mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 22:21:30 +01:00
Code Issues Projects Releases Wiki Activity

Honor mount-tuned ttl/max ttl for database credential generatoin (#4053)

Browse Source
This commit is contained in:
Jeff Mitchell 2018-03-15 09:24:02 -07:00 committed by GitHub
parent d349f5b0a7
commit f51a7dad65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
builtin/logical/database/path_creds_create.go
View File

@ -74,9 +74,16 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
}
}
ttl := role.DefaultTTL
if ttl == 0 || (role.MaxTTL > 0 && ttl > role.MaxTTL) {
ttl = role.MaxTTL
ttl := b.System().DefaultLeaseTTL()
if role.DefaultTTL != 0 {
ttl = role.DefaultTTL
}
maxTTL := b.System().MaxLeaseTTL()
if role.MaxTTL != 0 && role.MaxTTL < maxTTL {
maxTTL = role.MaxTTL
}
if ttl > maxTTL {
ttl = maxTTL
}
expiration := time.Now().Add(ttl)