Panic when creating/updating approle role if token_type set to default-service or default-batch

[marcboudreau]

Describe the bug
When creating or updating an approle role with the token_type parameter set to either default-service or default-batch, the server (Vault) returns an empty reply and the role is not created/updated.

To Reproduce
Setup Vault is dev mode: docker run -d --name vault -p 8200:8200 -e SKIP_SETCAP=1 vault:1.7.2 vault server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8200

Any of the following commands will reproduce the behavior:

1. Run vault write auth/approle/role/new token_type=default-service
2. Run vault write auth/approle/role/new token_type=default-batch
3. Run vault write auth/approle/role/new ; vault write auth/approle/role/new token_type=default-service
4. Run vault write auth/approle/role/new2 ; vault write auth/approle/role/new2 token_type=default-batch

Effects
For any of the above commands, the final vault command exits with a status code of 2 with the following message written to stderr: Error writing data to auth/approle/role/new: Put http://localhost:8200/v1/auth/approle/role/new: EOF

In addition, the following stack trace is written to the Vault logs (docker logs vault):

2021-06-15T00:26:00.186Z [INFO]  http: panic serving 172.17.0.1:64822: runtime error: invalid memory address or nil pointer dereference
goroutine 1807 [running]:
net/http.(*conn).serve.func1(0xc0002d3cc0)
	/goroot/src/net/http/server.go:1801 +0x147
panic(0x4abdd60, 0x8b6cad0)
	/goroot/src/runtime/panic.go:975 +0x47a
github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/logical.(*Response).AddWarning(...)
	/gopath/src/github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/logical/response.go:78
github.com/hashicorp/vault/builtin/credential/approle.(*backend).pathRoleCreateUpdate(0xc0000e8240, 0x5e9d740, 0xc00138dbc0, 0xc000b7e140, 0xc00093df30, 0x0, 0x0, 0x0)
	/gopath/src/github.com/hashicorp/vault/builtin/credential/approle/path_role.go:891 +0x1ba4
github.com/hashicorp/vault/vendor/github.com/hashicorp/vault/sdk/framework.(*Backend).HandleRequest(0xc00113d380, 0x5e9d740, 0xc00138dbc0, 0xc000b7e140, 0x0, 0x0, 0x0)
[ SNIP ]

Expected behavior
I am aware that those values (default-service and default-batch) are only applicable to the Token Store, however there is code in the approle backend to handle these cases (to change the token_type to service or batch) and add a warning to the response.

Environment:

• Vault Server Version (retrieve with vault status): 1.7.2
• Vault CLI Version (retrieve with vault version): Vault v1.3.3
• Server Operating System/Architecture: Docker Engine version 20.10.6 linux/amd64 (running on darwin/amd64)

Vault server configuration file(s): N/A

Additional context
I discovered this issue while studying the approle code and I will be submitting a PR to address this issue.

[ncabatoff]

Fixed by #11864.