Remove grace periods

builtin/logical/cassandra/path_roles.go

@@ -54,12 +54,6 @@ template values are '{{username}}' and
 				Default:     "4h",
 				Description: "The lease length; defaults to 4 hours",
 			},
-
-			"lease_grace_period": &framework.FieldSchema{
-				Type:        framework.TypeString,
-				Default:     "1h",
-				Description: `DEPRECATED: this has no effect`,
-			},
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
@@ -130,18 +124,10 @@ func (b *backend) pathRoleCreate(
 			"Error parsing lease value of %s: %s", leaseRaw, err)), nil
 	}
 
-	leaseGracePeriodRaw := data.Get("lease_grace_period").(string)
-	leaseGracePeriod, err := time.ParseDuration(leaseGracePeriodRaw)
-	if err != nil {
-		return logical.ErrorResponse(fmt.Sprintf(
-			"Error parsing lease_grace value of %s: %s", leaseGracePeriodRaw, err)), nil
-	}
-
 	entry := &roleEntry{
-		Lease:            lease,
-		LeaseGracePeriod: leaseGracePeriod,
-		CreationCQL:      creationCQL,
-		RollbackCQL:      rollbackCQL,
+		Lease:       lease,
+		CreationCQL: creationCQL,
+		RollbackCQL: rollbackCQL,
 	}
 
 	// Store it
@@ -157,10 +143,9 @@ func (b *backend) pathRoleCreate(
 }
 
 type roleEntry struct {
-	CreationCQL      string        `json:"creation_cql" structs:"creation_cql"`
-	Lease            time.Duration `json:"lease" structs:"lease"`
-	LeaseGracePeriod time.Duration `json:"lease_grace_period" structs:"lease_grace_period"`
-	RollbackCQL      string        `json:"rollback_cql" structs:"rollback_cql"`
+	CreationCQL string        `json:"creation_cql" structs:"creation_cql"`
+	Lease       time.Duration `json:"lease" structs:"lease"`
+	RollbackCQL string        `json:"rollback_cql" structs:"rollback_cql"`
 }
 
 const pathRoleHelpSyn = `

logical/framework/secret.go

@@ -19,13 +19,13 @@ type Secret struct {
 	// the structure of this secret.
 	Fields map[string]*FieldSchema
 
-	// DefaultDuration and DefaultGracePeriod are the default values for
-	// the duration of the lease for this secret and its grace period. These
-	// can be manually overwritten with the result of Response().
+	// DefaultDuration is the default value for the duration of the lease for
+	// this secret. This can be manually overwritten with the result of
+	// Response().
 	//
-	// If these aren't set, Vault core will set a default lease period.
-	DefaultDuration    time.Duration
-	DefaultGracePeriod time.Duration
+	// If these aren't set, Vault core will set a default lease period which
+	// may come from a mount tuning.
+	DefaultDuration time.Duration
 
 	// Renew is the callback called to renew this secret. If Renew is
 	// not specified then renewable is set to false in the secret.
@@ -51,9 +51,8 @@ func (s *Secret) Response(
 	return &logical.Response{
 		Secret: &logical.Secret{
 			LeaseOptions: logical.LeaseOptions{
-				TTL:         s.DefaultDuration,
-				GracePeriod: s.DefaultGracePeriod,
-				Renewable:   s.Renewable(),
+				TTL:       s.DefaultDuration,
+				Renewable: s.Renewable(),
 			},
 			InternalData: internalData,
 		},

logical/lease.go

@@ -6,9 +6,8 @@ import "time"
 // settings between a Secret and Auth
 type LeaseOptions struct {
 	// Lease is the duration that this secret is valid for. Vault
-	// will automatically revoke it after the duration + grace period.
-	TTL         time.Duration `json:"lease"`
-	GracePeriod time.Duration `json:"lease_grace_period"`
+	// will automatically revoke it after the duration.
+	TTL time.Duration `json:"lease"`
 
 	// Renewable, if true, means that this secret can be renewed.
 	Renewable bool `json:"renewable"`
@@ -30,17 +29,13 @@ func (l *LeaseOptions) LeaseEnabled() bool {
 	return l.TTL > 0
 }
 
-// LeaseTotal is the total lease time including the grace period
+// LeaseTotal is the lease duration with a guard against a negative TTL
 func (l *LeaseOptions) LeaseTotal() time.Duration {
 	if l.TTL <= 0 {
 		return 0
 	}
 
-	if l.GracePeriod < 0 {
-		return l.TTL
-	}
-
-	return l.TTL + l.GracePeriod
+	return l.TTL
 }
 
 // ExpirationTime computes the time until expiration including the grace period

logical/lease_test.go

@@ -19,19 +19,16 @@ func TestLeaseOptionsLeaseTotal(t *testing.T) {
 func TestLeaseOptionsLeaseTotal_grace(t *testing.T) {
 	var l LeaseOptions
 	l.TTL = 1 * time.Hour
-	l.GracePeriod = 30 * time.Minute
 
 	actual := l.LeaseTotal()
-	expected := l.TTL + l.GracePeriod
-	if actual != expected {
+	if actual != l.TTL {
 		t.Fatalf("bad: %s", actual)
 	}
 }
 
 func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
 	var l LeaseOptions
 	l.TTL = -1 * 1 * time.Hour
-	l.GracePeriod = 30 * time.Minute
 
 	actual := l.LeaseTotal()
 	expected := time.Duration(0)
@@ -40,18 +37,6 @@ func TestLeaseOptionsLeaseTotal_negLease(t *testing.T) {
 	}
 }
 
-func TestLeaseOptionsLeaseTotal_negGrace(t *testing.T) {
-	var l LeaseOptions
-	l.TTL = 1 * time.Hour
-	l.GracePeriod = -1 * 30 * time.Minute
-
-	actual := l.LeaseTotal()
-	expected := l.TTL
-	if actual != expected {
-		t.Fatalf("bad: %s", actual)
-	}
-}
-
 func TestLeaseOptionsExpirationTime(t *testing.T) {
 	var l LeaseOptions
 	l.TTL = 1 * time.Hour
@@ -63,30 +48,6 @@ func TestLeaseOptionsExpirationTime(t *testing.T) {
 	}
 }
 
-func TestLeaseOptionsExpirationTime_grace(t *testing.T) {
-	var l LeaseOptions
-	l.TTL = 1 * time.Hour
-	l.GracePeriod = 30 * time.Minute
-
-	limit := time.Now().UTC().Add(time.Hour + 30*time.Minute)
-	actual := l.ExpirationTime()
-	if actual.Before(limit) {
-		t.Fatalf("bad: %s", actual)
-	}
-}
-
-func TestLeaseOptionsExpirationTime_graceNegative(t *testing.T) {
-	var l LeaseOptions
-	l.TTL = 1 * time.Hour
-	l.GracePeriod = -1 * 30 * time.Minute
-
-	limit := time.Now().UTC().Add(time.Hour)
-	actual := l.ExpirationTime()
-	if actual.Before(limit) {
-		t.Fatalf("bad: %s", actual)
-	}
-}
-
 func TestLeaseOptionsExpirationTime_noLease(t *testing.T) {
 	var l LeaseOptions
 	if !l.ExpirationTime().IsZero() {

logical/secret.go

@@ -21,9 +21,6 @@ func (s *Secret) Validate() error {
 	if s.TTL < 0 {
 		return fmt.Errorf("ttl duration must not be less than zero")
 	}
-	if s.GracePeriod < 0 {
-		return fmt.Errorf("grace period must not be less than zero")
-	}
 
 	return nil
 }