From ab7d35b95e1f7d6a5fb6e98126ae1d97e9d36e81 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 21 Sep 2015 09:39:37 -0400 Subject: [PATCH] Fix up per-backend timing logic; also fix error in TypeDurationSecond in GetOkErr. --- logical/framework/field_data.go | 9 ++--- vault/logical_system.go | 22 +++++------ vault/logical_system_helpers.go | 66 +++++++++++++++++++++------------ 3 files changed, 55 insertions(+), 42 deletions(-) diff --git a/logical/framework/field_data.go b/logical/framework/field_data.go index d88c7afaf..f76c01bc7 100644 --- a/logical/framework/field_data.go +++ b/logical/framework/field_data.go @@ -115,35 +115,34 @@ func (d *FieldData) getPrimitive( if err := mapstructure.WeakDecode(raw, &result); err != nil { return nil, true, err } - return result, true, nil + case TypeInt: var result int if err := mapstructure.WeakDecode(raw, &result); err != nil { return nil, true, err } - return result, true, nil + case TypeString: var result string if err := mapstructure.WeakDecode(raw, &result); err != nil { return nil, true, err } - return result, true, nil + case TypeMap: var result map[string]interface{} if err := mapstructure.WeakDecode(raw, &result); err != nil { return nil, true, err } - return result, true, nil case TypeDurationSecond: var result int switch inp := raw.(type) { case nil: - return nil, true, nil + return nil, false, nil case int: result = inp case float32: diff --git a/vault/logical_system.go b/vault/logical_system.go index e8a19d06c..4af7ee3d1 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -542,23 +542,19 @@ func (b *SystemBackend) handleMountTune( return handleError(err) } - newMountConfig := mountEntry.Config - // Timing configuration parameters { - var needTTLTune bool - defTTLInt, ok := data.GetOk("default_lease_ttl") - if ok { - newMountConfig.DefaultLeaseTTL = time.Duration(defTTLInt.(int)) - needTTLTune = true + var newDefault, newMax *time.Duration + if defTTLInt, ok := data.GetOk("default_lease_ttl"); ok { + def := time.Duration(defTTLInt.(int)) + newDefault = &def } - maxTTLInt, ok := data.GetOk("max_lease_ttl") - if ok { - newMountConfig.MaxLeaseTTL = time.Duration(maxTTLInt.(int)) - needTTLTune = true + if maxTTLInt, ok := data.GetOk("max_lease_ttl"); ok { + max := time.Duration(maxTTLInt.(int)) + newMax = &max } - if needTTLTune { - if err := b.tuneMountTTLs(path, &mountEntry.Config, &newMountConfig); err != nil { + if newDefault != nil || newMax != nil { + if err := b.tuneMountTTLs(path, &mountEntry.Config, newDefault, newMax); err != nil { b.Backend.Logger().Printf("[ERR] sys: tune of path '%s' failed: %v", path, err) return handleError(err) } diff --git a/vault/logical_system_helpers.go b/vault/logical_system_helpers.go index ab93914a2..626360396 100644 --- a/vault/logical_system_helpers.go +++ b/vault/logical_system_helpers.go @@ -3,42 +3,60 @@ package vault import ( "errors" "fmt" + "time" ) // tuneMount is used to set config on a mount point -func (b *SystemBackend) tuneMountTTLs(path string, meConfig, newConfig *MountConfig) error { - if meConfig.MaxLeaseTTL == newConfig.MaxLeaseTTL && - meConfig.DefaultLeaseTTL == newConfig.DefaultLeaseTTL { +func (b *SystemBackend) tuneMountTTLs(path string, meConfig *MountConfig, newDefault, newMax *time.Duration) error { + if newDefault == nil && newMax == nil { + return nil + } + if newDefault == nil && newMax != nil && + *newMax == meConfig.MaxLeaseTTL { + return nil + } + if newMax == nil && newDefault != nil && + *newDefault == meConfig.DefaultLeaseTTL { + return nil + } + if newMax != nil && newDefault != nil && + *newDefault == meConfig.DefaultLeaseTTL && + *newMax == meConfig.MaxLeaseTTL { return nil } - if meConfig.DefaultLeaseTTL != 0 { - if newConfig.MaxLeaseTTL < meConfig.DefaultLeaseTTL { - if newConfig.DefaultLeaseTTL == 0 { - return fmt.Errorf("New backend max lease TTL of %d less than backend default lease TTL of %d", - newConfig.MaxLeaseTTL, meConfig.DefaultLeaseTTL) + if newMax != nil && newDefault != nil && *newMax < *newDefault { + return fmt.Errorf("New backend max lease TTL of %d less than new backend default lease TTL of %d", + *newMax, *newDefault) + } + + if newMax != nil && newDefault == nil { + if meConfig.DefaultLeaseTTL != 0 && *newMax < meConfig.DefaultLeaseTTL { + return fmt.Errorf("New backend max lease TTL of %d less than backend default lease TTL of %d", + *newMax, meConfig.DefaultLeaseTTL) + } + } + + if newDefault != nil { + if meConfig.MaxLeaseTTL == 0 { + if *newDefault > b.Core.maxLeaseTTL { + return fmt.Errorf("New backend default lease TTL of %d greater than system max lease TTL of %d", + *newDefault, b.Core.maxLeaseTTL) } - if newConfig.MaxLeaseTTL < newConfig.DefaultLeaseTTL { - return fmt.Errorf("New backend max lease TTL of %d less than new backend default lease TTL of %d", - newConfig.MaxLeaseTTL, newConfig.DefaultLeaseTTL) + } else { + if meConfig.MaxLeaseTTL < *newDefault { + return fmt.Errorf("New backend default lease TTL of %d greater than backend max lease TTL of %d", + *newDefault, meConfig.MaxLeaseTTL) } } } - if meConfig.MaxLeaseTTL == 0 { - if newConfig.DefaultLeaseTTL > b.Core.maxLeaseTTL { - return fmt.Errorf("New backend default lease TTL of %d greater than system max lease TTL of %d", - newConfig.DefaultLeaseTTL, b.Core.maxLeaseTTL) - } - } else { - if meConfig.MaxLeaseTTL < newConfig.DefaultLeaseTTL { - return fmt.Errorf("New backend default lease TTL of %d greater than backend max lease TTL of %d", - newConfig.DefaultLeaseTTL, meConfig.MaxLeaseTTL) - } + if newMax != nil { + meConfig.MaxLeaseTTL = *newMax + } + if newDefault != nil { + meConfig.DefaultLeaseTTL = *newDefault } - - meConfig.MaxLeaseTTL = newConfig.MaxLeaseTTL - meConfig.DefaultLeaseTTL = newConfig.DefaultLeaseTTL // Update the mount table if err := b.Core.persistMounts(b.Core.mounts); err != nil {