Add configuration options for default lease duration and max lease duration.

command/server.go

@@ -132,6 +132,8 @@ func (c *ServerCommand) Run(args []string) int {
 		LogicalBackends:      c.LogicalBackends,
 		Logger:               logger,
 		DisableMlock:         config.DisableMlock,
+		MaxLeaseDuration:     time.Duration(config.MaxLeaseDuration) * time.Hour,
+		DefaultLeaseDuration: time.Duration(config.DefaultLeaseDuration) * time.Hour,
 	})
 	if err != nil {
 		c.Ui.Error(fmt.Sprintf("Error initializing core: %s", err))

command/server/config.go

@@ -20,6 +20,9 @@ type Config struct {
 	DisableMlock bool        `hcl:"disable_mlock"`
 
 	Telemetry *Telemetry     `hcl:"telemetry"`
+
+	MaxLeaseDuration int     `hcl:"max_lease_duration"`
+	DefaultLeaseDuration int `hcl:"default_lease_duration"`
 }
 
 // DevConfig is a Config that is used for dev mode of Vault.
@@ -41,6 +44,9 @@ func DevConfig() *Config {
 		},
 
 		Telemetry: &Telemetry{},
+
+		MaxLeaseDuration: 30 * 24,
+		DefaultLeaseDuration: 30 * 24,
 	}
 }
 
@@ -97,6 +103,23 @@ func (c *Config) Merge(c2 *Config) *Config {
 		result.Telemetry = c2.Telemetry
 	}
 
+	// merging this boolean via an OR operation
+	result.DisableMlock = c.DisableMlock
+	if c2.DisableMlock {
+		result.DisableMlock = c2.DisableMlock
+	}
+
+	// merge these integers via a MAX operation
+	result.MaxLeaseDuration = c.MaxLeaseDuration
+	if c2.MaxLeaseDuration > result.MaxLeaseDuration {
+		result.MaxLeaseDuration = c2.MaxLeaseDuration
+	}
+
+	result.DefaultLeaseDuration = c.DefaultLeaseDuration
+	if c2.DefaultLeaseDuration > result.DefaultLeaseDuration {
+		result.DefaultLeaseDuration = c2.DefaultLeaseDuration
+	}
+
 	return result
 }
 

command/server/config_test.go

@@ -36,6 +36,9 @@ func TestLoadConfigFile(t *testing.T) {
 		},
 
 		DisableMlock: true,
+
+		MaxLeaseDuration: 10,
+		DefaultLeaseDuration: 10,
 	}
 	if !reflect.DeepEqual(config, expected) {
 		t.Fatalf("bad: %#v", config)
@@ -70,6 +73,9 @@ func TestLoadConfigFile_json(t *testing.T) {
 			StatsdAddr: "",
 			DisableHostname: false,
 		},
+
+		MaxLeaseDuration: 10,
+		DefaultLeaseDuration: 10,
 	}
 	if !reflect.DeepEqual(config, expected) {
 		t.Fatalf("bad: %#v", config)
@@ -117,6 +123,8 @@ func TestLoadConfigDir(t *testing.T) {
 	}
 
 	expected := &Config{
+		DisableMlock: true,
+
 		Listeners: []*Listener{
 			&Listener{
 				Type: "tcp",
@@ -138,6 +146,9 @@ func TestLoadConfigDir(t *testing.T) {
 			StatsdAddr: "baz",
 			DisableHostname: true,
 		},
+
+		MaxLeaseDuration: 10,
+		DefaultLeaseDuration: 10,
 	}
 	if !reflect.DeepEqual(config, expected) {
 		t.Fatalf("bad: %#v", config)

command/server/test-fixtures/config-dir/bar.json

@@ -3,5 +3,7 @@
         "tcp": {
             "address": "127.0.0.1:443"
         }
-    }
+    },
+
+    "max_lease_duration": 10
 }

command/server/test-fixtures/config-dir/baz.hcl

@@ -3,3 +3,5 @@ telemetry {
     statsite_address = "qux"
     disable_hostname = true
 }
+
+default_lease_duration = 10

command/server/test-fixtures/config-dir/foo.hcl

@@ -1,3 +1,5 @@
+disable_mlock = true
+
 backend "consul" {
     foo = "bar"
 }

command/server/test-fixtures/config.hcl

@@ -10,3 +10,6 @@ backend "consul" {
     foo = "bar"
     advertise_addr = "foo"
 }
+
+max_lease_duration = 10
+default_lease_duration = 10

command/server/test-fixtures/config.hcl.json

@@ -13,5 +13,8 @@
 
     "telemetry": {
         "statsite_address": "baz"
-    }
+    },
+
+    "max_lease_duration": 10,
+    "default_lease_duration": 10
 }

vault/core.go

@@ -213,6 +213,9 @@ type Core struct {
 	// metricsCh is used to stop the metrics streaming
 	metricsCh chan struct{}
 
+	defaultLeaseDuration time.Duration
+	maxLeaseDuration time.Duration
+
 	logger *log.Logger
 }
 
@@ -227,9 +230,11 @@ type CoreConfig struct {
 	DisableMlock         bool   // Disables mlock syscall
 	CacheSize            int    // Custom cache size of zero for default
 	AdvertiseAddr        string // Set as the leader address for HA
+	DefaultLeaseDuration time.Duration
+	MaxLeaseDuration     time.Duration
 }
 
-// NewCore isk used to construct a new core
+// NewCore is used to construct a new core
 func NewCore(conf *CoreConfig) (*Core, error) {
 	// Check if this backend supports an HA configuraiton
 	var haBackend physical.HABackend
@@ -240,6 +245,17 @@ func NewCore(conf *CoreConfig) (*Core, error) {
 		return nil, fmt.Errorf("missing advertisement address")
 	}
 
+	if conf.DefaultLeaseDuration == 0 {
+		conf.DefaultLeaseDuration = defaultLeaseDuration
+	}
+	if conf.MaxLeaseDuration == 0 {
+		conf.MaxLeaseDuration = maxLeaseDuration
+	}
+	
+	if conf.DefaultLeaseDuration > conf.MaxLeaseDuration {
+		return nil, fmt.Errorf("cannot have DefaultLeaseDuration larger than MaxLeaseDuration")
+	}
+	
 	// Validate the advertise addr if its given to us
 	if conf.AdvertiseAddr != "" {
 		u, err := url.Parse(conf.AdvertiseAddr)
@@ -299,6 +315,8 @@ func NewCore(conf *CoreConfig) (*Core, error) {
 		sealed:        true,
 		standby:       true,
 		logger:        conf.Logger,
+		defaultLeaseDuration: conf.DefaultLeaseDuration,
+		maxLeaseDuration: conf.MaxLeaseDuration,
 	}
 
 	// Setup the backends
@@ -424,12 +442,12 @@ func (c *Core) handleRequest(req *logical.Request) (*logical.Response, *logical.
 	if resp != nil && resp.Secret != nil && !strings.HasPrefix(req.Path, "sys/renew/") {
 		// Apply the default lease if none given
 		if resp.Secret.Lease == 0 {
-			resp.Secret.Lease = defaultLeaseDuration
+			resp.Secret.Lease = c.defaultLeaseDuration
 		}
 
 		// Limit the lease duration
-		if resp.Secret.Lease > maxLeaseDuration {
+		if resp.Secret.Lease > c.maxLeaseDuration {
-			resp.Secret.Lease = maxLeaseDuration
+			resp.Secret.Lease = c.maxLeaseDuration
 		}
 
 		// Register the lease
@@ -456,12 +474,12 @@ func (c *Core) handleRequest(req *logical.Request) (*logical.Response, *logical.
 
 		// Set the default lease if non-provided, root tokens are exempt
 		if resp.Auth.Lease == 0 && !strListContains(resp.Auth.Policies, "root") {
-			resp.Auth.Lease = defaultLeaseDuration
+			resp.Auth.Lease = c.defaultLeaseDuration
 		}
 
 		// Limit the lease duration
-		if resp.Auth.Lease > maxLeaseDuration {
+		if resp.Auth.Lease > c.maxLeaseDuration {
-			resp.Auth.Lease = maxLeaseDuration
+			resp.Auth.Lease = c.maxLeaseDuration
 		}
 
 		// Register with the expiration manager
@@ -528,12 +546,12 @@ func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, *log
 
 		// Set the default lease if non-provided, root tokens are exempt
 		if auth.Lease == 0 && !strListContains(auth.Policies, "root") {
-			auth.Lease = defaultLeaseDuration
+			auth.Lease = c.defaultLeaseDuration
 		}
 
 		// Limit the lease duration
-		if resp.Auth.Lease > maxLeaseDuration {
+		if resp.Auth.Lease > c.maxLeaseDuration {
-			resp.Auth.Lease = maxLeaseDuration
+			resp.Auth.Lease = c.maxLeaseDuration
 		}
 
 		// Register with the expiration manager

vault/core_test.go

@@ -442,7 +442,7 @@ func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) {
 	if resp == nil || resp.Secret == nil || resp.Data == nil {
 		t.Fatalf("bad: %#v", resp)
 	}
-	if resp.Secret.Lease != maxLeaseDuration {
+	if resp.Secret.Lease != c.maxLeaseDuration {
 		t.Fatalf("bad: %#v", resp.Secret)
 	}
 	if resp.Secret.LeaseID == "" {
@@ -483,7 +483,7 @@ func TestCore_HandleRequest_Lease_DefaultLength(t *testing.T) {
 	if resp == nil || resp.Secret == nil || resp.Data == nil {
 		t.Fatalf("bad: %#v", resp)
 	}
-	if resp.Secret.Lease != defaultLeaseDuration {
+	if resp.Secret.Lease != c.defaultLeaseDuration {
 		t.Fatalf("bad: %#v", resp.Secret)
 	}
 	if resp.Secret.LeaseID == "" {
@@ -829,7 +829,7 @@ func TestCore_HandleLogin_Token(t *testing.T) {
 	}
 
 	// Check that we have a lease with default duration
-	if lresp.Auth.Lease != defaultLeaseDuration {
+	if lresp.Auth.Lease != c.defaultLeaseDuration {
 		t.Fatalf("bad: %#v", lresp.Auth)
 	}
 }
@@ -1016,7 +1016,7 @@ func TestCore_HandleRequest_CreateToken_Lease(t *testing.T) {
 	}
 
 	// Check that we have a lease with default duration
-	if resp.Auth.Lease != defaultLeaseDuration {
+	if resp.Auth.Lease != c.defaultLeaseDuration {
 		t.Fatalf("bad: %#v", resp.Auth)
 	}
 }

vault/expiration.go

@@ -35,10 +35,10 @@ const (
 	// minRevokeDelay is used to prevent an instant revoke on restore
 	minRevokeDelay = 5 * time.Second
 
-	// maxLeaseDuration is the maximum lease duration
+	// maxLeaseDuration is the default maximum lease duration
 	maxLeaseDuration = 30 * 24 * time.Hour
 
-	// defaultLeaseDuration is the lease duration used when no lease is specified
+	// defaultLeaseDuration is the default lease duration used when no lease is specified
 	defaultLeaseDuration = maxLeaseDuration
 )
 

website/source/docs/auth/token.html.md

@@ -88,8 +88,9 @@ of the cookie should be "token" and the value should be the token.
         <span class="param">lease</span>
         <span class="param-flags">optional</span>
         The lease period of the token, provided as "1h", where hour is
-        the largest suffix. If not provided, the token is valid for the default
+        the largest suffix. If not provided, the token is valid for the
-        lease duration (30 days), or indefinitely if the root policy is used.
+        [default lease duration](/docs/config/index.html), or
+        indefinitely if the root policy is used.
       </li>
       <li>
         <span class="param">display_name</span>

website/source/docs/config/index.html.md

@@ -49,6 +49,15 @@ to specify where the configuration is.
 * `telemetry` (optional)  - Configures the telemetry reporting system
   (see below).
 
+* `default_lease_duration` (optional) - Configures the default lease
+  duration for tokens and secrets, specified in hours. Default value
+  is 30 * 24 hours. This value cannot be larger than
+  `max_lease_duration`.
+
+* `max_lease_duration` (optional) - Configures the maximum possible
+  lease duration for tokens and secrets, specified in hours. Default
+  value is 30 * 24 hours.
+
 In production, you should only consider setting the `disable_mlock` option
 on Linux systems that only use encrypted swap or do not use swap at all.
 Vault does not currently support memory locking on Mac OS X and Windows