luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Handle the various valid root cases

This commit is contained in:
Alex Dadgar 2016-09-21 17:30:57 -07:00
parent d810e1c432
commit d64ef28c39
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nomad/vault.go
View File

@ -485,21 +485,35 @@ func (v *vaultClient) parseSelfToken() error {
}
}
if !data.Renewable && !root {
if !root {
// All non-root tokens must be renewable
if !data.Renewable {
return fmt.Errorf("Vault token is not renewable or root")
}
if data.CreationTTL == 0 && !root {
// All non-root tokens must have a lease duration
if data.CreationTTL == 0 {
return fmt.Errorf("invalid lease duration of zero")
}
if data.TTL == 0 && !root {
// The lease duration can not be expired
if data.TTL == 0 {
return fmt.Errorf("token TTL is zero")
}
if !root && data.Role == "" {
// There must be a valid role
if data.Role == "" {
return fmt.Errorf("token role name must be set when not using a root token")
}
} else if data.CreationTTL != 0 {
// If the root token has a TTL it must be renewable
if !data.Renewable {
return fmt.Errorf("Vault token has a TTL but is not renewable")
} else if data.TTL == 0 {
// If the token has a TTL make sure it has not expired
return fmt.Errorf("token TTL is zero")
}
}
data.Root = root
v.tokenData = &data