当前位置: 首页>>代码示例>>Golang>>正文


Golang framework.LeaseExtend函数代码示例

本文整理汇总了Golang中github.com/hashicorp/vault/logical/framework.LeaseExtend函数的典型用法代码示例。如果您正苦于以下问题:Golang LeaseExtend函数的具体用法?Golang LeaseExtend怎么用?Golang LeaseExtend使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了LeaseExtend函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: secretAccessKeysRenew

func (b *backend) secretAccessKeysRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {

	// STS already has a lifetime, and we don't support renewing it
	isSTSRaw, ok := req.Secret.InternalData["is_sts"]
	if ok {
		isSTS, ok := isSTSRaw.(bool)
		if ok {
			if isSTS {
				return nil, nil
			}
		}
	}

	lease, err := b.Lease(req.Storage)
	if err != nil {
		return nil, err
	}
	if lease == nil {
		lease = &configLease{}
	}

	f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, b.System())
	return f(req, d)
}
开发者ID:mhurne,项目名称:vault,代码行数:25,代码来源:secret_access_keys.go

示例2: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {

	if req.Auth == nil {
		return nil, fmt.Errorf("request auth was nil")
	}

	tokenRaw, ok := req.Auth.InternalData["token"]
	if !ok {
		return nil, fmt.Errorf("token created in previous version of Vault cannot be validated properly at renewal time")
	}
	token := tokenRaw.(string)

	var verifyResp *verifyCredentialsResp
	if verifyResponse, resp, err := b.verifyCredentials(req, token); err != nil {
		return nil, err
	} else if resp != nil {
		return resp, nil
	} else {
		verifyResp = verifyResponse
	}
	if !policyutil.EquivalentPolicies(verifyResp.Policies, req.Auth.Policies) {
		return nil, fmt.Errorf("policies do not match")
	}

	config, err := b.Config(req.Storage)
	if err != nil {
		return nil, err
	}
	return framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(req, d)
}
开发者ID:quixoten,项目名称:vault,代码行数:31,代码来源:path_login.go

示例3: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	config, err := b.Config(req.Storage)
	if err != nil {
		return nil, err
	}
	return framework.LeaseExtend(config.TTL, config.MaxTTL, b.System())(req, d)
}
开发者ID:romeo1978,项目名称:vault,代码行数:8,代码来源:path_login.go

示例4: secretDynamicKeyRenew

func (b *backend) secretDynamicKeyRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	lease, err := b.Lease(req.Storage)
	if err != nil {
		return nil, err
	}
	if lease == nil {
		lease = &configLease{Lease: 1 * time.Hour}
	}
	f := framework.LeaseExtend(lease.Lease, lease.LeaseMax, false)
	return f(req, d)
}
开发者ID:kgutwin,项目名称:vault,代码行数:11,代码来源:secret_dynamic_key.go

示例5: secretCredsRenew

func (b *backend) secretCredsRenew(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Get the lease information
	leaseConfig, err := b.LeaseConfig(req.Storage)
	if err != nil {
		return nil, err
	}
	if leaseConfig == nil {
		leaseConfig = &configLease{}
	}

	f := framework.LeaseExtend(leaseConfig.TTL, leaseConfig.MaxTTL, b.System())
	return f(req, d)
}
开发者ID:quixoten,项目名称:vault,代码行数:13,代码来源:secret_creds.go

示例6: secretCredsRenew

func (b *backend) secretCredsRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Get the username from the internal data
	usernameRaw, ok := req.Secret.InternalData["username"]
	if !ok {
		return nil, fmt.Errorf("secret is missing username internal data")
	}
	username, ok := usernameRaw.(string)

	// Get our connection
	db, err := b.DB(req.Storage)
	if err != nil {
		return nil, err
	}

	// Get the lease information
	lease, err := b.Lease(req.Storage)
	if err != nil {
		return nil, err
	}
	if lease == nil {
		lease = &configLease{Lease: 1 * time.Hour}
	}

	f := framework.LeaseExtend(lease.Lease, lease.LeaseMax)
	resp, err := f(req, d)
	if err != nil {
		return nil, err
	}

	// Make sure we increase the VALID UNTIL endpoint for this user.
	if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() {
		expiration := expireTime.Add(10 * time.Minute).
			Format("2006-01-02 15:04:05")

		query := fmt.Sprintf(
			"ALTER ROLE %s VALID UNTIL '%s';",
			pq.QuoteIdentifier(username),
			expiration)
		stmt, err := db.Prepare(query)
		if err != nil {
			return nil, err
		}
		defer stmt.Close()
		if _, err := stmt.Exec(); err != nil {
			return nil, err
		}
	}

	return resp, nil
}
开发者ID:beornf,项目名称:vault,代码行数:51,代码来源:secret_creds.go

示例7: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	config, err := b.Config(req.Storage)
	if err != nil {
		return nil, err
	}

	if !config.DisableBinding {
		var matched *ParsedCert
		if verifyResp, resp, err := b.verifyCredentials(req); err != nil {
			return nil, err
		} else if resp != nil {
			return resp, nil
		} else {
			matched = verifyResp
		}

		if matched == nil {
			return nil, nil
		}

		clientCerts := req.Connection.ConnState.PeerCertificates
		if len(clientCerts) == 0 {
			return nil, fmt.Errorf("no client certificate found")
		}
		skid := base64.StdEncoding.EncodeToString(clientCerts[0].SubjectKeyId)
		akid := base64.StdEncoding.EncodeToString(clientCerts[0].AuthorityKeyId)

		// Certificate should not only match a registered certificate policy.
		// Also, the identity of the certificate presented should match the identity of the certificate used during login
		if req.Auth.InternalData["subject_key_id"] != skid && req.Auth.InternalData["authority_key_id"] != akid {
			return nil, fmt.Errorf("client identity during renewal not matching client identity used during login")
		}

	}
	// Get the cert and use its TTL
	cert, err := b.Cert(req.Storage, req.Auth.Metadata["cert_name"])
	if err != nil {
		return nil, err
	}
	if cert == nil {
		// User no longer exists, do not renew
		return nil, nil
	}

	if !policyutil.EquivalentPolicies(cert.Policies, req.Auth.Policies) {
		return nil, fmt.Errorf("policies have changed, not renewing")
	}

	return framework.LeaseExtend(cert.TTL, 0, b.System())(req, d)
}
开发者ID:GauntletWizard,项目名称:vault,代码行数:51,代码来源:path_login.go

示例8: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Get the cert and validate auth
	cert, err := b.Cert(req.Storage, req.Auth.Metadata["cert_name"])
	if err != nil {
		return nil, err
	}
	if cert == nil {
		// User no longer exists, do not renew
		return nil, nil
	}

	return framework.LeaseExtend(cert.TTL, 0, false)(req, d)
}
开发者ID:nicr9,项目名称:vault,代码行数:14,代码来源:path_login.go

示例9: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Get the user and validate auth
	user, err := b.User(req.Storage, req.Auth.Metadata["username"])
	if err != nil {
		return nil, err
	}
	if user == nil {
		// User no longer exists, do not renew
		return nil, nil
	}

	return framework.LeaseExtend(user.MaxTTL, 0, false)(req, d)
}
开发者ID:richardzone,项目名称:vault,代码行数:14,代码来源:path_login.go

示例10: authRenew

func (ts *TokenStore) authRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	if req.Auth == nil {
		return nil, fmt.Errorf("request auth is nil")
	}

	te, err := ts.Lookup(req.Auth.ClientToken)
	if err != nil {
		return nil, fmt.Errorf("error looking up token: %s", err)
	}
	if te == nil {
		return nil, fmt.Errorf("no token entry found during lookup")
	}

	f := framework.LeaseExtend(req.Auth.Increment, te.ExplicitMaxTTL, ts.System())

	// No role? Use normal LeaseExtend semantics
	if te.Role == "" {
		return f(req, d)
	}

	role, err := ts.tokenStoreRole(te.Role)
	if err != nil {
		return nil, fmt.Errorf("error looking up role %s: %s", te.Role, err)
	}

	if role == nil {
		return nil, fmt.Errorf("original token role (%s) could not be found, not renewing", te.Role)
	}

	// If role.Period is not zero, this is a periodic token. The TTL for a
	// periodic token is always the same (the role's period value). It is not
	// subject to normal maximum TTL checks that would come from calling
	// LeaseExtend, so we fast path it.
	//
	// The one wrinkle here is if the token has an explicit max TTL. Roles
	// don't support having both configured, but they could be changed. We
	// don't support tokens that are both periodic and have an explicit max
	// TTL, so if the token has one, we treat it as a regular token even if the
	// role is periodic.
	if role.Period != 0 && te.ExplicitMaxTTL == 0 {
		req.Auth.TTL = role.Period
		return &logical.Response{Auth: req.Auth}, nil
	}

	return f(req, d)
}
开发者ID:rchicoli,项目名称:consul-template,代码行数:47,代码来源:token_store.go

示例11: secretToken

func secretToken() *framework.Secret {
	return &framework.Secret{
		Type: SecretTokenType,
		Fields: map[string]*framework.FieldSchema{
			"token": &framework.FieldSchema{
				Type:        framework.TypeString,
				Description: "Request token",
			},
		},

		DefaultDuration:    DefaultLeaseDuration,
		DefaultGracePeriod: DefaultGracePeriod,

		Renew:  framework.LeaseExtend(0, 0, true),
		Revoke: secretTokenRevoke,
	}
}
开发者ID:vincentaubert,项目名称:vault,代码行数:17,代码来源:secret_token.go

示例12: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Get the user
	user, err := b.user(req.Storage, req.Auth.Metadata["username"])
	if err != nil {
		return nil, err
	}
	if user == nil {
		// User no longer exists, do not renew
		return nil, nil
	}

	if !policyutil.EquivalentPolicies(user.Policies, req.Auth.Policies) {
		return logical.ErrorResponse("policies have changed, not renewing"), nil
	}

	return framework.LeaseExtend(user.TTL, user.MaxTTL, b.System())(req, d)
}
开发者ID:hashbrowncipher,项目名称:vault,代码行数:18,代码来源:path_login.go

示例13: pathLoginRenew

func (b *backend) pathLoginRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {

	username := req.Auth.Metadata["username"]
	password := req.Auth.InternalData["password"].(string)
	prevpolicies := req.Auth.Metadata["policies"]

	policies, resp, err := b.Login(req, username, password)
	if len(policies) == 0 {
		return resp, err
	}

	sort.Strings(policies)
	if strings.Join(policies, ",") != prevpolicies {
		return logical.ErrorResponse("policies have changed, revoking login"), nil
	}

	return framework.LeaseExtend(1*time.Hour, 0, false)(req, d)
}
开发者ID:freimer,项目名称:vault,代码行数:19,代码来源:path_login.go

示例14: secretCredsRenew

func (b *backend) secretCredsRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	// Get the lease information
	roleRaw, ok := req.Secret.InternalData["role"]
	if !ok {
		return nil, fmt.Errorf("Secret is missing role internal data")
	}
	roleName, ok := roleRaw.(string)
	if !ok {
		return nil, fmt.Errorf("Error converting role internal data to string")
	}

	role, err := getRole(req.Storage, roleName)
	if err != nil {
		return nil, fmt.Errorf("Unable to load role: %s", err)
	}

	return framework.LeaseExtend(role.Lease, 0, false)(req, d)
}
开发者ID:bgirardeau,项目名称:vault,代码行数:19,代码来源:secret_creds.go

示例15: authRenew

func (ts *TokenStore) authRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	if req.Auth == nil {
		return nil, fmt.Errorf("request auth is nil")
	}

	f := framework.LeaseExtend(req.Auth.Increment, 0, ts.System())

	te, err := ts.Lookup(req.Auth.ClientToken)
	if err != nil {
		return nil, fmt.Errorf("error looking up token: %s", err)
	}
	if te == nil {
		return nil, fmt.Errorf("no token entry found during lookup")
	}

	// No role? Use normal LeaseExtend semantics
	if te.Role == "" {
		return f(req, d)
	}

	role, err := ts.tokenStoreRole(te.Role)
	if err != nil {
		return nil, fmt.Errorf("error looking up role %s: %s", te.Role, err)
	}

	if role == nil {
		return logical.ErrorResponse(fmt.Sprintf("original token role (%s) could not be found, not renewing", te.Role)), nil
	}

	// If role.Period is not zero, this is a periodic token. The TTL for a
	// periodic token is always the same (the role's period value). It is not
	// subject to normal maximum TTL checks that would come from calling
	// LeaseExtend, so we fast path it.
	if role.Period != 0 {
		req.Auth.TTL = role.Period
		return &logical.Response{Auth: req.Auth}, nil
	}

	return f(req, d)
}
开发者ID:geckoboard,项目名称:vault,代码行数:41,代码来源:token_store.go


注:本文中的github.com/hashicorp/vault/logical/framework.LeaseExtend函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。