From f51a7dad6597a649cb719dc0af129ec124a42a6e Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeff@hashicorp.com>
Date: Thu, 15 Mar 2018 09:24:02 -0700
Subject: [PATCH] Honor mount-tuned ttl/max ttl for database credential
 generatoin (#4053)

---
 builtin/logical/database/path_creds_create.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go
index 7f66f9eaab..aaab1b7666 100644
--- a/builtin/logical/database/path_creds_create.go
+++ b/builtin/logical/database/path_creds_create.go
@@ -74,9 +74,16 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 			}
 		}
 
-		ttl := role.DefaultTTL
-		if ttl == 0 || (role.MaxTTL > 0 && ttl > role.MaxTTL) {
-			ttl = role.MaxTTL
+		ttl := b.System().DefaultLeaseTTL()
+		if role.DefaultTTL != 0 {
+			ttl = role.DefaultTTL
+		}
+		maxTTL := b.System().MaxLeaseTTL()
+		if role.MaxTTL != 0 && role.MaxTTL < maxTTL {
+			maxTTL = role.MaxTTL
+		}
+		if ttl > maxTTL {
+			ttl = maxTTL
 		}
 
 		expiration := time.Now().Add(ttl)