Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not return error in the case of an expired accessor #148

Merged

Conversation

jorgemarey
Copy link
Contributor

Hi,

This PR makes changes to vault_approle_auth_backend_role_secret_id and vault_approle_auth_backend_login. It checks if the accessor has expired and in that case it doesn't return an error.

I don't know if the implementation is the best (it checks the error message), but I didn't find another solution for this. Let me know if someone finds a better solution for this. I'll change the code.

Should fix #97

@tyrannosaurus-becks tyrannosaurus-becks self-assigned this Sep 24, 2018
Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jorgemarey ! Thanks for submitting this code, I appreciate it.

I've made a ton of changes so I was wondering if you could merge in master. With that, I'd be happy to approve and merge. My one comment is just a request, not a must.

@@ -120,6 +120,10 @@ func approleAuthBackendLoginRead(d *schema.ResourceData, meta interface{}) error
log.Printf("[DEBUG] Reading token %q", d.Id())
resp, err := client.Auth().Token().LookupAccessor(d.Id())
if err != nil {
// If the token is not found (it has expired) we don't return an error
if strings.Contains(err.Error(), "invalid accessor") { // Not found
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this check occurs twice with the same string, and twice with a different string, it would be great to zip it up into a function like isExpiredTokenErr(err error) bool, and have its internals just check for both strings.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, you're right. I'll merge in master and add this change!

@ghost ghost added the size/XS label Sep 25, 2018
@ghost ghost added size/S and removed size/XS labels Sep 25, 2018
@jorgemarey
Copy link
Contributor Author

Hi @tyrannosaurus-becks . I made the requested changes. I hope it's ok.

Copy link
Contributor

@tyrannosaurus-becks tyrannosaurus-becks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jorgemarey looks perfect! Thank you!

@tyrannosaurus-becks tyrannosaurus-becks merged commit 6f09fb7 into hashicorp:master Sep 25, 2018
dandandy pushed a commit to dandandy/terraform-provider-vault that referenced this pull request Jun 17, 2021
…ccesor

Do not return error in the case of an expired accessor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Unable to destroy secret_id after it is consumed
2 participants