defaults for token key and TTL parsing reworked, fix parse bug

builtin/logical/aws/client.go

@@ -62,7 +62,7 @@ func (b *backend) getRootConfig(ctx context.Context, s logical.Storage, clientTy
 				key:      config.IdentityTokenKey,
 				audience: config.IdentityTokenAudience,
 				ns:       ns,
-				ttl:      time.Duration(config.IdentityTokenTTLSeconds) * time.Second,
+				ttl:      time.Duration(config.IdentityTokenTTL) * time.Second,
 			}
 
 			sessionSuffix := strconv.FormatInt(time.Now().UnixNano(), 10)

builtin/logical/aws/path_config_root.go

@@ -142,7 +142,7 @@ func (b *backend) pathConfigRootWrite(ctx context.Context, req *logical.Request,
 		UsernameTemplate: usernameTemplate,
 		RoleARN:          roleARN,
 	}
-	if err := rc.ParsePluginIdentityTokenFields(req, data); err != nil {
+	if err := rc.ParsePluginIdentityTokenFields(data); err != nil {
 		return logical.ErrorResponse(err.Error()), nil
 	}
 

sdk/helper/pluginidentityutil/fields.go

@@ -8,7 +8,6 @@ import (
 	"time"
 
 	"github.com/hashicorp/vault/sdk/framework"
-	"github.com/hashicorp/vault/sdk/logical"
 )
 
 // PluginIdentityTokenParams contains a set of common parameters that plugins
@@ -16,31 +15,32 @@ import (
 type PluginIdentityTokenParams struct {
 	// IdentityTokenKey is the named key used to sign tokens
 	IdentityTokenKey string `json:"identity_token_key"`
-	// IdentityTokenTTLSeconds is the duration that tokens will be valid for
+	// IdentityTokenTTL is the duration that tokens will be valid for
-	IdentityTokenTTLSeconds time.Duration `json:"identity_token_ttl_seconds"`
+	IdentityTokenTTL time.Duration `json:"identity_token_ttl"`
 	// IdentityTokenAudience identifies the recipient of the token
 	IdentityTokenAudience string `json:"identity_token_audience"`
 }
 
 // ParsePluginIdentityTokenFields provides common field parsing to embedding structs.
-func (p *PluginIdentityTokenParams) ParsePluginIdentityTokenFields(req *logical.Request, d *framework.FieldData) error {
+func (p *PluginIdentityTokenParams) ParsePluginIdentityTokenFields(d *framework.FieldData) error {
 	if tokenKeyRaw, ok := d.GetOk("identity_token_key"); ok {
 		p.IdentityTokenKey = tokenKeyRaw.(string)
-	} else if req.Operation == logical.CreateOperation {
+	}
-		p.IdentityTokenKey = d.GetDefaultOrZero("identity_token_key").(string)
+	if p.IdentityTokenKey == "" {
+		p.IdentityTokenKey = "default"
 	}
 
-	if tokenTTLRaw, ok := d.GetOk("identity_token_ttl_seconds"); ok {
+	if tokenTTLRaw, ok := d.GetOk("identity_token_ttl"); ok {
-		p.IdentityTokenTTLSeconds = time.Duration(tokenTTLRaw.(int)) * time.Second
+		p.IdentityTokenTTL = time.Duration(tokenTTLRaw.(int)) * time.Second
-	} else if req.Operation == logical.CreateOperation {
+	}
-		p.IdentityTokenTTLSeconds = time.Duration(
+	if p.IdentityTokenTTL == 0 {
-			d.GetDefaultOrZero("identity_token_ttl_seconds").(int)) * time.Second
+		p.IdentityTokenTTL = time.Duration(3600) * time.Second
 	}
 
 	if tokenAudienceRaw, ok := d.GetOk("identity_token_audience"); ok {
 		p.IdentityTokenAudience = tokenAudienceRaw.(string)
 	}
-	// TODO: required? default?
+	// TODO: audience required? default?
 
 	return nil
 }
@@ -48,7 +48,7 @@ func (p *PluginIdentityTokenParams) ParsePluginIdentityTokenFields(req *logical.
 // PopulatePluginIdentityTokenData adds PluginIdentityTokenParams info into the given map.
 func (p *PluginIdentityTokenParams) PopulatePluginIdentityTokenData(m map[string]interface{}) {
 	m["identity_token_key"] = p.IdentityTokenKey
-	m["identity_token_ttl_seconds"] = int64(p.IdentityTokenTTLSeconds.Seconds())
+	m["identity_token_ttl"] = int64(p.IdentityTokenTTL.Seconds())
 	m["identity_token_audience"] = p.IdentityTokenAudience
 }
 
@@ -58,27 +58,18 @@ func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema) {
 	fields := map[string]*framework.FieldSchema{
 		"identity_token_audience": {
 			Type:        framework.TypeString,
-			Description: "",
+			Description: "Audience of plugin identity tokens",
 			Default:     "",
-			DisplayAttrs: &framework.DisplayAttributes{
-				Name: "Audience of plugin identity tokens",
-			},
 		},
 		"identity_token_key": {
 			Type:        framework.TypeString,
-			Description: "",
+			Description: "Key used to sign plugin identity tokens",
 			Default:     "default",
-			DisplayAttrs: &framework.DisplayAttributes{
-				Name: "Key used to sign plugin identity tokens",
-			},
 		},
 		"identity_token_ttl": {
 			Type:        framework.TypeDurationSecond,
-			Description: "",
+			Description: "Time-to-live of plugin identity tokens",
-			DisplayAttrs: &framework.DisplayAttributes{
+			Default:     3600,
-				Name: "Time-to-live of plugin identity tokens",
-			},
-			Default: 3600,
 		},
 	}