open-vault/vault/expiration_util_common.go

package vault

import (
	"context"
	"fmt"
	"math/rand"
	"path"
	"testing"
	"time"

	uuid "github.com/hashicorp/go-uuid"
	"github.com/hashicorp/vault/helper/namespace"
	"github.com/hashicorp/vault/sdk/logical"
)

type basicLeaseTestInfo struct {
	id     string
	mount  string
	expire time.Time
}

// add an irrevocable lease for test purposes
// returns the lease ID and expire time
func addIrrevocableLease(t *testing.T, m *ExpirationManager, pathPrefix string, ns *namespace.Namespace) *basicLeaseTestInfo {
	t.Helper()

	uuid, err := uuid.GenerateUUID()
	if err != nil {
		t.Fatalf("error generating uuid: %v", err)
	}

	if ns == nil {
		ns = namespace.RootNamespace
	}

	leaseID := path.Join(pathPrefix, "lease"+uuid)

	if ns != namespace.RootNamespace {
		leaseID = fmt.Sprintf("%s.%s", leaseID, ns.ID)
	}

	randomTimeDelta := time.Duration(rand.Int31n(24))
	le := &leaseEntry{
		LeaseID:    leaseID,
		Path:       pathPrefix,
		namespace:  ns,
		IssueTime:  time.Now(),
		ExpireTime: time.Now().Add(randomTimeDelta * time.Hour),
		RevokeErr:  "some error message",
	}

	m.pendingLock.Lock()
	defer m.pendingLock.Unlock()

	if err := m.persistEntry(context.Background(), le); err != nil {
		t.Fatalf("error persisting irrevocable lease: %v", err)
	}

	m.updatePendingInternal(le)

	return &basicLeaseTestInfo{
		id:     le.LeaseID,
		expire: le.ExpireTime,
	}
}

// InjectIrrevocableLeases injects `count` irrevocable leases (currently to a
// single mount).
// It returns a map of the mount accessor to the number of leases stored there
func (c *Core) InjectIrrevocableLeases(t *testing.T, ctx context.Context, count int) map[string]int {
	out := make(map[string]int)
	for i := 0; i < count; i++ {
		le := addIrrevocableLease(t, c.expiration, "foo/", namespace.RootNamespace)

		mountAccessor := c.expiration.getLeaseMountAccessor(ctx, le.id)
		if _, ok := out[mountAccessor]; !ok {
			out[mountAccessor] = 0
		}

		out[mountAccessor]++
	}

	return out
}

type backend struct {
	path string
	ns   *namespace.Namespace
}

// set up multiple mounts, and return a mapping of the path to the mount accessor
func mountNoopBackends(t *testing.T, c *Core, backends []*backend) map[string]string {
	t.Helper()

	// enable the noop backend
	c.logicalBackends["noop"] = func(ctx context.Context, config *logical.BackendConfig) (logical.Backend, error) {
		return &NoopBackend{}, nil
	}

	pathToMount := make(map[string]string)
	for _, backend := range backends {
		me := &MountEntry{
			Table: mountTableType,
			Path:  backend.path,
			Type:  "noop",
		}

		nsCtx := namespace.ContextWithNamespace(context.Background(), backend.ns)
		err := c.mount(nsCtx, me)
		if err != nil {
			t.Fatalf("err mounting backend %s: %v", backend.path, err)
		}

		mount := c.router.MatchingMountEntry(nsCtx, backend.path)
		if mount == nil {
			t.Fatalf("couldn't find mount for path %s", backend.path)
		}
		pathToMount[backend.path] = mount.Accessor
	}

	return pathToMount
}
Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> 2021-06-02 16:11:30 +00:00			`package vault`

			`import (`
			`"context"`
			`"fmt"`
			`"math/rand"`
bug fixes and improvements from ent namespace work (#11774) 2021-06-04 19:25:41 +00:00			`"path"`
Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> 2021-06-02 16:11:30 +00:00			`"testing"`
			`"time"`

			`uuid "github.com/hashicorp/go-uuid"`
			`"github.com/hashicorp/vault/helper/namespace"`
bug fixes and improvements from ent namespace work (#11774) 2021-06-04 19:25:41 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> 2021-06-02 16:11:30 +00:00			`)`

			`type basicLeaseTestInfo struct {`
			`id string`
			`mount string`
			`expire time.Time`
			`}`

			`// add an irrevocable lease for test purposes`
			`// returns the lease ID and expire time`
			`func addIrrevocableLease(t testing.T, m ExpirationManager, pathPrefix string, ns namespace.Namespace) basicLeaseTestInfo {`
			`t.Helper()`

			`uuid, err := uuid.GenerateUUID()`
			`if err != nil {`
			`t.Fatalf("error generating uuid: %v", err)`
			`}`

			`if ns == nil {`
			`ns = namespace.RootNamespace`
			`}`

bug fixes and improvements from ent namespace work (#11774) 2021-06-04 19:25:41 +00:00			`leaseID := path.Join(pathPrefix, "lease"+uuid)`

Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> 2021-06-02 16:11:30 +00:00			`if ns != namespace.RootNamespace {`
bug fixes and improvements from ent namespace work (#11774) 2021-06-04 19:25:41 +00:00			`leaseID = fmt.Sprintf("%s.%s", leaseID, ns.ID)`
Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> 2021-06-02 16:11:30 +00:00			`}`

			`randomTimeDelta := time.Duration(rand.Int31n(24))`
			`le := &leaseEntry{`
bug fixes and improvements from ent namespace work (#11774) 2021-06-04 19:25:41 +00:00			`LeaseID: leaseID,`
			`Path: pathPrefix,`
Vault 1979: Query API for Irrevocable Leases (#11607) * build out lease count (not fully working), start lease list * build out irrevocable lease list * bookkeeping * test irrevocable lease counts for API/CLI * fix listIrrevocableLeases, test listIrrevocableLeases, cleanup * test expiration API limit * namespace tweaks, test force flag on lease list * integration test leases/count API, plenty of fixes and improvements * test lease list API, fixes and improvements * test force flag for irrevocable lease list API * i guess this wasn't saved on the last refactor... * fixes and improvements found during my review * better test error msg * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_paths.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * return warning with data if more than default leases to list without force flag * make api doc more generalized * list leases in general, not by mount point * change force flag to include_large_results * sort leases by LeaseID for consistent API response * switch from bool flag for API limit to string value * sort first by leaseID, then stable sort by expiration * move some utils to be in oss and ent * improve sort efficiency for API response Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> 2021-06-02 16:11:30 +00:00			`namespace: ns,`
			`IssueTime: time.Now(),`
			`ExpireTime: time.Now().Add(randomTimeDelta * time.Hour),`
			`RevokeErr: "some error message",`
			`}`

			`m.pendingLock.Lock()`
			`defer m.pendingLock.Unlock()`

			`if err := m.persistEntry(context.Background(), le); err != nil {`
			`t.Fatalf("error persisting irrevocable lease: %v", err)`
			`}`

			`m.updatePendingInternal(le)`

			`return &basicLeaseTestInfo{`
			`id: le.LeaseID,`
			`expire: le.ExpireTime,`
			`}`
			`}`

			// InjectIrrevocableLeases injects `count` irrevocable leases (currently to a
			`// single mount).`
			`// It returns a map of the mount accessor to the number of leases stored there`
			`func (c Core) InjectIrrevocableLeases(t testing.T, ctx context.Context, count int) map[string]int {`
			`out := make(map[string]int)`
			`for i := 0; i < count; i++ {`
			`le := addIrrevocableLease(t, c.expiration, "foo/", namespace.RootNamespace)`

			`mountAccessor := c.expiration.getLeaseMountAccessor(ctx, le.id)`
			`if _, ok := out[mountAccessor]; !ok {`
			`out[mountAccessor] = 0`
			`}`

			`out[mountAccessor]++`
			`}`

			`return out`
			`}`
bug fixes and improvements from ent namespace work (#11774) 2021-06-04 19:25:41 +00:00
			`type backend struct {`
			`path string`
			`ns *namespace.Namespace`
			`}`

			`// set up multiple mounts, and return a mapping of the path to the mount accessor`
			`func mountNoopBackends(t testing.T, c Core, backends []*backend) map[string]string {`
			`t.Helper()`

			`// enable the noop backend`
			`c.logicalBackends["noop"] = func(ctx context.Context, config *logical.BackendConfig) (logical.Backend, error) {`
			`return &NoopBackend{}, nil`
			`}`

			`pathToMount := make(map[string]string)`
			`for _, backend := range backends {`
			`me := &MountEntry{`
			`Table: mountTableType,`
			`Path: backend.path,`
			`Type: "noop",`
			`}`

			`nsCtx := namespace.ContextWithNamespace(context.Background(), backend.ns)`
			`err := c.mount(nsCtx, me)`
			`if err != nil {`
			`t.Fatalf("err mounting backend %s: %v", backend.path, err)`
			`}`

			`mount := c.router.MatchingMountEntry(nsCtx, backend.path)`
			`if mount == nil {`
			`t.Fatalf("couldn't find mount for path %s", backend.path)`
			`}`
			`pathToMount[backend.path] = mount.Accessor`
			`}`

			`return pathToMount`
			`}`