Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove "expiration manager is nil on tokenstore" error log for dr secondary #22137

Merged
merged 4 commits into from
Jul 31, 2023
Merged

Remove "expiration manager is nil on tokenstore" error log for dr secondary #22137

merged 4 commits into from
Jul 31, 2023

Conversation

akshya96
Copy link
Contributor

@akshya96 akshya96 commented Jul 31, 2023
edited
Loading

Jira: https://hashicorp.atlassian.net/browse/VAULT-18066
Prudential log findings: https://docs.google.com/document/d/17FBuLY6Ce584XOjLH2Kfen9Si9_xXFGQwha1bvb0qhY/edit#bookmark=id.ehl8pojz06uk

On DR secondary when we have unauth requests with some token being set in req.ClientToken (not root/ batch token), we log the error "expiration manager is nil on tokenstore". We have this check in lookupInternal to check if we are still restoring the expiration manager as we want to ensure that the token is not expired but DR secondaries do not have expiration manager https://github.com/hashicorp/vault/blob/8253e59752751ce44284ef45130776c2b2812231/vault/token_store.go#L1694C1-L1697C1.
This error is just logged but the command never fails because in CheckToken function, we ignore these errors as non-errors for unauth requests as we do not expect a token for unauth requests https://github.com/hashicorp/vault/blob/8253e59752751ce44284ef45130776c2b2812231/vault/request_handling.go#L281C1-L287C1.
Most of the paths for auth requests are disabled for DR secondary mode so this will not fail in case of auth requests.

This PR removes this error log for DR secondaries.

@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jul 31, 2023
@akshya96 akshya96 modified the milestones: 1.14.2, 1.15 Jul 31, 2023
@akshya96 akshya96 requested review from mpalmi and hghaf099 July 31, 2023 19:27
@akshya96 akshya96 marked this pull request as ready for review July 31, 2023 19:28
@github-actions
Copy link

Build Results:
All builds succeeded! ✅

@github-actions
Copy link

CI Results:
All Go tests succeeded! ✅

hghaf099
hghaf099 approved these changes Jul 31, 2023
View reviewed changes
Copy link
Contributor

@hghaf099 hghaf099 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@akshya96 akshya96 merged commit f3a4c01 into main Jul 31, 2023
@akshya96 akshya96 deleted the vault-18066-oss branch July 31, 2023 21:06
This was referenced Jul 31, 2023
Merged
Merged
Merged
@akshya96 akshya96 removed this from the 1.14.2 milestone Jul 31, 2023
@akshya96 akshya96 added this to the 1.15 milestone Jul 31, 2023
akshya96 added a commit that referenced this pull request Jul 31, 2023
@akshya96
Remove "expiration manager is nil on tokenstore" error log for dr sec…
749b139 
…ondary (#22137)

* add check for dr secondary case

* add changelog
akshya96 added a commit that referenced this pull request Jul 31, 2023
@hc-github-team-secure-vault-core @akshya96
Remove "expiration manager is nil on tokenstore" error log for dr sec…
7063d97 
…ondary (#22137) (#22139)

* add check for dr secondary case

* add changelog

Co-authored-by: akshya96 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hghaf099 hghaf099 hghaf099 approved these changes

@mpalmi mpalmi Awaiting requested review from mpalmi

Assignees
No one assigned
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.15.0-rc1
Development

Successfully merging this pull request may close these issues.
2 participants
@akshya96 @hghaf099