Added basic fields to implement autorotation of the main token

ilijamt · Aug 31, 2023 · 58cb6b9 · 58cb6b9
1 parent 33452e2
commit 58cb6b9
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 7 deletions.
diff --git a/defs.go b/defs.go
@@ -14,7 +14,8 @@ var (
 )
 
 const (
-	DefaultConfigFieldAccessTokenMaxTTL = time.Duration(0)
+	DefaultConfigFieldAccessTokenMaxTTL = 7 * 24 * time.Hour
+	DefaultConfigFieldAccessTokenRotate = 2 * 24 * time.Hour
 	DefaultRoleFieldAccessTokenMaxTTL   = 24 * time.Hour
 	DefaultAccessTokenMinTTL            = 24 * time.Hour
 	DefaultAccessTokenMaxPossibleTTL    = 365 * 24 * time.Hour

diff --git a/entry_config.go b/entry_config.go
@@ -7,16 +7,20 @@ import (
 )
 
 type entryConfig struct {
-	BaseURL string        `json:"base_url" structs:"base_url" mapstructure:"base_url"`
-	Token   string        `json:"token" structs:"token" mapstructure:"token"`
-	MaxTTL  time.Duration `json:"max_ttl" structs:"max_ttl" mapstructure:"max_ttl"`
+	BaseURL          string        `json:"base_url" structs:"base_url" mapstructure:"base_url"`
+	Token            string        `json:"token" structs:"token" mapstructure:"token"`
+	MaxTTL           time.Duration `json:"max_ttl" structs:"max_ttl" mapstructure:"max_ttl"`
+	AutoRotateToken  bool          `json:"auto_rotate_token" structs:"auto_rotate_token" mapstructure:"auto_rotate_token"`
+	AutoRotateBefore time.Duration `json:"auto_rotate_before" structs:"auto_rotate_before" mapstructure:"auto_rotate_before"`
 }
 
 func (e entryConfig) LogicalResponseData() map[string]interface{} {
 	return map[string]interface{}{
-		"max_ttl":  int64(e.MaxTTL / time.Second),
-		"base_url": e.BaseURL,
-		"token":    e.Token,
+		"max_ttl":            int64(e.MaxTTL / time.Second),
+		"base_url":           e.BaseURL,
+		"token":              e.Token,
+		"auto_rotate_token":  e.AutoRotateToken,
+		"auto_rotate_before": int64(e.AutoRotateBefore / time.Second),
 	}
 }
 

diff --git a/path_config.go b/path_config.go
@@ -16,6 +16,9 @@ const (
 	PathConfigStorage = "config"
 )
 
+/*
+AutoRotateBefore time.Duration `json:"auto_rotate_before" structs:"auto_rotate_before" mapstructure:"auto_rotate_before"`
+*/
 var (
 	fieldSchemaConfig = map[string]*framework.FieldSchema{
 		"token": {
@@ -37,6 +40,19 @@ var (
 			Description: `Maximum lifetime expected generated token will be valid for. If set to 0 it will be set for maximum 8670 hours`,
 			Default:     DefaultConfigFieldAccessTokenMaxTTL,
 		},
+		"auto_rotate_token": {
+			Type:        framework.TypeBool,
+			Default:     false,
+			Description: `Should we autorotate the token when it's close to expiry?`,
+			DisplayAttrs: &framework.DisplayAttributes{
+				Name: "Auto rotate token",
+			},
+		},
+		"auto_rotate_before": {
+			Type:        framework.TypeDurationSecond,
+			Description: `How much time should be remaining on the token validity before we should rotate it?`,
+			Default:     DefaultConfigFieldAccessTokenRotate,
+		},
 	}
 )