open-vault/vault/token_store_util_common.go
Hridoy Roy 8e7fec59ef
Load SSCT Generation Counter Upon DR Promotion [OSS] (#16956)
* port ssct bugfix to load epoch from storage

* changelog

* update changelog to be user-facing

* change 2 to two
2022-08-31 11:05:21 -07:00

63 lines
1.8 KiB
Go

package vault
import (
"context"
"encoding/json"
"fmt"
"github.com/hashicorp/vault/sdk/logical"
)
const sscGenCounterPath string = "core/sscGenCounter/"
type SSCTokenGenerationCounter struct {
Counter int
}
func (ts *TokenStore) GetSSCTokensGenerationCounter() int {
return ts.sscTokensGenerationCounter.Counter
}
func (ts *TokenStore) loadSSCTokensGenerationCounter(ctx context.Context) error {
sscTokensGenerationCounterStorageVal, err := ts.core.barrier.Get(ctx, sscGenCounterPath)
if err != nil {
return fmt.Errorf("unable to retrieve SSCTokenGenerationCounter from storage: err %w", err)
}
if sscTokensGenerationCounterStorageVal == nil {
ts.logger.Trace("no token generation counter found in storage")
ts.sscTokensGenerationCounter = SSCTokenGenerationCounter{Counter: 0}
return nil
}
var sscTokensGenerationCounter SSCTokenGenerationCounter
err = json.Unmarshal(sscTokensGenerationCounterStorageVal.Value, &sscTokensGenerationCounter)
if err != nil {
return fmt.Errorf("malformed token generation counter found in storage: err %w", err)
}
ts.sscTokensGenerationCounter = sscTokensGenerationCounter
return nil
}
func (ts *TokenStore) UpdateSSCTokensGenerationCounter(ctx context.Context) error {
if err := ts.loadSSCTokensGenerationCounter(ctx); err != nil {
return err
}
ts.sscTokensGenerationCounter.Counter += 1
if ts.sscTokensGenerationCounter.Counter <= 0 {
// Don't store the 0 value
ts.logger.Warn("attempt to store non-positive token generation counter was ignored",
"sscTokensGenerationCounter", ts.sscTokensGenerationCounter.Counter)
}
marshalledCtr, err := json.Marshal(ts.sscTokensGenerationCounter)
if err != nil {
return err
}
err = ts.core.barrier.Put(ctx, &logical.StorageEntry{
Key: sscGenCounterPath,
Value: marshalledCtr,
})
if err != nil {
return err
}
return nil
}