Merge pull request #1380 from hashicorp/refactor-sanitize-ttl

Split SanitizeTTL method to support time.Duration parameters as well
This commit is contained in:
Jeff Mitchell 2016-05-05 10:00:25 -04:00
commit 00e666425b
3 changed files with 20 additions and 11 deletions

View File

@ -46,7 +46,7 @@ func (b *backend) pathLogin(
return nil, err return nil, err
} }
ttl, _, err := b.SanitizeTTL(config.TTL.String(), config.MaxTTL.String()) ttl, _, err := b.SanitizeTTLStr(config.TTL.String(), config.MaxTTL.String())
if err != nil { if err != nil {
return logical.ErrorResponse(fmt.Sprintf("[ERR]:%s", err)), nil return logical.ErrorResponse(fmt.Sprintf("[ERR]:%s", err)), nil
} }

View File

@ -176,7 +176,7 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
maxTTLStr = maxTTLStrRaw.(string) maxTTLStr = maxTTLStrRaw.(string)
} }
userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr) userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTLStr(ttlStr, maxTTLStr)
if err != nil { if err != nil {
return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil
} }

View File

@ -225,8 +225,7 @@ func (b *Backend) System() logical.SystemView {
// compares those with the SystemView values. If they are empty a value of 0 is // compares those with the SystemView values. If they are empty a value of 0 is
// set, which will cause initial secret or LeaseExtend operations to use the // set, which will cause initial secret or LeaseExtend operations to use the
// mount/system defaults. If they are set, their boundaries are validated. // mount/system defaults. If they are set, their boundaries are validated.
func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) { func (b *Backend) SanitizeTTLStr(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) {
sysMaxTTL := b.System().MaxLeaseTTL()
if len(ttlStr) == 0 || ttlStr == "0" { if len(ttlStr) == 0 || ttlStr == "0" {
ttl = 0 ttl = 0
} else { } else {
@ -234,10 +233,8 @@ func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Durati
if err != nil { if err != nil {
return 0, 0, fmt.Errorf("Invalid ttl: %s", err) return 0, 0, fmt.Errorf("Invalid ttl: %s", err)
} }
if ttl > sysMaxTTL {
return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
}
} }
if len(maxTTLStr) == 0 || maxTTLStr == "0" { if len(maxTTLStr) == 0 || maxTTLStr == "0" {
maxTTL = 0 maxTTL = 0
} else { } else {
@ -245,14 +242,26 @@ func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Durati
if err != nil { if err != nil {
return 0, 0, fmt.Errorf("Invalid max_ttl: %s", err) return 0, 0, fmt.Errorf("Invalid max_ttl: %s", err)
} }
}
ttl, maxTTL, err = b.SanitizeTTL(ttl, maxTTL)
return
}
// Caps the boundaries of ttl and max_ttl values to the backend mount's max_ttl value.
func (b *Backend) SanitizeTTL(ttl, maxTTL time.Duration) (time.Duration, time.Duration, error) {
sysMaxTTL := b.System().MaxLeaseTTL()
if ttl > sysMaxTTL {
return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
}
if maxTTL > sysMaxTTL { if maxTTL > sysMaxTTL {
return 0, 0, fmt.Errorf("\"max_ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String()) return 0, 0, fmt.Errorf("\"max_ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
} }
}
if ttl > maxTTL && maxTTL != 0 { if ttl > maxTTL && maxTTL != 0 {
ttl = maxTTL ttl = maxTTL
} }
return return ttl, maxTTL, nil
} }
// Route looks up the path that would be used for a given path string. // Route looks up the path that would be used for a given path string.