func (b *backend) secretAccessKeysRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // STS already has a lifetime, and we don't support renewing it isSTSRaw, ok := req.Secret.InternalData["is_sts"] if ok { isSTS, ok := isSTSRaw.(bool) if ok { if isSTS { return nil, nil } } } lease, err := b.Lease(req.Storage) if err != nil { return nil, err } if lease == nil { lease = &configLease{} } f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, b.System()) return f(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { if req.Auth == nil { return nil, fmt.Errorf("request auth was nil") } tokenRaw, ok := req.Auth.InternalData["token"] if !ok { return nil, fmt.Errorf("token created in previous version of Vault cannot be validated properly at renewal time") } token := tokenRaw.(string) var verifyResp *verifyCredentialsResp if verifyResponse, resp, err := b.verifyCredentials(req, token); err != nil { return nil, err } else if resp != nil { return resp, nil } else { verifyResp = verifyResponse } if !policyutil.EquivalentPolicies(verifyResp.Policies, req.Auth.Policies) { return nil, fmt.Errorf("policies do not match") } config, err := b.Config(req.Storage) if err != nil { return nil, err } return framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(req, d) }
// Invoked when the token issued by this backend is attempting a renewal. func (b *backend) pathLoginRenew(req *logical.Request, data *framework.FieldData) (*logical.Response, error) { roleName := req.Auth.InternalData["role_name"].(string) if roleName == "" { return nil, fmt.Errorf("failed to fetch role_name during renewal") } // Ensure that the Role still exists. role, err := b.roleEntry(req.Storage, roleName) if err != nil { return nil, fmt.Errorf("failed to validate role %s during renewal:%s", roleName, err) } if role == nil { return nil, fmt.Errorf("role %s does not exist during renewal", roleName) } // If 'Period' is set on the Role, the token should never expire. // Replenish the TTL with 'Period's value. if role.Period > time.Duration(0) { // If 'Period' was updated after the token was issued, // token will bear the updated 'Period' value as its TTL. req.Auth.TTL = role.Period return &logical.Response{Auth: req.Auth}, nil } else { return framework.LeaseExtend(role.TokenTTL, role.TokenMaxTTL, b.System())(req, data) } }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { config, err := b.Config(req.Storage) if err != nil { return nil, err } return framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(req, d) }
func (b *backend) secretDynamicKeyRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) { lease, err := b.Lease(req.Storage) if err != nil { return nil, err } if lease == nil { lease = &configLease{Lease: 1 * time.Hour} } f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, false) return f(req, d) }
func (b *backend) secretCredsRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Get the lease information leaseConfig, err := b.LeaseConfig(req.Storage) if err != nil { return nil, err } if leaseConfig == nil { leaseConfig = &configLease{} } f := framework.LeaseExtend(leaseConfig.TTL, leaseConfig.MaxTTL, b.System()) return f(req, d) }
func (b *backend) secretCredsRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Get the username from the internal data usernameRaw, ok := req.Secret.InternalData["username"] if !ok { return nil, fmt.Errorf("secret is missing username internal data") } username, ok := usernameRaw.(string) // Get our connection db, err := b.DB(req.Storage) if err != nil { return nil, err } // Get the lease information lease, err := b.Lease(req.Storage) if err != nil { return nil, err } if lease == nil { lease = &configLease{Lease: 1 * time.Hour} } f := framework.LeaseExtend(lease.Lease, lease.LeaseMax) resp, err := f(req, d) if err != nil { return nil, err } // Make sure we increase the VALID UNTIL endpoint for this user. if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() { expiration := expireTime.Add(10 * time.Minute). Format("2006-01-02 15:04:05") query := fmt.Sprintf( "ALTER ROLE %s VALID UNTIL '%s';", pq.QuoteIdentifier(username), expiration) stmt, err := db.Prepare(query) if err != nil { return nil, err } defer stmt.Close() if _, err := stmt.Exec(); err != nil { return nil, err } } return resp, nil }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { config, err := b.Config(req.Storage) if err != nil { return nil, err } if !config.DisableBinding { var matched *ParsedCert if verifyResp, resp, err := b.verifyCredentials(req); err != nil { return nil, err } else if resp != nil { return resp, nil } else { matched = verifyResp } if matched == nil { return nil, nil } clientCerts := req.Connection.ConnState.PeerCertificates if len(clientCerts) == 0 { return nil, fmt.Errorf("no client certificate found") } skid := base64.StdEncoding.EncodeToString(clientCerts[0].SubjectKeyId) akid := base64.StdEncoding.EncodeToString(clientCerts[0].AuthorityKeyId) // Certificate should not only match a registered certificate policy. // Also, the identity of the certificate presented should match the identity of the certificate used during login if req.Auth.InternalData["subject_key_id"] != skid && req.Auth.InternalData["authority_key_id"] != akid { return nil, fmt.Errorf("client identity during renewal not matching client identity used during login") } } // Get the cert and use its TTL cert, err := b.Cert(req.Storage, req.Auth.Metadata["cert_name"]) if err != nil { return nil, err } if cert == nil { // User no longer exists, do not renew return nil, nil } if !policyutil.EquivalentPolicies(cert.Policies, req.Auth.Policies) { return nil, fmt.Errorf("policies have changed, not renewing") } return framework.LeaseExtend(cert.TTL, 0, b.System())(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Get the cert and validate auth cert, err := b.Cert(req.Storage, req.Auth.Metadata["cert_name"]) if err != nil { return nil, err } if cert == nil { // User no longer exists, do not renew return nil, nil } return framework.LeaseExtend(cert.TTL, 0, false)(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Get the user and validate auth user, err := b.User(req.Storage, req.Auth.Metadata["username"]) if err != nil { return nil, err } if user == nil { // User no longer exists, do not renew return nil, nil } return framework.LeaseExtend(user.MaxTTL, 0, false)(req, d) }
func (ts *TokenStore) authRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { if req.Auth == nil { return nil, fmt.Errorf("request auth is nil") } te, err := ts.Lookup(req.Auth.ClientToken) if err != nil { return nil, fmt.Errorf("error looking up token: %s", err) } if te == nil { return nil, fmt.Errorf("no token entry found during lookup") } f := framework.LeaseExtend(req.Auth.Increment, te.ExplicitMaxTTL, ts.System()) // No role? Use normal LeaseExtend semantics if te.Role == "" { return f(req, d) } role, err := ts.tokenStoreRole(te.Role) if err != nil { return nil, fmt.Errorf("error looking up role %s: %s", te.Role, err) } if role == nil { return nil, fmt.Errorf("original token role (%s) could not be found, not renewing", te.Role) } // If role.Period is not zero, this is a periodic token. The TTL for a // periodic token is always the same (the role's period value). It is not // subject to normal maximum TTL checks that would come from calling // LeaseExtend, so we fast path it. // // The one wrinkle here is if the token has an explicit max TTL. Roles // don't support having both configured, but they could be changed. We // don't support tokens that are both periodic and have an explicit max // TTL, so if the token has one, we treat it as a regular token even if the // role is periodic. if role.Period != 0 && te.ExplicitMaxTTL == 0 { req.Auth.TTL = role.Period return &logical.Response{Auth: req.Auth}, nil } return f(req, d) }
func secretToken() *framework.Secret { return &framework.Secret{ Type: SecretTokenType, Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Request token", }, }, DefaultDuration: DefaultLeaseDuration, DefaultGracePeriod: DefaultGracePeriod, Renew: framework.LeaseExtend(0, 0, true), Revoke: secretTokenRevoke, } }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { username := req.Auth.Metadata["username"] password := req.Auth.InternalData["password"].(string) loginPolicies, resp, err := b.Login(req, username, password) if len(loginPolicies) == 0 { return resp, err } if !policyutil.EquivalentPolicies(loginPolicies, req.Auth.Policies) { return nil, fmt.Errorf("policies have changed, not renewing") } return framework.LeaseExtend(0, 0, b.System())(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Get the user user, err := b.user(req.Storage, req.Auth.Metadata["username"]) if err != nil { return nil, err } if user == nil { // User no longer exists, do not renew return nil, nil } if !policyutil.EquivalentPolicies(user.Policies, req.Auth.Policies) { return logical.ErrorResponse("policies have changed, not renewing"), nil } return framework.LeaseExtend(user.TTL, user.MaxTTL, b.System())(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { username := req.Auth.Metadata["username"] password := req.Auth.InternalData["password"].(string) prevpolicies := req.Auth.Metadata["policies"] policies, resp, err := b.Login(req, username, password) if len(policies) == 0 { return resp, err } sort.Strings(policies) if strings.Join(policies, ",") != prevpolicies { return logical.ErrorResponse("policies have changed, revoking login"), nil } return framework.LeaseExtend(1*time.Hour, 0, false)(req, d) }
func (b *backend) secretCredsRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Get the lease information roleRaw, ok := req.Secret.InternalData["role"] if !ok { return nil, fmt.Errorf("Secret is missing role internal data") } roleName, ok := roleRaw.(string) if !ok { return nil, fmt.Errorf("Error converting role internal data to string") } role, err := getRole(req.Storage, roleName) if err != nil { return nil, fmt.Errorf("Unable to load role: %s", err) } return framework.LeaseExtend(role.Lease, 0, false)(req, d) }
func (ts *TokenStore) authRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { if req.Auth == nil { return nil, fmt.Errorf("request auth is nil") } f := framework.LeaseExtend(req.Auth.Increment, 0, ts.System()) te, err := ts.Lookup(req.Auth.ClientToken) if err != nil { return nil, fmt.Errorf("error looking up token: %s", err) } if te == nil { return nil, fmt.Errorf("no token entry found during lookup") } // No role? Use normal LeaseExtend semantics if te.Role == "" { return f(req, d) } role, err := ts.tokenStoreRole(te.Role) if err != nil { return nil, fmt.Errorf("error looking up role %s: %s", te.Role, err) } if role == nil { return logical.ErrorResponse(fmt.Sprintf("original token role (%s) could not be found, not renewing", te.Role)), nil } // If role.Period is not zero, this is a periodic token. The TTL for a // periodic token is always the same (the role's period value). It is not // subject to normal maximum TTL checks that would come from calling // LeaseExtend, so we fast path it. if role.Period != 0 { req.Auth.TTL = role.Period return &logical.Response{Auth: req.Auth}, nil } return f(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { token := req.Auth.InternalData["token"].(string) var verifyResp *verifyCredentialsResp if verifyResponse, resp, err := b.verifyCredentials(req, token); err != nil { return nil, err } else if resp != nil { return resp, nil } else { verifyResp = verifyResponse } if !policyutil.EquivalentPolicies(verifyResp.Policies, req.Auth.Policies) { return logical.ErrorResponse("policies do not match"), nil } config, err := b.Config(req.Storage) if err != nil { return nil, err } return framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { appId := req.Auth.InternalData["app-id"].(string) userId := req.Auth.InternalData["user-id"].(string) // Skipping CIDR verification to enable renewal from machines other than // the ones encompassed by CIDR block. if _, resp, err := b.verifyCredentials(req, appId, userId); err != nil { return nil, err } else if resp != nil { return resp, nil } // Get the policies associated with the app mapPolicies, err := b.MapAppId.Policies(req.Storage, appId) if err != nil { return nil, err } if !policyutil.EquivalentPolicies(mapPolicies, req.Auth.Policies) { return nil, fmt.Errorf("policies do not match") } return framework.LeaseExtend(0, 0, b.System())(req, d) }
// NewTokenStore is used to construct a token store that is // backed by the given barrier view. func NewTokenStore(c *Core) (*TokenStore, error) { // Create a sub-view view := c.systemView.SubView(tokenSubPath) // Initialize the store t := &TokenStore{ view: view, } // Look for the salt raw, err := view.Get(tokenSaltLocation) if err != nil { return nil, fmt.Errorf("failed to read salt: %v", err) } // Restore the salt if it exists if raw != nil { t.salt = string(raw.Value) } // Generate a new salt if necessary if t.salt == "" { t.salt = generateUUID() raw = &logical.StorageEntry{Key: tokenSaltLocation, Value: []byte(t.salt)} if err := view.Put(raw); err != nil { return nil, fmt.Errorf("failed to persist salt: %v", err) } } // Setup the framework endpoints t.Backend = &framework.Backend{ AuthRenew: framework.LeaseExtend(0, 0), PathsSpecial: &logical.Paths{ Root: []string{ "revoke-prefix/*", }, Unauthenticated: []string{ "lookup-self", }, }, Paths: []*framework.Path{ &framework.Path{ Pattern: "create$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleCreate, }, HelpSynopsis: strings.TrimSpace(tokenCreateHelp), HelpDescription: strings.TrimSpace(tokenCreateHelp), }, &framework.Path{ Pattern: "lookup/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to lookup", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), HelpDescription: strings.TrimSpace(tokenLookupHelp), }, &framework.Path{ Pattern: "lookup-self$", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to lookup", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), HelpDescription: strings.TrimSpace(tokenLookupHelp), }, &framework.Path{ Pattern: "revoke/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokeTree, }, HelpSynopsis: strings.TrimSpace(tokenRevokeHelp), HelpDescription: strings.TrimSpace(tokenRevokeHelp), }, &framework.Path{ Pattern: "revoke-orphan/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokeOrphan, }, HelpSynopsis: strings.TrimSpace(tokenRevokeOrphanHelp), HelpDescription: strings.TrimSpace(tokenRevokeOrphanHelp), }, &framework.Path{ Pattern: "revoke-prefix/(?P<prefix>.+)", Fields: map[string]*framework.FieldSchema{ "prefix": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token source prefix to revoke", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokePrefix, }, HelpSynopsis: strings.TrimSpace(tokenRevokePrefixHelp), HelpDescription: strings.TrimSpace(tokenRevokePrefixHelp), }, &framework.Path{ Pattern: "renew/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to renew", }, "increment": &framework.FieldSchema{ Type: framework.TypeInt, Description: "The desired increment in seconds to the token expiration", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRenew, }, HelpSynopsis: strings.TrimSpace(tokenRenewHelp), HelpDescription: strings.TrimSpace(tokenRenewHelp), }, }, } return t, nil }
// pathLoginRenew is used to renew an authenticated token. func (b *backend) pathLoginRenew( req *logical.Request, data *framework.FieldData) (*logical.Response, error) { instanceID := req.Auth.Metadata["instance_id"] if instanceID == "" { return nil, fmt.Errorf("unable to fetch instance ID from metadata during renewal") } region := req.Auth.Metadata["region"] if region == "" { return nil, fmt.Errorf("unable to fetch region from metadata during renewal") } // Cross check that the instance is still in 'running' state _, err := b.validateInstance(req.Storage, instanceID, region) if err != nil { return nil, fmt.Errorf("failed to verify instance ID '%s': %s", instanceID, err) } storedIdentity, err := whitelistIdentityEntry(req.Storage, instanceID) if err != nil { return nil, err } if storedIdentity == nil { return nil, fmt.Errorf("failed to verify the whitelist identity entry for instance ID: %s", instanceID) } // Ensure that role entry is not deleted. roleEntry, err := b.lockedAWSRole(req.Storage, storedIdentity.Role) if err != nil { return nil, err } if roleEntry == nil { return nil, fmt.Errorf("role entry not found") } // If the login was made using the role tag, then max_ttl from tag // is cached in internal data during login and used here to cap the // max_ttl of renewal. rTagMaxTTL, err := time.ParseDuration(req.Auth.Metadata["role_tag_max_ttl"]) if err != nil { return nil, err } // Re-evaluate the maxTTL bounds. shortestMaxTTL := b.System().MaxLeaseTTL() longestMaxTTL := b.System().MaxLeaseTTL() if roleEntry.MaxTTL > time.Duration(0) && roleEntry.MaxTTL < shortestMaxTTL { shortestMaxTTL = roleEntry.MaxTTL } if roleEntry.MaxTTL > longestMaxTTL { longestMaxTTL = roleEntry.MaxTTL } if rTagMaxTTL > time.Duration(0) && rTagMaxTTL < shortestMaxTTL { shortestMaxTTL = rTagMaxTTL } if rTagMaxTTL > longestMaxTTL { longestMaxTTL = rTagMaxTTL } // Only LastUpdatedTime and ExpirationTime change and all other fields remain the same. currentTime := time.Now().UTC() storedIdentity.LastUpdatedTime = currentTime storedIdentity.ExpirationTime = currentTime.Add(longestMaxTTL) if err = setWhitelistIdentityEntry(req.Storage, instanceID, storedIdentity); err != nil { return nil, err } return framework.LeaseExtend(req.Auth.TTL, shortestMaxTTL, b.System())(req, data) }
// NewTokenStore is used to construct a token store that is // backed by the given barrier view. func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) { // Create a sub-view view := c.systemBarrierView.SubView(tokenSubPath) // Initialize the store t := &TokenStore{ view: view, } // Setup the salt salt, err := salt.NewSalt(view, nil) if err != nil { return nil, err } t.salt = salt // Setup the framework endpoints t.Backend = &framework.Backend{ // Allow a token lease to be extended indefinitely, but each time for only // as much as the original lease allowed for. If the lease has a 1 hour expiration, // it can only be extended up to another hour each time this means. AuthRenew: framework.LeaseExtend(0, 0, true), PathsSpecial: &logical.Paths{ Root: []string{ "revoke-prefix/*", "revoke-orphan/*", }, }, Paths: []*framework.Path{ &framework.Path{ Pattern: "create$", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleCreate, }, HelpSynopsis: strings.TrimSpace(tokenCreateHelp), HelpDescription: strings.TrimSpace(tokenCreateHelp), }, &framework.Path{ Pattern: "lookup/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to lookup", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), HelpDescription: strings.TrimSpace(tokenLookupHelp), }, &framework.Path{ Pattern: "lookup-self$", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to lookup", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.ReadOperation: t.handleLookup, }, HelpSynopsis: strings.TrimSpace(tokenLookupHelp), HelpDescription: strings.TrimSpace(tokenLookupHelp), }, &framework.Path{ Pattern: "revoke-self", Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokeSelf, }, HelpSynopsis: strings.TrimSpace(tokenRevokeSelfHelp), HelpDescription: strings.TrimSpace(tokenRevokeSelfHelp), }, &framework.Path{ Pattern: "revoke/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokeTree, }, HelpSynopsis: strings.TrimSpace(tokenRevokeHelp), HelpDescription: strings.TrimSpace(tokenRevokeHelp), }, &framework.Path{ Pattern: "revoke-orphan/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to revoke", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokeOrphan, }, HelpSynopsis: strings.TrimSpace(tokenRevokeOrphanHelp), HelpDescription: strings.TrimSpace(tokenRevokeOrphanHelp), }, &framework.Path{ Pattern: "revoke-prefix/(?P<prefix>.+)", Fields: map[string]*framework.FieldSchema{ "prefix": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token source prefix to revoke", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRevokePrefix, }, HelpSynopsis: strings.TrimSpace(tokenRevokePrefixHelp), HelpDescription: strings.TrimSpace(tokenRevokePrefixHelp), }, &framework.Path{ Pattern: "renew/(?P<token>.+)", Fields: map[string]*framework.FieldSchema{ "token": &framework.FieldSchema{ Type: framework.TypeString, Description: "Token to renew", }, "increment": &framework.FieldSchema{ Type: framework.TypeDurationSecond, Description: "The desired increment in seconds to the token expiration", }, }, Callbacks: map[logical.Operation]framework.OperationFunc{ logical.WriteOperation: t.handleRenew, }, HelpSynopsis: strings.TrimSpace(tokenRenewHelp), HelpDescription: strings.TrimSpace(tokenRenewHelp), }, }, } t.Backend.Setup(config) return t, nil }
func (ts *TokenStore) authRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { f := framework.LeaseExtend(0, 0, ts.System()) return f(req, d) }
func (b *backend) pathLoginRenew( req *logical.Request, d *framework.FieldData) (*logical.Response, error) { return framework.LeaseExtend(0, 0, b.System())(req, d) }
func (b *backend) secretDynamicKeyRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) { f := framework.LeaseExtend(0, 0, b.System()) return f(req, d) }
func (b *backend) secretDynamicKeyRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) { f := framework.LeaseExtend(b.System().DefaultLeaseTTL(), b.System().MaxLeaseTTL(), false) return f(req, d) }