diff --git a/command/server.go b/command/server.go index fdc0235fd7..b24972daa8 100644 --- a/command/server.go +++ b/command/server.go @@ -125,15 +125,15 @@ func (c *ServerCommand) Run(args []string) int { // Initialize the core core, err := vault.NewCore(&vault.CoreConfig{ - AdvertiseAddr: config.Backend.AdvertiseAddr, - Physical: backend, - AuditBackends: c.AuditBackends, - CredentialBackends: c.CredentialBackends, - LogicalBackends: c.LogicalBackends, - Logger: logger, - DisableMlock: config.DisableMlock, - MaxLeaseDuration: config.MaxLeaseDuration, - DefaultLeaseDuration: config.DefaultLeaseDuration, + AdvertiseAddr: config.Backend.AdvertiseAddr, + Physical: backend, + AuditBackends: c.AuditBackends, + CredentialBackends: c.CredentialBackends, + LogicalBackends: c.LogicalBackends, + Logger: logger, + DisableMlock: config.DisableMlock, + MaxLeaseTTL: config.MaxLeaseTTL, + DefaultLeaseTTL: config.DefaultLeaseTTL, }) if err != nil { c.Ui.Error(fmt.Sprintf("Error initializing core: %s", err)) diff --git a/command/server/config.go b/command/server/config.go index d2a3c5b504..d9d8764edd 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -22,10 +22,10 @@ type Config struct { Telemetry *Telemetry `hcl:"telemetry"` - MaxLeaseDuration time.Duration `hcl:"-"` - MaxLeaseDurationRaw string `hcl:"max_lease_duration"` - DefaultLeaseDuration time.Duration `hcl:"-"` - DefaultLeaseDurationRaw string `hcl:"default_lease_duration"` + MaxLeaseTTL time.Duration `hcl:"-"` + MaxLeaseTTLRaw string `hcl:"max_lease_ttl"` + DefaultLeaseTTL time.Duration `hcl:"-"` + DefaultLeaseTTLRaw string `hcl:"default_lease_ttl"` } // DevConfig is a Config that is used for dev mode of Vault. @@ -48,8 +48,8 @@ func DevConfig() *Config { Telemetry: &Telemetry{}, - MaxLeaseDuration: 30 * 24 * time.Hour, - DefaultLeaseDuration: 30 * 24 * time.Hour, + MaxLeaseTTL: 30 * 24 * time.Hour, + DefaultLeaseTTL: 30 * 24 * time.Hour, } } @@ -113,14 +113,14 @@ func (c *Config) Merge(c2 *Config) *Config { } // merge these integers via a MAX operation - result.MaxLeaseDuration = c.MaxLeaseDuration - if c2.MaxLeaseDuration > result.MaxLeaseDuration { - result.MaxLeaseDuration = c2.MaxLeaseDuration + result.MaxLeaseTTL = c.MaxLeaseTTL + if c2.MaxLeaseTTL > result.MaxLeaseTTL { + result.MaxLeaseTTL = c2.MaxLeaseTTL } - result.DefaultLeaseDuration = c.DefaultLeaseDuration - if c2.DefaultLeaseDuration > result.DefaultLeaseDuration { - result.DefaultLeaseDuration = c2.DefaultLeaseDuration + result.DefaultLeaseTTL = c.DefaultLeaseTTL + if c2.DefaultLeaseTTL > result.DefaultLeaseTTL { + result.DefaultLeaseTTL = c2.DefaultLeaseTTL } return result @@ -161,13 +161,13 @@ func LoadConfigFile(path string) (*Config, error) { return nil, err } - if result.MaxLeaseDurationRaw != "" { - if result.MaxLeaseDuration, err = time.ParseDuration(result.MaxLeaseDurationRaw); err != nil { + if result.MaxLeaseTTLRaw != "" { + if result.MaxLeaseTTL, err = time.ParseDuration(result.MaxLeaseTTLRaw); err != nil { return nil, err } } - if result.DefaultLeaseDurationRaw != "" { - if result.DefaultLeaseDuration, err = time.ParseDuration(result.DefaultLeaseDurationRaw); err != nil { + if result.DefaultLeaseTTLRaw != "" { + if result.DefaultLeaseTTL, err = time.ParseDuration(result.DefaultLeaseTTLRaw); err != nil { return nil, err } } diff --git a/command/server/config_test.go b/command/server/config_test.go index bf72fdf283..95456424c1 100644 --- a/command/server/config_test.go +++ b/command/server/config_test.go @@ -31,17 +31,17 @@ func TestLoadConfigFile(t *testing.T) { }, Telemetry: &Telemetry{ - StatsdAddr: "bar", - StatsiteAddr: "foo", + StatsdAddr: "bar", + StatsiteAddr: "foo", DisableHostname: false, }, DisableMlock: true, - MaxLeaseDuration: 10 * time.Hour, - MaxLeaseDurationRaw: "10h", - DefaultLeaseDuration: 10 * time.Hour, - DefaultLeaseDurationRaw: "10h", + MaxLeaseTTL: 10 * time.Hour, + MaxLeaseTTLRaw: "10h", + DefaultLeaseTTL: 10 * time.Hour, + DefaultLeaseTTLRaw: "10h", } if !reflect.DeepEqual(config, expected) { t.Fatalf("bad: %#v", config) @@ -72,15 +72,15 @@ func TestLoadConfigFile_json(t *testing.T) { }, Telemetry: &Telemetry{ - StatsiteAddr: "baz", - StatsdAddr: "", + StatsiteAddr: "baz", + StatsdAddr: "", DisableHostname: false, }, - MaxLeaseDuration: 10 * time.Hour, - MaxLeaseDurationRaw: "10h", - DefaultLeaseDuration: 10 * time.Hour, - DefaultLeaseDurationRaw: "10h", + MaxLeaseTTL: 10 * time.Hour, + MaxLeaseTTLRaw: "10h", + DefaultLeaseTTL: 10 * time.Hour, + DefaultLeaseTTLRaw: "10h", } if !reflect.DeepEqual(config, expected) { t.Fatalf("bad: %#v", config) @@ -111,8 +111,8 @@ func TestLoadConfigFile_json2(t *testing.T) { }, Telemetry: &Telemetry{ - StatsiteAddr: "foo", - StatsdAddr: "bar", + StatsiteAddr: "foo", + StatsdAddr: "bar", DisableHostname: true, }, } @@ -147,13 +147,13 @@ func TestLoadConfigDir(t *testing.T) { }, Telemetry: &Telemetry{ - StatsiteAddr: "qux", - StatsdAddr: "baz", + StatsiteAddr: "qux", + StatsdAddr: "baz", DisableHostname: true, }, - MaxLeaseDuration: 10 * time.Hour, - DefaultLeaseDuration: 10 * time.Hour, + MaxLeaseTTL: 10 * time.Hour, + DefaultLeaseTTL: 10 * time.Hour, } if !reflect.DeepEqual(config, expected) { t.Fatalf("bad: %#v", config) diff --git a/command/server/test-fixtures/config-dir/bar.json b/command/server/test-fixtures/config-dir/bar.json index d1a3de0143..677e81aae1 100644 --- a/command/server/test-fixtures/config-dir/bar.json +++ b/command/server/test-fixtures/config-dir/bar.json @@ -5,5 +5,5 @@ } }, - "max_lease_duration": "10h" + "max_lease_ttl": "10h" } diff --git a/command/server/test-fixtures/config-dir/baz.hcl b/command/server/test-fixtures/config-dir/baz.hcl index 6d8640927c..e57d76581a 100644 --- a/command/server/test-fixtures/config-dir/baz.hcl +++ b/command/server/test-fixtures/config-dir/baz.hcl @@ -4,4 +4,4 @@ telemetry { disable_hostname = true } -default_lease_duration = "10h" +default_lease_ttl = "10h" diff --git a/command/server/test-fixtures/config.hcl b/command/server/test-fixtures/config.hcl index 8e560486ab..3d13a13c1e 100644 --- a/command/server/test-fixtures/config.hcl +++ b/command/server/test-fixtures/config.hcl @@ -11,5 +11,5 @@ backend "consul" { advertise_addr = "foo" } -max_lease_duration = "10h" -default_lease_duration = "10h" +max_lease_ttl = "10h" +default_lease_ttl = "10h" diff --git a/command/server/test-fixtures/config.hcl.json b/command/server/test-fixtures/config.hcl.json index 668653bf98..a47ba5c872 100644 --- a/command/server/test-fixtures/config.hcl.json +++ b/command/server/test-fixtures/config.hcl.json @@ -15,6 +15,6 @@ "statsite_address": "baz" }, - "max_lease_duration": "10h", - "default_lease_duration": "10h" + "max_lease_ttl": "10h", + "default_lease_ttl": "10h" } diff --git a/vault/core.go b/vault/core.go index a324464000..ca9fe8e842 100644 --- a/vault/core.go +++ b/vault/core.go @@ -239,25 +239,25 @@ type Core struct { // metricsCh is used to stop the metrics streaming metricsCh chan struct{} - defaultLeaseDuration time.Duration - maxLeaseDuration time.Duration + defaultLeaseTTL time.Duration + maxLeaseTTL time.Duration logger *log.Logger } // CoreConfig is used to parameterize a core type CoreConfig struct { - LogicalBackends map[string]logical.Factory - CredentialBackends map[string]logical.Factory - AuditBackends map[string]audit.Factory - Physical physical.Backend - Logger *log.Logger - DisableCache bool // Disables the LRU cache on the physical backend - DisableMlock bool // Disables mlock syscall - CacheSize int // Custom cache size of zero for default - AdvertiseAddr string // Set as the leader address for HA - DefaultLeaseDuration time.Duration - MaxLeaseDuration time.Duration + LogicalBackends map[string]logical.Factory + CredentialBackends map[string]logical.Factory + AuditBackends map[string]audit.Factory + Physical physical.Backend + Logger *log.Logger + DisableCache bool // Disables the LRU cache on the physical backend + DisableMlock bool // Disables mlock syscall + CacheSize int // Custom cache size of zero for default + AdvertiseAddr string // Set as the leader address for HA + DefaultLeaseTTL time.Duration + MaxLeaseTTL time.Duration } // NewCore is used to construct a new core @@ -271,15 +271,15 @@ func NewCore(conf *CoreConfig) (*Core, error) { return nil, fmt.Errorf("missing advertisement address") } - if conf.DefaultLeaseDuration == 0 { - conf.DefaultLeaseDuration = defaultLeaseDuration + if conf.DefaultLeaseTTL == 0 { + conf.DefaultLeaseTTL = defaultLeaseTTL } - if conf.MaxLeaseDuration == 0 { - conf.MaxLeaseDuration = maxLeaseDuration + if conf.MaxLeaseTTL == 0 { + conf.MaxLeaseTTL = maxLeaseTTL } - if conf.DefaultLeaseDuration > conf.MaxLeaseDuration { - return nil, fmt.Errorf("cannot have DefaultLeaseDuration larger than MaxLeaseDuration") + if conf.DefaultLeaseTTL > conf.MaxLeaseTTL { + return nil, fmt.Errorf("cannot have DefaultLeaseTTL larger than MaxLeaseTTL") } // Validate the advertise addr if its given to us @@ -333,16 +333,16 @@ func NewCore(conf *CoreConfig) (*Core, error) { // Setup the core c := &Core{ - ha: haBackend, - advertiseAddr: conf.AdvertiseAddr, - physical: conf.Physical, - barrier: barrier, - router: NewRouter(), - sealed: true, - standby: true, - logger: conf.Logger, - defaultLeaseDuration: conf.DefaultLeaseDuration, - maxLeaseDuration: conf.MaxLeaseDuration, + ha: haBackend, + advertiseAddr: conf.AdvertiseAddr, + physical: conf.Physical, + barrier: barrier, + router: NewRouter(), + sealed: true, + standby: true, + logger: conf.Logger, + defaultLeaseTTL: conf.DefaultLeaseTTL, + maxLeaseTTL: conf.MaxLeaseTTL, } // Setup the backends @@ -479,12 +479,12 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r if resp != nil && resp.Secret != nil && !strings.HasPrefix(req.Path, "sys/renew/") { // Apply the default lease if none given if resp.Secret.TTL == 0 { - resp.Secret.TTL = c.defaultLeaseDuration + resp.Secret.TTL = c.defaultLeaseTTL } // Limit the lease duration - if resp.Secret.TTL > c.maxLeaseDuration { - resp.Secret.TTL = c.maxLeaseDuration + if resp.Secret.TTL > c.maxLeaseTTL { + resp.Secret.TTL = c.maxLeaseTTL } // Register the lease @@ -511,12 +511,12 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r // Set the default lease if non-provided, root tokens are exempt if resp.Auth.TTL == 0 && !strListContains(resp.Auth.Policies, "root") { - resp.Auth.TTL = c.defaultLeaseDuration + resp.Auth.TTL = c.defaultLeaseTTL } // Limit the lease duration - if resp.Auth.TTL > c.maxLeaseDuration { - resp.Auth.TTL = c.maxLeaseDuration + if resp.Auth.TTL > c.maxLeaseTTL { + resp.Auth.TTL = c.maxLeaseTTL } // Register with the expiration manager @@ -583,12 +583,12 @@ func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, *log // Set the default lease if non-provided, root tokens are exempt if auth.TTL == 0 && !strListContains(auth.Policies, "root") { - auth.TTL = c.defaultLeaseDuration + auth.TTL = c.defaultLeaseTTL } // Limit the lease duration - if resp.Auth.TTL > c.maxLeaseDuration { - resp.Auth.TTL = c.maxLeaseDuration + if resp.Auth.TTL > c.maxLeaseTTL { + resp.Auth.TTL = c.maxLeaseTTL } // Register with the expiration manager diff --git a/vault/core_test.go b/vault/core_test.go index f71ddecd6b..519f7c582d 100644 --- a/vault/core_test.go +++ b/vault/core_test.go @@ -442,7 +442,7 @@ func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) { if resp == nil || resp.Secret == nil || resp.Data == nil { t.Fatalf("bad: %#v", resp) } - if resp.Secret.TTL != c.maxLeaseDuration { + if resp.Secret.TTL != c.maxLeaseTTL { t.Fatalf("bad: %#v", resp.Secret) } if resp.Secret.LeaseID == "" { @@ -483,7 +483,7 @@ func TestCore_HandleRequest_Lease_DefaultLength(t *testing.T) { if resp == nil || resp.Secret == nil || resp.Data == nil { t.Fatalf("bad: %#v", resp) } - if resp.Secret.TTL != c.defaultLeaseDuration { + if resp.Secret.TTL != c.defaultLeaseTTL { t.Fatalf("bad: %#v", resp.Secret) } if resp.Secret.LeaseID == "" { @@ -829,7 +829,7 @@ func TestCore_HandleLogin_Token(t *testing.T) { } // Check that we have a lease with default duration - if lresp.Auth.TTL != c.defaultLeaseDuration { + if lresp.Auth.TTL != c.defaultLeaseTTL { t.Fatalf("bad: %#v", lresp.Auth) } } @@ -1016,7 +1016,7 @@ func TestCore_HandleRequest_CreateToken_Lease(t *testing.T) { } // Check that we have a lease with default duration - if resp.Auth.TTL != c.defaultLeaseDuration { + if resp.Auth.TTL != c.defaultLeaseTTL { t.Fatalf("bad: %#v", resp.Auth) } } diff --git a/vault/expiration.go b/vault/expiration.go index 525779088d..11454e4211 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -36,10 +36,10 @@ const ( minRevokeDelay = 5 * time.Second // maxLeaseDuration is the default maximum lease duration - maxLeaseDuration = 30 * 24 * time.Hour + maxLeaseTTL = 30 * 24 * time.Hour // defaultLeaseDuration is the default lease duration used when no lease is specified - defaultLeaseDuration = maxLeaseDuration + defaultLeaseTTL = maxLeaseTTL ) // ExpirationManager is used by the Core to manage leases. Secrets