Hello,
I’m trying to renew my token:
import hvac
client = hvac.Client()
>>> client.lookup_token()
{'request_id': '7cf335f0-3a3a-235b-7c8e-4889a9de71e6', 'lease_id': '', 'renewable': False, 'lease_duration': 0, 'data': {'accessor': '<snip>', 'creation_time': 1588697647, 'creation_ttl': 2764800, 'display_name': 'token', 'entity_id': '', 'expire_time': '2020-06-06T16:54:07.09531292Z', 'explicit_max_ttl': 7884000, 'id': '<snip>', 'issue_time': '2020-05-05T16:54:07.095317025Z', 'meta': None, 'num_uses': 0, 'orphan': False, 'path': 'auth/token/create', 'policies': ['default', 'employee'], 'renewable': True, 'ttl': 2617094, 'type': 'service'}, 'wrap_info': None, 'warnings': None, 'auth': None}
>>> client.renew_token()
{'request_id': '202d6990-9cbd-89dc-d904-6953725417b6', 'lease_id': '', 'renewable': False, 'lease_duration': 0, 'data': None, 'wrap_info': None, 'warnings': ['TTL of "768h" exceeded the effective max_ttl of "726h57m58s"; TTL value is capped accordingly'], 'auth': {'client_token': '<snip>', 'accessor': '<snip>', 'policies': ['default', 'employee'], 'token_policies': ['default', 'employee'], 'metadata': None, 'lease_duration': 2617078, 'renewable': True, 'entity_id': '', 'token_type': 'service', 'orphan': False}}
>>> client.lookup_token()
{'request_id': '11fb3eef-f431-5d5c-cc0e-9b4a9c181c1f', 'lease_id': '', 'renewable': False, 'lease_duration': 0, 'data': {'accessor': '<snip>', 'creation_time': 1588697647, 'creation_ttl': 2764800, 'display_name': 'token', 'entity_id': '', 'expire_time': '2020-06-06T16:54:07.744004233Z', 'explicit_max_ttl': 7884000, 'id': '<snip>', 'issue_time': '2020-05-05T16:54:07.095317025Z', 'last_renewal': '2020-05-07T09:56:09.7440046Z', 'last_renewal_time': 1588845369, 'meta': None, 'num_uses': 0, 'orphan': False, 'path': 'auth/token/create', 'policies': ['default', 'employee'], 'renewable': True, 'ttl': 2617060, 'type': 'service'}, 'wrap_info': None, 'warnings': None, 'auth': None}
What I read from this:
TTL before renewal: 2617094
TTL after renewal: 2617060
Isn’t the purpose of token_renew() to increase the TTL? I set my explicit_max_ttl to 7884000.