diff options
author | Kiran <kiran.k.kamineni@intel.com> | 2018-02-23 12:55:57 -0800 |
---|---|---|
committer | Kiran <kiran.k.kamineni@intel.com> | 2018-02-23 13:07:51 -0800 |
commit | e3d682c5f14994c2b85ff26ddf6ae3148b499de3 (patch) | |
tree | 270338895898e7c645b10c363d6afcb1e499019b | |
parent | 3909b2b804fcb7fdb2b8e5087f51a5d33aa2342f (diff) |
Check before enabling approle
Check to see if approle is not already enabled
before enabling it. This prevents error messages on
the vault server side
Issue-ID: AAF-141
Change-Id: Ic5a0401f72385fb66d19d34da2ab38ea57ea44bc
Signed-off-by: Kiran <kiran.k.kamineni@intel.com>
-rw-r--r-- | sms-service/src/sms/backend/vault.go | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index 1359adb..7fc1747 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -194,8 +194,24 @@ func (v *Vault) initRole() error { // Delete role if it already exists v.vaultClient.Logical().Delete("auth/approle/role/" + rName) + //Check if approle is mounted + authMounts, err := v.vaultClient.Sys().ListAuth() + if err != nil { + return err + } + + approleMounted := false + for k, v := range authMounts { + if v.Type == "approle" && k == "approle/" { + approleMounted = true + break + } + } + // Mount approle in case its not already mounted - v.vaultClient.Sys().EnableAuth("approle", "approle", "") + if !approleMounted { + v.vaultClient.Sys().EnableAuth("approle", "approle", "") + } // Create a role-id v.vaultClient.Logical().Write("auth/approle/role/"+rName, data) |