Don't mark never-expiring root tokens as renewable

This commit is contained in:
Jeff Mitchell 2016-08-05 11:15:25 -04:00
parent 21e39bfea6
commit 82b3d136e6
2 changed files with 6 additions and 1 deletions

View File

@ -192,7 +192,7 @@ func TestLogical_CreateToken(t *testing.T) {
"policies": []interface{}{"root"},
"metadata": nil,
"lease_duration": json.Number("0"),
"renewable": true,
"renewable": false,
},
"warnings": nilWarnings,
}

View File

@ -1296,6 +1296,11 @@ func (ts *TokenStore) handleCreateCommon(
}
}
// Don't advertise non-expiring root tokens as renewable, as attempts to renew them are denied
if te.TTL == 0 {
renewable = false
}
// Create the token
if err := ts.create(&te); err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest