Commit 8d3f4507 authored by ale's avatar ale

Always set the keystore shard in maybeUnlockKeystore()

parent 0a0ca7d5
Pipeline #5422 passed with stages
in 3 minutes
......@@ -193,7 +193,6 @@ func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password str
return false, nil
}
var shard string
if len(h.keystoreGroups) > 0 {
if userinfo == nil {
return false, nil
......@@ -201,8 +200,13 @@ func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password str
if !inAnyGroups(userinfo.Groups, h.keystoreGroups) {
return false, nil
}
}
var shard string
if userinfo != nil {
shard = userinfo.Shard
}
// Add a 'grace time' of 30 minutes to the key ttl.
ttl := h.authSessionLifetime + 1800
return true, h.keystore.Open(ctx, shard, username, password, ttl)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment