vault: Adding LeaseIssue for renew to allow limiting maximum lease length
This commit is contained in:
parent
9a034c4ab8
commit
7df486482b
|
@ -25,6 +25,12 @@ type Secret struct {
|
||||||
// when returning a response.
|
// when returning a response.
|
||||||
LeaseIncrement time.Duration `json:"-"`
|
LeaseIncrement time.Duration `json:"-"`
|
||||||
|
|
||||||
|
// LeaseIssue is the time of issue for the original lease. This is
|
||||||
|
// only available on a Renew operation and has no effect when returning
|
||||||
|
// a response. It can be used to enforce maximum lease periods by
|
||||||
|
// a logical backend.
|
||||||
|
LeaseIssue time.Time `json:"-"`
|
||||||
|
|
||||||
// LeaseID is the ID returned to the user to manage this secret.
|
// LeaseID is the ID returned to the user to manage this secret.
|
||||||
// This is generated by Vault core. Any set value will be ignored.
|
// This is generated by Vault core. Any set value will be ignored.
|
||||||
// For requests, this will always be blank.
|
// For requests, this will always be blank.
|
||||||
|
|
|
@ -462,6 +462,7 @@ func (m *ExpirationManager) revokeEntry(le *leaseEntry) error {
|
||||||
// renewEntry is used to attempt renew of an internal entry
|
// renewEntry is used to attempt renew of an internal entry
|
||||||
func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) {
|
func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) {
|
||||||
secret := *le.Secret
|
secret := *le.Secret
|
||||||
|
secret.LeaseIssue = le.IssueTime
|
||||||
secret.LeaseIncrement = increment
|
secret.LeaseIncrement = increment
|
||||||
secret.LeaseID = ""
|
secret.LeaseID = ""
|
||||||
|
|
||||||
|
|
|
@ -639,6 +639,9 @@ func TestExpiration_renewEntry(t *testing.T) {
|
||||||
if req.Secret.LeaseIncrement != time.Second {
|
if req.Secret.LeaseIncrement != time.Second {
|
||||||
t.Fatalf("Bad: %v", req)
|
t.Fatalf("Bad: %v", req)
|
||||||
}
|
}
|
||||||
|
if req.Secret.LeaseIssue.IsZero() {
|
||||||
|
t.Fatalf("Bad: %v", req)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestExpiration_PersistLoadDelete(t *testing.T) {
|
func TestExpiration_PersistLoadDelete(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue