Merge pull request #1380 from hashicorp/refactor-sanitize-ttl

Split SanitizeTTL method to support time.Duration parameters as well
2016-05-05 10:00:25 -04:00 · 2016-05-05 10:00:25 -04:00 · 00e666425b
parent 0cec22d27a 92fe94546c
commit 00e666425b
3 changed files with 20 additions and 11 deletions
--- a/builtin/credential/github/path_login.go
+++ b/builtin/credential/github/path_login.go
@ -46,7 +46,7 @@ func (b *backend) pathLogin(
 		return nil, err
 	}

-	ttl, _, err := b.SanitizeTTL(config.TTL.String(), config.MaxTTL.String())
+	ttl, _, err := b.SanitizeTTLStr(config.TTL.String(), config.MaxTTL.String())
 	if err != nil {
 		return logical.ErrorResponse(fmt.Sprintf("[ERR]:%s", err)), nil
 	}
--- a/builtin/credential/userpass/path_users.go
+++ b/builtin/credential/userpass/path_users.go
@ -176,7 +176,7 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 		maxTTLStr = maxTTLStrRaw.(string)
 	}

-	userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr)
+	userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTLStr(ttlStr, maxTTLStr)
 	if err != nil {
 		return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil
 	}
--- a/logical/framework/backend.go
+++ b/logical/framework/backend.go
@ -225,8 +225,7 @@ func (b *Backend) System() logical.SystemView {
 // compares those with the SystemView values. If they are empty a value of 0 is
 // set, which will cause initial secret or LeaseExtend operations to use the
 // mount/system defaults.  If they are set, their boundaries are validated.
-func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) {
-	sysMaxTTL := b.System().MaxLeaseTTL()
+func (b *Backend) SanitizeTTLStr(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) {
 	if len(ttlStr) == 0 || ttlStr == "0" {
 		ttl = 0
 	} else {
@ -234,10 +233,8 @@ func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Durati
 		if err != nil {
 			return 0, 0, fmt.Errorf("Invalid ttl: %s", err)
 		}
-		if ttl > sysMaxTTL {
-			return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
-		}
 	}
+
 	if len(maxTTLStr) == 0 || maxTTLStr == "0" {
 		maxTTL = 0
 	} else {
@ -245,14 +242,26 @@ func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Durati
 		if err != nil {
 			return 0, 0, fmt.Errorf("Invalid max_ttl: %s", err)
 		}
+	}
+
+	ttl, maxTTL, err = b.SanitizeTTL(ttl, maxTTL)
+
+	return
+}
+
+// Caps the boundaries of ttl and max_ttl values to the backend mount's max_ttl value.
+func (b *Backend) SanitizeTTL(ttl, maxTTL time.Duration) (time.Duration, time.Duration, error) {
+	sysMaxTTL := b.System().MaxLeaseTTL()
+	if ttl > sysMaxTTL {
+		return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
+	}
 	if maxTTL > sysMaxTTL {
 		return 0, 0, fmt.Errorf("\"max_ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
 	}
-	}
 	if ttl > maxTTL && maxTTL != 0 {
 		ttl = maxTTL
 	}
-	return
+	return ttl, maxTTL, nil
 }

 // Route looks up the path that would be used for a given path string.