http: renew endpoints

http/handler.go

@@ -26,6 +26,7 @@ func Handler(core *vault.Core) http.Handler {
 	mux.Handle("/v1/sys/remount", handleSysRemount(core))
 	mux.Handle("/v1/sys/policy", handleSysListPolicies(core))
 	mux.Handle("/v1/sys/policy/", handleSysPolicy(core))
+	mux.Handle("/v1/sys/renew/", handleSysRenew(core))
 	mux.Handle("/v1/sys/revoke/", handleSysRevoke(core))
 	mux.Handle("/v1/sys/revoke-prefix/", handleSysRevokePrefix(core))
 	mux.Handle("/v1/sys/auth/", handleSysAuth(core))

http/logical.go

@@ -73,6 +73,12 @@ func handleLogical(core *vault.Core) http.Handler {
 			return
 		}
 
+		// Build the proper response
+		respondLogical(w, r, resp)
+	})
+}
+
+func respondLogical(w http.ResponseWriter, r *http.Request, resp *logical.Response) {
 	var httpResp interface{}
 	if resp != nil {
 		if resp.Redirect != "" {
@@ -119,7 +125,6 @@ func handleLogical(core *vault.Core) http.Handler {
 
 	// Respond
 	respondOk(w, httpResp)
-	})
 }
 
 type LogicalResponse struct {

http/sys_lease.go

@@ -1,6 +1,7 @@
 package http
 
 import (
+	"io"
 	"net/http"
 	"strings"
 
@@ -8,6 +9,49 @@ import (
 	"github.com/hashicorp/vault/vault"
 )
 
+func handleSysRenew(core *vault.Core) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "PUT" {
+			respondError(w, http.StatusMethodNotAllowed, nil)
+			return
+		}
+
+		// Determine the path...
+		prefix := "/v1/sys/renew/"
+		if !strings.HasPrefix(r.URL.Path, prefix) {
+			respondError(w, http.StatusNotFound, nil)
+			return
+		}
+		path := r.URL.Path[len(prefix):]
+		if path == "" {
+			respondError(w, http.StatusNotFound, nil)
+			return
+		}
+
+		// Parse the request if we can
+		var req RenewRequest
+		if err := parseRequest(r, &req); err != nil {
+			if err != io.EOF {
+				respondError(w, http.StatusBadRequest, err)
+				return
+			}
+		}
+
+		resp, ok := request(core, w, requestAuth(r, &logical.Request{
+			Operation: logical.WriteOperation,
+			Path:      "sys/renew/" + path,
+			Data: map[string]interface{}{
+				"increment": req.Increment,
+			},
+		}))
+		if !ok {
+			return
+		}
+
+		respondLogical(w, r, resp)
+	})
+}
+
 func handleSysRevoke(core *vault.Core) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != "PUT" {
@@ -71,3 +115,7 @@ func handleSysRevokePrefix(core *vault.Core) http.Handler {
 		respondOk(w, nil)
 	})
 }
+
+type RenewRequest struct {
+	Increment int `json:"increment"`
+}

http/sys_lease_test.go

@@ -1,11 +1,44 @@
 package http
 
 import (
+	"encoding/json"
+	"net/http"
 	"testing"
 
 	"github.com/hashicorp/vault/vault"
 )
 
+func TestSysRenew(t *testing.T) {
+	core, _, token := vault.TestCoreUnsealed(t)
+	ln, addr := TestServer(t, core)
+	defer ln.Close()
+	TestServerAuth(t, addr, token)
+
+	// write secret
+	resp := testHttpPut(t, addr+"/v1/secret/foo", map[string]interface{}{
+		"data":  "bar",
+		"lease": "1h",
+	})
+	testResponseStatus(t, resp, 204)
+
+	// read secret
+	resp, err := http.Get(addr + "/v1/secret/foo")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	var result struct {
+		LeaseId string `json:"lease_id"`
+	}
+	dec := json.NewDecoder(resp.Body)
+	if err := dec.Decode(&result); err != nil {
+		t.Fatalf("bad: %s", err)
+	}
+
+	resp = testHttpPut(t, addr+"/v1/sys/renew/"+result.LeaseId, nil)
+	testResponseStatus(t, resp, 200)
+}
+
 func TestSysRevoke(t *testing.T) {
 	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)

vault/logical_passthrough.go

@@ -93,7 +93,7 @@ func (b *PassthroughBackend) handleRead(
 	if ok {
 		leaseDuration, err := time.ParseDuration(leaseVal)
 		if err == nil {
-			resp.Secret.Renewable = false
+			resp.Secret.Renewable = true
 			resp.Secret.Lease = leaseDuration
 		}
 	}