Cleaning up lease and lease duration vars and params
This commit is contained in:
Chris Hoffman
parent
ba94451875
commit
b1703fb18d
|
|
@ -105,8 +105,8 @@ func (b *backend) ResetDB() {
|
|||
b.db = nil
|
||||
}
|
||||
|
||||
// Lease returns the lease information
|
||||
func (b *backend) Lease(s logical.Storage) (*configLease, error) {
|
||||
// LeaseConfig returns the lease configuration
|
||||
func (b *backend) LeaseConfig(s logical.Storage) (*configLease, error) {
|
||||
entry, err := s.Get("config/lease")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -129,5 +129,5 @@ The MSSQL backend dynamically generates database users.
|
|||
After mounting this backend, configure it using the endpoints within
|
||||
the "config/" path.
|
||||
|
||||
This backend does not support Azure SQL Databases
|
||||
This backend does not support Azure SQL Databases.
|
||||
`
|
||||
|
|
|
|||
|
|
@ -142,8 +142,8 @@ func testAccStepWriteLease(t *testing.T) logicaltest.TestStep {
|
|||
Operation: logical.UpdateOperation,
|
||||
Path: "config/lease",
|
||||
Data: map[string]interface{}{
|
||||
"lease": "1h5m",
|
||||
"lease_max": "24h",
|
||||
"ttl": "1h5m",
|
||||
"ttl_max": "24h",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
@ -153,7 +153,7 @@ func testAccStepReadLease(t *testing.T) logicaltest.TestStep {
|
|||
Operation: logical.ReadOperation,
|
||||
Path: "config/lease",
|
||||
Check: func(resp *logical.Response) error {
|
||||
if resp.Data["lease"] != "1h5m0s" || resp.Data["lease_max"] != "24h0m0s" {
|
||||
if resp.Data["ttl"] != "1h5m0s" || resp.Data["ttl_max"] != "24h0m0s" {
|
||||
return fmt.Errorf("bad: %#v", resp)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,20 +12,20 @@ func pathConfigLease(b *backend) *framework.Path {
|
|||
return &framework.Path{
|
||||
Pattern: "config/lease",
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"lease": &framework.FieldSchema{
|
||||
"ttl": &framework.FieldSchema{
|
||||
Type: framework.TypeString,
|
||||
Description: "Default lease for roles.",
|
||||
Description: "Default ttl for roles.",
|
||||
},
|
||||
|
||||
"lease_max": &framework.FieldSchema{
|
||||
"ttl_max": &framework.FieldSchema{
|
||||
Type: framework.TypeString,
|
||||
Description: "Maximum time a credential is valid for.",
|
||||
},
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ReadOperation: b.pathLeaseRead,
|
||||
logical.UpdateOperation: b.pathLeaseWrite,
|
||||
logical.ReadOperation: b.pathConfigLeaseRead,
|
||||
logical.UpdateOperation: b.pathConfigLeaseWrite,
|
||||
},
|
||||
|
||||
HelpSynopsis: pathConfigLeaseHelpSyn,
|
||||
|
|
@ -33,26 +33,26 @@ func pathConfigLease(b *backend) *framework.Path {
|
|||
}
|
||||
}
|
||||
|
||||
func (b *backend) pathLeaseWrite(
|
||||
func (b *backend) pathConfigLeaseWrite(
|
||||
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||
leaseRaw := d.Get("lease").(string)
|
||||
leaseMaxRaw := d.Get("lease_max").(string)
|
||||
ttlRaw := d.Get("ttl").(string)
|
||||
ttlMaxRaw := d.Get("ttl_max").(string)
|
||||
|
||||
lease, err := time.ParseDuration(leaseRaw)
|
||||
ttl, err := time.ParseDuration(ttlRaw)
|
||||
if err != nil {
|
||||
return logical.ErrorResponse(fmt.Sprintf(
|
||||
"Invalid lease: %s", err)), nil
|
||||
"Invalid ttl: %s", err)), nil
|
||||
}
|
||||
leaseMax, err := time.ParseDuration(leaseMaxRaw)
|
||||
ttlMax, err := time.ParseDuration(ttlMaxRaw)
|
||||
if err != nil {
|
||||
return logical.ErrorResponse(fmt.Sprintf(
|
||||
"Invalid lease: %s", err)), nil
|
||||
"Invalid ttl_max: %s", err)), nil
|
||||
}
|
||||
|
||||
// Store it
|
||||
entry, err := logical.StorageEntryJSON("config/lease", &configLease{
|
||||
Lease: lease,
|
||||
LeaseMax: leaseMax,
|
||||
TTL: ttl,
|
||||
TTLMax: ttlMax,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -64,40 +64,40 @@ func (b *backend) pathLeaseWrite(
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func (b *backend) pathLeaseRead(
|
||||
func (b *backend) pathConfigLeaseRead(
|
||||
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
||||
lease, err := b.Lease(req.Storage)
|
||||
leaseConfig, err := b.LeaseConfig(req.Storage)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if lease == nil {
|
||||
if leaseConfig == nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return &logical.Response{
|
||||
Data: map[string]interface{}{
|
||||
"lease": lease.Lease.String(),
|
||||
"lease_max": lease.LeaseMax.String(),
|
||||
"ttl": leaseConfig.TTL.String(),
|
||||
"ttl_max": leaseConfig.TTLMax.String(),
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
type configLease struct {
|
||||
Lease time.Duration
|
||||
LeaseMax time.Duration
|
||||
TTL time.Duration
|
||||
TTLMax time.Duration
|
||||
}
|
||||
|
||||
const pathConfigLeaseHelpSyn = `
|
||||
Configure the default lease information for generated credentials.
|
||||
Configure the default lease ttl for generated credentials.
|
||||
`
|
||||
|
||||
const pathConfigLeaseHelpDesc = `
|
||||
This configures the default lease information used for credentials
|
||||
generated by this backend. The lease specifies the duration that a
|
||||
This configures the default lease ttl used for credentials
|
||||
generated by this backend. The ttl specifies the duration that a
|
||||
credential will be valid for, as well as the maximum session for
|
||||
a set of credentials.
|
||||
|
||||
The format for the lease is "1h" or integer and then unit. The longest
|
||||
The format for the ttl is "1h" or integer and then unit. The longest
|
||||
unit is hour.
|
||||
`
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package mssql
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/go-uuid"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
|
|
@ -41,13 +40,13 @@ func (b *backend) pathCredsCreateRead(
|
|||
return logical.ErrorResponse(fmt.Sprintf("unknown role: %s", name)), nil
|
||||
}
|
||||
|
||||
// Determine if we have a lease
|
||||
lease, err := b.Lease(req.Storage)
|
||||
// Determine if we have a lease configuration
|
||||
leaseConfig, err := b.LeaseConfig(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if lease == nil {
|
||||
lease = &configLease{Lease: 1 * time.Hour}
|
||||
if leaseConfig == nil {
|
||||
leaseConfig = &configLease{}
|
||||
}
|
||||
|
||||
// Generate our username and password
|
||||
|
|
@ -108,7 +107,7 @@ func (b *backend) pathCredsCreateRead(
|
|||
}, map[string]interface{}{
|
||||
"username": username,
|
||||
})
|
||||
resp.Secret.TTL = lease.Lease
|
||||
resp.Secret.TTL = leaseConfig.TTL
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,15 +33,15 @@ func secretCreds(b *backend) *framework.Secret {
|
|||
func (b *backend) secretCredsRenew(
|
||||
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||
// Get the lease information
|
||||
lease, err := b.Lease(req.Storage)
|
||||
leaseConfig, err := b.LeaseConfig(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if lease == nil {
|
||||
lease = &configLease{}
|
||||
if leaseConfig == nil {
|
||||
leaseConfig = &configLease{}
|
||||
}
|
||||
|
||||
f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, b.System())
|
||||
f := framework.LeaseExtend(leaseConfig.TTL, leaseConfig.TTLMax, b.System())
|
||||
return f(req, d)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue