Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod

2025-11-02 11:38:02 +00:00 · 2015-08-20 17:47:17 -07:00
parent 8281965d7c
commit 97112665e8
24 changed files with 113 additions and 108 deletions
--- a/audit/hashstructure_test.go
+++ b/audit/hashstructure_test.go
@@ -14,7 +14,7 @@ func TestCopy_auth(t *testing.T) {
 	// Make a non-pointer one so that it can't be modified directly
 	expected := logical.Auth{
 		LeaseOptions: logical.LeaseOptions{
-			Lease:      1 * time.Hour,
+			TTL:        1 * time.Hour,
 			LeaseIssue: time.Now().UTC(),
 		},

@@ -121,7 +121,7 @@ func TestHash(t *testing.T) {
 		{
 			&logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					Lease:      1 * time.Hour,
+					TTL:        1 * time.Hour,
 					LeaseIssue: now,
 				},

@@ -129,7 +129,7 @@ func TestHash(t *testing.T) {
 			},
 			&logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					Lease:      1 * time.Hour,
+					TTL:        1 * time.Hour,
 					LeaseIssue: now,
 				},

--- a/builtin/credential/cert/backend_test.go
+++ b/builtin/credential/cert/backend_test.go
@@ -64,7 +64,7 @@ func testAccStepLogin(t *testing.T, connState tls.ConnectionState) logicaltest.T
 		Unauthenticated: true,
 		ConnState:       &connState,
 		Check: func(resp *logical.Response) error {
-			if resp.Auth.Lease != 1000*time.Second {
+			if resp.Auth.TTL != 1000*time.Second {
 				t.Fatalf("bad lease length: %#v", resp.Auth)
 			}

--- a/builtin/credential/cert/path_certs.go
+++ b/builtin/credential/cert/path_certs.go
@@ -129,7 +129,7 @@ func (b *backend) pathCertWrite(
 		Certificate: certificate,
 		DisplayName: displayName,
 		Policies:    policies,
-		Lease:       leaseDur,
+		TTL:         leaseDur,
 	})
 	if err != nil {
 		return nil, err
@@ -145,7 +145,7 @@ type CertEntry struct {
 	Certificate string
 	DisplayName string
 	Policies    []string
-	Lease       time.Duration
+	TTL         time.Duration
 }

 const pathCertHelpSyn = `
--- a/builtin/credential/cert/path_login.go
+++ b/builtin/credential/cert/path_login.go
@@ -66,7 +66,7 @@ func (b *backend) pathLogin(
 			},
 			LeaseOptions: logical.LeaseOptions{
 				Renewable: true,
-				Lease:     matched.Entry.Lease,
+				TTL:       matched.Entry.TTL,
 			},
 		},
 	}
@@ -187,5 +187,5 @@ func (b *backend) pathLoginRenew(
 		return nil, nil
 	}

-	return framework.LeaseExtend(cert.Lease, 0, false)(req, d)
+	return framework.LeaseExtend(cert.TTL, 0, false)(req, d)
 }
--- a/builtin/logical/cassandra/path_creds_create.go
+++ b/builtin/logical/cassandra/path_creds_create.go
@@ -77,8 +77,8 @@ func (b *backend) pathCredsCreateRead(
 		"username": username,
 		"role":     name,
 	})
-	resp.Secret.Lease = role.Lease
-	resp.Secret.LeaseGracePeriod = role.LeaseGracePeriod
+	resp.Secret.TTL = role.Lease
+	resp.Secret.GracePeriod = role.LeaseGracePeriod

 	return resp, nil
 }
--- a/builtin/logical/mysql/path_role_create.go
+++ b/builtin/logical/mysql/path_role_create.go
@@ -101,7 +101,7 @@ func (b *backend) pathRoleCreateRead(
 	}, map[string]interface{}{
 		"username": username,
 	})
-	resp.Secret.Lease = lease.Lease
+	resp.Secret.TTL = lease.Lease
 	return resp, nil
 }

--- a/builtin/logical/pki/path_issue.go
+++ b/builtin/logical/pki/path_issue.go
@@ -177,7 +177,7 @@ func (b *backend) pathIssueCert(
 			"serial_number": cb.SerialNumber,
 		})

-	resp.Secret.Lease = lease
+	resp.Secret.TTL = lease

 	err = req.Storage.Put(&logical.StorageEntry{
 		Key:   "certs/" + cb.SerialNumber,
--- a/builtin/logical/postgresql/path_role_create.go
+++ b/builtin/logical/postgresql/path_role_create.go
@@ -105,7 +105,7 @@ func (b *backend) pathRoleCreateRead(
 	}, map[string]interface{}{
 		"username": username,
 	})
-	resp.Secret.Lease = lease.Lease
+	resp.Secret.TTL = lease.Lease
 	return resp, nil
 }

--- a/builtin/logical/ssh/path_creds_create.go
+++ b/builtin/logical/ssh/path_creds_create.go
@@ -155,14 +155,14 @@ func (b *backend) pathCredsCreateWrite(

 	// If the lease information is set, update it in secret.
 	if lease != nil {
-		result.Secret.Lease = lease.Lease
-		result.Secret.LeaseGracePeriod = lease.LeaseMax
+		result.Secret.TTL = lease.Lease
+		result.Secret.GracePeriod = lease.LeaseMax
 	}

 	// If lease information is not set, set it to 10 minutes.
 	if lease == nil {
-		result.Secret.Lease = 10 * time.Minute
-		result.Secret.LeaseGracePeriod = 2 * time.Minute
+		result.Secret.TTL = 10 * time.Minute
+		result.Secret.GracePeriod = 2 * time.Minute
 	}

 	return result, nil
@@ -257,7 +257,7 @@ Creates a credential for establishing SSH connection with the remote host.
 const pathCredsCreateHelpDesc = `
 This path will generate a new key for establishing SSH session with
 target host. The key can either be a long lived dynamic key or a One
-Time Password (OTP), using 'key_type' parameter being 'dynamic' or 
+Time Password (OTP), using 'key_type' parameter being 'dynamic' or
 'otp' respectively. For dynamic keys, a named key should be supplied.
 Create named key using the 'keys/' endpoint, and this represents the
 shared SSH key of target host. If this backend is mounted at 'ssh',
--- a/http/logical.go
+++ b/http/logical.go
@@ -101,7 +101,7 @@ func respondLogical(w http.ResponseWriter, r *http.Request, path string, dataOnl
 		if resp.Secret != nil {
 			logicalResp.LeaseID = resp.Secret.LeaseID
 			logicalResp.Renewable = resp.Secret.Renewable
-			logicalResp.LeaseDuration = int(resp.Secret.Lease.Seconds())
+			logicalResp.LeaseDuration = int(resp.Secret.TTL.Seconds())
 		}

 		// If we have authentication information, then set the cookie
@@ -129,7 +129,7 @@ func respondLogical(w http.ResponseWriter, r *http.Request, path string, dataOnl
 				ClientToken:   resp.Auth.ClientToken,
 				Policies:      resp.Auth.Policies,
 				Metadata:      resp.Auth.Metadata,
-				LeaseDuration: int(resp.Auth.Lease.Seconds()),
+				LeaseDuration: int(resp.Auth.TTL.Seconds()),
 				Renewable:     resp.Auth.Renewable,
 			}
 		}
--- a/logical/framework/backend_test.go
+++ b/logical/framework/backend_test.go
@@ -105,7 +105,6 @@ func TestBackendHandleRequest_badwrite(t *testing.T) {
 		Path:      "foo/bar",
 		Data:      map[string]interface{}{"value": "3false3"},
 	})
-	

 	if err == nil {
 		t.Fatalf("should have thrown a conversion error")
@@ -269,8 +268,8 @@ func TestBackendHandleRequest_renewExtend(t *testing.T) {
 		t.Fatal("should have secret")
 	}

-	if resp.Secret.Lease < 60*time.Minute || resp.Secret.Lease > 70*time.Minute {
-		t.Fatalf("bad: %s", resp.Secret.Lease)
+	if resp.Secret.TTL < 60*time.Minute || resp.Secret.TTL > 70*time.Minute {
+		t.Fatalf("bad: %s", resp.Secret.TTL)
 	}
 }

--- a/logical/framework/lease.go
+++ b/logical/framework/lease.go
@@ -27,7 +27,7 @@ func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc

 		// Check if we should limit max
 		if maxFromLease {
-			max = lease.Lease
+			max = lease.TTL
 		}

 		// Sanity check the desired increment
@@ -67,7 +67,12 @@ func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc
 		newLeaseDuration := requestedLease.Sub(now)

 		// Set the lease
-		lease.Lease = newLeaseDuration
+		lease.TTL = newLeaseDuration
+		var zeroDur time.Duration
+		if lease.Lease != zeroDur {
+			lease.Lease = newLeaseDuration
+		}
+
 		return &logical.Response{Auth: req.Auth, Secret: req.Secret}, nil
 	}
 }
--- a/logical/framework/lease_test.go
+++ b/logical/framework/lease_test.go
@@ -75,7 +75,7 @@ func TestLeaseExtend(t *testing.T) {
 		req := &logical.Request{
 			Auth: &logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					Lease:          1 * time.Hour,
+					TTL:            1 * time.Hour,
 					LeaseIssue:     now,
 					LeaseIncrement: tc.Request,
 				},
@@ -92,7 +92,7 @@ func TestLeaseExtend(t *testing.T) {
 		}

 		// Round it to the nearest hour
-		lease := now.Add(resp.Auth.Lease).Round(time.Hour).Sub(now)
+		lease := now.Add(resp.Auth.TTL).Round(time.Hour).Sub(now)
 		if lease != tc.Result {
 			t.Fatalf("bad: %s\nlease: %s", name, lease)
 		}
--- a/logical/framework/secret.go
+++ b/logical/framework/secret.go
@@ -51,9 +51,9 @@ func (s *Secret) Response(
 	return &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease:            s.DefaultDuration,
-				LeaseGracePeriod: s.DefaultGracePeriod,
-				Renewable:        s.Renewable(),
+				TTL:         s.DefaultDuration,
+				GracePeriod: s.DefaultGracePeriod,
+				Renewable:   s.Renewable(),
 			},
 			InternalData: internalData,
 		},
--- a/logical/lease.go
+++ b/logical/lease.go
@@ -7,9 +7,9 @@ import "time"
 type LeaseOptions struct {
 	// Lease is the duration that this secret is valid for. Vault
 	// will automatically revoke it after the duration + grace period.
-	Lease            time.Duration `json:"lease,omitempty"`
-	TTL              time.Duration `json:"ttl,omitempty"`
-	LeaseGracePeriod time.Duration `json:"lease_grace_period"`
+	Lease       time.Duration `json:"lease,omitempty"`
+	TTL         time.Duration `json:"ttl,omitempty"`
+	GracePeriod time.Duration `json:"grace_period"`

 	// Renewable, if true, means that this secret can be renewed.
 	Renewable bool `json:"renewable"`
@@ -28,20 +28,20 @@ type LeaseOptions struct {

 // LeaseEnabled checks if leasing is enabled
 func (l *LeaseOptions) LeaseEnabled() bool {
-	return l.Lease > 0
+	return l.TTL > 0
 }

 // LeaseTotal is the total lease time including the grace period
 func (l *LeaseOptions) LeaseTotal() time.Duration {
-	if l.Lease <= 0 {
+	if l.TTL <= 0 {
 		return 0
 	}

-	if l.LeaseGracePeriod < 0 {
-		return l.Lease
+	if l.GracePeriod < 0 {
+		return l.TTL
 	}

-	return l.Lease + l.LeaseGracePeriod
+	return l.TTL + l.GracePeriod
 }

 // ExpirationTime computes the time until expiration including the grace period
--- a/logical/lease_test.go
+++ b/logical/lease_test.go
@@ -7,10 +7,10 @@ import (

 func TestLeaseOptionsLeaseTotal(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = 1 * time.Hour
+	l.TTL = 1 * time.Hour

 	actual := l.LeaseTotal()
-	expected := l.Lease
+	expected := l.TTL
 	if actual != expected {
 		t.Fatalf("bad: %s", actual)
 	}
@@ -18,11 +18,11 @@ func TestLeaseOptionsLeaseTotal(t *testing.T) {

 func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = 1 * time.Hour
-	l.LeaseGracePeriod = 30 * time.Minute
+	l.TTL = 1 * time.Hour
+	l.GracePeriod = 30 * time.Minute

 	actual := l.LeaseTotal()
-	expected := l.Lease + l.LeaseGracePeriod
+	expected := l.TTL + l.GracePeriod
 	if actual != expected {
 		t.Fatalf("bad: %s", actual)
 	}
@@ -30,8 +30,8 @@ func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {

 func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = -1 * 1 * time.Hour
-	l.LeaseGracePeriod = 30 * time.Minute
+	l.TTL = -1 * 1 * time.Hour
+	l.GracePeriod = 30 * time.Minute

 	actual := l.LeaseTotal()
 	expected := time.Duration(0)
@@ -42,11 +42,11 @@ func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {

 func TestLeaseOptionsLeaseTotal_negGrace(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = 1 * time.Hour
-	l.LeaseGracePeriod = -1 * 30 * time.Minute
+	l.TTL = 1 * time.Hour
+	l.GracePeriod = -1 * 30 * time.Minute

 	actual := l.LeaseTotal()
-	expected := l.Lease
+	expected := l.TTL
 	if actual != expected {
 		t.Fatalf("bad: %s", actual)
 	}
@@ -54,7 +54,7 @@ func TestLeaseOptionsLeaseTotal_negGrace(t *testing.T) {

 func TestLeaseOptionsExpirationTime(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = 1 * time.Hour
+	l.TTL = 1 * time.Hour

 	limit := time.Now().UTC().Add(time.Hour)
 	exp := l.ExpirationTime()
@@ -65,8 +65,8 @@ func TestLeaseOptionsExpirationTime(t *testing.T) {

 func TestLeaseOptionsExpirationTime_grace(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = 1 * time.Hour
-	l.LeaseGracePeriod = 30 * time.Minute
+	l.TTL = 1 * time.Hour
+	l.GracePeriod = 30 * time.Minute

 	limit := time.Now().UTC().Add(time.Hour + 30*time.Minute)
 	actual := l.ExpirationTime()
@@ -77,8 +77,8 @@ func TestLeaseOptionsExpirationTime_grace(t *testing.T) {

 func TestLeaseOptionsExpirationTime_graceNegative(t *testing.T) {
 	var l LeaseOptions
-	l.Lease = 1 * time.Hour
-	l.LeaseGracePeriod = -1 * 30 * time.Minute
+	l.TTL = 1 * time.Hour
+	l.GracePeriod = -1 * 30 * time.Minute

 	limit := time.Now().UTC().Add(time.Hour)
 	actual := l.ExpirationTime()
--- a/logical/secret.go
+++ b/logical/secret.go
@@ -18,11 +18,11 @@ type Secret struct {
 }

 func (s *Secret) Validate() error {
-	if s.Lease < 0 {
-		return fmt.Errorf("lease duration must not be less than zero")
+	if s.TTL < 0 {
+		return fmt.Errorf("ttl duration must not be less than zero")
 	}
-	if s.LeaseGracePeriod < 0 {
-		return fmt.Errorf("lease grace period must not be less than zero")
+	if s.GracePeriod < 0 {
+		return fmt.Errorf("grace period must not be less than zero")
 	}

 	return nil
--- a/vault/audit_test.go
+++ b/vault/audit_test.go
@@ -8,9 +8,10 @@ import (
 	"testing"
 	"time"

+	"errors"
+
 	"github.com/hashicorp/vault/audit"
 	"github.com/hashicorp/vault/logical"
-	"errors"
 )

 type NoopAudit struct {
@@ -261,7 +262,7 @@ func TestAuditBroker_LogResponse(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: 1 * time.Hour,
+				TTL: 1 * time.Hour,
 			},
 		},
 		Data: map[string]interface{}{
--- a/vault/core.go
+++ b/vault/core.go
@@ -452,13 +452,13 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
 	// We exclude renewal of a lease, since it does not need to be re-registered
 	if resp != nil && resp.Secret != nil && !strings.HasPrefix(req.Path, "sys/renew/") {
 		// Apply the default lease if none given
-		if resp.Secret.Lease == 0 {
-			resp.Secret.Lease = c.defaultLeaseDuration
+		if resp.Secret.TTL == 0 {
+			resp.Secret.TTL = c.defaultLeaseDuration
 		}

 		// Limit the lease duration
-		if resp.Secret.Lease > c.maxLeaseDuration {
-			resp.Secret.Lease = c.maxLeaseDuration
+		if resp.Secret.TTL > c.maxLeaseDuration {
+			resp.Secret.TTL = c.maxLeaseDuration
 		}

 		// Register the lease
@@ -484,13 +484,13 @@ func (c *Core) handleRequest(req *logical.Request) (retResp *logical.Response, r
 		}

 		// Set the default lease if non-provided, root tokens are exempt
-		if resp.Auth.Lease == 0 && !strListContains(resp.Auth.Policies, "root") {
-			resp.Auth.Lease = c.defaultLeaseDuration
+		if resp.Auth.TTL == 0 && !strListContains(resp.Auth.Policies, "root") {
+			resp.Auth.TTL = c.defaultLeaseDuration
 		}

 		// Limit the lease duration
-		if resp.Auth.Lease > c.maxLeaseDuration {
-			resp.Auth.Lease = c.maxLeaseDuration
+		if resp.Auth.TTL > c.maxLeaseDuration {
+			resp.Auth.TTL = c.maxLeaseDuration
 		}

 		// Register with the expiration manager
@@ -556,13 +556,13 @@ func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, *log
 		resp.Auth.ClientToken = te.ID

 		// Set the default lease if non-provided, root tokens are exempt
-		if auth.Lease == 0 && !strListContains(auth.Policies, "root") {
-			auth.Lease = c.defaultLeaseDuration
+		if auth.TTL == 0 && !strListContains(auth.Policies, "root") {
+			auth.TTL = c.defaultLeaseDuration
 		}

 		// Limit the lease duration
-		if resp.Auth.Lease > c.maxLeaseDuration {
-			resp.Auth.Lease = c.maxLeaseDuration
+		if resp.Auth.TTL > c.maxLeaseDuration {
+			resp.Auth.TTL = c.maxLeaseDuration
 		}

 		// Register with the expiration manager
--- a/vault/core_test.go
+++ b/vault/core_test.go
@@ -401,7 +401,7 @@ func TestCore_HandleRequest_Lease(t *testing.T) {
 	if resp == nil || resp.Secret == nil || resp.Data == nil {
 		t.Fatalf("bad: %#v", resp)
 	}
-	if resp.Secret.Lease != time.Hour {
+	if resp.Secret.TTL != time.Hour {
 		t.Fatalf("bad: %#v", resp.Secret)
 	}
 	if resp.Secret.LeaseID == "" {
@@ -442,7 +442,7 @@ func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) {
 	if resp == nil || resp.Secret == nil || resp.Data == nil {
 		t.Fatalf("bad: %#v", resp)
 	}
-	if resp.Secret.Lease != c.maxLeaseDuration {
+	if resp.Secret.TTL != c.maxLeaseDuration {
 		t.Fatalf("bad: %#v", resp.Secret)
 	}
 	if resp.Secret.LeaseID == "" {
@@ -483,7 +483,7 @@ func TestCore_HandleRequest_Lease_DefaultLength(t *testing.T) {
 	if resp == nil || resp.Secret == nil || resp.Data == nil {
 		t.Fatalf("bad: %#v", resp)
 	}
-	if resp.Secret.Lease != c.defaultLeaseDuration {
+	if resp.Secret.TTL != c.defaultLeaseDuration {
 		t.Fatalf("bad: %#v", resp.Secret)
 	}
 	if resp.Secret.LeaseID == "" {
@@ -829,7 +829,7 @@ func TestCore_HandleLogin_Token(t *testing.T) {
 	}

 	// Check that we have a lease with default duration
-	if lresp.Auth.Lease != c.defaultLeaseDuration {
+	if lresp.Auth.TTL != c.defaultLeaseDuration {
 		t.Fatalf("bad: %#v", lresp.Auth)
 	}
 }
@@ -904,7 +904,7 @@ func TestCore_HandleLogin_AuditTrail(t *testing.T) {
 		Response: &logical.Response{
 			Auth: &logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					Lease: time.Hour,
+					TTL: time.Hour,
 				},
 				Policies: []string{"foo", "bar"},
 				Metadata: map[string]string{
@@ -1016,7 +1016,7 @@ func TestCore_HandleRequest_CreateToken_Lease(t *testing.T) {
 	}

 	// Check that we have a lease with default duration
-	if resp.Auth.Lease != c.defaultLeaseDuration {
+	if resp.Auth.TTL != c.defaultLeaseDuration {
 		t.Fatalf("bad: %#v", resp.Auth)
 	}
 }
--- a/vault/expiration_test.go
+++ b/vault/expiration_test.go
@@ -37,7 +37,7 @@ func TestExpiration_Restore(t *testing.T) {
 		resp := &logical.Response{
 			Secret: &logical.Secret{
 				LeaseOptions: logical.LeaseOptions{
-					Lease: 20 * time.Millisecond,
+					TTL: 20 * time.Millisecond,
 				},
 			},
 			Data: map[string]interface{}{
@@ -92,7 +92,7 @@ func TestExpiration_Register(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Hour,
+				TTL: time.Hour,
 			},
 		},
 		Data: map[string]interface{}{
@@ -125,7 +125,7 @@ func TestExpiration_RegisterAuth(t *testing.T) {
 	auth := &logical.Auth{
 		ClientToken: root.ID,
 		LeaseOptions: logical.LeaseOptions{
-			Lease: time.Hour,
+			TTL: time.Hour,
 		},
 	}

@@ -184,7 +184,7 @@ func TestExpiration_Revoke(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Hour,
+				TTL: time.Hour,
 			},
 		},
 		Data: map[string]interface{}{
@@ -222,7 +222,7 @@ func TestExpiration_RevokeOnExpire(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: 20 * time.Millisecond,
+				TTL: 20 * time.Millisecond,
 			},
 		},
 		Data: map[string]interface{}{
@@ -277,7 +277,7 @@ func TestExpiration_RevokePrefix(t *testing.T) {
 		resp := &logical.Response{
 			Secret: &logical.Secret{
 				LeaseOptions: logical.LeaseOptions{
-					Lease: 20 * time.Millisecond,
+					TTL: 20 * time.Millisecond,
 				},
 			},
 			Data: map[string]interface{}{
@@ -338,7 +338,7 @@ func TestExpiration_RevokeByToken(t *testing.T) {
 		resp := &logical.Response{
 			Secret: &logical.Secret{
 				LeaseOptions: logical.LeaseOptions{
-					Lease: 20 * time.Millisecond,
+					TTL: 20 * time.Millisecond,
 				},
 			},
 			Data: map[string]interface{}{
@@ -389,7 +389,7 @@ func TestExpiration_RenewToken(t *testing.T) {
 	auth := &logical.Auth{
 		ClientToken: root.ID,
 		LeaseOptions: logical.LeaseOptions{
-			Lease:     time.Hour,
+			TTL:       time.Hour,
 			Renewable: true,
 		},
 	}
@@ -420,7 +420,7 @@ func TestExpiration_RenewToken_NotRenewable(t *testing.T) {
 	auth := &logical.Auth{
 		ClientToken: root.ID,
 		LeaseOptions: logical.LeaseOptions{
-			Lease:     time.Hour,
+			TTL:       time.Hour,
 			Renewable: false,
 		},
 	}
@@ -450,7 +450,7 @@ func TestExpiration_Renew(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease:     20 * time.Millisecond,
+				TTL:       20 * time.Millisecond,
 				Renewable: true,
 			},
 		},
@@ -468,7 +468,7 @@ func TestExpiration_Renew(t *testing.T) {
 	noop.Response = &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: 20 * time.Millisecond,
+				TTL: 20 * time.Millisecond,
 			},
 		},
 		Data: map[string]interface{}{
@@ -512,7 +512,7 @@ func TestExpiration_Renew_NotRenewable(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease:     20 * time.Millisecond,
+				TTL:       20 * time.Millisecond,
 				Renewable: false,
 			},
 		},
@@ -554,7 +554,7 @@ func TestExpiration_Renew_RevokeOnExpire(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease:     20 * time.Millisecond,
+				TTL:       20 * time.Millisecond,
 				Renewable: true,
 			},
 		},
@@ -572,7 +572,7 @@ func TestExpiration_Renew_RevokeOnExpire(t *testing.T) {
 	noop.Response = &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: 20 * time.Millisecond,
+				TTL: 20 * time.Millisecond,
 			},
 		},
 		Data: map[string]interface{}{
@@ -623,7 +623,7 @@ func TestExpiration_revokeEntry(t *testing.T) {
 		},
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Minute,
+				TTL: time.Minute,
 			},
 		},
 		IssueTime:  time.Now(),
@@ -662,7 +662,7 @@ func TestExpiration_revokeEntry_token(t *testing.T) {
 		Auth: &logical.Auth{
 			ClientToken: root.ID,
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Minute,
+				TTL: time.Minute,
 			},
 		},
 		Path:       "foo/bar",
@@ -692,7 +692,7 @@ func TestExpiration_renewEntry(t *testing.T) {
 			Secret: &logical.Secret{
 				LeaseOptions: logical.LeaseOptions{
 					Renewable: true,
-					Lease:     time.Hour,
+					TTL:       time.Hour,
 				},
 			},
 			Data: map[string]interface{}{
@@ -712,7 +712,7 @@ func TestExpiration_renewEntry(t *testing.T) {
 		},
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Minute,
+				TTL: time.Minute,
 			},
 		},
 		IssueTime:  time.Now(),
@@ -757,7 +757,7 @@ func TestExpiration_renewAuthEntry(t *testing.T) {
 			Auth: &logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
 					Renewable: true,
-					Lease:     time.Hour,
+					TTL:       time.Hour,
 				},
 			},
 		},
@@ -772,7 +772,7 @@ func TestExpiration_renewAuthEntry(t *testing.T) {
 		Auth: &logical.Auth{
 			LeaseOptions: logical.LeaseOptions{
 				Renewable: true,
-				Lease:     time.Minute,
+				TTL:       time.Minute,
 			},
 			InternalData: map[string]interface{}{
 				"MySecret": "secret",
@@ -822,7 +822,7 @@ func TestExpiration_PersistLoadDelete(t *testing.T) {
 		},
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Minute,
+				TTL: time.Minute,
 			},
 		},
 		IssueTime:  time.Now().UTC(),
@@ -863,7 +863,7 @@ func TestLeaseEntry(t *testing.T) {
 		},
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Minute,
+				TTL: time.Minute,
 			},
 		},
 		IssueTime:  time.Now().UTC(),
--- a/vault/mount_test.go
+++ b/vault/mount_test.go
@@ -139,7 +139,7 @@ func TestCore_Unmount_Cleanup(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Hour,
+				TTL: time.Hour,
 			},
 		},
 		Data: map[string]interface{}{
@@ -256,7 +256,7 @@ func TestCore_Remount_Cleanup(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: time.Hour,
+				TTL: time.Hour,
 			},
 		},
 		Data: map[string]interface{}{
--- a/vault/token_store.go
+++ b/vault/token_store.go
@@ -554,9 +554,9 @@ func (ts *TokenStore) handleCreate(
 			Policies:    te.Policies,
 			Metadata:    te.Meta,
 			LeaseOptions: logical.LeaseOptions{
-				Lease:            leaseDuration,
-				LeaseGracePeriod: leaseDuration / 10,
-				Renewable:        leaseDuration > 0,
+				TTL:         leaseDuration,
+				GracePeriod: leaseDuration / 10,
+				Renewable:   leaseDuration > 0,
 			},
 			ClientToken: te.ID,
 		},
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@@ -235,7 +235,7 @@ func TestTokenStore_Revoke_Leases(t *testing.T) {
 	resp := &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				Lease: 20 * time.Millisecond,
+				TTL: 20 * time.Millisecond,
 			},
 		},
 		Data: map[string]interface{}{
@@ -633,7 +633,7 @@ func TestTokenStore_HandleRequest_CreateToken_Lease(t *testing.T) {
 	if resp.Auth.ClientToken == "" {
 		t.Fatalf("bad: %#v", resp)
 	}
-	if resp.Auth.Lease != time.Hour {
+	if resp.Auth.TTL != time.Hour {
 		t.Fatalf("bad: %#v", resp)
 	}
 	if !resp.Auth.Renewable {
@@ -743,7 +743,7 @@ func TestTokenStore_HandleRequest_RevokePrefix(t *testing.T) {
 	auth := &logical.Auth{
 		ClientToken: root.ID,
 		LeaseOptions: logical.LeaseOptions{
-			Lease: time.Hour,
+			TTL: time.Hour,
 		},
 	}
 	err = exp.RegisterAuth("auth/github/login", auth)
@@ -808,7 +808,7 @@ func TestTokenStore_HandleRequest_Renew(t *testing.T) {
 	auth := &logical.Auth{
 		ClientToken: root.ID,
 		LeaseOptions: logical.LeaseOptions{
-			Lease:     time.Hour,
+			TTL:       time.Hour,
 			Renewable: true,
 		},
 	}