Make "ttl" reflect the actual TTL of the token in lookup calls.
Add a new value "creation_ttl" which holds the value at creation time. Fixes #986
This commit is contained in:
parent
0f5db5da6c
commit
ff3adce39e
|
@ -126,6 +126,7 @@ func TestLogical_StandbyRedirect(t *testing.T) {
|
|||
"orphan": true,
|
||||
"id": root,
|
||||
"ttl": float64(0),
|
||||
"creation_ttl": float64(0),
|
||||
},
|
||||
"warnings": nilWarnings,
|
||||
"auth": nil,
|
||||
|
|
|
@ -262,6 +262,7 @@ func TestSysGenerateRoot_Update_OTP(t *testing.T) {
|
|||
"num_uses": float64(0),
|
||||
"policies": []interface{}{"root"},
|
||||
"orphan": true,
|
||||
"creation_ttl": float64(0),
|
||||
"ttl": float64(0),
|
||||
"path": "auth/token/root",
|
||||
}
|
||||
|
@ -341,6 +342,7 @@ func TestSysGenerateRoot_Update_PGP(t *testing.T) {
|
|||
"num_uses": float64(0),
|
||||
"policies": []interface{}{"root"},
|
||||
"orphan": true,
|
||||
"creation_ttl": float64(0),
|
||||
"ttl": float64(0),
|
||||
"path": "auth/token/root",
|
||||
}
|
||||
|
|
|
@ -77,9 +77,6 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
|
|||
|
||||
// Setup the framework endpoints
|
||||
t.Backend = &framework.Backend{
|
||||
// Allow a token lease to be extended indefinitely, but each time for only
|
||||
// as much as the original lease allowed for. If the lease has a 1 hour expiration,
|
||||
// it can only be extended up to another hour each time this means.
|
||||
AuthRenew: t.authRenew,
|
||||
|
||||
PathsSpecial: &logical.Paths{
|
||||
|
@ -841,7 +838,8 @@ func (ts *TokenStore) handleLookup(
|
|||
"num_uses": out.NumUses,
|
||||
"orphan": false,
|
||||
"creation_time": int64(out.CreationTime),
|
||||
"ttl": int64(out.TTL.Seconds()),
|
||||
"creation_ttl": int64(out.TTL.Seconds()),
|
||||
"ttl": int64(0),
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -854,9 +852,14 @@ func (ts *TokenStore) handleLookup(
|
|||
if err != nil {
|
||||
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
|
||||
}
|
||||
if leaseTimes != nil && !leaseTimes.LastRenewalTime.IsZero() {
|
||||
if leaseTimes != nil {
|
||||
if !leaseTimes.LastRenewalTime.IsZero() {
|
||||
resp.Data["last_renewal_time"] = leaseTimes.LastRenewalTime.Unix()
|
||||
}
|
||||
if !leaseTimes.ExpireTime.IsZero() {
|
||||
resp.Data["ttl"] = int64(leaseTimes.ExpireTime.Sub(time.Now().Round(time.Second)).Seconds())
|
||||
}
|
||||
}
|
||||
|
||||
return resp, nil
|
||||
}
|
||||
|
|
|
@ -837,6 +837,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
|
|||
"display_name": "root",
|
||||
"orphan": true,
|
||||
"num_uses": 0,
|
||||
"creation_ttl": int64(0),
|
||||
"ttl": int64(0),
|
||||
}
|
||||
|
||||
|
@ -868,6 +869,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
|
|||
"display_name": "token",
|
||||
"orphan": false,
|
||||
"num_uses": 0,
|
||||
"creation_ttl": int64(3600),
|
||||
"ttl": int64(3600),
|
||||
}
|
||||
|
||||
|
@ -876,6 +878,11 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) {
|
|||
}
|
||||
delete(resp.Data, "creation_time")
|
||||
|
||||
// Depending on timing of the test this may have ticked down, so accept 3599
|
||||
if resp.Data["ttl"].(int64) == 3599 {
|
||||
resp.Data["ttl"] = int64(3600)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(resp.Data, exp) {
|
||||
t.Fatalf("bad:\n%#v\nexp:\n%#v\n", resp.Data, exp)
|
||||
}
|
||||
|
@ -964,6 +971,7 @@ func TestTokenStore_HandleRequest_LookupSelf(t *testing.T) {
|
|||
"display_name": "root",
|
||||
"orphan": true,
|
||||
"num_uses": 0,
|
||||
"creation_ttl": int64(0),
|
||||
"ttl": int64(0),
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue