Use SanitizeTTL in credential request path instead of config

2025-10-30 02:02:43 +00:00 · 2015-10-02 15:41:35 -04:00
parent 25f604f429
commit e89cf4d4bc
2 changed files with 33 additions and 8 deletions
--- a/builtin/credential/github/path_config.go
+++ b/builtin/credential/github/path_config.go
@@ -51,11 +51,31 @@ func (b *backend) pathConfigWrite(
 		}
 	}

-	ttlStr := data.Get("ttl").(string)
-	maxTTLStr := data.Get("max_ttl").(string)
-	ttl, maxTTL, err := b.SanitizeTTL(ttlStr, maxTTLStr)
-	if err != nil {
-		return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil
+	var ttl time.Duration
+	var err error
+	ttlRaw, ok := data.GetOk("ttl")
+	if !ok {
+		ttl = b.System().DefaultLeaseTTL()
+	} else if len(ttlRaw.(string)) == 0 {
+		ttl = 0
+	} else {
+		ttl, err = time.ParseDuration(ttlRaw.(string))
+		if err != nil {
+			return logical.ErrorResponse(fmt.Sprintf("Invalid 'ttl':%s", err)), nil
+		}
+	}
+
+	var maxTTL time.Duration
+	maxTTLRaw, ok := data.GetOk("max_ttl")
+	if !ok {
+		maxTTL = b.System().MaxLeaseTTL()
+	} else if len(maxTTLRaw.(string)) == 0 {
+		maxTTL = 0
+	} else {
+		maxTTL, err = time.ParseDuration(maxTTLRaw.(string))
+		if err != nil {
+			return logical.ErrorResponse(fmt.Sprintf("Invalid 'max_ttl':%s", err)), nil
+		}
 	}

 	entry, err := logical.StorageEntryJSON("config", config{
--- a/builtin/credential/github/path_login.go
+++ b/builtin/credential/github/path_login.go
@@ -124,6 +124,11 @@ func (b *backend) pathLogin(
 		return nil, err
 	}

+	ttl, _, err := b.SanitizeTTL(config.TTL.String(), config.MaxTTL.String())
+	if err != nil {
+		return nil, err
+	}
+
 	return &logical.Response{
 		Auth: &logical.Auth{
 			Policies: policiesList,
@@ -133,9 +138,9 @@ func (b *backend) pathLogin(
 			},
 			DisplayName: *user.Login,
 			LeaseOptions: logical.LeaseOptions{
-				TTL:         config.TTL,
-				GracePeriod: config.TTL / 10,
-				Renewable:   config.TTL > 0,
+				TTL:         ttl,
+				GracePeriod: ttl / 10,
+				Renewable:   ttl > 0,
 			},
 		},
 	}, nil