TJM
commented
1 year ago Fixed spelling on revocable ... how do we get from "revoke" to "revocable" (inflammable means flammable, what a country) ;)
Closed TJM closed 1 year ago
TJM
commented
1 year ago Fixed spelling on revocable ... how do we get from "revoke" to "revocable" (inflammable means flammable, what a country) ;)
TJM
commented
1 year ago Sorry, I just noticed my "Makefile" fix for TOKEN_USERNAME on the local test artifactory snuck in while I was fixing the spelling. That only affects a local test environment, so I am going to leave it there unless there are objections.
TJM
commented
1 year ago @alexhung While doing the UserTemplate stuff, I think I might have made an error around the TTL. I assume that the role maxTTL was the number to use, but now I see there is more TTL related logic in the func (b *backend) pathTokenCreatePerform function. I am going to have to re-work this. I am not sure which way I will move the logic yet. I am leaning towards passing the expires_in as an argument (optional argument) to the createToken function.
EDIT: I think the easiest way to handle this will be to modify the role.MaxTTL that gets sent to the createToken function, in the event that there is a system level setting limiting maxTTL. That way we don't have to change the "interface" to createToken, and we don't have to mess with trying to move any logic around or parse/return any TTL values.
EDIT: FIXED, as per above, just set role.MaxTTL instead of keeping that as a local variable, which makes the original code still work, but respect the system level MaxLeaseTTL
TJM
commented
1 year ago UPDATE: Rebased (one commit) and pulled out the magic version stuff... as I found it it fails after a reload. I need to sort out initialize, which I will do as part of a separate MR. Let's keep this one simple.
This enables setting the
force_revocableflag and set andexpires_into MaxTLLFixes #40