Rejig Lease terminology internally; also, put a few JSON names back to their original values

2025-11-03 12:07:54 +00:00 · 2015-08-20 22:27:01 -07:00
parent 97112665e8
commit e7f2a54720
10 changed files with 45 additions and 58 deletions
--- a/audit/hashstructure_test.go
+++ b/audit/hashstructure_test.go
@@ -14,8 +14,8 @@ func TestCopy_auth(t *testing.T) {
 	// Make a non-pointer one so that it can't be modified directly
 	expected := logical.Auth{
 		LeaseOptions: logical.LeaseOptions{
-			TTL:        1 * time.Hour,
+			TTL:       1 * time.Hour,
-			LeaseIssue: time.Now().UTC(),
+			IssueTime: time.Now().UTC(),
 		},
 		ClientToken: "foo",
@@ -121,16 +121,16 @@ func TestHash(t *testing.T) {
 		{
 			&logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					TTL:        1 * time.Hour,
+					TTL:       1 * time.Hour,
-					LeaseIssue: now,
+					IssueTime: now,
 				},
 				ClientToken: "foo",
 			},
 			&logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					TTL:        1 * time.Hour,
+					TTL:       1 * time.Hour,
-					LeaseIssue: now,
+					IssueTime: now,
 				},
 				ClientToken: "sha1:0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
--- a/logical/framework/backend_test.go
+++ b/logical/framework/backend_test.go
@@ -258,8 +258,8 @@ func TestBackendHandleRequest_renewExtend(t *testing.T) {
 	}
 	req := logical.RenewRequest("/foo", secret.Response(nil, nil).Secret, nil)
-	req.Secret.LeaseIssue = time.Now().UTC()
+	req.Secret.IssueTime = time.Now().UTC()
-	req.Secret.LeaseIncrement = 1 * time.Hour
+	req.Secret.Increment = 1 * time.Hour
 	resp, err := b.HandleRequest(req)
 	if err != nil {
 		t.Fatalf("err: %s", err)
--- a/logical/framework/lease.go
+++ b/logical/framework/lease.go
@@ -20,26 +20,26 @@ import (
 // lease duration.
 func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc {
 	return func(req *logical.Request, data *FieldData) (*logical.Response, error) {
-		lease := detectLease(req)
+		leaseOpts := detectLease(req)
-		if lease == nil {
+		if leaseOpts == nil {
 			return nil, fmt.Errorf("no lease options for request")
 		}
 		// Check if we should limit max
 		if maxFromLease {
-			max = lease.TTL
+			max = leaseOpts.TTL
 		}
 		// Sanity check the desired increment
 		switch {
 		// Protect against negative leases
-		case lease.LeaseIncrement < 0:
+		case leaseOpts.Increment < 0:
 			return logical.ErrorResponse(
 				"increment must be greater than 0"), logical.ErrInvalidRequest
-		// If no lease increment, or too large of an increment, use the max
+			// If no lease increment, or too large of an increment, use the max
-		case max > 0 && lease.LeaseIncrement == 0, max > 0 && lease.LeaseIncrement > max:
+		case max > 0 && leaseOpts.Increment == 0, max > 0 && leaseOpts.Increment > max:
-			lease.LeaseIncrement = max
+			leaseOpts.Increment = max
 		}
 		// Get the current time
@@ -48,7 +48,7 @@ func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc
 		// Check if we're passed the issue limit
 		var maxSessionTime time.Time
 		if maxSession > 0 {
-			maxSessionTime = lease.LeaseIssue.Add(maxSession)
+			maxSessionTime = leaseOpts.IssueTime.Add(maxSession)
 			if maxSessionTime.Before(now) {
 				return logical.ErrorResponse(fmt.Sprintf(
 					"lease can only be renewed up to %s past original issue",
@@ -56,9 +56,9 @@ func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc
 			}
 		}
-		// The new lease is the minimum of the requested LeaseIncrement
+		// The new lease is the minimum of the requested Increment
 		// or the maxSessionTime
-		requestedLease := now.Add(lease.LeaseIncrement)
+		requestedLease := now.Add(leaseOpts.Increment)
 		if !maxSessionTime.IsZero() && requestedLease.After(maxSessionTime) {
 			requestedLease = maxSessionTime
 		}
@@ -67,11 +67,7 @@ func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc
 		newLeaseDuration := requestedLease.Sub(now)
 		// Set the lease
-		lease.TTL = newLeaseDuration
+		leaseOpts.TTL = newLeaseDuration
 		var zeroDur time.Duration
 		if lease.Lease != zeroDur {
 			lease.Lease = newLeaseDuration
 		}
 		return &logical.Response{Auth: req.Auth, Secret: req.Secret}, nil
 	}
--- a/logical/framework/lease_test.go
+++ b/logical/framework/lease_test.go
@@ -75,9 +75,9 @@ func TestLeaseExtend(t *testing.T) {
 		req := &logical.Request{
 			Auth: &logical.Auth{
 				LeaseOptions: logical.LeaseOptions{
-					TTL:            1 * time.Hour,
+					TTL:       1 * time.Hour,
-					LeaseIssue:     now,
+					IssueTime: now,
-					LeaseIncrement: tc.Request,
+					Increment: tc.Request,
 				},
 			},
 		}
--- a/logical/lease.go
+++ b/logical/lease.go
@@ -7,23 +7,22 @@ import "time"
 type LeaseOptions struct {
 	// Lease is the duration that this secret is valid for. Vault
 	// will automatically revoke it after the duration + grace period.
-	Lease       time.Duration `json:"lease,omitempty"`
+	TTL         time.Duration `json:"lease"`
-	TTL         time.Duration `json:"ttl,omitempty"`
+	GracePeriod time.Duration `json:"lease_grace_period"`
 	GracePeriod time.Duration `json:"grace_period"`
 	// Renewable, if true, means that this secret can be renewed.
 	Renewable bool `json:"renewable"`
-	// LeaseIncrement will be the lease increment that the user requested.
+	// Increment will be the lease increment that the user requested.
 	// This is only available on a Renew operation and has no effect
 	// when returning a response.
-	LeaseIncrement time.Duration `json:"-"`
+	Increment time.Duration `json:"-"`
-	// LeaseIssue is the time of issue for the original lease. This is
+	// IssueTime is the time of issue for the original lease. This is
 	// only available on a Renew operation and has no effect when returning
 	// a response. It can be used to enforce maximum lease periods by
 	// a logical backend. This time will always be in UTC.
-	LeaseIssue time.Time `json:"-"`
+	IssueTime time.Time `json:"-"`
 }
 // LeaseEnabled checks if leasing is enabled
--- a/vault/expiration.go
+++ b/vault/expiration.go
@@ -337,7 +337,7 @@ func (m *ExpirationManager) RenewToken(source string, token string,
 	// Attach the ClientToken
 	resp.Auth.ClientToken = token
-	resp.Auth.LeaseIncrement = 0
+	resp.Auth.Increment = 0
 	// Update the lease entry
 	le.Auth = resp.Auth
@@ -492,8 +492,8 @@ func (m *ExpirationManager) revokeEntry(le *leaseEntry) error {
 // renewEntry is used to attempt renew of an internal entry
 func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) {
 	secret := *le.Secret
-	secret.LeaseIssue = le.IssueTime
+	secret.IssueTime = le.IssueTime
-	secret.LeaseIncrement = increment
+	secret.Increment = increment
 	secret.LeaseID = ""
 	req := logical.RenewRequest(le.Path, &secret, le.Data)
@@ -507,8 +507,8 @@ func (m *ExpirationManager) renewEntry(le *leaseEntry, increment time.Duration)
 // renewAuthEntry is used to attempt renew of an auth entry
 func (m *ExpirationManager) renewAuthEntry(le *leaseEntry, increment time.Duration) (*logical.Response, error) {
 	auth := *le.Auth
-	auth.LeaseIssue = le.IssueTime
+	auth.IssueTime = le.IssueTime
-	auth.LeaseIncrement = increment
+	auth.Increment = increment
 	auth.ClientToken = ""
 	req := logical.RenewAuthRequest(le.Path, &auth, nil)
--- a/vault/expiration_test.go
+++ b/vault/expiration_test.go
@@ -741,10 +741,10 @@ func TestExpiration_renewEntry(t *testing.T) {
 	if !reflect.DeepEqual(req.Data, le.Data) {
 		t.Fatalf("Bad: %v", req)
 	}
-	if req.Secret.LeaseIncrement != time.Second {
+	if req.Secret.Increment != time.Second {
 		t.Fatalf("Bad: %v", req)
 	}
-	if req.Secret.LeaseIssue.IsZero() {
+	if req.Secret.IssueTime.IsZero() {
 		t.Fatalf("Bad: %v", req)
 	}
 }
@@ -801,10 +801,10 @@ func TestExpiration_renewAuthEntry(t *testing.T) {
 	if req.Path != "login" {
 		t.Fatalf("Bad: %v", req)
 	}
-	if req.Auth.LeaseIncrement != time.Second {
+	if req.Auth.Increment != time.Second {
 		t.Fatalf("Bad: %v", req)
 	}
-	if req.Auth.LeaseIssue.IsZero() {
+	if req.Auth.IssueTime.IsZero() {
 		t.Fatalf("Bad: %v", req)
 	}
 	if req.Auth.InternalData["MySecret"] != "secret" {
--- a/vault/logical_passthrough.go
+++ b/vault/logical_passthrough.go
@@ -93,21 +93,15 @@ func (b *PassthroughBackend) handleRead(
 	resp := b.Secret("generic").Response(rawData, nil)
 	resp.Secret.Renewable = false
-	// Check if there is a lease key
+	// Check if there is a ttl key
-	leaseVal, ok := rawData["lease"].(string)
+	var ttl string
-	if ok {
+	ttl, _ = rawData["lease"].(string)
-		leaseDuration, err := time.ParseDuration(leaseVal)
+	if len(ttl) == 0 {
-		if err == nil {
+		ttl, _ = rawData["ttl"].(string)
 			resp.Secret.Renewable = true
 			resp.Secret.Lease = leaseDuration
 			resp.Secret.TTL = leaseDuration
 		}
 	}
-	// Check if there is a ttl key
+	if len(ttl) != 0 {
-	ttlVal, ok := rawData["ttl"].(string)
+		ttlDuration, err := time.ParseDuration(ttl)
 	if ok {
 		ttlDuration, err := time.ParseDuration(ttlVal)
 		if err == nil {
 			resp.Secret.Renewable = true
 			resp.Secret.TTL = ttlDuration
--- a/vault/logical_passthrough_test.go
+++ b/vault/logical_passthrough_test.go
@@ -61,7 +61,6 @@ func TestPassthroughBackend_Read_Lease(t *testing.T) {
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
 				Renewable: true,
 				Lease:     time.Hour,
 				TTL:       time.Hour,
 			},
 		},
--- a/website/source/docs/secrets/generic/index.html.md
+++ b/website/source/docs/secrets/generic/index.html.md
@@ -32,8 +32,7 @@ Also note that setting `ttl` does not actually expire the data; it is
 informational only.
 N.B.: Prior to version 0.3, the `ttl` parameter was called `lease`. Both will
-work for 0.3, but in 0.4 `lease` will be removed. When providing a `lease` value
+work for 0.3, but in 0.4 `lease` will be removed.
 in 0.3, both `lease` and `ttl` will be returned with the same data.
 As an example, we can write a new key "foo" to the generic backend
 mounted at "secret/" by default: