Split SanitizeTTL method to support time.Duration parameters as well

shomron · May 5, 2016 · 0481976 · 0481976
1 parent e2927be
commit 0481976
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 11 deletions.
diff --git a/builtin/credential/github/path_login.go b/builtin/credential/github/path_login.go
@@ -46,7 +46,7 @@ func (b *backend) pathLogin(
 		return nil, err
 	}
 
-	ttl, _, err := b.SanitizeTTL(config.TTL.String(), config.MaxTTL.String())
+	ttl, _, err := b.SanitizeTTLStr(config.TTL.String(), config.MaxTTL.String())
 	if err != nil {
 		return logical.ErrorResponse(fmt.Sprintf("[ERR]:%s", err)), nil
 	}

diff --git a/builtin/credential/userpass/path_users.go b/builtin/credential/userpass/path_users.go
@@ -176,7 +176,7 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 		maxTTLStr = maxTTLStrRaw.(string)
 	}
 
-	userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr)
+	userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTLStr(ttlStr, maxTTLStr)
 	if err != nil {
 		return logical.ErrorResponse(fmt.Sprintf("err: %s", err)), nil
 	}

diff --git a/logical/framework/backend.go b/logical/framework/backend.go
@@ -225,34 +225,43 @@ func (b *Backend) System() logical.SystemView {
 // compares those with the SystemView values. If they are empty a value of 0 is
 // set, which will cause initial secret or LeaseExtend operations to use the
 // mount/system defaults.  If they are set, their boundaries are validated.
-func (b *Backend) SanitizeTTL(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) {
-	sysMaxTTL := b.System().MaxLeaseTTL()
+func (b *Backend) SanitizeTTLStr(ttlStr, maxTTLStr string) (ttl, maxTTL time.Duration, err error) {
 	if len(ttlStr) == 0 || ttlStr == "0" {
 		ttl = 0
 	} else {
 		ttl, err = time.ParseDuration(ttlStr)
 		if err != nil {
 			return 0, 0, fmt.Errorf("Invalid ttl: %s", err)
 		}
-		if ttl > sysMaxTTL {
-			return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
-		}
 	}
+
 	if len(maxTTLStr) == 0 || maxTTLStr == "0" {
 		maxTTL = 0
 	} else {
 		maxTTL, err = time.ParseDuration(maxTTLStr)
 		if err != nil {
 			return 0, 0, fmt.Errorf("Invalid max_ttl: %s", err)
 		}
-		if maxTTL > sysMaxTTL {
-			return 0, 0, fmt.Errorf("\"max_ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
-		}
+	}
+
+	ttl, maxTTL, err = b.SanitizeTTL(ttl, maxTTL)
+
+	return
+}
+
+// Caps the boundaries of ttl and max_ttl values to the backend mount's max_ttl value.
+func (b *Backend) SanitizeTTL(ttl, maxTTL time.Duration) (time.Duration, time.Duration, error) {
+	sysMaxTTL := b.System().MaxLeaseTTL()
+	if ttl > sysMaxTTL {
+		return 0, 0, fmt.Errorf("\"ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
+	}
+	if maxTTL > sysMaxTTL {
+		return 0, 0, fmt.Errorf("\"max_ttl\" value must be less than allowed max lease TTL value '%s'", sysMaxTTL.String())
 	}
 	if ttl > maxTTL && maxTTL != 0 {
 		ttl = maxTTL
 	}
-	return
+	return ttl, maxTTL, nil
 }
 
 // Route looks up the path that would be used for a given path string.