forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 2
/
lease.go
82 lines (70 loc) · 2.45 KB
/
lease.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package framework
import (
"fmt"
"time"
"github.com/hashicorp/vault/logical"
)
// LeaseExtend returns an OperationFunc that can be used to simply extend
// the lease of the auth/secret for the duration that was requested. Max
// is the max time past the _current_ time that a lease can be extended. i.e.
// setting it to 2 hours forces a renewal within the next 2 hours again.
//
// maxSession is the maximum session length allowed since the original
// issue time. If this is zero, it is ignored.
//
// maxFromLease controls if the maximum renewal period comes from the existing
// lease. This means the value of `max` will be replaced with the existing
// lease duration.
func LeaseExtend(max, maxSession time.Duration, maxFromLease bool) OperationFunc {
return func(req *logical.Request, data *FieldData) (*logical.Response, error) {
lease := detectLease(req)
if lease == nil {
return nil, fmt.Errorf("no lease options for request")
}
// Check if we should limit max
if maxFromLease {
max = lease.Lease
}
// Sanity check the desired increment
switch {
// Protect against negative leases
case lease.LeaseIncrement < 0:
return logical.ErrorResponse(
"increment must be greater than 0"), logical.ErrInvalidRequest
// If no lease increment, or too large of an increment, use the max
case max > 0 && lease.LeaseIncrement == 0, max > 0 && lease.LeaseIncrement > max:
lease.LeaseIncrement = max
}
// Get the current time
now := time.Now().UTC()
// Check if we're passed the issue limit
var maxSessionTime time.Time
if maxSession > 0 {
maxSessionTime = lease.LeaseIssue.Add(maxSession)
if maxSessionTime.Before(now) {
return logical.ErrorResponse(fmt.Sprintf(
"lease can only be renewed up to %s past original issue",
maxSession)), logical.ErrInvalidRequest
}
}
// The new lease is the minimum of the requested LeaseIncrement
// or the maxSessionTime
requestedLease := now.Add(lease.LeaseIncrement)
if !maxSessionTime.IsZero() && requestedLease.After(maxSessionTime) {
requestedLease = maxSessionTime
}
// Determine the requested lease
newLeaseDuration := requestedLease.Sub(now)
// Set the lease
lease.Lease = newLeaseDuration
return &logical.Response{Auth: req.Auth, Secret: req.Secret}, nil
}
}
func detectLease(req *logical.Request) *logical.LeaseOptions {
if req.Auth != nil {
return &req.Auth.LeaseOptions
} else if req.Secret != nil {
return &req.Secret.LeaseOptions
}
return nil
}