Revert 'risky' changes

2016-07-12 16:28:27 -04:00 · 2016-07-12 16:28:27 -04:00 · 8269f323d3
parent e09b40e155
commit 8269f323d3
15 changed files with 53 additions and 58 deletions
--- a/audit/format_json.go
+++ b/audit/format_json.go
@ -30,7 +30,7 @@ func (f *FormatJSON) FormatRequest(
 	// Encode!
 	enc := json.NewEncoder(w)
 	return enc.Encode(&JSONRequestEntry{
-		Time:  time.Now().Format(time.RFC3339),
+		Time:  time.Now().UTC().Format(time.RFC3339),
 		Type:  "request",
 		Error: errString,

@ -100,7 +100,7 @@ func (f *FormatJSON) FormatResponse(
 	// Encode!
 	enc := json.NewEncoder(w)
 	return enc.Encode(&JSONResponseEntry{
-		Time:  time.Now().Format(time.RFC3339),
+		Time:  time.Now().UTC().Format(time.RFC3339),
 		Type:  "response",
 		Error: errString,

--- a/builtin/logical/pki/backend_test.go
+++ b/builtin/logical/pki/backend_test.go
@ -958,7 +958,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 					return fmt.Errorf("got an error: %s", resp.Data["error"].(string))
 				}

-				if !(resp.Data["revocation_time"].(time.Time)).IsZero() {
+				if resp.Data["revocation_time"].(int64) != 0 {
 					return fmt.Errorf("expected a zero revocation time")
 				}

@ -1115,7 +1115,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 					return fmt.Errorf("got an error: %s", resp.Data["error"].(string))
 				}

-				if !(resp.Data["revocation_time"].(time.Time)).IsZero() {
+				if resp.Data["revocation_time"].(int64) != 0 {
 					return fmt.Errorf("expected a zero revocation time")
 				}

@ -1169,7 +1169,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 					return fmt.Errorf("got an error: %s", resp.Data["error"].(string))
 				}

-				if (resp.Data["revocation_time"].(time.Time)).IsZero() {
+				if resp.Data["revocation_time"].(int64) == 0 {
 					return fmt.Errorf("expected a non-zero revocation time")
 				}

@ -1187,7 +1187,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
 					return fmt.Errorf("got an error: %s", resp.Data["error"].(string))
 				}

-				if (resp.Data["revocation_time"].(time.Time)).IsZero() {
+				if resp.Data["revocation_time"].(int64) == 0 {
 					return fmt.Errorf("expected a non-zero revocation time")
 				}

--- a/builtin/logical/pki/crl_util.go
+++ b/builtin/logical/pki/crl_util.go
@ -12,8 +12,8 @@ import (
 )

 type revocationInfo struct {
-	CertificateBytes []byte    `json:"certificate_bytes"`
-	RevocationTime   time.Time `json:"revocation_time"`
+	CertificateBytes []byte `json:"certificate_bytes"`
+	RevocationTime   int64  `json:"revocation_time"`
 }

 // Revokes a cert, and tries to be smart about error recovery
@ -87,7 +87,7 @@ func revokeCert(b *backend, req *logical.Request, serial string, fromLease bool)
 		}

 		revInfo.CertificateBytes = certEntry.Value
-		revInfo.RevocationTime = time.Now()
+		revInfo.RevocationTime = time.Now().Unix()

 		certEntry, err = logical.StorageEntryJSON("revoked/"+serial, revInfo)
 		if err != nil {
@ -153,7 +153,7 @@ func buildCRL(b *backend, req *logical.Request) error {

 		revokedCerts = append(revokedCerts, pkix.RevokedCertificate{
 			SerialNumber:   revokedCert.SerialNumber,
-			RevocationTime: revInfo.RevocationTime,
+			RevocationTime: time.Unix(revInfo.RevocationTime, 0),
 		})
 	}

--- a/builtin/logical/pki/path_fetch.go
+++ b/builtin/logical/pki/path_fetch.go
@ -3,7 +3,6 @@ package pki
 import (
 	"encoding/pem"
 	"fmt"
-	"time"

 	"github.com/hashicorp/vault/helper/certutil"
 	"github.com/hashicorp/vault/logical"
@ -102,7 +101,7 @@ func (b *backend) pathFetchRead(req *logical.Request, data *framework.FieldData)
 	var certEntry, revokedEntry *logical.StorageEntry
 	var funcErr error
 	var certificate []byte
-	var revocationTime time.Time
+	var revocationTime int64
 	response = &logical.Response{
 		Data: map[string]interface{}{},
 	}
--- a/builtin/logical/pki/path_root.go
+++ b/builtin/logical/pki/path_root.go
@ -98,7 +98,7 @@ func (b *backend) pathCAGenerateRoot(

 	resp := &logical.Response{
 		Data: map[string]interface{}{
-			"expiration":    parsedBundle.Certificate.NotAfter,
+			"expiration":    int64(parsedBundle.Certificate.NotAfter.Unix()),
 			"serial_number": cb.SerialNumber,
 		},
 	}
@ -234,7 +234,7 @@ func (b *backend) pathCASignIntermediate(

 	resp := &logical.Response{
 		Data: map[string]interface{}{
-			"expiration":    parsedBundle.Certificate.NotAfter,
+			"expiration":    int64(parsedBundle.Certificate.NotAfter.Unix()),
 			"serial_number": cb.SerialNumber,
 		},
 	}
--- a/builtin/logical/transit/backend_test.go
+++ b/builtin/logical/transit/backend_test.go
@ -222,14 +222,14 @@ func testAccStepReadPolicy(t *testing.T, name string, expectNone, derived bool)
 				return nil
 			}
 			var d struct {
-				Name                 string               `mapstructure:"name"`
-				Key                  []byte               `mapstructure:"key"`
-				Keys                 map[string]time.Time `mapstructure:"keys"`
-				CipherMode           string               `mapstructure:"cipher_mode"`
-				Derived              bool                 `mapstructure:"derived"`
-				KDFMode              string               `mapstructure:"kdf_mode"`
-				DeletionAllowed      bool                 `mapstructure:"deletion_allowed"`
-				ConvergentEncryption bool                 `mapstructure:"convergent_encryption"`
+				Name                 string           `mapstructure:"name"`
+				Key                  []byte           `mapstructure:"key"`
+				Keys                 map[string]int64 `mapstructure:"keys"`
+				CipherMode           string           `mapstructure:"cipher_mode"`
+				Derived              bool             `mapstructure:"derived"`
+				KDFMode              string           `mapstructure:"kdf_mode"`
+				DeletionAllowed      bool             `mapstructure:"deletion_allowed"`
+				ConvergentEncryption bool             `mapstructure:"convergent_encryption"`
 			}
 			if err := mapstructure.Decode(resp.Data, &d); err != nil {
 				return err
--- a/builtin/logical/transit/path_keys.go
+++ b/builtin/logical/transit/path_keys.go
@ -3,7 +3,6 @@ package transit
 import (
 	"fmt"
 	"strconv"
-	"time"

 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@ -110,7 +109,7 @@ func (b *backend) pathPolicyRead(
 		resp.Data["convergent_encryption"] = p.ConvergentEncryption
 	}

-	retKeys := map[string]time.Time{}
+	retKeys := map[string]int64{}
 	for k, v := range p.Keys {
 		retKeys[strconv.Itoa(k)] = v.CreationTime
 	}
--- a/builtin/logical/transit/policy.go
+++ b/builtin/logical/transit/policy.go
@ -25,8 +25,8 @@ const (

 // KeyEntry stores the key and metadata
 type KeyEntry struct {
-	Key          []byte    `json:"key"`
-	CreationTime time.Time `json:"creation_time"`
+	Key          []byte `json:"key"`
+	CreationTime int64  `json:"creation_time"`
 }

 // KeyEntryMap is used to allow JSON marshal/unmarshal
@ -491,7 +491,7 @@ func (p *Policy) rotate(storage logical.Storage) error {

 	p.Keys[p.LatestVersion] = KeyEntry{
 		Key:          newKey,
-		CreationTime: time.Now(),
+		CreationTime: time.Now().Unix(),
 	}

 	// This ensures that with new key creations min decryption version is set
@ -510,7 +510,7 @@ func (p *Policy) migrateKeyToKeysMap() {
 	p.Keys = KeyEntryMap{
 		1: KeyEntry{
 			Key:          p.Key,
-			CreationTime: time.Now(),
+			CreationTime: time.Now().Unix(),
 		},
 	}
 	p.Key = nil
--- a/http/sys_health.go
+++ b/http/sys_health.go
@ -115,17 +115,17 @@ func getSysHealth(core *vault.Core, r *http.Request) (int, *HealthResponse, erro

 	// Format the body
 	body := &HealthResponse{
-		Initialized: init,
-		Sealed:      sealed,
-		Standby:     standby,
-		ServerTime:  time.Now(),
+		Initialized:   init,
+		Sealed:        sealed,
+		Standby:       standby,
+		ServerTimeUTC: time.Now().UTC().Unix(),
 	}
 	return code, body, nil
 }

 type HealthResponse struct {
-	Initialized bool      `json:"initialized"`
-	Sealed      bool      `json:"sealed"`
-	Standby     bool      `json:"standby"`
-	ServerTime  time.Time `json:"server_time"`
+	Initialized   bool  `json:"initialized"`
+	Sealed        bool  `json:"sealed"`
+	Standby       bool  `json:"standby"`
+	ServerTimeUTC int64 `json:"server_time_utc"`
 }
--- a/http/sys_health_test.go
+++ b/http/sys_health_test.go
@ -29,7 +29,7 @@ func TestSysHealth_get(t *testing.T) {
 	}
 	testResponseStatus(t, resp, 200)
 	testResponseBody(t, resp, &actual)
-	expected["server_time"] = actual["server_time"]
+	expected["server_time_utc"] = actual["server_time_utc"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual)
 	}
@ -49,7 +49,7 @@ func TestSysHealth_get(t *testing.T) {
 	}
 	testResponseStatus(t, resp, 500)
 	testResponseBody(t, resp, &actual)
-	expected["server_time"] = actual["server_time"]
+	expected["server_time_utc"] = actual["server_time_utc"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual)
 	}
@ -78,7 +78,7 @@ func TestSysHealth_customcodes(t *testing.T) {
 	testResponseStatus(t, resp, 202)
 	testResponseBody(t, resp, &actual)

-	expected["server_time"] = actual["server_time"]
+	expected["server_time_utc"] = actual["server_time_utc"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual)
 	}
@ -102,7 +102,7 @@ func TestSysHealth_customcodes(t *testing.T) {
 	}
 	testResponseStatus(t, resp, 503)
 	testResponseBody(t, resp, &actual)
-	expected["server_time"] = actual["server_time"]
+	expected["server_time_utc"] = actual["server_time_utc"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual)
 	}
--- a/logical/framework/backend.go
+++ b/logical/framework/backend.go
@ -466,7 +466,7 @@ func (b *Backend) handleWALRollback(
 		}

 		// If the entry isn't old enough, then don't roll it back
-		if !entry.CreatedAt.Before(minAge) {
+		if !time.Unix(entry.CreatedAt, 0).Before(minAge) {
 			continue
 		}

--- a/logical/framework/wal.go
+++ b/logical/framework/wal.go
@ -15,7 +15,7 @@ type WALEntry struct {
 	ID        string      `json:"-"`
 	Kind      string      `json:"type"`
 	Data      interface{} `json:"data"`
-	CreatedAt time.Time   `json:"created_at"`
+	CreatedAt int64       `json:"created_at"`
 }

 // PutWAL writes some data to the WAL.
@ -37,7 +37,7 @@ func PutWAL(s logical.Storage, kind string, data interface{}) (string, error) {
 	value, err := json.Marshal(&WALEntry{
 		Kind:      kind,
 		Data:      data,
-		CreatedAt: time.Now(),
+		CreatedAt: time.Now().UTC().Unix(),
 	})
 	if err != nil {
 		return "", err
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@ -327,7 +327,7 @@ func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, *log
 			Policies:     auth.Policies,
 			Meta:         auth.Metadata,
 			DisplayName:  auth.DisplayName,
-			CreationTime: time.Now(),
+			CreationTime: time.Now().Unix(),
 			TTL:          auth.TTL,
 		}

@ -389,7 +389,7 @@ func (c *Core) wrapInCubbyhole(req *logical.Request, resp *logical.Response) (*l
 	te := TokenEntry{
 		Path:           req.Path,
 		Policies:       []string{"response-wrapping"},
-		CreationTime:   creationTime,
+		CreationTime:   creationTime.Unix(),
 		TTL:            resp.WrapInfo.TTL,
 		NumUses:        1,
 		ExplicitMaxTTL: resp.WrapInfo.TTL,
--- a/vault/token_store.go
+++ b/vault/token_store.go
@ -439,7 +439,7 @@ type TokenEntry struct {
 	NumUses int `json:"num_uses" mapstructure:"num_uses" structs:"num_uses"`

 	// Time of token creation
-	CreationTime time.Time `json:"creation_time" mapstructure:"creation_time" structs:"creation_time"`
+	CreationTime int64 `json:"creation_time" mapstructure:"creation_time" structs:"creation_time"`

 	// Duration set when token was created
 	TTL time.Duration `json:"ttl" mapstructure:"ttl" structs:"ttl"`
@ -497,7 +497,7 @@ func (ts *TokenStore) rootToken() (*TokenEntry, error) {
 		Policies:     []string{"root"},
 		Path:         "auth/token/root",
 		DisplayName:  "root",
-		CreationTime: time.Now(),
+		CreationTime: time.Now().Unix(),
 	}
 	if err := ts.create(te); err != nil {
 		return nil, err
@ -993,7 +993,7 @@ func (ts *TokenStore) handleCreateCommon(
 		Meta:         data.Metadata,
 		DisplayName:  "token",
 		NumUses:      data.NumUses,
-		CreationTime: time.Now(),
+		CreationTime: time.Now().Unix(),
 	}

 	renewable := true
@ -1329,7 +1329,7 @@ func (ts *TokenStore) handleLookup(
 			"display_name":     out.DisplayName,
 			"num_uses":         out.NumUses,
 			"orphan":           false,
-			"creation_time":    out.CreationTime,
+			"creation_time":    int64(out.CreationTime),
 			"creation_ttl":     int64(out.TTL.Seconds()),
 			"ttl":              int64(0),
 			"role":             out.Role,
@ -1348,7 +1348,7 @@ func (ts *TokenStore) handleLookup(
 	}
 	if leaseTimes != nil {
 		if !leaseTimes.LastRenewalTime.IsZero() {
-			resp.Data["last_renewal_time"] = leaseTimes.LastRenewalTime
+			resp.Data["last_renewal_time"] = leaseTimes.LastRenewalTime.Unix()
 		}
 		if !leaseTimes.ExpireTime.IsZero() {
 			resp.Data["ttl"] = int64(leaseTimes.ExpireTime.Sub(time.Now().Round(time.Second)).Seconds())
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@ -175,7 +175,6 @@ func TestTokenStore_CreateLookup(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	ent.CreationTime = out.CreationTime
 	if !reflect.DeepEqual(out, ent) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", ent, out)
 	}
@ -215,7 +214,6 @@ func TestTokenStore_CreateLookup_ProvidedID(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	ent.CreationTime = out.CreationTime
 	if !reflect.DeepEqual(out, ent) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", ent, out)
 	}
@ -413,7 +411,6 @@ func TestTokenStore_Revoke_Orphan(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	ent2.CreationTime = out.CreationTime
 	if !reflect.DeepEqual(out, ent2) {
 		t.Fatalf("bad: expected:%#v\nactual:%#v", ent2, out)
 	}
@ -985,7 +982,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
 		"explicit_max_ttl": int64(0),
 	}

-	if (resp.Data["creation_time"].(time.Time)).IsZero() {
+	if resp.Data["creation_time"].(int64) == 0 {
 		t.Fatalf("creation time was zero")
 	}
 	delete(resp.Data, "creation_time")
@ -1022,7 +1019,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
 		"renewable":        true,
 	}

-	if (resp.Data["creation_time"].(time.Time)).IsZero() {
+	if resp.Data["creation_time"].(int64) == 0 {
 		t.Fatalf("creation time was zero")
 	}
 	delete(resp.Data, "creation_time")
@ -1065,7 +1062,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
 		"renewable":        true,
 	}

-	if (resp.Data["creation_time"].(time.Time)).IsZero() {
+	if resp.Data["creation_time"].(int64) == 0 {
 		t.Fatalf("creation time was zero")
 	}
 	delete(resp.Data, "creation_time")
@ -1098,7 +1095,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
 		t.Fatalf("bad: %#v", resp)
 	}

-	if (resp.Data["last_renewal_time"].(time.Time)).IsZero() {
+	if resp.Data["last_renewal_time"].(int64) == 0 {
 		t.Fatalf("last_renewal_time was zero")
 	}
 }
@ -1130,7 +1127,7 @@ func TestTokenStore_HandleRequest_LookupSelf(t *testing.T) {
 		"explicit_max_ttl": int64(0),
 	}

-	if (resp.Data["creation_time"].(time.Time)).IsZero() {
+	if resp.Data["creation_time"].(int64) == 0 {
 		t.Fatalf("creation time was zero")
 	}
 	delete(resp.Data, "creation_time")