Rename default_ttl to default_sts_ttl

hashicorp · Aug 21, 2018 · 525a59a · 525a59a
1 parent 615c650
commit 525a59a
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 17 deletions.
diff --git a/builtin/logical/aws/backend_test.go b/builtin/logical/aws/backend_test.go
@@ -544,7 +544,7 @@ func testAccStepReadPolicy(t *testing.T, name string, value string) logicaltest.
 				"role_arns":        []string(nil),
 				"policy_document":  value,
 				"credential_types": []string{iamUserCred, federationTokenCred},
-				"default_ttl":      time.Duration(0),
+				"default_sts_ttl":  time.Duration(0),
 			}
 			if !reflect.DeepEqual(resp.Data, expected) {
 				return fmt.Errorf("bad: got: %#v\nexpected: %#v", resp.Data, expected)
@@ -639,7 +639,7 @@ func TestBackend_iamUserManagedInlinePolicies(t *testing.T) {
 		"policy_arns":      []string{ec2PolicyArn, iamPolicyArn},
 		"credential_types": []string{iamUserCred},
 		"role_arns":        []string(nil),
-		"default_ttl":      time.Duration(0),
+		"default_sts_ttl":  time.Duration(0),
 	}
 	logicaltest.Test(t, logicaltest.TestCase{
 		AcceptanceTest: true,
@@ -697,12 +697,12 @@ func TestBackend_AssumedRoleWithPolicyDoc(t *testing.T) {
 	})
 }
 
-func TestBackend_RoleDefaultTTL(t *testing.T) {
+func TestBackend_RoleDefaultSTSTTL(t *testing.T) {
 	minAwsAssumeRoleDuration := 900
 	roleData := map[string]interface{}{
 		"role_arns":       []string{fmt.Sprintf("arn:aws:iam::%s:role/%s", os.Getenv("AWS_ACCOUNT_ID"), testRoleName)},
 		"credential_type": assumedRoleCred,
-		"default_ttl":     minAwsAssumeRoleDuration,
+		"default_sts_ttl": minAwsAssumeRoleDuration,
 	}
 	logicaltest.Test(t, logicaltest.TestCase{
 		AcceptanceTest: true,
@@ -754,7 +754,7 @@ func testAccStepReadArnPolicy(t *testing.T, name string, value string) logicalte
 				"role_arns":        []string(nil),
 				"policy_document":  "",
 				"credential_types": []string{iamUserCred},
-				"default_ttl":      time.Duration(0),
+				"default_sts_ttl":  time.Duration(0),
 			}
 			if !reflect.DeepEqual(resp.Data, expected) {
 				return fmt.Errorf("bad: got: %#v\nexpected: %#v", resp.Data, expected)

diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go
@@ -62,7 +62,7 @@ will be passed in as the Policy parameter to the AssumeRole or
 GetFederationToken API call, acting as a filter on permissions available.`,
 			},
 
-			"default_ttl": &framework.FieldSchema{
+			"default_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred),
 			},
@@ -212,14 +212,14 @@ func (b *backend) pathRolesWrite(ctx context.Context, req *logical.Request, d *f
 		roleEntry.PolicyDocument = compacted
 	}
 
-	if defaultTTLRaw, ok := d.GetOk("default_ttl"); ok {
+	if defaultSTSTTLRaw, ok := d.GetOk("default_sts_ttl"); ok {
 		if legacyRole != "" {
-			return logical.ErrorResponse("cannot supply deprecated role or policy parameters with ttl"), nil
+			return logical.ErrorResponse("cannot supply deprecated role or policy parameters with default_sts_ttl"), nil
 		}
 		if !strutil.StrListContains(roleEntry.CredentialTypes, assumedRoleCred) && !strutil.StrListContains(roleEntry.CredentialTypes, federationTokenCred) {
-			return logical.ErrorResponse(fmt.Sprintf("default_ttl parameter only valid for %s and %s credential types", assumedRoleCred, federationTokenCred)), nil
+			return logical.ErrorResponse(fmt.Sprintf("default_sts_ttl parameter only valid for %s and %s credential types", assumedRoleCred, federationTokenCred)), nil
 		}
-		roleEntry.DefaultTTL = time.Duration(defaultTTLRaw.(int)) * time.Second
+		roleEntry.DefaultSTSTTL = time.Duration(defaultSTSTTLRaw.(int)) * time.Second
 	}
 
 	if legacyRole != "" {
@@ -397,7 +397,7 @@ type awsRoleEntry struct {
 	InvalidData              string        `json:"invalid_data,omitempty"`                // Invalid role data. Exists to support converting the legacy role data into the new format
 	ProhibitFlexibleCredPath bool          `json:"prohibit_flexible_cred_path,omitempty"` // Disallow accessing STS credentials via the creds path and vice verse
 	Version                  int           `json:"version"`                               // Version number of the role format
-	DefaultTTL               time.Duration `json:"default_ttl"`                           // Default TTL for STS credentials
+	DefaultSTSTTL            time.Duration `json:"default_sts_ttl"`                       // Default TTL for STS credentials
 }
 
 func (r *awsRoleEntry) toResponseData() map[string]interface{} {
@@ -406,7 +406,7 @@ func (r *awsRoleEntry) toResponseData() map[string]interface{} {
 		"policy_arns":      r.PolicyArns,
 		"role_arns":        r.RoleArns,
 		"policy_document":  r.PolicyDocument,
-		"default_ttl":      r.DefaultTTL / time.Second,
+		"default_sts_ttl":  r.DefaultSTSTTL / time.Second,
 	}
 	if r.InvalidData != "" {
 		respData["invalid_data"] = r.InvalidData

diff --git a/builtin/logical/aws/path_roles_test.go b/builtin/logical/aws/path_roles_test.go
@@ -23,7 +23,7 @@ func TestBackend_PathListRoles(t *testing.T) {
 	roleData := map[string]interface{}{
 		"role_arns":       []string{"arn:aws:iam::123456789012:role/path/RoleName"},
 		"credential_type": assumedRoleCred,
-		"default_ttl":     3600,
+		"default_sts_ttl": 3600,
 	}
 
 	roleReq := &logical.Request{

diff --git a/builtin/logical/aws/path_user.go b/builtin/logical/aws/path_user.go
@@ -62,8 +62,8 @@ func (b *backend) pathCredsRead(ctx context.Context, req *logical.Request, d *fr
 	switch {
 	case ok:
 		ttl = int64(ttlRaw.(int))
-	case role.DefaultTTL > 0:
-		ttl = int64(role.DefaultTTL / time.Second)
+	case role.DefaultSTSTTL > 0:
+		ttl = int64(role.DefaultSTSTTL / time.Second)
 	default:
 		ttl = int64(d.Get("ttl").(int))
 	}

diff --git a/website/source/api/secret/aws/index.html.md b/website/source/api/secret/aws/index.html.md
@@ -179,7 +179,7 @@ updated with the new attributes.
   user has. With `assumed_role` and `federation_token`, the policy document will
   act as a filter on what the credentials can do.
 
-- `default_ttl` `(string)` - The default TTL for STS credentials. When a TTL is not
+- `default_sts_ttl` `(string)` - The default TTL for STS credentials. When a TTL is not
   specified when STS credentials are requested, and a default TTL is specified
   on the role, then this default TTL will be used. Valid only when
   `credential_type` is one of `assumed_role` or `federation_token`.
@@ -357,7 +357,7 @@ credentials retrieved through `/aws/creds` must be of the `iam_user` type.
 - `ttl` `(string: "3600s")` – Specifies the TTL for the use of the STS token.
   This is specified as a string with a duration suffix. Valid only when
   `credential_type` is `assumed_role` or `federation_token`. When not specified,
-  the `default_ttl` set for the role will be used. If that is also not set, then
+  the `default_sts_ttl` set for the role will be used. If that is also not set, then
   the default value of `3600s` will be used. AWS places limits
   on the maximum TTL allowed. See the AWS documentation on the `DurationSeconds`
   parameter for