Set number of pester retries to zero by default and make seal command… (

#2093) * Set number of pester retries to zero by default and make seal command return 403 if unauthorized instead of 500 * Fix build * Use 403 instead and update test * Change another 500 to 403
hashicorp · Nov 16, 2016 · d9f9719 · d9f9719
1 parent 61411f2
commit d9f9719
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/api/client.go b/api/client.go
@@ -48,7 +48,7 @@ type Config struct {
 	redirectSetup sync.Once
 
 	// MaxRetries controls the maximum number of times to retry when a 5xx error
-	// occurs. Set to 0 or less to disable retrying.
+	// occurs. Set to 0 or less to disable retrying. Defaults to 0.
 	MaxRetries int
 }
 
@@ -99,8 +99,6 @@ func DefaultConfig() *Config {
 		config.Address = v
 	}
 
-	config.MaxRetries = pester.DefaultClient.MaxRetries
-
 	return config
 }
 

diff --git a/http/sys_seal.go b/http/sys_seal.go
@@ -30,8 +30,13 @@ func handleSysSeal(core *vault.Core) http.Handler {
 
 		// Seal with the token above
 		if err := core.SealWithRequest(req); err != nil {
-			respondError(w, http.StatusInternalServerError, err)
-			return
+			if errwrap.Contains(err, logical.ErrPermissionDenied.Error()) {
+				respondError(w, http.StatusForbidden, err)
+				return
+			} else {
+				respondError(w, http.StatusInternalServerError, err)
+				return
+			}
 		}
 
 		respondOk(w, nil)

diff --git a/http/sys_seal_test.go b/http/sys_seal_test.go
@@ -285,7 +285,7 @@ func TestSysSeal_Permissions(t *testing.T) {
 
 	// We expect this to fail since it needs update and sudo
 	httpResp := testHttpPut(t, "child", addr+"/v1/sys/seal", nil)
-	testResponseStatus(t, httpResp, 500)
+	testResponseStatus(t, httpResp, 403)
 
 	// Now modify to add update capability
 	req = &logical.Request{
@@ -306,7 +306,7 @@ func TestSysSeal_Permissions(t *testing.T) {
 
 	// We expect this to fail since it needs sudo
 	httpResp = testHttpPut(t, "child", addr+"/v1/sys/seal", nil)
-	testResponseStatus(t, httpResp, 500)
+	testResponseStatus(t, httpResp, 403)
 
 	// Now modify to just sudo capability
 	req = &logical.Request{
@@ -327,7 +327,7 @@ func TestSysSeal_Permissions(t *testing.T) {
 
 	// We expect this to fail since it needs update
 	httpResp = testHttpPut(t, "child", addr+"/v1/sys/seal", nil)
-	testResponseStatus(t, httpResp, 500)
+	testResponseStatus(t, httpResp, 403)
 
 	// Now modify to add all needed capabilities
 	req = &logical.Request{