Skip to content

Commit

Permalink
Merge pull request hashicorp#423 from peric/renew-resource-token
Browse files Browse the repository at this point in the history 
tokenRead will renew resource token instead of access token
  • Loading branch information
@tyrannosaurus-becks
tyrannosaurus-becks committed Aug 9, 2019
2 parents a9804f3 + 24b3f6f commit 338fd81
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
25 changes: 13 additions & 12 deletions vault/resource_token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,17 +264,18 @@ func tokenCreate(d *schema.ResourceData, meta interface{}) error {
func tokenRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*api.Client)

id := d.Id()
id := d.Get("client_token").(string)
accessor := d.Id()

log.Printf("[DEBUG] Reading token accessor %q", id)
resp, err := client.Auth().Token().LookupAccessor(id)
log.Printf("[DEBUG] Reading token accessor %q", accessor)
resp, err := client.Auth().Token().LookupAccessor(accessor)
if err != nil {
log.Printf("[WARN] Token not found, removing from state")
d.SetId("")
return nil
}

log.Printf("[DEBUG] Read token accessor %q", id)
log.Printf("[DEBUG] Read token accessor %q", accessor)

iPolicies := resp.Data["policies"].([]interface{})
policies := make([]string, 0, len(iPolicies))
Expand Down Expand Up @@ -305,23 +306,22 @@ func tokenRead(d *schema.ResourceData, meta interface{}) error {
d.Set("lease_duration", int(expireTime.Sub(issueTime).Seconds()))

if d.Get("renewable").(bool) && tokenCheckLease(d) {
log.Printf("[DEBUG] Lease for token accessor %q expiring soon, renewing", d.Id())
log.Printf("[DEBUG] Lease for token accessor %q expiring soon, renewing", accessor)

increment := d.Get("lease_duration").(int)

if v, ok := d.GetOk("renew_increment"); ok {
increment = v.(int)
}

renewed, err := client.Auth().Token().RenewSelf(increment)
renewed, err := client.Auth().Token().Renew(id, increment)
if err != nil {
log.Printf("[DEBUG] Error renewing token, removing from state")
d.SetId("")
return nil
}

log.Printf("[DEBUG] Lease for token accessor %q renewed, new lease duration %d", d.Id(),
renewed.Auth.LeaseDuration)
log.Printf("[DEBUG] Lease for token accessor %q renewed, new lease duration %d", id, renewed.Auth.LeaseDuration)

d.Set("lease_duration", renewed.Data["lease_duration"])
d.Set("lease_started", time.Now().Format(time.RFC3339))
Expand Down Expand Up @@ -366,15 +366,16 @@ func tokenExists(d *schema.ResourceData, meta interface{}) (bool, error) {
}

func tokenCheckLease(d *schema.ResourceData) bool {
accessor := d.Id()

startedStr := d.Get("lease_started").(string)
if startedStr == "" {
return false
}

started, err := time.Parse(time.RFC3339, startedStr)
if err != nil {
log.Printf("[DEBUG] lease_started %q for token accessor %q is an invalid value, removing: %s", startedStr,
d.Id(), err)
log.Printf("[DEBUG] lease_started %q for token accessor %q is an invalid value, removing: %s", startedStr, accessor, err)
d.SetId("")

return false
Expand All @@ -384,7 +385,7 @@ func tokenCheckLease(d *schema.ResourceData) bool {

expireTime := started.Add(time.Second * time.Duration(leaseDuration))
if expireTime.Before(time.Now()) {
log.Printf("[DEBUG] token accessor %q has expired", d.Id())
log.Printf("[DEBUG] token accessor %q has expired", accessor)
d.SetId("")

return false
Expand All @@ -398,7 +399,7 @@ func tokenCheckLease(d *schema.ResourceData) bool {

renewTime := int(expireTime.Sub(time.Now()).Seconds())
if renewTime <= renewMinLease {
log.Printf("[DEBUG] token accessor %q must be renewed", d.Id())
log.Printf("[DEBUG] token accessor %q must be renewed", accessor)

return true
}
Expand Down
1 change: 0 additions & 1 deletion vault/resource_token_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,6 @@ func TestResourceToken_renew(t *testing.T) {
resource.TestCheckResourceAttrSet("vault_token.test", "lease_started"),
resource.TestCheckResourceAttrSet("vault_token.test", "client_token"),
),
ExpectNonEmptyPlan: true,
},
{
Config: testResourceTokenConfig_renew(),
Expand Down

0 comments on commit 338fd81

Please sign in to comment.