Throw error if system view boundaries are violated

2015-09-17 15:47:36 -04:00 · 2015-09-17 15:47:36 -04:00 · a2e88414f5
parent 4332eb9d05 7f640c4374
commit a2e88414f5
1 changed files with 7 additions and 4 deletions
--- a/logical/framework/backend.go
+++ b/logical/framework/backend.go
@ -178,6 +178,7 @@ func (b *Backend) System() logical.SystemView {
 // those with the SystemView values. If they are empty default values are set.
 // If they are set, their boundaries are validated.
 func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) {
+	sysMaxTTL := b.System().MaxLeaseTTL()
 	if len(ttlStr) == 0 {
 		ttl = b.System().DefaultLeaseTTL()
 	} else {
@ -185,8 +186,10 @@ func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Durati
 		if err != nil {
 			return 0, 0, fmt.Errorf("Invalid ttl: %s", err)
 		}
+		if ttl > sysMaxTTL {
+			return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
+		}
 	}
-	sysMaxTTL := b.System().MaxLeaseTTL()
 	if len(maxTTLStr) == 0 {
 		maxTTL = sysMaxTTL
 	} else {
@ -194,9 +197,9 @@ func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Durati
 		if err != nil {
 			return 0, 0, fmt.Errorf("Invalid max_ttl: %s", err)
 		}
-	}
-	if maxTTL > sysMaxTTL {
-		maxTTL = sysMaxTTL
+		if maxTTL > sysMaxTTL {
+			return 0, 0, fmt.Errorf("\"max_ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
+		}
 	}
 	if ttl > maxTTL {
 		ttl = maxTTL