Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Remove "expiration manager is nil on tokenstore" error log for dr secondary into release/1.14.x #22140

Merged
merged 1 commit into from Jul 31, 2023
Merged

Backport of Remove "expiration manager is nil on tokenstore" error log for dr secondary into release/1.14.x #22140

merged 1 commit into from Jul 31, 2023

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #22137 to be assessed for backporting due to the inclusion of the label backport/1.14.x.

The below text is copied from the body of the original PR.

Jira: https://hashicorp.atlassian.net/browse/VAULT-18066
Prudential log findings: https://docs.google.com/document/d/17FBuLY6Ce584XOjLH2Kfen9Si9_xXFGQwha1bvb0qhY/edit#bookmark=id.ehl8pojz06uk

On DR secondary when we have unauth requests with some token being set in req.ClientToken (not root/ batch token), we log the error "expiration manager is nil on tokenstore". We have this check in lookupInternal to check if we are still restoring the expiration manager as we want to ensure that the token is not expired but DR secondaries do not have expiration manager https://github.com/hashicorp/vault/blob/8253e59752751ce44284ef45130776c2b2812231/vault/token_store.go#L1694C1-L1697C1.
This error is just logged but the command never fails because in CheckToken function, we ignore these errors as non-errors for unauth requests as we do not expect a token for unauth requests https://github.com/hashicorp/vault/blob/8253e59752751ce44284ef45130776c2b2812231/vault/request_handling.go#L281C1-L287C1.
Most of the paths for auth requests are disabled for DR secondary mode so this will not fail in case of auth requests.

This PR removes this error log for DR secondaries.

Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/vault-18066-oss/namely-helping-parrot branch from a8b65b1 to 332f1ae Compare July 31, 2023 21:09
@hc-github-team-secure-vault-core hc-github-team-secure-vault-core force-pushed the backport/vault-18066-oss/namely-helping-parrot branch from 429cd89 to 8c4abce Compare July 31, 2023 21:10
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jul 31, 2023
@akshya96 akshya96 added this to the 1.14.2 milestone Jul 31, 2023
@github-actions
Copy link

Build Results:
All builds succeeded! ✅

@github-actions
Copy link

CI Results:
All Go tests succeeded! ✅

@akshya96 akshya96 merged commit e993532 into release/1.14.x Jul 31, 2023
91 of 92 checks passed
@akshya96 akshya96 deleted the backport/vault-18066-oss/namely-helping-parrot branch July 31, 2023 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akshya96 akshya96 akshya96 approved these changes

Assignees
No one assigned
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.14.2
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hc-github-team-secure-vault-core @akshya96