Merge pull request #1692 from hashicorp/ttl0-not-renewable

Don't mark never-expiring root tokens as renewable
2016-08-05 11:16:00 -04:00 · 2016-08-05 11:16:00 -04:00 · 687993bbb4
parent 21e39bfea6 82b3d136e6
commit 687993bbb4
2 changed files with 6 additions and 1 deletions
--- a/http/logical_test.go
+++ b/http/logical_test.go
@ -192,7 +192,7 @@ func TestLogical_CreateToken(t *testing.T) {
 			"policies":       []interface{}{"root"},
 			"metadata":       nil,
 			"lease_duration": json.Number("0"),
-			"renewable":      true,
+			"renewable":      false,
 		},
 		"warnings": nilWarnings,
 	}
--- a/vault/token_store.go
+++ b/vault/token_store.go
@ -1296,6 +1296,11 @@ func (ts *TokenStore) handleCreateCommon(
 		}
 	}

+	// Don't advertise non-expiring root tokens as renewable, as attempts to renew them are denied
+	if te.TTL == 0 {
+		renewable = false
+	}
+
 	// Create the token
 	if err := ts.create(&te); err != nil {
 		return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest