From 984c3044fe219e6871bd3218444d4373cfb88dd0 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 5 May 2021 09:17:42 -0400
Subject: [PATCH] Invalidate sealed token on new token

If a new token grant occurs, do not
retain stale token sealed, as it can be misleading.
---
 confluent_server/confluent/credserver.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py
index e0894091..b10e9b1e 100644
--- a/confluent_server/confluent/credserver.py
+++ b/confluent_server/confluent/credserver.py
@@ -88,7 +88,7 @@ class CredServer(object):
                 client.close()
                 return
             echotoken = util.stringify(client.recv(tlv[1]))
-            cfgupdate = {nodename: {'crypted.selfapikey': {'hashvalue': echotoken}, 'deployment.apiarmed': ''}}
+            cfgupdate = {nodename: {'crypted.selfapikey': {'hashvalue': echotoken}, 'deployment.sealedapikey': '', 'deployment.apiarmed': ''}}
             if apiarmed == 'continuous':
                 del cfgupdate[nodename]['deployment.apiarmed']
             self.cfm.set_node_attributes(cfgupdate)