vault: Adding LeaseIssue for renew to allow limiting maximum lease length

This commit is contained in:
Armon Dadgar 2015-04-09 11:54:32 -07:00
parent 9a034c4ab8
commit 7df486482b
3 changed files with 10 additions and 0 deletions

View file

@ -25,6 +25,12 @@ type Secret struct {
// when returning a response. // when returning a response.
LeaseIncrement time.Duration `json:"-"` LeaseIncrement time.Duration `json:"-"`
// LeaseIssue is the time of issue for the original lease. This is
// only available on a Renew operation and has no effect when returning
// a response. It can be used to enforce maximum lease periods by
// a logical backend.
LeaseIssue time.Time `json:"-"`
// LeaseID is the ID returned to the user to manage this secret. // LeaseID is the ID returned to the user to manage this secret.
// This is generated by Vault core. Any set value will be ignored. // This is generated by Vault core. Any set value will be ignored.
// For requests, this will always be blank. // For requests, this will always be blank.

View file

@ -462,6 +462,7 @@ func (m *ExpirationManager) revokeEntry(le *leaseEntry) error {
// renewEntry is used to attempt renew of an internal entry // renewEntry is used to attempt renew of an internal entry
func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) { func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) {
secret := *le.Secret secret := *le.Secret
secret.LeaseIssue = le.IssueTime
secret.LeaseIncrement = increment secret.LeaseIncrement = increment
secret.LeaseID = "" secret.LeaseID = ""

View file

@ -639,6 +639,9 @@ func TestExpiration_renewEntry(t *testing.T) {
if req.Secret.LeaseIncrement != time.Second { if req.Secret.LeaseIncrement != time.Second {
t.Fatalf("Bad: %v", req) t.Fatalf("Bad: %v", req)
} }
if req.Secret.LeaseIssue.IsZero() {
t.Fatalf("Bad: %v", req)
}
} }
func TestExpiration_PersistLoadDelete(t *testing.T) { func TestExpiration_PersistLoadDelete(t *testing.T) {