diff --git a/vault/core_metrics.go b/vault/core_metrics.go index 04007a23087a..42e30b5d9449 100644 --- a/vault/core_metrics.go +++ b/vault/core_metrics.go @@ -113,6 +113,11 @@ func (c *Core) metricsLoop(stopCh chan struct{}) { // TokenStore; there is one per method because an additional level of abstraction // seems confusing. func (c *Core) tokenGaugeCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) { + if c.IsDRSecondary() { + // there is no expiration manager on DR Secondaries + return []metricsutil.GaugeLabelValues{}, nil + } + // stateLock or authLock protects the tokenStore pointer c.stateLock.RLock() ts := c.tokenStore @@ -124,6 +129,11 @@ func (c *Core) tokenGaugeCollector(ctx context.Context) ([]metricsutil.GaugeLabe } func (c *Core) tokenGaugePolicyCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) { + if c.IsDRSecondary() { + // there is no expiration manager on DR Secondaries + return []metricsutil.GaugeLabelValues{}, nil + } + c.stateLock.RLock() ts := c.tokenStore c.stateLock.RUnlock() @@ -145,6 +155,11 @@ func (c *Core) leaseExpiryGaugeCollector(ctx context.Context) ([]metricsutil.Gau } func (c *Core) tokenGaugeMethodCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) { + if c.IsDRSecondary() { + // there is no expiration manager on DR Secondaries + return []metricsutil.GaugeLabelValues{}, nil + } + c.stateLock.RLock() ts := c.tokenStore c.stateLock.RUnlock() @@ -155,6 +170,11 @@ func (c *Core) tokenGaugeMethodCollector(ctx context.Context) ([]metricsutil.Gau } func (c *Core) tokenGaugeTtlCollector(ctx context.Context) ([]metricsutil.GaugeLabelValues, error) { + if c.IsDRSecondary() { + // there is no expiration manager on DR Secondaries + return []metricsutil.GaugeLabelValues{}, nil + } + c.stateLock.RLock() ts := c.tokenStore c.stateLock.RUnlock() diff --git a/vault/dynamic_system_view.go b/vault/dynamic_system_view.go index cc4c5c2c5c75..c1f698c03d96 100644 --- a/vault/dynamic_system_view.go +++ b/vault/dynamic_system_view.go @@ -66,7 +66,7 @@ func (e extendedSystemViewImpl) SudoPrivilege(ctx context.Context, path string, // Resolve the token policy te, err := e.core.tokenStore.Lookup(ctx, token) if err != nil { - e.core.logger.Error("failed to lookup token", "error", err) + e.core.logger.Error("failed to lookup sudo token", "error", err) return false } diff --git a/vault/request_handling.go b/vault/request_handling.go index f29d53082dbc..fab1fde7c4e0 100644 --- a/vault/request_handling.go +++ b/vault/request_handling.go @@ -138,7 +138,7 @@ func (c *Core) fetchACLTokenEntryAndEntity(ctx context.Context, req *logical.Req var err error te, err = c.tokenStore.Lookup(ctx, req.ClientToken) if err != nil { - c.logger.Error("failed to lookup token", "error", err) + c.logger.Error("failed to lookup acl token", "error", err) return nil, nil, nil, nil, ErrInternalError } // Set the token entry here since it has not been cached yet