forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
logical_system_helpers.go
55 lines (45 loc) · 1.42 KB
/
logical_system_helpers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package vault
import (
"context"
"fmt"
"strings"
"time"
)
// tuneMount is used to set config on a mount point
func (b *SystemBackend) tuneMountTTLs(ctx context.Context, path string, me *MountEntry, newDefault, newMax time.Duration) error {
zero := time.Duration(0)
switch {
case newDefault == zero && newMax == zero:
// No checks needed
case newDefault == zero && newMax != zero:
// No default/max conflict, no checks needed
case newDefault != zero && newMax == zero:
// No default/max conflict, no checks needed
case newDefault != zero && newMax != zero:
if newMax < newDefault {
return fmt.Errorf("backend max lease TTL of %d would be less than backend default lease TTL of %d",
int(newMax.Seconds()), int(newDefault.Seconds()))
}
}
origMax := me.Config.MaxLeaseTTL
origDefault := me.Config.DefaultLeaseTTL
me.Config.MaxLeaseTTL = newMax
me.Config.DefaultLeaseTTL = newDefault
// Update the mount table
var err error
switch {
case strings.HasPrefix(path, credentialRoutePrefix):
err = b.Core.persistAuth(ctx, b.Core.auth, me.Local)
default:
err = b.Core.persistMounts(ctx, b.Core.mounts, me.Local)
}
if err != nil {
me.Config.MaxLeaseTTL = origMax
me.Config.DefaultLeaseTTL = origDefault
return fmt.Errorf("failed to update mount table, rolling back TTL changes")
}
if b.Core.logger.IsInfo() {
b.Core.logger.Info("core: mount tuning of leases successful", "path", path)
}
return nil
}