From 5b29ddfe7d9f536e85f98c8223906de0bf84fe79 Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 10:39:10 -0400 Subject: [PATCH 1/7] Replace all time.ParseDurations with testutil.ParseDurationSeconds --- builtin/credential/aws/path_login.go | 4 ++- builtin/credential/aws/path_role_tag.go | 4 ++- builtin/logical/aws/path_config_lease.go | 6 ++-- builtin/logical/pki/crl_test.go | 4 ++- builtin/logical/pki/crl_util.go | 10 ++++--- builtin/logical/pki/path_config_crl.go | 17 ++++++----- builtin/logical/pki/path_ocsp.go | 4 ++- builtin/logical/pki/path_ocsp_test.go | 5 ++-- builtin/logical/pki/path_tidy.go | 6 ++-- command/base_flags.go | 30 ------------------- physical/raft/raft.go | 12 ++++---- physical/raft/raft_autopilot.go | 2 +- .../dbplugin/v5/testing/test_helpers.go | 4 ++- sdk/helper/identitytpl/templating.go | 4 ++- sdk/helper/pointerutil/pointer.go | 4 ++- vault/identity_store_oidc_provider_test.go | 6 ++-- vault/logical_system_activity.go | 4 ++- vault/token_store.go | 2 +- 18 files changed, 63 insertions(+), 65 deletions(-) diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index f4041b38db83..11282f7cc037 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -19,6 +19,8 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/aws/aws-sdk-go/aws" awsClient "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/service/ec2" @@ -1291,7 +1293,7 @@ func (b *backend) pathLoginRenewEc2(ctx context.Context, req *logical.Request, _ // If the login was made using the role tag, then max_ttl from tag // is cached in internal data during login and used here to cap the // max_ttl of renewal. - rTagMaxTTL, err := time.ParseDuration(req.Auth.Metadata["role_tag_max_ttl"]) + rTagMaxTTL, err := parseutil.ParseDurationSecond(req.Auth.Metadata["role_tag_max_ttl"]) if err != nil { return nil, err } diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws/path_role_tag.go index 180b4105c69c..5c3e4db0c14f 100644 --- a/builtin/credential/aws/path_role_tag.go +++ b/builtin/credential/aws/path_role_tag.go @@ -14,6 +14,8 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" @@ -347,7 +349,7 @@ func (b *backend) parseAndVerifyRoleTagValue(ctx context.Context, s logical.Stor return nil, err } case strings.HasPrefix(tagItem, "t="): - rTag.MaxTTL, err = time.ParseDuration(fmt.Sprintf("%ss", strings.TrimPrefix(tagItem, "t="))) + rTag.MaxTTL, err = parseutil.ParseDurationSecond(fmt.Sprintf("%ss", strings.TrimPrefix(tagItem, "t="))) if err != nil { return nil, err } diff --git a/builtin/logical/aws/path_config_lease.go b/builtin/logical/aws/path_config_lease.go index 1b01388a3b8a..aee40075aede 100644 --- a/builtin/logical/aws/path_config_lease.go +++ b/builtin/logical/aws/path_config_lease.go @@ -8,6 +8,8 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" ) @@ -82,12 +84,12 @@ func (b *backend) pathLeaseWrite(ctx context.Context, req *logical.Request, d *f return logical.ErrorResponse("'lease_max' is a required parameter"), nil } - lease, err := time.ParseDuration(leaseRaw) + lease, err := parseutil.ParseDurationSecond(leaseRaw) if err != nil { return logical.ErrorResponse(fmt.Sprintf( "Invalid lease: %s", err)), nil } - leaseMax, err := time.ParseDuration(leaseMaxRaw) + leaseMax, err := parseutil.ParseDurationSecond(leaseMaxRaw) if err != nil { return logical.ErrorResponse(fmt.Sprintf( "Invalid lease_max: %s", err)), nil diff --git a/builtin/logical/pki/crl_test.go b/builtin/logical/pki/crl_test.go index aaa67ba77d80..16d0d354f251 100644 --- a/builtin/logical/pki/crl_test.go +++ b/builtin/logical/pki/crl_test.go @@ -12,6 +12,8 @@ import ( "testing" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" "github.com/hashicorp/vault/api" @@ -1068,7 +1070,7 @@ func TestAutoRebuild(t *testing.T) { thisCRLNumber := getCRLNumber(t, crl) requireSerialNumberInCRL(t, crl, leafSerial) // But the old one should. now := time.Now() - graceInterval, _ := time.ParseDuration(gracePeriod) + graceInterval, _ := parseutil.ParseDurationSecond(gracePeriod) expectedUpdate := lastCRLExpiry.Add(-1 * graceInterval) if requireSerialNumberInCRL(nil, crl, newLeafSerial) { // If we somehow lagged and we ended up needing to rebuild diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go index 894e427f1011..75393d185d55 100644 --- a/builtin/logical/pki/crl_util.go +++ b/builtin/logical/pki/crl_util.go @@ -14,6 +14,8 @@ import ( "sync" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + atomic2 "go.uber.org/atomic" "github.com/hashicorp/vault/sdk/helper/certutil" @@ -248,12 +250,12 @@ func (cb *crlBuilder) checkForAutoRebuild(sc *storageContext) error { // the grace period and act accordingly. now := time.Now() - period, err := time.ParseDuration(cfg.AutoRebuildGracePeriod) + period, err := parseutil.ParseDurationSecond(cfg.AutoRebuildGracePeriod) if err != nil { // This may occur if the duration is empty; in that case // assume the default. The default should be valid and shouldn't // error. - defaultPeriod, defaultErr := time.ParseDuration(defaultCrlConfig.AutoRebuildGracePeriod) + defaultPeriod, defaultErr := parseutil.ParseDurationSecond(defaultCrlConfig.AutoRebuildGracePeriod) if defaultErr != nil { return fmt.Errorf("error checking for auto-rebuild status: unable to parse duration from both config's grace period (%v) and default grace period (%v):\n- config: %v\n- default: %w\n", cfg.AutoRebuildGracePeriod, defaultCrlConfig.AutoRebuildGracePeriod, err, defaultErr) } @@ -436,7 +438,7 @@ func (cb *crlBuilder) rebuildDeltaCRLsIfForced(sc *storageContext, override bool return nil, nil } - deltaRebuildDuration, err := time.ParseDuration(cfg.DeltaRebuildInterval) + deltaRebuildDuration, err := parseutil.ParseDurationSecond(cfg.DeltaRebuildInterval) if err != nil { return nil, err } @@ -2118,7 +2120,7 @@ func augmentWithRevokedIssuers(issuerIDEntryMap map[issuerID]*issuerEntry, issue func buildCRL(sc *storageContext, crlInfo *crlConfig, forceNew bool, thisIssuerId issuerID, revoked []pkix.RevokedCertificate, identifier crlID, crlNumber int64, isUnified bool, isDelta bool, lastCompleteNumber int64) (*time.Time, error) { var revokedCerts []pkix.RevokedCertificate - crlLifetime, err := time.ParseDuration(crlInfo.Expiry) + crlLifetime, err := parseutil.ParseDurationSecond(crlInfo.Expiry) if err != nil { return nil, errutil.InternalError{Err: fmt.Sprintf("error parsing CRL duration of %s", crlInfo.Expiry)} } diff --git a/builtin/logical/pki/path_config_crl.go b/builtin/logical/pki/path_config_crl.go index 0249e6f084b7..4afbb3f417a8 100644 --- a/builtin/logical/pki/path_config_crl.go +++ b/builtin/logical/pki/path_config_crl.go @@ -7,7 +7,8 @@ import ( "context" "fmt" "net/http" - "time" + + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/helper/constants" "github.com/hashicorp/vault/sdk/framework" @@ -291,7 +292,7 @@ func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *fra if expiryRaw, ok := d.GetOk("expiry"); ok { expiry := expiryRaw.(string) - _, err := time.ParseDuration(expiry) + _, err := parseutil.ParseDurationSecond(expiry) if err != nil { return logical.ErrorResponse(fmt.Sprintf("given expiry could not be decoded: %s", err)), nil } @@ -309,7 +310,7 @@ func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *fra if expiryRaw, ok := d.GetOk("ocsp_expiry"); ok { expiry := expiryRaw.(string) - duration, err := time.ParseDuration(expiry) + duration, err := parseutil.ParseDurationSecond(expiry) if err != nil { return logical.ErrorResponse(fmt.Sprintf("given ocsp_expiry could not be decoded: %s", err)), nil } @@ -326,7 +327,7 @@ func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *fra if autoRebuildGracePeriodRaw, ok := d.GetOk("auto_rebuild_grace_period"); ok { autoRebuildGracePeriod := autoRebuildGracePeriodRaw.(string) - if _, err := time.ParseDuration(autoRebuildGracePeriod); err != nil { + if _, err := parseutil.ParseDurationSecond(autoRebuildGracePeriod); err != nil { return logical.ErrorResponse(fmt.Sprintf("given auto_rebuild_grace_period could not be decoded: %s", err)), nil } config.AutoRebuildGracePeriod = autoRebuildGracePeriod @@ -339,7 +340,7 @@ func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *fra if deltaRebuildIntervalRaw, ok := d.GetOk("delta_rebuild_interval"); ok { deltaRebuildInterval := deltaRebuildIntervalRaw.(string) - if _, err := time.ParseDuration(deltaRebuildInterval); err != nil { + if _, err := parseutil.ParseDurationSecond(deltaRebuildInterval); err != nil { return logical.ErrorResponse(fmt.Sprintf("given delta_rebuild_interval could not be decoded: %s", err)), nil } config.DeltaRebuildInterval = deltaRebuildInterval @@ -362,16 +363,16 @@ func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *fra return logical.ErrorResponse("unified_crl_on_existing_paths cannot be enabled if unified_crl is disabled"), nil } - expiry, _ := time.ParseDuration(config.Expiry) + expiry, _ := parseutil.ParseDurationSecond(config.Expiry) if config.AutoRebuild { - gracePeriod, _ := time.ParseDuration(config.AutoRebuildGracePeriod) + gracePeriod, _ := parseutil.ParseDurationSecond(config.AutoRebuildGracePeriod) if gracePeriod >= expiry { return logical.ErrorResponse(fmt.Sprintf("CRL auto-rebuilding grace period (%v) must be strictly shorter than CRL expiry (%v) value when auto-rebuilding of CRLs is enabled", config.AutoRebuildGracePeriod, config.Expiry)), nil } } if config.EnableDelta { - deltaRebuildInterval, _ := time.ParseDuration(config.DeltaRebuildInterval) + deltaRebuildInterval, _ := parseutil.ParseDurationSecond(config.DeltaRebuildInterval) if deltaRebuildInterval >= expiry { return logical.ErrorResponse(fmt.Sprintf("CRL delta rebuild window (%v) must be strictly shorter than CRL expiry (%v) value when delta CRLs are enabled", config.DeltaRebuildInterval, config.Expiry)), nil } diff --git a/builtin/logical/pki/path_ocsp.go b/builtin/logical/pki/path_ocsp.go index b9f5cd1f9fd9..32e0e5350997 100644 --- a/builtin/logical/pki/path_ocsp.go +++ b/builtin/logical/pki/path_ocsp.go @@ -19,6 +19,8 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/vault/sdk/helper/errutil" "golang.org/x/crypto/ocsp" @@ -476,7 +478,7 @@ func doesRequestMatchIssuer(parsedBundle *certutil.ParsedCertBundle, req *ocsp.R func genResponse(cfg *crlConfig, caBundle *certutil.ParsedCertBundle, info *ocspRespInfo, reqHash crypto.Hash, revSigAlg x509.SignatureAlgorithm) ([]byte, error) { curTime := time.Now() - duration, err := time.ParseDuration(cfg.OcspExpiry) + duration, err := parseutil.ParseDurationSecond(cfg.OcspExpiry) if err != nil { return nil, err } diff --git a/builtin/logical/pki/path_ocsp_test.go b/builtin/logical/pki/path_ocsp_test.go index 4828d0207457..86a18ba6a227 100644 --- a/builtin/logical/pki/path_ocsp_test.go +++ b/builtin/logical/pki/path_ocsp_test.go @@ -15,7 +15,8 @@ import ( "strconv" "strings" "testing" - "time" + + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" @@ -581,7 +582,7 @@ func runOcspRequestTest(t *testing.T, requestType string, caKeyType string, caKe require.True(t, thisUpdate.Before(nextUpdate), fmt.Sprintf("thisUpdate %s, should have been before nextUpdate: %s", thisUpdate, nextUpdate)) nextUpdateDiff := nextUpdate.Sub(thisUpdate) - expectedDiff, err := time.ParseDuration(defaultCrlConfig.OcspExpiry) + expectedDiff, err := parseutil.ParseDurationSecond(defaultCrlConfig.OcspExpiry) require.NoError(t, err, "failed to parse default ocsp expiry value") require.Equal(t, expectedDiff, nextUpdateDiff, fmt.Sprintf("the delta between thisUpdate %s and nextUpdate: %s should have been around: %s but was %s", diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go index 22c406249c3c..968c3b447b38 100644 --- a/builtin/logical/pki/path_tidy.go +++ b/builtin/logical/pki/path_tidy.go @@ -12,6 +12,8 @@ import ( "sync/atomic" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/armon/go-metrics" "github.com/hashicorp/go-hclog" @@ -768,7 +770,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr if pauseDurationStr != "" { var err error - pauseDuration, err = time.ParseDuration(pauseDurationStr) + pauseDuration, err = parseutil.ParseDurationSecond(pauseDurationStr) if err != nil { return logical.ErrorResponse(fmt.Sprintf("Error parsing pause_duration: %v", err)), nil } @@ -1792,7 +1794,7 @@ func (b *backend) pathConfigAutoTidyWrite(ctx context.Context, req *logical.Requ } if pauseDurationRaw, ok := d.GetOk("pause_duration"); ok { - config.PauseDuration, err = time.ParseDuration(pauseDurationRaw.(string)) + config.PauseDuration, err = parseutil.ParseDurationSecond(pauseDurationRaw.(string)) if err != nil { return logical.ErrorResponse(fmt.Sprintf("unable to parse given pause_duration: %v", err)), nil } diff --git a/command/base_flags.go b/command/base_flags.go index 3fe069fbb457..d2acf2911678 100644 --- a/command/base_flags.go +++ b/command/base_flags.go @@ -989,33 +989,3 @@ func (d *timeValue) Get() interface{} { return *d.target } func (d *timeValue) String() string { return (*d.target).String() } func (d *timeValue) Example() string { return "time" } func (d *timeValue) Hidden() bool { return d.hidden } - -// -- helpers -func envDefault(key, def string) string { - if v, exist := os.LookupEnv(key); exist { - return v - } - return def -} - -func envBoolDefault(key string, def bool) bool { - if v, exist := os.LookupEnv(key); exist { - b, err := strconv.ParseBool(v) - if err != nil { - panic(err) - } - return b - } - return def -} - -func envDurationDefault(key string, def time.Duration) time.Duration { - if v, exist := os.LookupEnv(key); exist { - d, err := time.ParseDuration(v) - if err != nil { - panic(err) - } - return d - } - return def -} diff --git a/physical/raft/raft.go b/physical/raft/raft.go index fa98b4e6fdad..3a3d0af7370a 100644 --- a/physical/raft/raft.go +++ b/physical/raft/raft.go @@ -18,6 +18,8 @@ import ( "sync/atomic" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/armon/go-metrics" "github.com/golang/protobuf/proto" log "github.com/hashicorp/go-hclog" @@ -371,7 +373,7 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend } if delayRaw, ok := conf["apply_delay"]; ok { - delay, err := time.ParseDuration(delayRaw) + delay, err := parseutil.ParseDurationSecond(delayRaw) if err != nil { return nil, fmt.Errorf("apply_delay does not parse as a duration: %w", err) } @@ -428,7 +430,7 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend } if delayRaw, ok := conf["snapshot_delay"]; ok { - delay, err := time.ParseDuration(delayRaw) + delay, err := parseutil.ParseDurationSecond(delayRaw) if err != nil { return nil, fmt.Errorf("snapshot_delay does not parse as a duration: %w", err) } @@ -447,7 +449,7 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend var reconcileInterval time.Duration if interval := conf["autopilot_reconcile_interval"]; interval != "" { - interval, err := time.ParseDuration(interval) + interval, err := parseutil.ParseDurationSecond(interval) if err != nil { return nil, fmt.Errorf("autopilot_reconcile_interval does not parse as a duration: %w", err) } @@ -456,7 +458,7 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend var updateInterval time.Duration if interval := conf["autopilot_update_interval"]; interval != "" { - interval, err := time.ParseDuration(interval) + interval, err := parseutil.ParseDurationSecond(interval) if err != nil { return nil, fmt.Errorf("autopilot_update_interval does not parse as a duration: %w", err) } @@ -817,7 +819,7 @@ func (b *RaftBackend) applyConfigSettings(config *raft.Config) error { snapshotIntervalRaw, ok := b.conf["snapshot_interval"] if ok { var err error - snapshotInterval, err := time.ParseDuration(snapshotIntervalRaw) + snapshotInterval, err := parseutil.ParseDurationSecond(snapshotIntervalRaw) if err != nil { return err } diff --git a/physical/raft/raft_autopilot.go b/physical/raft/raft_autopilot.go index ca0ee759e93a..3d8878a951a7 100644 --- a/physical/raft/raft_autopilot.go +++ b/physical/raft/raft_autopilot.go @@ -706,7 +706,7 @@ func (d *ReadableDuration) UnmarshalJSON(raw []byte) (err error) { str := string(raw) if len(str) >= 2 && str[0] == '"' && str[len(str)-1] == '"' { // quoted string - dur, err = time.ParseDuration(str[1 : len(str)-1]) + dur, err = parseutil.ParseDurationSecond(str[1 : len(str)-1]) if err != nil { return err } diff --git a/sdk/database/dbplugin/v5/testing/test_helpers.go b/sdk/database/dbplugin/v5/testing/test_helpers.go index 83e4af3089ce..e892c5a06360 100644 --- a/sdk/database/dbplugin/v5/testing/test_helpers.go +++ b/sdk/database/dbplugin/v5/testing/test_helpers.go @@ -9,6 +9,8 @@ import ( "testing" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/vault/sdk/database/dbplugin/v5" ) @@ -22,7 +24,7 @@ func getRequestTimeout(t *testing.T) time.Duration { return 10 * time.Second } - dur, err := time.ParseDuration(rawDur) + dur, err := parseutil.ParseDurationSecond(rawDur) if err != nil { t.Fatalf("Failed to parse custom request timeout %q: %s", rawDur, err) } diff --git a/sdk/helper/identitytpl/templating.go b/sdk/helper/identitytpl/templating.go index 124a27c920c3..015479eed1a1 100644 --- a/sdk/helper/identitytpl/templating.go +++ b/sdk/helper/identitytpl/templating.go @@ -11,6 +11,8 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/sdk/logical" ) @@ -330,7 +332,7 @@ func performTemplating(input string, p *PopulateStringInput) (string, error) { return "", errors.New("missing time operand") case 3: - duration, err := time.ParseDuration(opsSplit[2]) + duration, err := parseutil.ParseDurationSecond(opsSplit[2]) if err != nil { return "", errwrap.Wrapf("invalid duration: {{err}}", err) } diff --git a/sdk/helper/pointerutil/pointer.go b/sdk/helper/pointerutil/pointer.go index b4bfe114cfdf..a3cb55898207 100644 --- a/sdk/helper/pointerutil/pointer.go +++ b/sdk/helper/pointerutil/pointer.go @@ -6,6 +6,8 @@ package pointerutil import ( "os" "time" + + "github.com/hashicorp/go-secure-stdlib/parseutil" ) // StringPtr returns a pointer to a string value @@ -20,7 +22,7 @@ func BoolPtr(b bool) *bool { // TimeDurationPtr returns a pointer to a time duration value func TimeDurationPtr(duration string) *time.Duration { - d, _ := time.ParseDuration(duration) + d, _ := parseutil.ParseDurationSecond(duration) return &d } diff --git a/vault/identity_store_oidc_provider_test.go b/vault/identity_store_oidc_provider_test.go index b8163083d72f..520c008cd522 100644 --- a/vault/identity_store_oidc_provider_test.go +++ b/vault/identity_store_oidc_provider_test.go @@ -13,6 +13,8 @@ import ( "testing" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/go-test/deep" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" @@ -2253,8 +2255,8 @@ func TestOIDC_Path_OIDC_Client_List_KeyInfo(t *testing.T) { expected := clients[name].(map[string]interface{}) require.Contains(t, keys, name) - idTokenTTL, _ := time.ParseDuration(expected["id_token_ttl"].(string)) - accessTokenTTL, _ := time.ParseDuration(expected["access_token_ttl"].(string)) + idTokenTTL, _ := parseutil.ParseDurationSecond(expected["id_token_ttl"].(string)) + accessTokenTTL, _ := parseutil.ParseDurationSecond(expected["access_token_ttl"].(string)) require.EqualValues(t, idTokenTTL.Seconds(), actual["id_token_ttl"]) require.EqualValues(t, accessTokenTTL.Seconds(), actual["access_token_ttl"]) require.Equal(t, expected["redirect_uris"], actual["redirect_uris"]) diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go index 9ad930b5dff3..4723cbe446d4 100644 --- a/vault/logical_system_activity.go +++ b/vault/logical_system_activity.go @@ -12,6 +12,8 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/vault/helper/timeutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" @@ -222,7 +224,7 @@ func (b *SystemBackend) handleClientExport(ctx context.Context, req *logical.Req // This is to avoid the default 90s context timeout. timeout := 10 * time.Minute if durationRaw := os.Getenv("VAULT_ACTIVITY_EXPORT_DURATION"); durationRaw != "" { - d, err := time.ParseDuration(durationRaw) + d, err := parseutil.ParseDurationSecond(durationRaw) if err == nil { timeout = d } diff --git a/vault/token_store.go b/vault/token_store.go index e0aba9b67f16..b6fdf521b4ea 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -3207,7 +3207,7 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque te.TTL = dur } else if data.Lease != "" { // This block is compatibility - dur, err := time.ParseDuration(data.Lease) + dur, err := parseutil.ParseDurationSecond(data.Lease) if err != nil { return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest } From 134f1bd14bb7be8f14748409c94f3e14cf9b04aa Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 11:41:47 -0400 Subject: [PATCH 2/7] Changelog --- changelog/21357.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/21357.txt diff --git a/changelog/21357.txt b/changelog/21357.txt new file mode 100644 index 000000000000..3b3bffddfc29 --- /dev/null +++ b/changelog/21357.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: Fixed issue with some durations not being properly parsed to include days. +``` \ No newline at end of file From 9285e4773812807adb3655a53887f1d1eca05328 Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 13:51:01 -0400 Subject: [PATCH 3/7] Import formatting --- builtin/credential/aws/path_login.go | 3 +-- builtin/credential/aws/path_role_tag.go | 1 - builtin/logical/aws/path_config_lease.go | 1 - builtin/logical/pki/crl_test.go | 5 +---- builtin/logical/pki/crl_util.go | 4 +--- builtin/logical/pki/path_ocsp.go | 7 ++----- builtin/logical/pki/path_tidy.go | 4 +--- 7 files changed, 6 insertions(+), 19 deletions(-) diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 11282f7cc037..1e23500dc538 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -19,8 +19,6 @@ import ( "strings" "time" - "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/aws/aws-sdk-go/aws" awsClient "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/service/ec2" @@ -29,6 +27,7 @@ import ( cleanhttp "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-retryablehttp" "github.com/hashicorp/go-secure-stdlib/awsutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/builtin/credential/aws/pkcs7" diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws/path_role_tag.go index 5c3e4db0c14f..93322f68c546 100644 --- a/builtin/credential/aws/path_role_tag.go +++ b/builtin/credential/aws/path_role_tag.go @@ -15,7 +15,6 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" diff --git a/builtin/logical/aws/path_config_lease.go b/builtin/logical/aws/path_config_lease.go index aee40075aede..09e878a54d64 100644 --- a/builtin/logical/aws/path_config_lease.go +++ b/builtin/logical/aws/path_config_lease.go @@ -9,7 +9,6 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/pki/crl_test.go b/builtin/logical/pki/crl_test.go index 16d0d354f251..ea9b3af15627 100644 --- a/builtin/logical/pki/crl_test.go +++ b/builtin/logical/pki/crl_test.go @@ -13,14 +13,11 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - - "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" - "github.com/hashicorp/vault/api" vaulthttp "github.com/hashicorp/vault/http" + "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" - "github.com/stretchr/testify/require" ) diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go index 75393d185d55..d3ff0e3d9ca8 100644 --- a/builtin/logical/pki/crl_util.go +++ b/builtin/logical/pki/crl_util.go @@ -15,13 +15,11 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - - atomic2 "go.uber.org/atomic" - "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/logical" + atomic2 "go.uber.org/atomic" ) const ( diff --git a/builtin/logical/pki/path_ocsp.go b/builtin/logical/pki/path_ocsp.go index 32e0e5350997..6d80c87d58b6 100644 --- a/builtin/logical/pki/path_ocsp.go +++ b/builtin/logical/pki/path_ocsp.go @@ -20,14 +20,11 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - - "github.com/hashicorp/vault/sdk/helper/errutil" - - "golang.org/x/crypto/ocsp" - "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" + "github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/logical" + "golang.org/x/crypto/ocsp" ) const ( diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go index 968c3b447b38..33dfd42887b3 100644 --- a/builtin/logical/pki/path_tidy.go +++ b/builtin/logical/pki/path_tidy.go @@ -12,11 +12,9 @@ import ( "sync/atomic" "time" - "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/armon/go-metrics" "github.com/hashicorp/go-hclog" - + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/logical" From 836e3cffe19a9535050bfd5a4b90effd01e266bd Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 13:51:35 -0400 Subject: [PATCH 4/7] Import formatting --- builtin/logical/pki/path_config_crl.go | 1 - 1 file changed, 1 deletion(-) diff --git a/builtin/logical/pki/path_config_crl.go b/builtin/logical/pki/path_config_crl.go index 4afbb3f417a8..c06da8746e0d 100644 --- a/builtin/logical/pki/path_config_crl.go +++ b/builtin/logical/pki/path_config_crl.go @@ -9,7 +9,6 @@ import ( "net/http" "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/hashicorp/vault/helper/constants" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/errutil" From dbb78ad22f9cf0c86c3c37f480add8d3df9b7a6e Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 13:52:27 -0400 Subject: [PATCH 5/7] Import formatting --- builtin/logical/pki/path_ocsp_test.go | 7 ++----- physical/raft/raft.go | 3 +-- sdk/database/dbplugin/v5/testing/test_helpers.go | 1 - sdk/helper/identitytpl/templating.go | 3 +-- vault/identity_store_oidc_provider_test.go | 3 +-- 5 files changed, 5 insertions(+), 12 deletions(-) diff --git a/builtin/logical/pki/path_ocsp_test.go b/builtin/logical/pki/path_ocsp_test.go index 86a18ba6a227..07031690f3aa 100644 --- a/builtin/logical/pki/path_ocsp_test.go +++ b/builtin/logical/pki/path_ocsp_test.go @@ -17,13 +17,10 @@ import ( "testing" "github.com/hashicorp/go-secure-stdlib/parseutil" - - "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" - vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/vault" - + "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" "github.com/hashicorp/vault/sdk/logical" + "github.com/hashicorp/vault/vault" "github.com/stretchr/testify/require" "golang.org/x/crypto/ocsp" ) diff --git a/physical/raft/raft.go b/physical/raft/raft.go index 3a3d0af7370a..8135190f9c92 100644 --- a/physical/raft/raft.go +++ b/physical/raft/raft.go @@ -18,13 +18,12 @@ import ( "sync/atomic" "time" - "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/armon/go-metrics" "github.com/golang/protobuf/proto" log "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping/v2" "github.com/hashicorp/go-raftchunking" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-uuid" goversion "github.com/hashicorp/go-version" diff --git a/sdk/database/dbplugin/v5/testing/test_helpers.go b/sdk/database/dbplugin/v5/testing/test_helpers.go index e892c5a06360..9be65c6e6f37 100644 --- a/sdk/database/dbplugin/v5/testing/test_helpers.go +++ b/sdk/database/dbplugin/v5/testing/test_helpers.go @@ -10,7 +10,6 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/hashicorp/vault/sdk/database/dbplugin/v5" ) diff --git a/sdk/helper/identitytpl/templating.go b/sdk/helper/identitytpl/templating.go index 015479eed1a1..4cbf1e22f07d 100644 --- a/sdk/helper/identitytpl/templating.go +++ b/sdk/helper/identitytpl/templating.go @@ -11,9 +11,8 @@ import ( "strings" "time" - "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_oidc_provider_test.go b/vault/identity_store_oidc_provider_test.go index 520c008cd522..951f047d8f72 100644 --- a/vault/identity_store_oidc_provider_test.go +++ b/vault/identity_store_oidc_provider_test.go @@ -13,9 +13,8 @@ import ( "testing" "time" - "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/go-test/deep" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" From 5b25ea812c782d4b7cb60b900c1868a6b8230f90 Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 13:52:56 -0400 Subject: [PATCH 6/7] Import formatting --- vault/logical_system_activity.go | 1 - 1 file changed, 1 deletion(-) diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go index 4723cbe446d4..006cd030e2b9 100644 --- a/vault/logical_system_activity.go +++ b/vault/logical_system_activity.go @@ -13,7 +13,6 @@ import ( "time" "github.com/hashicorp/go-secure-stdlib/parseutil" - "github.com/hashicorp/vault/helper/timeutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" From c4ef5738c48bbc404650eafe7602bbff750576fc Mon Sep 17 00:00:00 2001 From: VioletHynes <violet.hynes@hashicorp.com> Date: Tue, 20 Jun 2023 14:08:21 -0400 Subject: [PATCH 7/7] Semgrep rule that runs as part of CI --- tools/semgrep/ci/time-parse-duration.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 tools/semgrep/ci/time-parse-duration.yml diff --git a/tools/semgrep/ci/time-parse-duration.yml b/tools/semgrep/ci/time-parse-duration.yml new file mode 100644 index 000000000000..28f3408eb226 --- /dev/null +++ b/tools/semgrep/ci/time-parse-duration.yml @@ -0,0 +1,10 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +rules: + - id: time-parse-duration + patterns: + - pattern: time.ParseDuration + message: "Usage of time.ParseDuration. Use parseutil.ParseDurationSeconds, instead!" + languages: [go] + severity: ERROR