forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
lease.go
85 lines (72 loc) · 2.41 KB
/
lease.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package framework
import (
"fmt"
"time"
"github.com/hashicorp/vault/logical"
)
// LeaseExtend returns an OperationFunc that can be used to simply extend
// the lease of the auth/secret for the duration that was requested. Max
// is the max time past the _current_ time that a lease can be extended. i.e.
// setting it to 2 hours forces a renewal within the next 2 hours again.
//
// maxSession is the maximum session length allowed since the original
// issue time. If this is zero, it is ignored,.
func LeaseExtend(max, maxSession time.Duration) OperationFunc {
return func(req *logical.Request, data *FieldData) (*logical.Response, error) {
lease := detectLease(req)
if lease == nil {
return nil, fmt.Errorf("no lease options for request")
}
now := time.Now().UTC()
// Check if we're passed the issue limit
var maxSessionTime time.Time
if maxSession > 0 {
maxSessionTime = lease.LeaseIssue.Add(maxSession)
if maxSessionTime.Sub(now) <= 0 {
return logical.ErrorResponse(fmt.Sprintf(
"lease can only be renewed up to %s past original issue",
maxSession)), logical.ErrInvalidRequest
}
}
// Protect against negative leases
if lease.LeaseIncrement < 0 {
return logical.ErrorResponse(
"increment must be greater than 0"), logical.ErrInvalidRequest
}
// If the lease is zero, then assume max
if lease.LeaseIncrement == 0 {
lease.LeaseIncrement = max
}
// If the increment is greater than the amount of time we have left
// on our session, set it to that.
if !maxSessionTime.IsZero() {
diff := maxSessionTime.Sub(lease.ExpirationTime())
if diff < lease.LeaseIncrement {
lease.LeaseIncrement = diff
}
}
// Determine the requested lease
newLease := lease.IncrementedLease(lease.LeaseIncrement)
if max > 0 {
// Determine if the requested lease is too long
maxExpiration := now.Add(max)
newExpiration := now.Add(newLease)
if newExpiration.Sub(maxExpiration) > 0 {
// The new expiration is past the max expiration. In this
// case, admit the longest lease we can.
newLease = maxExpiration.Sub(lease.ExpirationTime())
}
}
// Set the lease
lease.Lease = newLease
return &logical.Response{Auth: req.Auth, Secret: req.Secret}, nil
}
}
func detectLease(req *logical.Request) *logical.LeaseOptions {
if req.Auth != nil {
return &req.Auth.LeaseOptions
} else if req.Secret != nil {
return &req.Secret.LeaseOptions
}
return nil
}