open-vault/vault/logical_system_helpers.go

56 lines
1.4 KiB
Go
Raw Normal View History

package vault
import (
"context"
"fmt"
2016-05-03 18:24:04 +00:00
"strings"
"time"
)
// tuneMount is used to set config on a mount point
func (b *SystemBackend) tuneMountTTLs(ctx context.Context, path string, me *MountEntry, newDefault, newMax time.Duration) error {
zero := time.Duration(0)
switch {
case newDefault == zero && newMax == zero:
// No checks needed
case newDefault == zero && newMax != zero:
// No default/max conflict, no checks needed
case newDefault != zero && newMax == zero:
// No default/max conflict, no checks needed
case newDefault != zero && newMax != zero:
if newMax < newDefault {
return fmt.Errorf("backend max lease TTL of %d would be less than backend default lease TTL of %d",
int(newMax.Seconds()), int(newDefault.Seconds()))
}
}
origMax := me.Config.MaxLeaseTTL
origDefault := me.Config.DefaultLeaseTTL
2016-05-03 18:24:04 +00:00
me.Config.MaxLeaseTTL = newMax
me.Config.DefaultLeaseTTL = newDefault
// Update the mount table
2016-05-03 18:24:04 +00:00
var err error
switch {
2017-10-23 19:35:28 +00:00
case strings.HasPrefix(path, credentialRoutePrefix):
err = b.Core.persistAuth(ctx, b.Core.auth, me.Local)
2016-05-03 18:24:04 +00:00
default:
err = b.Core.persistMounts(ctx, b.Core.mounts, me.Local)
2016-05-03 18:24:04 +00:00
}
if err != nil {
me.Config.MaxLeaseTTL = origMax
me.Config.DefaultLeaseTTL = origDefault
2016-05-03 18:24:04 +00:00
return fmt.Errorf("failed to update mount table, rolling back TTL changes")
}
2016-08-19 20:45:17 +00:00
if b.Core.logger.IsInfo() {
b.Core.logger.Info("mount tuning of leases successful", "path", path)
2016-08-19 20:45:17 +00:00
}
return nil
}