addressing feedback

hashicorp · Apr 3, 2018 · 2317f5e · 2317f5e
1 parent 0b465c4
commit 2317f5e
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 1 deletion.
diff --git a/builtin/credential/ldap/path_login.go b/builtin/credential/ldap/path_login.go
@@ -111,6 +111,8 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
 		return nil, fmt.Errorf("policies have changed, not renewing")
 	}
 
+	resp.Auth = req.Auth
+
 	// Remove old aliases
 	resp.Auth.GroupAliases = nil
 

diff --git a/builtin/credential/okta/path_login.go b/builtin/credential/okta/path_login.go
@@ -127,6 +127,7 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
 		return nil, err
 	}
 
+	resp.Auth = req.Auth
 	resp.Auth.TTL = cfg.TTL
 	resp.Auth.MaxTTL = cfg.MaxTTL
 

diff --git a/builtin/credential/radius/path_login.go b/builtin/credential/radius/path_login.go
@@ -88,6 +88,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
 		}
 	}
 
+	resp.Auth = req.Auth
 	resp.Auth = &logical.Auth{
 		Policies: policies,
 		Metadata: map[string]string{

diff --git a/builtin/logical/database/secret_creds.go b/builtin/logical/database/secret_creds.go
@@ -59,6 +59,9 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 		}
 		if ttl > 0 {
 			expireTime := time.Now().Add(ttl)
+			// Adding a small buffer since the TTL will be calculated again afeter this call
+			// to ensure the database credential does not expire before the lease
+			expireTime = expireTime.Add(5 * time.Second)
 			err := db.RenewUser(ctx, role.Statements, username, expireTime)
 			if err != nil {
 				b.CloseIfShutdown(db, err)

diff --git a/builtin/logical/postgresql/secret_creds.go b/builtin/logical/postgresql/secret_creds.go
@@ -67,6 +67,9 @@ func (b *backend) secretCredsRenew(ctx context.Context, req *logical.Request, d
 	}
 	if ttl > 0 {
 		expireTime := time.Now().Add(ttl)
+		// Adding a small buffer since the TTL will be calculated again afeter this call
+		// to ensure the database credential does not expire before the lease
+		expireTime = expireTime.Add(5 * time.Second)
 		expiration := expireTime.Format("2006-01-02 15:04:05-0700")
 
 		query := fmt.Sprintf(

diff --git a/logical/framework/lease.go b/logical/framework/lease.go
@@ -27,7 +27,7 @@ func LeaseExtend(backendIncrement, backendMax time.Duration, systemView logical.
 	}
 }
 
-// CalculateTTL takes all the user-specifie, backend, and system inputs and calculates
+// CalculateTTL takes all the user-specified, backend, and system inputs and calculates
 // a TTL for a lease
 func CalculateTTL(sysView logical.SystemView, increment, backendTTL, period, backendMaxTTL, explicitMaxTTL time.Duration, startTime time.Time) (ttl time.Duration, warnings []string, errors error) {
 	// Truncate all times to the second since that is the lowest precision for