Omit wrapping tokens and control groups from client counts (#11826)

* Omit wrapping tokens and control groups from client counts

* add changelog note
This commit is contained in:
Brian Kassouf 2021-06-10 15:57:51 -07:00 committed by GitHub
parent 6d4b3bde17
commit b42529dd17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 67 additions and 6 deletions

3
changelog/11826.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
activity: Omit wrapping tokens and control groups from client counts
```

View File

@ -1504,8 +1504,10 @@ func (a *ActivityLog) HandleTokenCreation(entry *logical.TokenEntry) {
if entry.EntityID != "" {
a.AddEntityToFragment(entry.EntityID, entry.NamespaceID, entry.CreationTime)
} else {
if !IsWrappingToken(entry) {
a.AddTokenToFragment(entry.NamespaceID)
}
}
}
func (a *ActivityLog) namespaceToLabel(ctx context.Context, nsID string) string {

View File

@ -91,6 +91,54 @@ func TestActivityLog_Creation(t *testing.T) {
}
}
func TestActivityLog_Creation_WrappingTokens(t *testing.T) {
core, _, _ := TestCoreUnsealed(t)
a := core.activityLog
a.SetEnable(true)
if a == nil {
t.Fatal("no activity log found")
}
if a.logger == nil || a.view == nil {
t.Fatal("activity log not initialized")
}
a.fragmentLock.Lock()
if a.fragment != nil {
t.Fatal("activity log already has fragment")
}
a.fragmentLock.Unlock()
const namespace_id = "ns123"
a.HandleTokenCreation(&logical.TokenEntry{
Path: "test",
Policies: []string{responseWrappingPolicyName},
CreationTime: time.Now().Unix(),
TTL: 3600,
NamespaceID: namespace_id,
})
a.fragmentLock.Lock()
if a.fragment != nil {
t.Fatal("fragment created")
}
a.fragmentLock.Unlock()
a.HandleTokenCreation(&logical.TokenEntry{
Path: "test",
Policies: []string{controlGroupPolicyName},
CreationTime: time.Now().Unix(),
TTL: 3600,
NamespaceID: namespace_id,
})
a.fragmentLock.Lock()
if a.fragment != nil {
t.Fatal("fragment created")
}
a.fragmentLock.Unlock()
}
func checkExpectedEntitiesInMap(t *testing.T, a *ActivityLog, entityIDs []string) {
t.Helper()

View File

@ -444,11 +444,7 @@ func (c *Core) ValidateWrappingToken(ctx context.Context, req *logical.Request)
return false, nil
}
if len(te.Policies) != 1 {
return false, nil
}
if te.Policies[0] != responseWrappingPolicyName && te.Policies[0] != controlGroupPolicyName {
if !IsWrappingToken(te) {
return false, nil
}
@ -460,3 +456,15 @@ func (c *Core) ValidateWrappingToken(ctx context.Context, req *logical.Request)
return true, nil
}
func IsWrappingToken(te *logical.TokenEntry) bool {
if len(te.Policies) != 1 {
return false
}
if te.Policies[0] != responseWrappingPolicyName && te.Policies[0] != controlGroupPolicyName {
return false
}
return true
}