2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2017-06-20 04:34:11 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2021-05-06 18:04:26 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2023-02-14 14:57:25 +00:00
|
|
|
"math/rand"
|
|
|
|
"reflect"
|
2017-06-20 04:34:11 +00:00
|
|
|
"testing"
|
2023-02-14 14:57:25 +00:00
|
|
|
"testing/quick"
|
2021-05-06 18:04:26 +00:00
|
|
|
"time"
|
2019-10-29 00:28:59 +00:00
|
|
|
|
|
|
|
"github.com/go-test/deep"
|
2017-06-20 04:34:11 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestRenewer_NewRenewer(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
client, err := NewClient(DefaultConfig())
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
cases := []struct {
|
|
|
|
name string
|
|
|
|
i *RenewerInput
|
|
|
|
e *Renewer
|
|
|
|
err bool
|
|
|
|
}{
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
name: "nil",
|
|
|
|
i: nil,
|
|
|
|
e: nil,
|
|
|
|
err: true,
|
2017-06-20 04:34:11 +00:00
|
|
|
},
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
name: "missing_secret",
|
|
|
|
i: &RenewerInput{
|
2017-06-20 04:34:11 +00:00
|
|
|
Secret: nil,
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
e: nil,
|
|
|
|
err: true,
|
2017-06-20 04:34:11 +00:00
|
|
|
},
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
name: "default_grace",
|
|
|
|
i: &RenewerInput{
|
2017-06-20 04:34:11 +00:00
|
|
|
Secret: &Secret{},
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
e: &Renewer{
|
2017-06-20 04:34:11 +00:00
|
|
|
secret: &Secret{},
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
err: false,
|
2017-06-20 04:34:11 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2017-06-26 21:21:37 +00:00
|
|
|
for _, tc := range cases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2017-06-20 04:34:11 +00:00
|
|
|
v, err := client.NewRenewer(tc.i)
|
|
|
|
if (err != nil) != tc.err {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if v == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Zero-out channels because reflect
|
|
|
|
v.client = nil
|
2017-06-29 00:38:03 +00:00
|
|
|
v.random = nil
|
2017-06-20 04:34:11 +00:00
|
|
|
v.doneCh = nil
|
2017-06-26 21:21:37 +00:00
|
|
|
v.renewCh = nil
|
2017-06-20 04:34:11 +00:00
|
|
|
v.stopCh = nil
|
|
|
|
|
2019-10-29 00:28:59 +00:00
|
|
|
if diff := deep.Equal(tc.e, v); diff != nil {
|
|
|
|
t.Error(diff)
|
2017-06-20 04:34:11 +00:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2021-05-06 18:04:26 +00:00
|
|
|
|
|
|
|
func TestLifetimeWatcher(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
client, err := NewClient(DefaultConfig())
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Note that doRenewWithOptions starts its loop with an initial renewal.
|
|
|
|
// This has a big impact on the particulars of the following cases.
|
|
|
|
|
|
|
|
renewedSecret := &Secret{}
|
|
|
|
var caseOneErrorCount int
|
|
|
|
var caseManyErrorsCount int
|
|
|
|
cases := []struct {
|
|
|
|
maxTestTime time.Duration
|
|
|
|
name string
|
|
|
|
leaseDurationSeconds int
|
|
|
|
incrementSeconds int
|
|
|
|
renew renewFunc
|
|
|
|
expectError error
|
|
|
|
expectRenewal bool
|
|
|
|
}{
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
maxTestTime: time.Second,
|
|
|
|
name: "no_error",
|
|
|
|
leaseDurationSeconds: 60,
|
|
|
|
incrementSeconds: 60,
|
|
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
2021-05-06 18:04:26 +00:00
|
|
|
return renewedSecret, nil
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
expectError: nil,
|
|
|
|
expectRenewal: true,
|
2021-05-06 18:04:26 +00:00
|
|
|
},
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
maxTestTime: time.Second,
|
|
|
|
name: "short_increment_duration",
|
|
|
|
leaseDurationSeconds: 60,
|
|
|
|
incrementSeconds: 10,
|
|
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
|
|
return renewedSecret, nil
|
|
|
|
},
|
|
|
|
expectError: nil,
|
|
|
|
expectRenewal: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
maxTestTime: 5 * time.Second,
|
|
|
|
name: "one_error",
|
|
|
|
leaseDurationSeconds: 15,
|
|
|
|
incrementSeconds: 15,
|
|
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
2021-05-06 18:04:26 +00:00
|
|
|
if caseOneErrorCount == 0 {
|
|
|
|
caseOneErrorCount++
|
|
|
|
return nil, fmt.Errorf("renew failure")
|
|
|
|
}
|
|
|
|
return renewedSecret, nil
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
expectError: nil,
|
|
|
|
expectRenewal: true,
|
2021-05-06 18:04:26 +00:00
|
|
|
},
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
maxTestTime: 15 * time.Second,
|
|
|
|
name: "many_errors",
|
|
|
|
leaseDurationSeconds: 15,
|
|
|
|
incrementSeconds: 15,
|
|
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
2021-05-06 18:04:26 +00:00
|
|
|
if caseManyErrorsCount == 3 {
|
|
|
|
return renewedSecret, nil
|
|
|
|
}
|
|
|
|
caseManyErrorsCount++
|
|
|
|
return nil, fmt.Errorf("renew failure")
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
expectError: nil,
|
|
|
|
expectRenewal: true,
|
2021-05-06 18:04:26 +00:00
|
|
|
},
|
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
maxTestTime: 15 * time.Second,
|
|
|
|
name: "only_errors",
|
|
|
|
leaseDurationSeconds: 15,
|
|
|
|
incrementSeconds: 15,
|
|
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
2021-05-06 18:04:26 +00:00
|
|
|
return nil, fmt.Errorf("renew failure")
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
expectError: nil,
|
|
|
|
expectRenewal: false,
|
2021-05-06 18:04:26 +00:00
|
|
|
},
|
2021-08-25 02:06:40 +00:00
|
|
|
{
|
2022-04-06 17:04:45 +00:00
|
|
|
maxTestTime: 15 * time.Second,
|
|
|
|
name: "negative_lease_duration",
|
|
|
|
leaseDurationSeconds: -15,
|
|
|
|
incrementSeconds: 15,
|
|
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
2021-08-25 02:06:40 +00:00
|
|
|
return renewedSecret, nil
|
|
|
|
},
|
2022-04-06 17:04:45 +00:00
|
|
|
expectError: nil,
|
|
|
|
expectRenewal: true,
|
2021-08-25 02:06:40 +00:00
|
|
|
},
|
2021-05-06 18:04:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, tc := range cases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
v, err := client.NewLifetimeWatcher(&LifetimeWatcherInput{
|
|
|
|
Secret: &Secret{
|
|
|
|
LeaseDuration: tc.leaseDurationSeconds,
|
|
|
|
},
|
|
|
|
Increment: tc.incrementSeconds,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2022-02-28 14:24:19 +00:00
|
|
|
doneCh := make(chan error, 1)
|
2021-05-06 18:04:26 +00:00
|
|
|
go func() {
|
2022-02-28 14:24:19 +00:00
|
|
|
doneCh <- v.doRenewWithOptions(false, false,
|
|
|
|
tc.leaseDurationSeconds, "myleaseID", tc.renew, time.Second)
|
2021-05-06 18:04:26 +00:00
|
|
|
}()
|
|
|
|
defer v.Stop()
|
|
|
|
|
2022-06-14 13:44:51 +00:00
|
|
|
receivedRenewal := false
|
|
|
|
receivedDone := false
|
|
|
|
ChannelLoop:
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-time.After(tc.maxTestTime):
|
|
|
|
t.Fatalf("renewal didn't happen")
|
|
|
|
case r := <-v.RenewCh():
|
|
|
|
if !tc.expectRenewal {
|
|
|
|
t.Fatal("expected no renewals")
|
|
|
|
}
|
|
|
|
if r.Secret != renewedSecret {
|
|
|
|
t.Fatalf("expected secret %v, got %v", renewedSecret, r.Secret)
|
|
|
|
}
|
|
|
|
receivedRenewal = true
|
|
|
|
if !receivedDone {
|
|
|
|
continue ChannelLoop
|
|
|
|
}
|
|
|
|
break ChannelLoop
|
|
|
|
case err := <-doneCh:
|
|
|
|
receivedDone = true
|
|
|
|
if tc.expectError != nil && !errors.Is(err, tc.expectError) {
|
|
|
|
t.Fatalf("expected error %q, got: %v", tc.expectError, err)
|
|
|
|
}
|
|
|
|
if tc.expectError == nil && err != nil {
|
|
|
|
t.Fatalf("expected no error, got: %v", err)
|
|
|
|
}
|
|
|
|
if tc.expectRenewal && !receivedRenewal {
|
|
|
|
// We might have received the stop before the renew call on the channel.
|
|
|
|
continue ChannelLoop
|
|
|
|
}
|
|
|
|
break ChannelLoop
|
2021-05-06 18:04:26 +00:00
|
|
|
}
|
|
|
|
}
|
2022-06-14 13:44:51 +00:00
|
|
|
|
|
|
|
if tc.expectRenewal && !receivedRenewal {
|
|
|
|
t.Fatalf("expected at least one renewal, got none.")
|
|
|
|
}
|
2021-05-06 18:04:26 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-02-14 14:57:25 +00:00
|
|
|
|
|
|
|
// TestCalcSleepPeriod uses property based testing to evaluate the calculateSleepDuration
|
|
|
|
// function of LifeTimeWatchers, but also incidentally tests "calculateGrace".
|
|
|
|
// This is on account of "calculateSleepDuration" performing the "calculateGrace"
|
|
|
|
// function in particular instances.
|
|
|
|
// Both of these functions support the vital functionality of the LifeTimeWatcher
|
|
|
|
// and therefore should be tested rigorously.
|
|
|
|
func TestCalcSleepPeriod(t *testing.T) {
|
|
|
|
c := quick.Config{
|
2023-02-16 16:40:52 +00:00
|
|
|
MaxCount: 10000,
|
2023-02-14 14:57:25 +00:00
|
|
|
Values: func(values []reflect.Value, r *rand.Rand) {
|
2023-02-16 16:40:52 +00:00
|
|
|
leaseDuration := r.Int63()
|
|
|
|
priorDuration := r.Int63n(leaseDuration)
|
|
|
|
remainingLeaseDuration := r.Int63n(priorDuration)
|
|
|
|
increment := r.Int63n(remainingLeaseDuration)
|
2023-02-14 14:57:25 +00:00
|
|
|
|
|
|
|
values[0] = reflect.ValueOf(r)
|
|
|
|
values[1] = reflect.ValueOf(time.Duration(leaseDuration))
|
|
|
|
values[2] = reflect.ValueOf(time.Duration(priorDuration))
|
|
|
|
values[3] = reflect.ValueOf(time.Duration(remainingLeaseDuration))
|
2023-02-16 16:40:52 +00:00
|
|
|
values[4] = reflect.ValueOf(time.Duration(increment))
|
2023-02-14 14:57:25 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// tests that "calculateSleepDuration" will always return a value less than
|
|
|
|
// the remaining lease duration given a random leaseDuration, priorDuration, remainingLeaseDuration, and increment.
|
|
|
|
// Inputs are generated so that:
|
|
|
|
// leaseDuration > priorDuration > remainingLeaseDuration
|
|
|
|
// and remainingLeaseDuration > increment
|
2023-02-16 16:40:52 +00:00
|
|
|
if err := quick.Check(func(r *rand.Rand, leaseDuration, priorDuration, remainingLeaseDuration, increment time.Duration) bool {
|
2023-02-14 14:57:25 +00:00
|
|
|
lw := LifetimeWatcher{
|
|
|
|
grace: 0,
|
2023-02-16 16:40:52 +00:00
|
|
|
increment: int(increment.Seconds()),
|
2023-02-14 14:57:25 +00:00
|
|
|
random: r,
|
|
|
|
}
|
|
|
|
|
2023-02-16 16:40:52 +00:00
|
|
|
lw.calculateGrace(remainingLeaseDuration, increment)
|
2023-02-14 14:57:25 +00:00
|
|
|
|
|
|
|
// ensure that we sleep for less than the remaining lease.
|
|
|
|
return lw.calculateSleepDuration(remainingLeaseDuration, priorDuration) < remainingLeaseDuration
|
|
|
|
}, &c); err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
}
|