upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

calculate token lease TTL using tune config (#28498)

Browse source 
* calculate token lease TTL using tune config

* add changelog entry
This commit is contained in:
Chris Capurso 2024-09-24 15:29:56 -04:00 committed by GitHub
parent 6d66990cb6
commit f0782ee3fb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelog/28498.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:bug
auth/token: Fix token TTL calculation so that it uses `max_lease_ttl` tune value for tokens created via `auth/token/create`.
```

9
vault/token_store.go
View file

@ -3138,9 +3138,16 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque
sysView := ts.System().(extendedSystemView)
var backendMaxTTL time.Duration
mountEntry := ts.core.router.MatchingMountByAccessor(req.MountAccessor)
if mountEntry != nil {
backendMaxTTL = mountEntry.Config.MaxLeaseTTL
}
// Only calculate a TTL if you are A) periodic, B) have a TTL, C) do not have a TTL and are not a root token
if periodToUse > 0 || te.TTL > 0 || (te.TTL == 0 && !strutil.StrListContains(te.Policies, "root")) {
ttl, warnings, err := framework.CalculateTTL(sysView, 0, te.TTL, periodToUse, 0, explicitMaxTTLToUse, time.Unix(te.CreationTime, 0))
ttl, warnings, err := framework.CalculateTTL(sysView, 0, te.TTL, periodToUse, backendMaxTTL, explicitMaxTTLToUse, time.Unix(te.CreationTime, 0))
if err != nil {
return nil, err
}