diff --git a/path_data.go b/path_data.go index 4edd9179..0b5c7fdc 100644 --- a/path_data.go +++ b/path_data.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "net/http" + "strings" "time" "github.com/golang/protobuf/proto" @@ -65,6 +66,13 @@ func (b *versionedKVBackend) dataExistenceCheck() framework.ExistenceFunc { meta, err := b.getKeyMetadata(ctx, req.Storage, key) if err != nil { + // If we are returning a readonly error it means we are attempting + // to write the policy for the first time. This means no data exists + // yet and we can safely return false here. + if strings.Contains(err.Error(), logical.ErrReadOnly.Error()) { + return false, nil + } + return false, err } diff --git a/path_metadata.go b/path_metadata.go index edca0613..cc45305a 100644 --- a/path_metadata.go +++ b/path_metadata.go @@ -3,6 +3,7 @@ package kv import ( "context" "fmt" + "strings" "github.com/golang/protobuf/ptypes" "github.com/hashicorp/vault/sdk/framework" @@ -54,6 +55,13 @@ func (b *versionedKVBackend) metadataExistenceCheck() framework.ExistenceFunc { meta, err := b.getKeyMetadata(ctx, req.Storage, key) if err != nil { + // If we are returning a readonly error it means we are attempting + // to write the policy for the first time. This means no data exists + // yet and we can safely return false here. + if strings.Contains(err.Error(), logical.ErrReadOnly.Error()) { + return false, nil + } + return false, err } diff --git a/upgrade.go b/upgrade.go index d72edacc..35893921 100644 --- a/upgrade.go +++ b/upgrade.go @@ -11,10 +11,8 @@ import ( "github.com/golang/protobuf/proto" "github.com/golang/protobuf/ptypes" - "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/keysutil" "github.com/hashicorp/vault/sdk/helper/locksutil" "github.com/hashicorp/vault/sdk/helper/pluginutil" "github.com/hashicorp/vault/sdk/logical" @@ -65,22 +63,7 @@ func (b *versionedKVBackend) upgradeDone(ctx context.Context, s logical.Storage) } } - if !upgradeInfo.Done { - return false, nil - } - - // Also make sure the policy is found. This is created on first call to - // policy() but if that happens to be a secondary you get a readonly - // storage error -- not nice UX. - policy, err := keysutil.LoadPolicy(ctx, s, path.Join(b.storagePrefix, "policy/metadata")) - if err != nil { - return false, err - } - if policy == nil { - return false, nil - } - - return true, nil + return upgradeInfo.Done, nil } func (b *versionedKVBackend) Upgrade(ctx context.Context, s logical.Storage) error { @@ -135,30 +118,7 @@ func (b *versionedKVBackend) Upgrade(ctx context.Context, s logical.Storage) err return nil } - // See if we're already done, in which case we just need to ensure the - // policy was created - upgradeEntry, err := s.Get(ctx, path.Join(b.storagePrefix, "upgrading")) - if err != nil { - return err - } - - upgradeInfo := new(UpgradeInfo) - if upgradeEntry != nil { - err := proto.Unmarshal(upgradeEntry.Value, upgradeInfo) - if err != nil { - return err - } - } - - if upgradeInfo.Done { - // Just synchronously call policy - if _, err = b.policy(ctx, s); err != nil { - return errwrap.Wrapf("upgrade done but error checking/creating policy: {{err}}", err) - } - return nil - } - - upgradeInfo = &UpgradeInfo{ + upgradeInfo := &UpgradeInfo{ StartedTime: ptypes.TimestampNow(), }