vault: Give expiration manager a token store reference

2015-03-23 18:00:14 -07:00 · 2015-03-23 18:00:14 -07:00 · 86c9bd9083
parent 6481ff9e34
commit 86c9bd9083
3 changed files with 20 additions and 16 deletions
--- a/vault/core.go
+++ b/vault/core.go
@ -602,9 +602,6 @@ func (c *Core) postUnseal() error {
 	if err := c.setupMounts(); err != nil {
 		return err
 	}
-	if err := c.setupExpiration(); err != nil {
-		return err
-	}
 	if err := c.startRollback(); err != nil {
 		return err
 	}
@ -617,12 +614,18 @@ func (c *Core) postUnseal() error {
 	if err := c.setupCredentials(); err != nil {
 		return nil
 	}
+	if err := c.setupExpiration(); err != nil {
+		return err
+	}
 	return nil
 }

 // preSeal is invoked before the barrier is sealed, allowing
 // for any state teardown required.
 func (c *Core) preSeal() error {
+	if err := c.stopExpiration(); err != nil {
+		return err
+	}
 	if err := c.teardownCredentials(); err != nil {
 		return err
 	}
@ -632,9 +635,6 @@ func (c *Core) preSeal() error {
 	if err := c.stopRollback(); err != nil {
 		return err
 	}
-	if err := c.stopExpiration(); err != nil {
-		return err
-	}
 	if err := c.unloadMounts(); err != nil {
 		return err
 	}
--- a/vault/expiration.go
+++ b/vault/expiration.go
@ -33,9 +33,10 @@ const (
 // If a secret is not renewed in timely manner, it may be expired, and
 // the ExpirationManager will handle doing automatic revocation.
 type ExpirationManager struct {
-	router *Router
-	view   *BarrierView
-	logger *log.Logger
+	router     *Router
+	view       *BarrierView
+	tokenStore *TokenStore
+	logger     *log.Logger

 	pending     map[string]*time.Timer
 	pendingLock sync.Mutex
@ -43,15 +44,16 @@ type ExpirationManager struct {

 // NewExpirationManager creates a new ExpirationManager that is backed
 // using a given view, and uses the provided router for revocation.
-func NewExpirationManager(router *Router, view *BarrierView, logger *log.Logger) *ExpirationManager {
+func NewExpirationManager(router *Router, view *BarrierView, ts *TokenStore, logger *log.Logger) *ExpirationManager {
 	if logger == nil {
 		logger = log.New(os.Stderr, "", log.LstdFlags)
 	}
 	exp := &ExpirationManager{
-		router:  router,
-		view:    view,
-		logger:  logger,
-		pending: make(map[string]*time.Timer),
+		router:     router,
+		view:       view,
+		tokenStore: ts,
+		logger:     logger,
+		pending:    make(map[string]*time.Timer),
 	}
 	return exp
 }
@ -63,7 +65,7 @@ func (c *Core) setupExpiration() error {
 	view := c.systemView.SubView(expirationSubPath)

 	// Create the manager
-	mgr := NewExpirationManager(c.router, view, c.logger)
+	mgr := NewExpirationManager(c.router, view, c.tokenStore, c.logger)
 	c.expiration = mgr

 	// Restore the existing state
--- a/vault/expiration_test.go
+++ b/vault/expiration_test.go
@ -29,9 +29,11 @@ func mockExpiration(t *testing.T) *ExpirationManager {
 	// Create the barrier view
 	view := NewBarrierView(b, "expire/")

+	_, ts := mockTokenStore(t)
+
 	router := NewRouter()
 	logger := log.New(os.Stderr, "", log.LstdFlags)
-	return NewExpirationManager(router, view, logger)
+	return NewExpirationManager(router, view, ts, logger)
 }

 func TestExpiration_Restore(t *testing.T) {