-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not return error in the case of an expired accessor #148
Do not return error in the case of an expired accessor #148
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jorgemarey ! Thanks for submitting this code, I appreciate it.
I've made a ton of changes so I was wondering if you could merge in master. With that, I'd be happy to approve and merge. My one comment is just a request, not a must.
@@ -120,6 +120,10 @@ func approleAuthBackendLoginRead(d *schema.ResourceData, meta interface{}) error | |||
log.Printf("[DEBUG] Reading token %q", d.Id()) | |||
resp, err := client.Auth().Token().LookupAccessor(d.Id()) | |||
if err != nil { | |||
// If the token is not found (it has expired) we don't return an error | |||
if strings.Contains(err.Error(), "invalid accessor") { // Not found |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this check occurs twice with the same string, and twice with a different string, it would be great to zip it up into a function like isExpiredTokenErr(err error) bool
, and have its internals just check for both strings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, you're right. I'll merge in master and add this change!
Hi @tyrannosaurus-becks . I made the requested changes. I hope it's ok. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jorgemarey looks perfect! Thank you!
…ccesor Do not return error in the case of an expired accessor
Hi,
This PR makes changes to
vault_approle_auth_backend_role_secret_id
andvault_approle_auth_backend_login
. It checks if the accessor has expired and in that case it doesn't return an error.I don't know if the implementation is the best (it checks the error message), but I didn't find another solution for this. Let me know if someone finds a better solution for this. I'll change the code.
Should fix #97