open-vault/vault/quotas/quotas_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package quotas

import (
	"context"
	"testing"
	"time"

	"github.com/go-test/deep"
	log "github.com/hashicorp/go-hclog"
	"github.com/hashicorp/vault/helper/metricsutil"
	"github.com/hashicorp/vault/sdk/helper/logging"
	"github.com/stretchr/testify/require"
)

func TestQuotas_MountPathOverwrite(t *testing.T) {
	qm, err := NewManager(logging.NewVaultLogger(log.Trace), nil, metricsutil.BlackholeSink(), true)
	require.NoError(t, err)

	quota := NewRateLimitQuota("tq", "", "kv1/", "", "", 10, time.Second, 0)
	require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, false))
	quota = quota.Clone().(*RateLimitQuota)
	quota.MountPath = "kv2/"
	require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, false))

	q, err := qm.QueryQuota(&Request{
		Type:      TypeRateLimit,
		MountPath: "kv1/",
	})
	require.NoError(t, err)
	require.Nil(t, q)

	require.NoError(t, qm.DeleteQuota(context.Background(), TypeRateLimit.String(), "tq"))

	q, err = qm.QueryQuota(&Request{
		Type:      TypeRateLimit,
		MountPath: "kv1/",
	})
	require.NoError(t, err)
	require.Nil(t, q)
}

func TestQuotas_Precedence(t *testing.T) {
	qm, err := NewManager(logging.NewVaultLogger(log.Trace), nil, metricsutil.BlackholeSink(), true)
	require.NoError(t, err)

	setQuotaFunc := func(t *testing.T, name, nsPath, mountPath, pathSuffix, role string) Quota {
		t.Helper()
		quota := NewRateLimitQuota(name, nsPath, mountPath, pathSuffix, role, 10, time.Second, 0)
		require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, true))
		return quota
	}

	checkQuotaFunc := func(t *testing.T, nsPath, mountPath, pathSuffix, role string, expected Quota) {
		t.Helper()
		quota, err := qm.QueryQuota(&Request{
			Type:          TypeRateLimit,
			NamespacePath: nsPath,
			MountPath:     mountPath,
			Role:          role,
			Path:          nsPath + mountPath + pathSuffix,
		})
		require.NoError(t, err)

		if diff := deep.Equal(expected, quota); len(diff) > 0 {
			t.Fatal(diff)
		}
	}

	// No quota present. Expect nil.
	checkQuotaFunc(t, "", "", "", "", nil)

	// Define global quota and expect that to be returned.
	rateLimitGlobalQuota := setQuotaFunc(t, "rateLimitGlobalQuota", "", "", "", "")
	checkQuotaFunc(t, "", "", "", "", rateLimitGlobalQuota)

	// Define a global mount specific quota and expect that to be returned.
	rateLimitGlobalMountQuota := setQuotaFunc(t, "rateLimitGlobalMountQuota", "", "testmount/", "", "")
	checkQuotaFunc(t, "", "testmount/", "", "", rateLimitGlobalMountQuota)

	// Define a global mount + path specific quota and expect that to be returned.
	rateLimitGlobalMountPathQuota := setQuotaFunc(t, "rateLimitGlobalMountPathQuota", "", "testmount/", "testpath", "")
	checkQuotaFunc(t, "", "testmount/", "testpath", "", rateLimitGlobalMountPathQuota)

	// Define a namespace quota and expect that to be returned.
	rateLimitNSQuota := setQuotaFunc(t, "rateLimitNSQuota", "testns/", "", "", "")
	checkQuotaFunc(t, "testns/", "", "", "", rateLimitNSQuota)

	// Define a namespace mount specific quota and expect that to be returned.
	rateLimitNSMountQuota := setQuotaFunc(t, "rateLimitNSMountQuota", "testns/", "testmount/", "", "")
	checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountQuota)

	// Define a namespace mount + glob and expect that to be returned.
	rateLimitNSMountGlob := setQuotaFunc(t, "rateLimitNSMountGlob", "testns/", "testmount/", "*", "")
	checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountGlob)

	// Define a namespace mount + path specific quota with a glob and expect that to be returned.
	rateLimitNSMountPathSuffixGlob := setQuotaFunc(t, "rateLimitNSMountPathSuffixGlob", "testns/", "testmount/", "test*", "")
	checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathSuffixGlob)

	// Define a namespace mount + path specific quota with a glob at the end of the path and expect that to be returned.
	rateLimitNSMountPathSuffixGlobAfterPath := setQuotaFunc(t, "rateLimitNSMountPathSuffixGlobAfterPath", "testns/", "testmount/", "testpath*", "")
	checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathSuffixGlobAfterPath)

	// Define a namespace mount + path specific quota and expect that to be returned.
	rateLimitNSMountPathQuota := setQuotaFunc(t, "rateLimitNSMountPathQuota", "testns/", "testmount/", "testpath", "")
	checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathQuota)

	// Define a namespace mount + role specific quota and expect that to be returned.
	rateLimitNSMountRoleQuota := setQuotaFunc(t, "rateLimitNSMountPathQuota", "testns/", "testmount/", "", "role")
	checkQuotaFunc(t, "testns/", "testmount/", "", "role", rateLimitNSMountRoleQuota)

	// Now that many quota types are defined, verify that the most specific
	// matches are returned per namespace.
	checkQuotaFunc(t, "", "", "", "", rateLimitGlobalQuota)
	checkQuotaFunc(t, "testns/", "", "", "", rateLimitNSQuota)
}

// TestQuotas_QueryRoleQuotas checks to see if quota creation on a mount
// requires a call to ResolveRoleOperation.
func TestQuotas_QueryResolveRole_RateLimitQuotas(t *testing.T) {
	leaseWalkFunc := func(context.Context, func(request *Request) bool) error {
		return nil
	}
	qm, err := NewManager(logging.NewVaultLogger(log.Trace), leaseWalkFunc, metricsutil.BlackholeSink(), true)
	require.NoError(t, err)

	rlqReq := &Request{
		Type:          TypeRateLimit,
		Path:          "",
		MountPath:     "mount1/",
		NamespacePath: "",
		ClientAddress: "127.0.0.1",
	}
	// Check that we have no quotas requiring role resolution on mount1/
	required, err := qm.QueryResolveRoleQuotas(rlqReq)
	require.NoError(t, err)
	require.False(t, required)

	// Create a non-role-based RLQ on mount1/ and make sure it doesn't require role resolution
	rlq := NewRateLimitQuota("tq", rlqReq.NamespacePath, rlqReq.MountPath, rlqReq.Path, rlqReq.Role, 10, 1*time.Minute, 10*time.Second)
	require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), rlq, false))

	required, err = qm.QueryResolveRoleQuotas(rlqReq)
	require.NoError(t, err)
	require.False(t, required)

	// Create a role-based RLQ on mount1/ and make sure it requires role resolution
	rlqReq.Role = "test"
	rlq = NewRateLimitQuota("tq", rlqReq.NamespacePath, rlqReq.MountPath, rlqReq.Path, rlqReq.Role, 10, 1*time.Minute, 10*time.Second)
	require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), rlq, false))

	required, err = qm.QueryResolveRoleQuotas(rlqReq)
	require.NoError(t, err)
	require.True(t, required)

	// Check that we have no quotas requiring role resolution on mount2/
	rlqReq.MountPath = "mount2/"
	required, err = qm.QueryResolveRoleQuotas(rlqReq)
	require.NoError(t, err)
	require.False(t, required)
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`package quotas`

			`import (`
			`"context"`
			`"testing"`
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 19:15:05 +00:00			`"time"`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
			`"github.com/go-test/deep"`
			`log "github.com/hashicorp/go-hclog"`
Revert "Migrate internalshared out (#9727)" (#10141) This reverts commit ee6391b691ac12ab6ca13c3912404f1d3a842bd6. 2020-10-13 23:38:21 +00:00			`"github.com/hashicorp/vault/helper/metricsutil"`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`"github.com/hashicorp/vault/sdk/helper/logging"`
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 19:15:05 +00:00			`"github.com/stretchr/testify/require"`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`)`

Fix quota enforcing old path issue (#10689) * Fix db indexing issue * Add CL update 2021-02-09 10:46:09 +00:00			`func TestQuotas_MountPathOverwrite(t *testing.T) {`
Backport of core: fix bug where deadlock detection was always on for expiration and quotas into release/1.14.x (#23904) * backport of commit 66494c8129cddf33eb0cf435b6cb2f76bc47416f * Remove slices package * remove slices --------- Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> 2023-10-30 17:21:47 +00:00			`qm, err := NewManager(logging.NewVaultLogger(log.Trace), nil, metricsutil.BlackholeSink(), true)`
Fix quota enforcing old path issue (#10689) * Fix db indexing issue * Add CL update 2021-02-09 10:46:09 +00:00			`require.NoError(t, err)`

VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`quota := NewRateLimitQuota("tq", "", "kv1/", "", "", 10, time.Second, 0)`
Fix quota enforcing old path issue (#10689) * Fix db indexing issue * Add CL update 2021-02-09 10:46:09 +00:00			`require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, false))`
Revert "MFA (#14049)" (#14135) This reverts commit 5f17953b5980e6438215d5cb62c8575d16c63193. 2022-02-17 20:17:59 +00:00			`quota = quota.Clone().(*RateLimitQuota)`
Fix quota enforcing old path issue (#10689) * Fix db indexing issue * Add CL update 2021-02-09 10:46:09 +00:00			`quota.MountPath = "kv2/"`
			`require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, false))`

			`q, err := qm.QueryQuota(&Request{`
			`Type: TypeRateLimit,`
			`MountPath: "kv1/",`
			`})`
			`require.NoError(t, err)`
			`require.Nil(t, q)`

			`require.NoError(t, qm.DeleteQuota(context.Background(), TypeRateLimit.String(), "tq"))`

			`q, err = qm.QueryQuota(&Request{`
			`Type: TypeRateLimit,`
			`MountPath: "kv1/",`
			`})`
			`require.NoError(t, err)`
			`require.Nil(t, q)`
			`}`

Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`func TestQuotas_Precedence(t *testing.T) {`
Backport of core: fix bug where deadlock detection was always on for expiration and quotas into release/1.14.x (#23904) * backport of commit 66494c8129cddf33eb0cf435b6cb2f76bc47416f * Remove slices package * remove slices --------- Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> 2023-10-30 17:21:47 +00:00			`qm, err := NewManager(logging.NewVaultLogger(log.Trace), nil, metricsutil.BlackholeSink(), true)`
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 19:15:05 +00:00			`require.NoError(t, err)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`setQuotaFunc := func(t *testing.T, name, nsPath, mountPath, pathSuffix, role string) Quota {`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`t.Helper()`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`quota := NewRateLimitQuota(name, nsPath, mountPath, pathSuffix, role, 10, time.Second, 0)`
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 19:15:05 +00:00			`require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), quota, true))`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`return quota`
			`}`

VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`checkQuotaFunc := func(t *testing.T, nsPath, mountPath, pathSuffix, role string, expected Quota) {`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`t.Helper()`
quotas: fix data race that could occur if ApplyQuota was called durin… (#9458) * quotas: fix data race that could occur if ApplyQuota was called during a db reset * Abstract out the locking caller * Remove unneeded lock * Update Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com> Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com> 2020-07-13 18:42:39 +00:00			`quota, err := qm.QueryQuota(&Request{`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`Type: TypeRateLimit,`
			`NamespacePath: nsPath,`
			`MountPath: mountPath,`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`Role: role,`
(OSS) Path Suffix Support for Rate Limit Quotas (#15989) * Support for rate limit path suffix quotas * Support for rate limit path suffix quotas * Precedence test for support for rate limit path suffix quotas * Update clone method * Fix mount determination * Add changelog * use constant for mounts * Fix read endpoint, and remount/disable mount * update godocs for queryquota 2022-06-16 17:23:02 +00:00			`Path: nsPath + mountPath + pathSuffix,`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`})`
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 19:15:05 +00:00			`require.NoError(t, err)`

Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`if diff := deep.Equal(expected, quota); len(diff) > 0 {`
			`t.Fatal(diff)`
			`}`
			`}`

			`// No quota present. Expect nil.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`checkQuotaFunc(t, "", "", "", "", nil)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
			`// Define global quota and expect that to be returned.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`rateLimitGlobalQuota := setQuotaFunc(t, "rateLimitGlobalQuota", "", "", "", "")`
			`checkQuotaFunc(t, "", "", "", "", rateLimitGlobalQuota)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
			`// Define a global mount specific quota and expect that to be returned.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`rateLimitGlobalMountQuota := setQuotaFunc(t, "rateLimitGlobalMountQuota", "", "testmount/", "", "")`
			`checkQuotaFunc(t, "", "testmount/", "", "", rateLimitGlobalMountQuota)`
(OSS) Path Suffix Support for Rate Limit Quotas (#15989) * Support for rate limit path suffix quotas * Support for rate limit path suffix quotas * Precedence test for support for rate limit path suffix quotas * Update clone method * Fix mount determination * Add changelog * use constant for mounts * Fix read endpoint, and remount/disable mount * update godocs for queryquota 2022-06-16 17:23:02 +00:00
			`// Define a global mount + path specific quota and expect that to be returned.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`rateLimitGlobalMountPathQuota := setQuotaFunc(t, "rateLimitGlobalMountPathQuota", "", "testmount/", "testpath", "")`
			`checkQuotaFunc(t, "", "testmount/", "testpath", "", rateLimitGlobalMountPathQuota)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
			`// Define a namespace quota and expect that to be returned.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`rateLimitNSQuota := setQuotaFunc(t, "rateLimitNSQuota", "testns/", "", "", "")`
			`checkQuotaFunc(t, "testns/", "", "", "", rateLimitNSQuota)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
			`// Define a namespace mount specific quota and expect that to be returned.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`rateLimitNSMountQuota := setQuotaFunc(t, "rateLimitNSMountQuota", "testns/", "testmount/", "", "")`
VAULT-7046 Allow trailing globbing at the end of a path suffix quota (#16386) * VAULT-7046 OSS changes for trailing glob quotas * VAULT-7046 allow glob of 'a' to match 'a' VAULT-7046 Add changelog * VAULT-7046 fix minor typo 2022-07-21 19:31:23 +00:00			`checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountQuota)`

			`// Define a namespace mount + glob and expect that to be returned.`
			`rateLimitNSMountGlob := setQuotaFunc(t, "rateLimitNSMountGlob", "testns/", "testmount/", "*", "")`
			`checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountGlob)`

			`// Define a namespace mount + path specific quota with a glob and expect that to be returned.`
			`rateLimitNSMountPathSuffixGlob := setQuotaFunc(t, "rateLimitNSMountPathSuffixGlob", "testns/", "testmount/", "test*", "")`
			`checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathSuffixGlob)`

			`// Define a namespace mount + path specific quota with a glob at the end of the path and expect that to be returned.`
			`rateLimitNSMountPathSuffixGlobAfterPath := setQuotaFunc(t, "rateLimitNSMountPathSuffixGlobAfterPath", "testns/", "testmount/", "testpath*", "")`
			`checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathSuffixGlobAfterPath)`
(OSS) Path Suffix Support for Rate Limit Quotas (#15989) * Support for rate limit path suffix quotas * Support for rate limit path suffix quotas * Precedence test for support for rate limit path suffix quotas * Update clone method * Fix mount determination * Add changelog * use constant for mounts * Fix read endpoint, and remount/disable mount * update godocs for queryquota 2022-06-16 17:23:02 +00:00
			`// Define a namespace mount + path specific quota and expect that to be returned.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`rateLimitNSMountPathQuota := setQuotaFunc(t, "rateLimitNSMountPathQuota", "testns/", "testmount/", "testpath", "")`
			`checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathQuota)`

			`// Define a namespace mount + role specific quota and expect that to be returned.`
			`rateLimitNSMountRoleQuota := setQuotaFunc(t, "rateLimitNSMountPathQuota", "testns/", "testmount/", "", "role")`
			`checkQuotaFunc(t, "testns/", "testmount/", "", "role", rateLimitNSMountRoleQuota)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00
			`// Now that many quota types are defined, verify that the most specific`
			`// matches are returned per namespace.`
VAULT-6613 Add role support for rate limit quotas (OSS Changes) (#16115) * VAULT-6613 add DetermineRoleFromLoginRequest function to Core * Fix body handling * Role resolution for rate limit quotas * VAULT-6613 update precedence test * Add changelog * Handle body error * VAULT-6613 Return early if error with json parsing 2022-06-24 12:58:02 +00:00			`checkQuotaFunc(t, "", "", "", "", rateLimitGlobalQuota)`
			`checkQuotaFunc(t, "testns/", "", "", "", rateLimitNSQuota)`
Resource Quotas: Rate Limiting (#9330) 2020-06-26 21:13:16 +00:00			`}`
backport of commit c4a8b23d933fcbd65647ffabfcb0b4c1809a57e9 (#22637) Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> 2023-08-30 15:28:32 +00:00
			`// TestQuotas_QueryRoleQuotas checks to see if quota creation on a mount`
			`// requires a call to ResolveRoleOperation.`
			`func TestQuotas_QueryResolveRole_RateLimitQuotas(t *testing.T) {`
			`leaseWalkFunc := func(context.Context, func(request *Request) bool) error {`
			`return nil`
			`}`
Backport of core: fix bug where deadlock detection was always on for expiration and quotas into release/1.14.x (#23904) * backport of commit 66494c8129cddf33eb0cf435b6cb2f76bc47416f * Remove slices package * remove slices --------- Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> 2023-10-30 17:21:47 +00:00			`qm, err := NewManager(logging.NewVaultLogger(log.Trace), leaseWalkFunc, metricsutil.BlackholeSink(), true)`
backport of commit c4a8b23d933fcbd65647ffabfcb0b4c1809a57e9 (#22637) Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> 2023-08-30 15:28:32 +00:00			`require.NoError(t, err)`

			`rlqReq := &Request{`
			`Type: TypeRateLimit,`
			`Path: "",`
			`MountPath: "mount1/",`
			`NamespacePath: "",`
			`ClientAddress: "127.0.0.1",`
			`}`
			`// Check that we have no quotas requiring role resolution on mount1/`
			`required, err := qm.QueryResolveRoleQuotas(rlqReq)`
			`require.NoError(t, err)`
			`require.False(t, required)`

			`// Create a non-role-based RLQ on mount1/ and make sure it doesn't require role resolution`
			`rlq := NewRateLimitQuota("tq", rlqReq.NamespacePath, rlqReq.MountPath, rlqReq.Path, rlqReq.Role, 10, 1time.Minute, 10time.Second)`
			`require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), rlq, false))`

			`required, err = qm.QueryResolveRoleQuotas(rlqReq)`
			`require.NoError(t, err)`
			`require.False(t, required)`

			`// Create a role-based RLQ on mount1/ and make sure it requires role resolution`
			`rlqReq.Role = "test"`
			`rlq = NewRateLimitQuota("tq", rlqReq.NamespacePath, rlqReq.MountPath, rlqReq.Path, rlqReq.Role, 10, 1time.Minute, 10time.Second)`
			`require.NoError(t, qm.SetQuota(context.Background(), TypeRateLimit.String(), rlq, false))`

			`required, err = qm.QueryResolveRoleQuotas(rlqReq)`
			`require.NoError(t, err)`
			`require.True(t, required)`

			`// Check that we have no quotas requiring role resolution on mount2/`
			`rlqReq.MountPath = "mount2/"`
			`required, err = qm.QueryResolveRoleQuotas(rlqReq)`
			`require.NoError(t, err)`
			`require.False(t, required)`
			`}`