Skip to content

Commit

Permalink
Vault-2257: don't log token error on DR Secondary (#13137) (#13183)
Browse files Browse the repository at this point in the history
* don't log token error on DR Secondary

* stop gauge collector expiration errors on dr secondary

* don't check dr secondary for token create

* see if CI hits panic

* Revert "don't check dr secondary for token create"

This reverts commit c036a1a.

* don't check dr secondary for token create

* Revert "see if CI hits panic"

This reverts commit 1e15aa5.

* remove condition on log
  • Loading branch information
swayne275 authored Nov 17, 2021
1 parent ff185c0 commit 1a00c4f
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
20 changes: 20 additions & 0 deletions vault/core_metrics.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,11 @@ func (c *Core) metricsLoop(stopCh chan struct{}) {
// TokenStore; there is one per method because an additional level of abstraction
// seems confusing.
func (c *Core) tokenGaugeCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) {
if c.IsDRSecondary() {
// there is no expiration manager on DR Secondaries
return []metricsutil.GaugeLabelValues{}, nil
}

// stateLock or authLock protects the tokenStore pointer
c.stateLock.RLock()
ts := c.tokenStore
Expand All @@ -124,6 +129,11 @@ func (c *Core) tokenGaugeCollector(ctx context.Context) ([]metricsutil.GaugeLabe
}

func (c *Core) tokenGaugePolicyCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) {
if c.IsDRSecondary() {
// there is no expiration manager on DR Secondaries
return []metricsutil.GaugeLabelValues{}, nil
}

c.stateLock.RLock()
ts := c.tokenStore
c.stateLock.RUnlock()
Expand All @@ -145,6 +155,11 @@ func (c *Core) leaseExpiryGaugeCollector(ctx context.Context) ([]metricsutil.Gau
}

func (c *Core) tokenGaugeMethodCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) {
if c.IsDRSecondary() {
// there is no expiration manager on DR Secondaries
return []metricsutil.GaugeLabelValues{}, nil
}

c.stateLock.RLock()
ts := c.tokenStore
c.stateLock.RUnlock()
Expand All @@ -155,6 +170,11 @@ func (c *Core) tokenGaugeMethodCollector(ctx context.Context) ([]metricsutil.Gau
}

func (c *Core) tokenGaugeTtlCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) {
if c.IsDRSecondary() {
// there is no expiration manager on DR Secondaries
return []metricsutil.GaugeLabelValues{}, nil
}

c.stateLock.RLock()
ts := c.tokenStore
c.stateLock.RUnlock()
Expand Down
2 changes: 1 addition & 1 deletion vault/dynamic_system_view.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func (e extendedSystemViewImpl) SudoPrivilege(ctx context.Context, path string,
// Resolve the token policy
te, err := e.core.tokenStore.Lookup(ctx, token)
if err != nil {
e.core.logger.Error("failed to lookup token", "error", err)
e.core.logger.Error("failed to lookup sudo token", "error", err)
return false
}

Expand Down
2 changes: 1 addition & 1 deletion vault/request_handling.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ func (c *Core) fetchACLTokenEntryAndEntity(ctx context.Context, req *logical.Req
var err error
te, err = c.tokenStore.Lookup(ctx, req.ClientToken)
if err != nil {
c.logger.Error("failed to lookup token", "error", err)
c.logger.Error("failed to lookup acl token", "error", err)
return nil, nil, nil, nil, ErrInternalError
}
// Set the token entry here since it has not been cached yet
Expand Down

0 comments on commit 1a00c4f

Please sign in to comment.