luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/expiration_util_common.go

82 lines
1.9 KiB
Go
Raw Normal View History

Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2021-06-02 16:11:30 +00:00
package vault
import (
"context"
"fmt"
"math/rand"
"testing"
"time"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/helper/namespace"
)
type basicLeaseTestInfo struct {
id string
mount string
expire time.Time
}
// add an irrevocable lease for test purposes
// returns the lease ID and expire time
func addIrrevocableLease(t *testing.T, m *ExpirationManager, pathPrefix string, ns *namespace.Namespace) *basicLeaseTestInfo {
t.Helper()
uuid, err := uuid.GenerateUUID()
if err != nil {
t.Fatalf("error generating uuid: %v", err)
}
if ns == nil {
ns = namespace.RootNamespace
}
nsSuffix := ""
if ns != namespace.RootNamespace {
nsSuffix = fmt.Sprintf("/blah.%s", ns.ID)
}
randomTimeDelta := time.Duration(rand.Int31n(24))
le := &leaseEntry{
LeaseID: pathPrefix + "lease" + uuid + nsSuffix,
Path: pathPrefix + nsSuffix,
namespace: ns,
IssueTime: time.Now(),
ExpireTime: time.Now().Add(randomTimeDelta * time.Hour),
RevokeErr: "some error message",
}
m.pendingLock.Lock()
defer m.pendingLock.Unlock()
if err := m.persistEntry(context.Background(), le); err != nil {
t.Fatalf("error persisting irrevocable lease: %v", err)
}
m.updatePendingInternal(le)
return &basicLeaseTestInfo{
id: le.LeaseID,
expire: le.ExpireTime,
}
}
// InjectIrrevocableLeases injects `count` irrevocable leases (currently to a
// single mount).
// It returns a map of the mount accessor to the number of leases stored there
func (c *Core) InjectIrrevocableLeases(t *testing.T, ctx context.Context, count int) map[string]int {
out := make(map[string]int)
for i := 0; i < count; i++ {
le := addIrrevocableLease(t, c.expiration, "foo/", namespace.RootNamespace)
mountAccessor := c.expiration.getLeaseMountAccessor(ctx, le.id)
if _, ok := out[mountAccessor]; !ok {
out[mountAccessor] = 0
}
out[mountAccessor]++
}
return out
}