TRITON-2513 Update status of expired access keys

lib/index.js

@@ -332,7 +332,36 @@ function assertStrictOptions(funcname, opts, expected) {
     }
 }
 
+/*
+ * AccessKeys created before UFDS v7.5.0 may not have status
+ * or created fields. Patch those fields in here so clients
+ * can rely on them being defined.
+ */
+function patchUpAccessKey(accesskey) {
+    if (!accesskey.status) {
+        accesskey.status = 'Inactive';
+    }
+
+    if (!accesskey.updated) {
+        accesskey.updated = accesskey.created;
+    }
 
+    // If a temporary credential is expired, but not yet purged
+    // from UFDS, update the status to reflect that it is expired.
+    if (accesskey.credentialtype &&
+        accesskey.credentialtype === 'temporary') {
+        var now = new Date();
+        var exp = new Date(accesskey.expiration);
+        if (isNaN(exp) || now >= exp) {
+            accesskey.status = 'Expired';
+        }
+    } else if (!accesskey.credentialtype) {
+        // Absence of credentialtype makes this a permanent key
+        accesskey.credentialtype = 'permanent';
+    }
+
+    return accesskey;
+}
 
 // --- Exported API
 
@@ -3178,6 +3207,7 @@ UFDS.prototype.addAccessKey = function addAccessKey(user, account, attrs, cb) {
 
             entry.accesskeyid = context.id;
             entry.accesskeysecret = context.secret;
+            entry.credentialtype = 'permanent';
 
             var userUuid = context.user.uuid;
             var dn = (account) ?
@@ -3249,7 +3279,7 @@ function getAccessKey(user, accesskeyid, account, cb, noCache) {
                 return;
             }
             if (keys.length) {
-                cb(null, keys[0]);
+                cb(null, patchUpAccessKey(keys[0]));
                 return;
             }
             cb(new ResourceNotFoundError(accesskeyid + ' does not exist'));
@@ -3309,22 +3339,7 @@ function listAccessKeys(user, account, cb, noCache) {
                 if (err) {
                     next(err);
                 } else {
-
-                    // AccessKeys created before UFDS v7.5.0 may not have status
-                    // or created fields. Patch those fields in here so clients
-                    // can rely on them being defined.
-                    var keys = entries.map(function _mapEntries(entry) {
-                        if (!entry.status) {
-                            entry.status = 'Inactive';
-                        }
-
-                        if (!entry.updated) {
-                            entry.updated = entry.created;
-                        }
-
-                        return entry;
-                    });
-
+                    var keys = entries.map(patchUpAccessKey);
                     next(null, keys);
                 }
             }, noCache);
@@ -3544,9 +3559,18 @@ function updateAccessKey(user, account, accesskey, cb) {
                 'accesskeysecret',
                 'created',
                 'objectclass',
-                'updated'
+                'updated',
+                'credentialtype',
+                'principaluuid',
+                'sessiontoken',
+                'expiration'
             ];
 
+            // Ignore status changes on non-permanent accesskeys
+            if (context.accesskey.credentialtype !== 'permanent') {
+                ignoreAttrs.push('status');
+            }
+
             Object.keys(accesskey).forEach(function _keys(key) {
                 var change = {modification: {}};
 

package.json

@@ -2,7 +2,7 @@
   "name": "ufds",
   "author": "Edgecast Cloud (edgecast.io)",
   "description": "Triton UFDS Client API",
-  "version": "1.9.0",
+  "version": "1.9.1",
   "homepage": "https://github.com/TritonDataCenter/triton",
   "repository": {
     "type": "git",