diff --git a/builtin/credential/aws/path_role.go b/builtin/credential/aws/path_role.go index 1d248a393b14..8cca61b3de9e 100644 --- a/builtin/credential/aws/path_role.go +++ b/builtin/credential/aws/path_role.go @@ -889,11 +889,7 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request } } - defaultLeaseTTL := b.System().DefaultLeaseTTL() systemMaxTTL := b.System().MaxLeaseTTL() - if roleEntry.TokenTTL > defaultLeaseTTL { - resp.AddWarning(fmt.Sprintf("Given ttl of %d seconds greater than current mount/system default of %d seconds; ttl will be capped at login time", roleEntry.TokenTTL/time.Second, defaultLeaseTTL/time.Second)) - } if roleEntry.TokenMaxTTL > systemMaxTTL { resp.AddWarning(fmt.Sprintf("Given max ttl of %d seconds greater than current mount/system default of %d seconds; max ttl will be capped at login time", roleEntry.TokenMaxTTL/time.Second, systemMaxTTL/time.Second)) } diff --git a/builtin/credential/aws/path_role_test.go b/builtin/credential/aws/path_role_test.go index a46a28a8a867..5d7a0e313880 100644 --- a/builtin/credential/aws/path_role_test.go +++ b/builtin/credential/aws/path_role_test.go @@ -762,10 +762,10 @@ func TestAwsEc2_RoleDurationSeconds(t *testing.T) { } if resp.Data["ttl"].(int64) != 10 { - t.Fatalf("bad: period; expected: 10, actual: %d", resp.Data["ttl"]) + t.Fatalf("bad: ttl; expected: 10, actual: %d", resp.Data["ttl"]) } if resp.Data["max_ttl"].(int64) != 20 { - t.Fatalf("bad: period; expected: 20, actual: %d", resp.Data["max_ttl"]) + t.Fatalf("bad: max_ttl; expected: 20, actual: %d", resp.Data["max_ttl"]) } if resp.Data["period"].(int64) != 30 { t.Fatalf("bad: period; expected: 30, actual: %d", resp.Data["period"]) diff --git a/changelog/12026.txt b/changelog/12026.txt new file mode 100644 index 000000000000..12b6cdda7319 --- /dev/null +++ b/changelog/12026.txt @@ -0,0 +1,3 @@ +```release-note:bug +auth/aws: Remove warning stating AWS Token TTL will be capped by the Default Lease TTL. +``` \ No newline at end of file