From 4ee817b4747345e80de436c9bf3767b61522238f Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Thu, 9 Apr 2020 14:09:23 -0400 Subject: [PATCH] Support unwrapping tokens that does not contain data (#8714) * Support unwrapping tokens that does not contain data * s/token/secret --- command/unwrap.go | 6 ++++-- vault/logical_system.go | 15 ++++++++------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/command/unwrap.go b/command/unwrap.go index dbb8b46d17a9..62184e6b7155 100644 --- a/command/unwrap.go +++ b/command/unwrap.go @@ -89,8 +89,10 @@ func (c *UnwrapCommand) Run(args []string) int { return 2 } if secret == nil { - c.UI.Error("Could not find wrapped response") - return 2 + if Format(c.UI) == "table" { + c.UI.Info("Successfully unwrapped. There was no data in the wrapped secret.") + } + return 0 } // Handle single field output diff --git a/vault/logical_system.go b/vault/logical_system.go index fc58ec6d8434..e98dfae91f94 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -2404,6 +2404,11 @@ func (b *SystemBackend) handleWrappingUnwrap(ctx context.Context, req *logical.R Data: map[string]interface{}{}, } + if len(response) == 0 { + resp.Data[logical.HTTPStatusCode] = 204 + return resp, nil + } + // Most of the time we want to just send over the marshalled HTTP bytes. // However there is a sad separate case: if the original response was using // bare values we need to use those or else what comes back is garbled. @@ -2449,13 +2454,9 @@ func (b *SystemBackend) handleWrappingUnwrap(ctx context.Context, req *logical.R return resp, nil } - if len(response) == 0 { - resp.Data[logical.HTTPStatusCode] = 204 - } else { - resp.Data[logical.HTTPStatusCode] = 200 - resp.Data[logical.HTTPRawBody] = []byte(response) - resp.Data[logical.HTTPContentType] = "application/json" - } + resp.Data[logical.HTTPStatusCode] = 200 + resp.Data[logical.HTTPRawBody] = []byte(response) + resp.Data[logical.HTTPContentType] = "application/json" return resp, nil }