Support unwrapping tokens that does not contain data (#8714)

* Support unwrapping tokens that does not contain data * s/token/secret
hashicorp · Apr 24, 2020 · 411bdab · 411bdab
1 parent fc8e5d5
commit 411bdab
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/command/unwrap.go b/command/unwrap.go
@@ -89,8 +89,10 @@ func (c *UnwrapCommand) Run(args []string) int {
 		return 2
 	}
 	if secret == nil {
-		c.UI.Error("Could not find wrapped response")
-		return 2
+		if Format(c.UI) == "table" {
+			c.UI.Info("Successfully unwrapped. There was no data in the wrapped secret.")
+		}
+		return 0
 	}
 
 	// Handle single field output

diff --git a/vault/logical_system.go b/vault/logical_system.go
@@ -2404,6 +2404,11 @@ func (b *SystemBackend) handleWrappingUnwrap(ctx context.Context, req *logical.R
 		Data: map[string]interface{}{},
 	}
 
+	if len(response) == 0 {
+		resp.Data[logical.HTTPStatusCode] = 204
+		return resp, nil
+	}
+
 	// Most of the time we want to just send over the marshalled HTTP bytes.
 	// However there is a sad separate case: if the original response was using
 	// bare values we need to use those or else what comes back is garbled.
@@ -2449,13 +2454,9 @@ func (b *SystemBackend) handleWrappingUnwrap(ctx context.Context, req *logical.R
 		return resp, nil
 	}
 
-	if len(response) == 0 {
-		resp.Data[logical.HTTPStatusCode] = 204
-	} else {
-		resp.Data[logical.HTTPStatusCode] = 200
-		resp.Data[logical.HTTPRawBody] = []byte(response)
-		resp.Data[logical.HTTPContentType] = "application/json"
-	}
+	resp.Data[logical.HTTPStatusCode] = 200
+	resp.Data[logical.HTTPRawBody] = []byte(response)
+	resp.Data[logical.HTTPContentType] = "application/json"
 
 	return resp, nil
 }