diff --git a/audit/format_json.go b/audit/format_json.go index 0e468068af..2850ce2472 100644 --- a/audit/format_json.go +++ b/audit/format_json.go @@ -30,7 +30,7 @@ func (f *FormatJSON) FormatRequest( // Encode! enc := json.NewEncoder(w) return enc.Encode(&JSONRequestEntry{ - Time: time.Now().Format(time.RFC3339), + Time: time.Now().UTC().Format(time.RFC3339), Type: "request", Error: errString, @@ -100,7 +100,7 @@ func (f *FormatJSON) FormatResponse( // Encode! enc := json.NewEncoder(w) return enc.Encode(&JSONResponseEntry{ - Time: time.Now().Format(time.RFC3339), + Time: time.Now().UTC().Format(time.RFC3339), Type: "response", Error: errString, diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index 8f7cac62f8..3c2602e78c 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -958,7 +958,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int return fmt.Errorf("got an error: %s", resp.Data["error"].(string)) } - if !(resp.Data["revocation_time"].(time.Time)).IsZero() { + if resp.Data["revocation_time"].(int64) != 0 { return fmt.Errorf("expected a zero revocation time") } @@ -1115,7 +1115,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int return fmt.Errorf("got an error: %s", resp.Data["error"].(string)) } - if !(resp.Data["revocation_time"].(time.Time)).IsZero() { + if resp.Data["revocation_time"].(int64) != 0 { return fmt.Errorf("expected a zero revocation time") } @@ -1169,7 +1169,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int return fmt.Errorf("got an error: %s", resp.Data["error"].(string)) } - if (resp.Data["revocation_time"].(time.Time)).IsZero() { + if resp.Data["revocation_time"].(int64) == 0 { return fmt.Errorf("expected a non-zero revocation time") } @@ -1187,7 +1187,7 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int return fmt.Errorf("got an error: %s", resp.Data["error"].(string)) } - if (resp.Data["revocation_time"].(time.Time)).IsZero() { + if resp.Data["revocation_time"].(int64) == 0 { return fmt.Errorf("expected a non-zero revocation time") } diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go index 0de2961508..2dd32b5f3a 100644 --- a/builtin/logical/pki/crl_util.go +++ b/builtin/logical/pki/crl_util.go @@ -12,8 +12,8 @@ import ( ) type revocationInfo struct { - CertificateBytes []byte `json:"certificate_bytes"` - RevocationTime time.Time `json:"revocation_time"` + CertificateBytes []byte `json:"certificate_bytes"` + RevocationTime int64 `json:"revocation_time"` } // Revokes a cert, and tries to be smart about error recovery @@ -87,7 +87,7 @@ func revokeCert(b *backend, req *logical.Request, serial string, fromLease bool) } revInfo.CertificateBytes = certEntry.Value - revInfo.RevocationTime = time.Now() + revInfo.RevocationTime = time.Now().Unix() certEntry, err = logical.StorageEntryJSON("revoked/"+serial, revInfo) if err != nil { @@ -153,7 +153,7 @@ func buildCRL(b *backend, req *logical.Request) error { revokedCerts = append(revokedCerts, pkix.RevokedCertificate{ SerialNumber: revokedCert.SerialNumber, - RevocationTime: revInfo.RevocationTime, + RevocationTime: time.Unix(revInfo.RevocationTime, 0), }) } diff --git a/builtin/logical/pki/path_fetch.go b/builtin/logical/pki/path_fetch.go index 1616a204e5..b37e9ff0fe 100644 --- a/builtin/logical/pki/path_fetch.go +++ b/builtin/logical/pki/path_fetch.go @@ -3,7 +3,6 @@ package pki import ( "encoding/pem" "fmt" - "time" "github.com/hashicorp/vault/helper/certutil" "github.com/hashicorp/vault/logical" @@ -102,7 +101,7 @@ func (b *backend) pathFetchRead(req *logical.Request, data *framework.FieldData) var certEntry, revokedEntry *logical.StorageEntry var funcErr error var certificate []byte - var revocationTime time.Time + var revocationTime int64 response = &logical.Response{ Data: map[string]interface{}{}, } diff --git a/builtin/logical/pki/path_root.go b/builtin/logical/pki/path_root.go index 38de7970d1..b127533dc8 100644 --- a/builtin/logical/pki/path_root.go +++ b/builtin/logical/pki/path_root.go @@ -98,7 +98,7 @@ func (b *backend) pathCAGenerateRoot( resp := &logical.Response{ Data: map[string]interface{}{ - "expiration": parsedBundle.Certificate.NotAfter, + "expiration": int64(parsedBundle.Certificate.NotAfter.Unix()), "serial_number": cb.SerialNumber, }, } @@ -234,7 +234,7 @@ func (b *backend) pathCASignIntermediate( resp := &logical.Response{ Data: map[string]interface{}{ - "expiration": parsedBundle.Certificate.NotAfter, + "expiration": int64(parsedBundle.Certificate.NotAfter.Unix()), "serial_number": cb.SerialNumber, }, } diff --git a/builtin/logical/transit/backend_test.go b/builtin/logical/transit/backend_test.go index f42ea05d4a..49296a0f9e 100644 --- a/builtin/logical/transit/backend_test.go +++ b/builtin/logical/transit/backend_test.go @@ -222,14 +222,14 @@ func testAccStepReadPolicy(t *testing.T, name string, expectNone, derived bool) return nil } var d struct { - Name string `mapstructure:"name"` - Key []byte `mapstructure:"key"` - Keys map[string]time.Time `mapstructure:"keys"` - CipherMode string `mapstructure:"cipher_mode"` - Derived bool `mapstructure:"derived"` - KDFMode string `mapstructure:"kdf_mode"` - DeletionAllowed bool `mapstructure:"deletion_allowed"` - ConvergentEncryption bool `mapstructure:"convergent_encryption"` + Name string `mapstructure:"name"` + Key []byte `mapstructure:"key"` + Keys map[string]int64 `mapstructure:"keys"` + CipherMode string `mapstructure:"cipher_mode"` + Derived bool `mapstructure:"derived"` + KDFMode string `mapstructure:"kdf_mode"` + DeletionAllowed bool `mapstructure:"deletion_allowed"` + ConvergentEncryption bool `mapstructure:"convergent_encryption"` } if err := mapstructure.Decode(resp.Data, &d); err != nil { return err diff --git a/builtin/logical/transit/path_keys.go b/builtin/logical/transit/path_keys.go index 14ce59c4a4..accf00aa68 100644 --- a/builtin/logical/transit/path_keys.go +++ b/builtin/logical/transit/path_keys.go @@ -3,7 +3,6 @@ package transit import ( "fmt" "strconv" - "time" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" @@ -110,7 +109,7 @@ func (b *backend) pathPolicyRead( resp.Data["convergent_encryption"] = p.ConvergentEncryption } - retKeys := map[string]time.Time{} + retKeys := map[string]int64{} for k, v := range p.Keys { retKeys[strconv.Itoa(k)] = v.CreationTime } diff --git a/builtin/logical/transit/policy.go b/builtin/logical/transit/policy.go index 733e65b013..b9ede365c8 100644 --- a/builtin/logical/transit/policy.go +++ b/builtin/logical/transit/policy.go @@ -25,8 +25,8 @@ const ( // KeyEntry stores the key and metadata type KeyEntry struct { - Key []byte `json:"key"` - CreationTime time.Time `json:"creation_time"` + Key []byte `json:"key"` + CreationTime int64 `json:"creation_time"` } // KeyEntryMap is used to allow JSON marshal/unmarshal @@ -491,7 +491,7 @@ func (p *Policy) rotate(storage logical.Storage) error { p.Keys[p.LatestVersion] = KeyEntry{ Key: newKey, - CreationTime: time.Now(), + CreationTime: time.Now().Unix(), } // This ensures that with new key creations min decryption version is set @@ -510,7 +510,7 @@ func (p *Policy) migrateKeyToKeysMap() { p.Keys = KeyEntryMap{ 1: KeyEntry{ Key: p.Key, - CreationTime: time.Now(), + CreationTime: time.Now().Unix(), }, } p.Key = nil diff --git a/http/sys_health.go b/http/sys_health.go index 04cb960454..2883744c3c 100644 --- a/http/sys_health.go +++ b/http/sys_health.go @@ -115,17 +115,17 @@ func getSysHealth(core *vault.Core, r *http.Request) (int, *HealthResponse, erro // Format the body body := &HealthResponse{ - Initialized: init, - Sealed: sealed, - Standby: standby, - ServerTime: time.Now(), + Initialized: init, + Sealed: sealed, + Standby: standby, + ServerTimeUTC: time.Now().UTC().Unix(), } return code, body, nil } type HealthResponse struct { - Initialized bool `json:"initialized"` - Sealed bool `json:"sealed"` - Standby bool `json:"standby"` - ServerTime time.Time `json:"server_time"` + Initialized bool `json:"initialized"` + Sealed bool `json:"sealed"` + Standby bool `json:"standby"` + ServerTimeUTC int64 `json:"server_time_utc"` } diff --git a/http/sys_health_test.go b/http/sys_health_test.go index 67abe75a18..4447eb0c41 100644 --- a/http/sys_health_test.go +++ b/http/sys_health_test.go @@ -29,7 +29,7 @@ func TestSysHealth_get(t *testing.T) { } testResponseStatus(t, resp, 200) testResponseBody(t, resp, &actual) - expected["server_time"] = actual["server_time"] + expected["server_time_utc"] = actual["server_time_utc"] if !reflect.DeepEqual(actual, expected) { t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual) } @@ -49,7 +49,7 @@ func TestSysHealth_get(t *testing.T) { } testResponseStatus(t, resp, 500) testResponseBody(t, resp, &actual) - expected["server_time"] = actual["server_time"] + expected["server_time_utc"] = actual["server_time_utc"] if !reflect.DeepEqual(actual, expected) { t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual) } @@ -78,7 +78,7 @@ func TestSysHealth_customcodes(t *testing.T) { testResponseStatus(t, resp, 202) testResponseBody(t, resp, &actual) - expected["server_time"] = actual["server_time"] + expected["server_time_utc"] = actual["server_time_utc"] if !reflect.DeepEqual(actual, expected) { t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual) } @@ -102,7 +102,7 @@ func TestSysHealth_customcodes(t *testing.T) { } testResponseStatus(t, resp, 503) testResponseBody(t, resp, &actual) - expected["server_time"] = actual["server_time"] + expected["server_time_utc"] = actual["server_time_utc"] if !reflect.DeepEqual(actual, expected) { t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual) } diff --git a/logical/framework/backend.go b/logical/framework/backend.go index dda2a05d0d..a4f6dba2ee 100644 --- a/logical/framework/backend.go +++ b/logical/framework/backend.go @@ -466,7 +466,7 @@ func (b *Backend) handleWALRollback( } // If the entry isn't old enough, then don't roll it back - if !entry.CreatedAt.Before(minAge) { + if !time.Unix(entry.CreatedAt, 0).Before(minAge) { continue } diff --git a/logical/framework/wal.go b/logical/framework/wal.go index 306fecbde2..6e6b234bce 100644 --- a/logical/framework/wal.go +++ b/logical/framework/wal.go @@ -15,7 +15,7 @@ type WALEntry struct { ID string `json:"-"` Kind string `json:"type"` Data interface{} `json:"data"` - CreatedAt time.Time `json:"created_at"` + CreatedAt int64 `json:"created_at"` } // PutWAL writes some data to the WAL. @@ -37,7 +37,7 @@ func PutWAL(s logical.Storage, kind string, data interface{}) (string, error) { value, err := json.Marshal(&WALEntry{ Kind: kind, Data: data, - CreatedAt: time.Now(), + CreatedAt: time.Now().UTC().Unix(), }) if err != nil { return "", err diff --git a/vault/request_handling.go b/vault/request_handling.go index 2191c7483f..ae2021e031 100644 --- a/vault/request_handling.go +++ b/vault/request_handling.go @@ -327,7 +327,7 @@ func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, *log Policies: auth.Policies, Meta: auth.Metadata, DisplayName: auth.DisplayName, - CreationTime: time.Now(), + CreationTime: time.Now().Unix(), TTL: auth.TTL, } @@ -389,7 +389,7 @@ func (c *Core) wrapInCubbyhole(req *logical.Request, resp *logical.Response) (*l te := TokenEntry{ Path: req.Path, Policies: []string{"response-wrapping"}, - CreationTime: creationTime, + CreationTime: creationTime.Unix(), TTL: resp.WrapInfo.TTL, NumUses: 1, ExplicitMaxTTL: resp.WrapInfo.TTL, diff --git a/vault/token_store.go b/vault/token_store.go index a3253fc27d..cc3da59ece 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -439,7 +439,7 @@ type TokenEntry struct { NumUses int `json:"num_uses" mapstructure:"num_uses" structs:"num_uses"` // Time of token creation - CreationTime time.Time `json:"creation_time" mapstructure:"creation_time" structs:"creation_time"` + CreationTime int64 `json:"creation_time" mapstructure:"creation_time" structs:"creation_time"` // Duration set when token was created TTL time.Duration `json:"ttl" mapstructure:"ttl" structs:"ttl"` @@ -497,7 +497,7 @@ func (ts *TokenStore) rootToken() (*TokenEntry, error) { Policies: []string{"root"}, Path: "auth/token/root", DisplayName: "root", - CreationTime: time.Now(), + CreationTime: time.Now().Unix(), } if err := ts.create(te); err != nil { return nil, err @@ -993,7 +993,7 @@ func (ts *TokenStore) handleCreateCommon( Meta: data.Metadata, DisplayName: "token", NumUses: data.NumUses, - CreationTime: time.Now(), + CreationTime: time.Now().Unix(), } renewable := true @@ -1329,7 +1329,7 @@ func (ts *TokenStore) handleLookup( "display_name": out.DisplayName, "num_uses": out.NumUses, "orphan": false, - "creation_time": out.CreationTime, + "creation_time": int64(out.CreationTime), "creation_ttl": int64(out.TTL.Seconds()), "ttl": int64(0), "role": out.Role, @@ -1348,7 +1348,7 @@ func (ts *TokenStore) handleLookup( } if leaseTimes != nil { if !leaseTimes.LastRenewalTime.IsZero() { - resp.Data["last_renewal_time"] = leaseTimes.LastRenewalTime + resp.Data["last_renewal_time"] = leaseTimes.LastRenewalTime.Unix() } if !leaseTimes.ExpireTime.IsZero() { resp.Data["ttl"] = int64(leaseTimes.ExpireTime.Sub(time.Now().Round(time.Second)).Seconds()) diff --git a/vault/token_store_test.go b/vault/token_store_test.go index dc85cc68a7..dfab0b0d1a 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -175,7 +175,6 @@ func TestTokenStore_CreateLookup(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - ent.CreationTime = out.CreationTime if !reflect.DeepEqual(out, ent) { t.Fatalf("bad: expected:%#v\nactual:%#v", ent, out) } @@ -215,7 +214,6 @@ func TestTokenStore_CreateLookup_ProvidedID(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - ent.CreationTime = out.CreationTime if !reflect.DeepEqual(out, ent) { t.Fatalf("bad: expected:%#v\nactual:%#v", ent, out) } @@ -413,7 +411,6 @@ func TestTokenStore_Revoke_Orphan(t *testing.T) { if err != nil { t.Fatalf("err: %v", err) } - ent2.CreationTime = out.CreationTime if !reflect.DeepEqual(out, ent2) { t.Fatalf("bad: expected:%#v\nactual:%#v", ent2, out) } @@ -985,7 +982,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) { "explicit_max_ttl": int64(0), } - if (resp.Data["creation_time"].(time.Time)).IsZero() { + if resp.Data["creation_time"].(int64) == 0 { t.Fatalf("creation time was zero") } delete(resp.Data, "creation_time") @@ -1022,7 +1019,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) { "renewable": true, } - if (resp.Data["creation_time"].(time.Time)).IsZero() { + if resp.Data["creation_time"].(int64) == 0 { t.Fatalf("creation time was zero") } delete(resp.Data, "creation_time") @@ -1065,7 +1062,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) { "renewable": true, } - if (resp.Data["creation_time"].(time.Time)).IsZero() { + if resp.Data["creation_time"].(int64) == 0 { t.Fatalf("creation time was zero") } delete(resp.Data, "creation_time") @@ -1098,7 +1095,7 @@ func TestTokenStore_HandleRequest_Lookup(t *testing.T) { t.Fatalf("bad: %#v", resp) } - if (resp.Data["last_renewal_time"].(time.Time)).IsZero() { + if resp.Data["last_renewal_time"].(int64) == 0 { t.Fatalf("last_renewal_time was zero") } } @@ -1130,7 +1127,7 @@ func TestTokenStore_HandleRequest_LookupSelf(t *testing.T) { "explicit_max_ttl": int64(0), } - if (resp.Data["creation_time"].(time.Time)).IsZero() { + if resp.Data["creation_time"].(int64) == 0 { t.Fatalf("creation time was zero") } delete(resp.Data, "creation_time")