open-vault/vault/dynamic_system_view.go

59 lines
1.3 KiB
Go

package vault
import "time"
type dynamicSystemView struct {
core *Core
mountEntry *MountEntry
}
func (d dynamicSystemView) DefaultLeaseTTL() time.Duration {
def, _ := d.fetchTTLs()
return def
}
func (d dynamicSystemView) MaxLeaseTTL() time.Duration {
_, max := d.fetchTTLs()
return max
}
func (d dynamicSystemView) SudoPrivilege(path string, token string) bool {
// Resolve the token policy
te, err := d.core.tokenStore.Lookup(token)
if err != nil {
d.core.logger.Printf("[ERR] core: failed to lookup token: %v", err)
return false
}
// Ensure the token is valid
if te == nil {
d.core.logger.Printf("[ERR] entry not found for token: %s", token)
return false
}
// Construct the corresponding ACL object
acl, err := d.core.policy.ACL(te.Policies...)
if err != nil {
d.core.logger.Printf("[ERR] failed to retrieve ACL for policies [%#v]: %s", te.Policies, err)
return false
}
return acl.RootPrivilege(path)
}
// TTLsByPath returns the default and max TTLs corresponding to a particular
// mount point, or the system default
func (d dynamicSystemView) fetchTTLs() (def, max time.Duration) {
def = d.core.defaultLeaseTTL
max = d.core.maxLeaseTTL
if d.mountEntry.Config.DefaultLeaseTTL != 0 {
def = d.mountEntry.Config.DefaultLeaseTTL
}
if d.mountEntry.Config.MaxLeaseTTL != 0 {
max = d.mountEntry.Config.MaxLeaseTTL
}
return
}