0x633
github.com/hashicorp/vault/vault.(*Router).Route(0xc4201e9540, 0xc420a19340, 0x2734f9a, 0xb, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/router.go:277 +0x3a
github.com/hashicorp/vault/vault.(*Core).handleLoginRequest(0xc4200d4800, 0xc420a19340, 0x0, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:337 +0x5e7
github.com/hashicorp/vault/vault.(*Core).HandleRequest(0xc4200d4800, 0xc420a19340, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/vault/request_handling.go:43 +0x3c5
github.com/hashicorp/vault/http.request(0xc4200d4800, 0x337ba40, 0xc420a19260, 0xc4201e7000, 0xc420a19340, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:211 +0x3c
github.com/hashicorp/vault/http.handleLogical.func1(0x337ba40, 0xc420a19260, 0xc4201e7000)
	/gopath/src/github.com/hashicorp/vault/http/logical.go:122 +0xfb
net/http.HandlerFunc.ServeHTTP(0xc42000a360, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:1942 +0x44
github.com/hashicorp/vault/http.handleRequestForwarding.func1(0x337ba40, 0xc420a19260, 0xc4201e7000)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:161 +0x1d6
net/http.HandlerFunc.ServeHTTP(0xc42000a380, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:1942 +0x44
net/http.(*ServeMux).ServeHTTP(0xc4201a9710, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:2238 +0x130
github.com/hashicorp/vault/http.wrapHelpHandler.func1(0x337ba40, 0xc420a19260, 0xc4201e7000)
	/gopath/src/github.com/hashicorp/vault/http/help.go:22 +0x17f
net/http.HandlerFunc.ServeHTTP(0xc42000a3c0, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:1942 +0x44
github.com/hashicorp/vault/http.wrapCORSHandler.func1(0x337ba40, 0xc420a19260, 0xc4201e7000)
	/gopath/src/github.com/hashicorp/vault/http/cors.go:37 +0x5a0
net/http.HandlerFunc.ServeHTTP(0xc42000a3e0, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:1942 +0x44
github.com/hashicorp/vault/http.wrapGenericHandler.func1(0x337ba40, 0xc420a19260, 0xc4201e7000)
	/gopath/src/github.com/hashicorp/vault/http/handler.go:88 +0xb1
net/http.HandlerFunc.ServeHTTP(0xc42000a400, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:1942 +0x44
net/http.serverHandler.ServeHTTP(0xc420205ce0, 0x337ba40, 0xc420a19260, 0xc4201e7000)
	/goroot/src/net/http/server.go:2568 +0x92
net/http.(*conn).serve(0xc4209fcbe0, 0x337cc00, 0xc420503980)
	/goroot/src/net/http/server.go:1825 +0x612
created by net/http.(*Server).Serve
	/goroot/src/net/http/server.go:2668 +0x2ce