luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

VAULT-7046 Allow trailing globbing at the end of a path suffix quota (#16386) 

* VAULT-7046 OSS changes for trailing glob quotas

* VAULT-7046 allow glob of 'a*' to match 'a'

* VAULT-7046 Add changelog

* VAULT-7046 fix minor typo
This commit is contained in:
Violet Hynes 2022-07-21 15:31:23 -04:00 committed by GitHub
parent 77ca499c6e
commit 8163271ee2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/16386.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core/quotas: Added globbing functionality on the end of path suffix quota paths
```

14
vault/quotas/quotas.go
View File

@ -523,6 +523,20 @@ func (m *Manager) queryQuota(txn *memdb.Txn, req *Request) (Quota, error) {
return quota, nil return quota, nil
} }
// Fetch path suffix quotas with globbing
// Request paths which match the resulting glob (i.e. share the same prefix prior to the glob) are in scope for the quota
for i := 0; i <= len(pathSuffix); i++ {
trimmedSuffixWithGlob := pathSuffix[:len(pathSuffix)-i] + "*"
// Check to see if a quota exists with this particular pattern
quota, err = quotaFetchFunc(indexNamespaceMountPath, req.NamespacePath, req.MountPath, trimmedSuffixWithGlob, false)
if err != nil {
return nil, err
}
if quota != nil {
return quota, nil
}
}
// Fetch mount quota // Fetch mount quota
quota, err = quotaFetchFunc(indexNamespaceMount, req.NamespacePath, req.MountPath, false, false) quota, err = quotaFetchFunc(indexNamespaceMount, req.NamespacePath, req.MountPath, false, false)
if err != nil { if err != nil {

14
vault/quotas/quotas_test.go
View File

@ -87,7 +87,19 @@ func TestQuotas_Precedence(t *testing.T) {
// Define a namespace mount specific quota and expect that to be returned. // Define a namespace mount specific quota and expect that to be returned.
rateLimitNSMountQuota := setQuotaFunc(t, "rateLimitNSMountQuota", "testns/", "testmount/", "", "") rateLimitNSMountQuota := setQuotaFunc(t, "rateLimitNSMountQuota", "testns/", "testmount/", "", "")
checkQuotaFunc(t, "testns/", "testmount/", "", "", rateLimitNSMountQuota) checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountQuota)
// Define a namespace mount + glob and expect that to be returned.
rateLimitNSMountGlob := setQuotaFunc(t, "rateLimitNSMountGlob", "testns/", "testmount/", "*", "")
checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountGlob)
// Define a namespace mount + path specific quota with a glob and expect that to be returned.
rateLimitNSMountPathSuffixGlob := setQuotaFunc(t, "rateLimitNSMountPathSuffixGlob", "testns/", "testmount/", "test*", "")
checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathSuffixGlob)
// Define a namespace mount + path specific quota with a glob at the end of the path and expect that to be returned.
rateLimitNSMountPathSuffixGlobAfterPath := setQuotaFunc(t, "rateLimitNSMountPathSuffixGlobAfterPath", "testns/", "testmount/", "testpath*", "")
checkQuotaFunc(t, "testns/", "testmount/", "testpath", "", rateLimitNSMountPathSuffixGlobAfterPath)
// Define a namespace mount + path specific quota and expect that to be returned. // Define a namespace mount + path specific quota and expect that to be returned.
rateLimitNSMountPathQuota := setQuotaFunc(t, "rateLimitNSMountPathQuota", "testns/", "testmount/", "testpath", "") rateLimitNSMountPathQuota := setQuotaFunc(t, "rateLimitNSMountPathQuota", "testns/", "testmount/", "testpath", "")