Remove grace periods
This commit is contained in:
parent
e2bc72ccdd
commit
627082b838
|
@ -54,12 +54,6 @@ template values are '{{username}}' and
|
|||
Default: "4h",
|
||||
Description: "The lease length; defaults to 4 hours",
|
||||
},
|
||||
|
||||
"lease_grace_period": &framework.FieldSchema{
|
||||
Type: framework.TypeString,
|
||||
Default: "1h",
|
||||
Description: `DEPRECATED: this has no effect`,
|
||||
},
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
|
@ -130,18 +124,10 @@ func (b *backend) pathRoleCreate(
|
|||
"Error parsing lease value of %s: %s", leaseRaw, err)), nil
|
||||
}
|
||||
|
||||
leaseGracePeriodRaw := data.Get("lease_grace_period").(string)
|
||||
leaseGracePeriod, err := time.ParseDuration(leaseGracePeriodRaw)
|
||||
if err != nil {
|
||||
return logical.ErrorResponse(fmt.Sprintf(
|
||||
"Error parsing lease_grace value of %s: %s", leaseGracePeriodRaw, err)), nil
|
||||
}
|
||||
|
||||
entry := &roleEntry{
|
||||
Lease: lease,
|
||||
LeaseGracePeriod: leaseGracePeriod,
|
||||
CreationCQL: creationCQL,
|
||||
RollbackCQL: rollbackCQL,
|
||||
Lease: lease,
|
||||
CreationCQL: creationCQL,
|
||||
RollbackCQL: rollbackCQL,
|
||||
}
|
||||
|
||||
// Store it
|
||||
|
@ -157,10 +143,9 @@ func (b *backend) pathRoleCreate(
|
|||
}
|
||||
|
||||
type roleEntry struct {
|
||||
CreationCQL string `json:"creation_cql" structs:"creation_cql"`
|
||||
Lease time.Duration `json:"lease" structs:"lease"`
|
||||
LeaseGracePeriod time.Duration `json:"lease_grace_period" structs:"lease_grace_period"`
|
||||
RollbackCQL string `json:"rollback_cql" structs:"rollback_cql"`
|
||||
CreationCQL string `json:"creation_cql" structs:"creation_cql"`
|
||||
Lease time.Duration `json:"lease" structs:"lease"`
|
||||
RollbackCQL string `json:"rollback_cql" structs:"rollback_cql"`
|
||||
}
|
||||
|
||||
const pathRoleHelpSyn = `
|
||||
|
|
|
@ -19,13 +19,13 @@ type Secret struct {
|
|||
// the structure of this secret.
|
||||
Fields map[string]*FieldSchema
|
||||
|
||||
// DefaultDuration and DefaultGracePeriod are the default values for
|
||||
// the duration of the lease for this secret and its grace period. These
|
||||
// can be manually overwritten with the result of Response().
|
||||
// DefaultDuration is the default value for the duration of the lease for
|
||||
// this secret. This can be manually overwritten with the result of
|
||||
// Response().
|
||||
//
|
||||
// If these aren't set, Vault core will set a default lease period.
|
||||
DefaultDuration time.Duration
|
||||
DefaultGracePeriod time.Duration
|
||||
// If these aren't set, Vault core will set a default lease period which
|
||||
// may come from a mount tuning.
|
||||
DefaultDuration time.Duration
|
||||
|
||||
// Renew is the callback called to renew this secret. If Renew is
|
||||
// not specified then renewable is set to false in the secret.
|
||||
|
@ -51,9 +51,8 @@ func (s *Secret) Response(
|
|||
return &logical.Response{
|
||||
Secret: &logical.Secret{
|
||||
LeaseOptions: logical.LeaseOptions{
|
||||
TTL: s.DefaultDuration,
|
||||
GracePeriod: s.DefaultGracePeriod,
|
||||
Renewable: s.Renewable(),
|
||||
TTL: s.DefaultDuration,
|
||||
Renewable: s.Renewable(),
|
||||
},
|
||||
InternalData: internalData,
|
||||
},
|
||||
|
|
|
@ -6,9 +6,8 @@ import "time"
|
|||
// settings between a Secret and Auth
|
||||
type LeaseOptions struct {
|
||||
// Lease is the duration that this secret is valid for. Vault
|
||||
// will automatically revoke it after the duration + grace period.
|
||||
TTL time.Duration `json:"lease"`
|
||||
GracePeriod time.Duration `json:"lease_grace_period"`
|
||||
// will automatically revoke it after the duration.
|
||||
TTL time.Duration `json:"lease"`
|
||||
|
||||
// Renewable, if true, means that this secret can be renewed.
|
||||
Renewable bool `json:"renewable"`
|
||||
|
@ -30,17 +29,13 @@ func (l *LeaseOptions) LeaseEnabled() bool {
|
|||
return l.TTL > 0
|
||||
}
|
||||
|
||||
// LeaseTotal is the total lease time including the grace period
|
||||
// LeaseTotal is the lease duration with a guard against a negative TTL
|
||||
func (l *LeaseOptions) LeaseTotal() time.Duration {
|
||||
if l.TTL <= 0 {
|
||||
return 0
|
||||
}
|
||||
|
||||
if l.GracePeriod < 0 {
|
||||
return l.TTL
|
||||
}
|
||||
|
||||
return l.TTL + l.GracePeriod
|
||||
return l.TTL
|
||||
}
|
||||
|
||||
// ExpirationTime computes the time until expiration including the grace period
|
||||
|
|
|
@ -19,11 +19,9 @@ func TestLeaseOptionsLeaseTotal(t *testing.T) {
|
|||
func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
l.TTL = 1 * time.Hour
|
||||
l.GracePeriod = 30 * time.Minute
|
||||
|
||||
actual := l.LeaseTotal()
|
||||
expected := l.TTL + l.GracePeriod
|
||||
if actual != expected {
|
||||
if actual != l.TTL {
|
||||
t.Fatalf("bad: %s", actual)
|
||||
}
|
||||
}
|
||||
|
@ -31,7 +29,6 @@ func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {
|
|||
func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
l.TTL = -1 * 1 * time.Hour
|
||||
l.GracePeriod = 30 * time.Minute
|
||||
|
||||
actual := l.LeaseTotal()
|
||||
expected := time.Duration(0)
|
||||
|
@ -40,18 +37,6 @@ func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestLeaseOptionsLeaseTotal_negGrace(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
l.TTL = 1 * time.Hour
|
||||
l.GracePeriod = -1 * 30 * time.Minute
|
||||
|
||||
actual := l.LeaseTotal()
|
||||
expected := l.TTL
|
||||
if actual != expected {
|
||||
t.Fatalf("bad: %s", actual)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLeaseOptionsExpirationTime(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
l.TTL = 1 * time.Hour
|
||||
|
@ -63,30 +48,6 @@ func TestLeaseOptionsExpirationTime(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestLeaseOptionsExpirationTime_grace(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
l.TTL = 1 * time.Hour
|
||||
l.GracePeriod = 30 * time.Minute
|
||||
|
||||
limit := time.Now().UTC().Add(time.Hour + 30*time.Minute)
|
||||
actual := l.ExpirationTime()
|
||||
if actual.Before(limit) {
|
||||
t.Fatalf("bad: %s", actual)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLeaseOptionsExpirationTime_graceNegative(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
l.TTL = 1 * time.Hour
|
||||
l.GracePeriod = -1 * 30 * time.Minute
|
||||
|
||||
limit := time.Now().UTC().Add(time.Hour)
|
||||
actual := l.ExpirationTime()
|
||||
if actual.Before(limit) {
|
||||
t.Fatalf("bad: %s", actual)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLeaseOptionsExpirationTime_noLease(t *testing.T) {
|
||||
var l LeaseOptions
|
||||
if !l.ExpirationTime().IsZero() {
|
||||
|
|
|
@ -21,9 +21,6 @@ func (s *Secret) Validate() error {
|
|||
if s.TTL < 0 {
|
||||
return fmt.Errorf("ttl duration must not be less than zero")
|
||||
}
|
||||
if s.GracePeriod < 0 {
|
||||
return fmt.Errorf("grace period must not be less than zero")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue