From c6fb200a4a6dbf0ee6b6e53e6d236c190f8db2cc Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Wed, 25 May 2016 23:24:10 -0400
Subject: [PATCH] Fix the consul secret backends renewal revocation problem

---
 builtin/logical/consul/path_token.go   |  4 +++-
 builtin/logical/consul/secret_token.go |  9 ++++++++-
 vault/expiration.go                    | 10 +++++-----
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/builtin/logical/consul/path_token.go b/builtin/logical/consul/path_token.go
index bc0e4c61f966..4542329a7407 100644
--- a/builtin/logical/consul/path_token.go
+++ b/builtin/logical/consul/path_token.go
@@ -67,7 +67,9 @@ func (b *backend) pathTokenRead(
 	// Use the helper to create the secret
 	s := b.Secret(SecretTokenType).Response(map[string]interface{}{
 		"token": token,
-	}, nil)
+	}, map[string]interface{}{
+		"token": token,
+	})
 	s.Secret.TTL = result.Lease
 
 	return s, nil
diff --git a/builtin/logical/consul/secret_token.go b/builtin/logical/consul/secret_token.go
index 5e768cb5908a..5d7ea3a27b03 100644
--- a/builtin/logical/consul/secret_token.go
+++ b/builtin/logical/consul/secret_token.go
@@ -1,6 +1,8 @@
 package consul
 
 import (
+	"fmt"
+
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
@@ -37,7 +39,12 @@ func secretTokenRevoke(
 		return logical.ErrorResponse(err.Error()), nil
 	}
 
-	_, err = c.ACL().Destroy(d.Get("token").(string), nil)
+	tokenRaw, ok := req.Secret.InternalData["token"]
+	if !ok {
+		return nil, fmt.Errorf("secret is missing internal data: token")
+	}
+
+	_, err = c.ACL().Destroy(tokenRaw.(string), nil)
 	if err != nil {
 		return logical.ErrorResponse(err.Error()), nil
 	}
diff --git a/vault/expiration.go b/vault/expiration.go
index 3e3104c14a08..53c5433436f9 100644
--- a/vault/expiration.go
+++ b/vault/expiration.go
@@ -562,10 +562,10 @@ func (m *ExpirationManager) revokeEntry(le *leaseEntry) error {
 	}
 
 	// Handle standard revocation via backends
-	_, err := m.router.Route(logical.RevokeRequest(
+	resp, err := m.router.Route(logical.RevokeRequest(
 		le.Path, le.Secret, le.Data))
-	if err != nil {
-		return fmt.Errorf("failed to revoke entry: %v", err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		return fmt.Errorf("failed to revoke entry: resp:%#v err:%s", resp, err)
 	}
 	return nil
 }
@@ -579,8 +579,8 @@ func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration)
 
 	req := logical.RenewRequest(le.Path, &secret, le.Data)
 	resp, err := m.router.Route(req)
-	if err != nil {
-		return nil, fmt.Errorf("failed to renew entry: %v", err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		return nil, fmt.Errorf("failed to renew entry: resp:%#v err:%s", resp, err)
 	}
 	return resp, nil
 }