luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Remove grace periods

This commit is contained in:
Jeff Mitchell 2016-01-31 19:33:16 -05:00
parent e2bc72ccdd
commit 627082b838
5 changed files with 19 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
builtin/logical/cassandra/path_roles.go
View File

@ -54,12 +54,6 @@ template values are '{{username}}' and
Default: "4h", Default: "4h",
Description: "The lease length; defaults to 4 hours", Description: "The lease length; defaults to 4 hours",
}, },
"lease_grace_period": &framework.FieldSchema{
Type: framework.TypeString,
Default: "1h",
Description: `DEPRECATED: this has no effect`,
},
}, },
Callbacks: map[logical.Operation]framework.OperationFunc{ Callbacks: map[logical.Operation]framework.OperationFunc{
@ -130,18 +124,10 @@ func (b *backend) pathRoleCreate(
"Error parsing lease value of %s: %s", leaseRaw, err)), nil "Error parsing lease value of %s: %s", leaseRaw, err)), nil
} }
leaseGracePeriodRaw := data.Get("lease_grace_period").(string)
leaseGracePeriod, err := time.ParseDuration(leaseGracePeriodRaw)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf(
"Error parsing lease_grace value of %s: %s", leaseGracePeriodRaw, err)), nil
}
entry := &roleEntry{ entry := &roleEntry{
Lease: lease, Lease: lease,
LeaseGracePeriod: leaseGracePeriod, CreationCQL: creationCQL,
CreationCQL: creationCQL, RollbackCQL: rollbackCQL,
RollbackCQL: rollbackCQL,
} }
// Store it // Store it
@ -157,10 +143,9 @@ func (b *backend) pathRoleCreate(
} }
type roleEntry struct { type roleEntry struct {
CreationCQL string `json:"creation_cql" structs:"creation_cql"` CreationCQL string `json:"creation_cql" structs:"creation_cql"`
Lease time.Duration `json:"lease" structs:"lease"` Lease time.Duration `json:"lease" structs:"lease"`
LeaseGracePeriod time.Duration `json:"lease_grace_period" structs:"lease_grace_period"` RollbackCQL string `json:"rollback_cql" structs:"rollback_cql"`
RollbackCQL string `json:"rollback_cql" structs:"rollback_cql"`
} }
const pathRoleHelpSyn = ` const pathRoleHelpSyn = `

17
logical/framework/secret.go
View File

@ -19,13 +19,13 @@ type Secret struct {
// the structure of this secret. // the structure of this secret.
Fields map[string]*FieldSchema Fields map[string]*FieldSchema
// DefaultDuration and DefaultGracePeriod are the default values for // DefaultDuration is the default value for the duration of the lease for
// the duration of the lease for this secret and its grace period. These // this secret. This can be manually overwritten with the result of
// can be manually overwritten with the result of Response(). // Response().
// //
// If these aren't set, Vault core will set a default lease period. // If these aren't set, Vault core will set a default lease period which
DefaultDuration time.Duration // may come from a mount tuning.
DefaultGracePeriod time.Duration DefaultDuration time.Duration
// Renew is the callback called to renew this secret. If Renew is // Renew is the callback called to renew this secret. If Renew is
// not specified then renewable is set to false in the secret. // not specified then renewable is set to false in the secret.
@ -51,9 +51,8 @@ func (s *Secret) Response(
return &logical.Response{ return &logical.Response{
Secret: &logical.Secret{ Secret: &logical.Secret{
LeaseOptions: logical.LeaseOptions{ LeaseOptions: logical.LeaseOptions{
TTL: s.DefaultDuration, TTL: s.DefaultDuration,
GracePeriod: s.DefaultGracePeriod, Renewable: s.Renewable(),
Renewable: s.Renewable(),
}, },
InternalData: internalData, InternalData: internalData,
}, },

13
logical/lease.go
View File

@ -6,9 +6,8 @@ import "time"
// settings between a Secret and Auth // settings between a Secret and Auth
type LeaseOptions struct { type LeaseOptions struct {
// Lease is the duration that this secret is valid for. Vault // Lease is the duration that this secret is valid for. Vault
// will automatically revoke it after the duration + grace period. // will automatically revoke it after the duration.
TTL time.Duration `json:"lease"` TTL time.Duration `json:"lease"`
GracePeriod time.Duration `json:"lease_grace_period"`
// Renewable, if true, means that this secret can be renewed. // Renewable, if true, means that this secret can be renewed.
Renewable bool `json:"renewable"` Renewable bool `json:"renewable"`
@ -30,17 +29,13 @@ func (l *LeaseOptions) LeaseEnabled() bool {
return l.TTL > 0 return l.TTL > 0
} }
// LeaseTotal is the total lease time including the grace period // LeaseTotal is the lease duration with a guard against a negative TTL
func (l *LeaseOptions) LeaseTotal() time.Duration { func (l *LeaseOptions) LeaseTotal() time.Duration {
if l.TTL <= 0 { if l.TTL <= 0 {
return 0 return 0
} }
if l.GracePeriod < 0 { return l.TTL
return l.TTL
}
return l.TTL + l.GracePeriod
} }
// ExpirationTime computes the time until expiration including the grace period // ExpirationTime computes the time until expiration including the grace period

41
logical/lease_test.go
View File

@ -19,11 +19,9 @@ func TestLeaseOptionsLeaseTotal(t *testing.T) {
func TestLeaseOptionsLeaseTotal_grace(t *testing.T) { func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {
var l LeaseOptions var l LeaseOptions
l.TTL = 1 * time.Hour l.TTL = 1 * time.Hour
l.GracePeriod = 30 * time.Minute
actual := l.LeaseTotal() actual := l.LeaseTotal()
expected := l.TTL + l.GracePeriod if actual != l.TTL {
if actual != expected {
t.Fatalf("bad: %s", actual) t.Fatalf("bad: %s", actual)
} }
} }
@ -31,7 +29,6 @@ func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {
func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) { func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
var l LeaseOptions var l LeaseOptions
l.TTL = -1 * 1 * time.Hour l.TTL = -1 * 1 * time.Hour
l.GracePeriod = 30 * time.Minute
actual := l.LeaseTotal() actual := l.LeaseTotal()
expected := time.Duration(0) expected := time.Duration(0)
@ -40,18 +37,6 @@ func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
} }
} }
func TestLeaseOptionsLeaseTotal_negGrace(t *testing.T) {
var l LeaseOptions
l.TTL = 1 * time.Hour
l.GracePeriod = -1 * 30 * time.Minute
actual := l.LeaseTotal()
expected := l.TTL
if actual != expected {
t.Fatalf("bad: %s", actual)
}
}
func TestLeaseOptionsExpirationTime(t *testing.T) { func TestLeaseOptionsExpirationTime(t *testing.T) {
var l LeaseOptions var l LeaseOptions
l.TTL = 1 * time.Hour l.TTL = 1 * time.Hour
@ -63,30 +48,6 @@ func TestLeaseOptionsExpirationTime(t *testing.T) {
} }
} }
func TestLeaseOptionsExpirationTime_grace(t *testing.T) {
var l LeaseOptions
l.TTL = 1 * time.Hour
l.GracePeriod = 30 * time.Minute
limit := time.Now().UTC().Add(time.Hour + 30*time.Minute)
actual := l.ExpirationTime()
if actual.Before(limit) {
t.Fatalf("bad: %s", actual)
}
}
func TestLeaseOptionsExpirationTime_graceNegative(t *testing.T) {
var l LeaseOptions
l.TTL = 1 * time.Hour
l.GracePeriod = -1 * 30 * time.Minute
limit := time.Now().UTC().Add(time.Hour)
actual := l.ExpirationTime()
if actual.Before(limit) {
t.Fatalf("bad: %s", actual)
}
}
func TestLeaseOptionsExpirationTime_noLease(t *testing.T) { func TestLeaseOptionsExpirationTime_noLease(t *testing.T) {
var l LeaseOptions var l LeaseOptions
if !l.ExpirationTime().IsZero() { if !l.ExpirationTime().IsZero() {

3
logical/secret.go
View File

@ -21,9 +21,6 @@ func (s *Secret) Validate() error {
if s.TTL < 0 { if s.TTL < 0 {
return fmt.Errorf("ttl duration must not be less than zero") return fmt.Errorf("ttl duration must not be less than zero")
} }
if s.GracePeriod < 0 {
return fmt.Errorf("grace period must not be less than zero")
}
return nil return nil
} }