internal/credential/vault: add store pagination logic

2 years ago · 7efb43ac03
parent 22ce2b4468
commit 7efb43ac03
3 changed files with 47 additions and 91 deletions
--- a/internal/credential/vault/register.go
+++ b/internal/credential/vault/register.go
@ -0,0 +1,47 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package vault
+
+import (
+	"context"
+
+	"github.com/hashicorp/boundary/internal/credential"
+)
+
+func init() {
+	credential.RegisterStoreSubtype("vault", &credentialHooks{})
+}
+
+type credentialHooks struct{}
+
+// NewStore creates a new Vault credential store from the result
+func (credentialHooks) NewStore(ctx context.Context, result *credential.StoreListQueryResult) (credential.Store, error) {
+	s := allocCredentialStore()
+	s.PublicId = result.PublicId
+	s.ProjectId = result.ProjectId
+	s.CreateTime = result.CreateTime
+	s.UpdateTime = result.UpdateTime
+	s.Name = result.Name
+	s.Description = result.Description
+	s.ProjectId = result.ProjectId
+	s.Version = result.Version
+	s.VaultAddress = result.VaultAddress
+	s.Namespace = result.Namespace
+	s.CaCert = result.CaCert
+	s.TlsServerName = result.TlsServerName
+	s.TlsSkipVerify = result.TlsSkipVerify
+	s.WorkerFilter = result.WorkerFilter
+
+	s.outputToken = allocToken()
+	s.outputToken.Status = result.TokenStatus
+	s.outputToken.TokenHmac = result.TokenHmac
+
+	if len(result.ClientCert) > 0 {
+		s.clientCert = allocClientCertificate()
+		s.clientCert.Certificate = result.ClientCert
+		s.clientCert.CertificateKeyHmac = result.ClientCertKeyHmac
+	}
+
+	return s, nil
+}
--- a/internal/credential/vault/repository_credential_store.go
+++ b/internal/credential/vault/repository_credential_store.go
@ -646,31 +646,6 @@ func (r *Repository) UpdateCredentialStore(ctx context.Context, cs *CredentialSt
 	return returnedCredentialStore, rowsUpdated, nil
 }

-// ListCredentialStores returns a slice of CredentialStores for the
-// projectIds. WithLimit is the only option supported.
-func (r *Repository) ListCredentialStores(ctx context.Context, projectIds []string, opt ...Option) ([]*CredentialStore, error) {
-	const op = "vault.(Repository).ListCredentialStores"
-	if len(projectIds) == 0 {
-		return nil, errors.New(ctx, errors.InvalidParameter, op, "no projectIds")
-	}
-	opts := getOpts(opt...)
-	limit := r.defaultLimit
-	if opts.withLimit != 0 {
-		// non-zero signals an override of the default limit for the repo.
-		limit = opts.withLimit
-	}
-	var credentialStores []*listLookupStore
-	err := r.reader.SearchWhere(ctx, &credentialStores, "project_id in (?)", []any{projectIds}, db.WithLimit(limit))
-	if err != nil {
-		return nil, errors.Wrap(ctx, err, op)
-	}
-	var out []*CredentialStore
-	for _, ca := range credentialStores {
-		out = append(out, ca.toCredentialStore())
-	}
-	return out, nil
-}
-
 // DeleteCredentialStore deletes publicId from the repository and returns
 // the number of records deleted. All options are ignored.
 func (r *Repository) DeleteCredentialStore(ctx context.Context, publicId string, _ ...Option) (int, error) {
--- a/internal/credential/vault/repository_credential_store_test.go
+++ b/internal/credential/vault/repository_credential_store_test.go
@ -1285,50 +1285,6 @@ func TestRepository_UpdateCredentialStore_ClientCert(t *testing.T) {
 	}
 }

-func TestRepository_ListCredentialStores_Multiple_Scopes(t *testing.T) {
-	t.Parallel()
-	conn, _ := db.TestSetup(t, "postgres")
-	rw := db.New(conn)
-	wrapper := db.TestWrapper(t)
-	kms := kms.TestKms(t, conn, wrapper)
-
-	assert, require := assert.New(t), require.New(t)
-	sche := scheduler.TestScheduler(t, conn, wrapper)
-	repo, err := NewRepository(context.Background(), rw, rw, kms, sche)
-	assert.NoError(err)
-	require.NotNil(repo)
-	err = RegisterJobs(context.Background(), sche, rw, rw, kms)
-	require.NoError(err)
-
-	const numPerScope = 10
-	var prjs []string
-	var total int
-	for i := 0; i < numPerScope; i++ {
-		_, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper))
-		prjs = append(prjs, prj.GetPublicId())
-		TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), numPerScope)
-		total += numPerScope
-	}
-
-	// Add some credential stores with expired tokens
-	_, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper))
-	prjs = append(prjs, prj.GetPublicId())
-
-	stores := TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), numPerScope)
-	for _, cs := range stores {
-		rows, err := rw.Exec(context.Background(),
-			"update credential_vault_token set status = ? where token_hmac = ?",
-			[]any{ExpiredToken, cs.Token().TokenHmac})
-		require.NoError(err)
-		require.Equal(1, rows)
-	}
-	total += numPerScope
-
-	got, err := repo.ListCredentialStores(context.Background(), prjs)
-	require.NoError(err)
-	assert.Equal(total, len(got))
-}
-
 func TestRepository_DeleteCredentialStore(t *testing.T) {
 	type tokenCount struct {
 		current, maintaining int
@ -1568,17 +1524,6 @@ group by store_id, status;
 				credStore = lookup
 			}

-			{
-				stores, err := repo.ListCredentialStores(ctx, []string{projectId})
-				assert.NoError(err)
-				assert.NotEmpty(stores)
-				var storeIds []string
-				for _, v := range stores {
-					storeIds = append(storeIds, v.GetPublicId())
-				}
-				assert.Contains(storeIds, storeId)
-			}
-
 			{
 				libs, _, err := repo.ListLibraries(ctx, storeId)
 				assert.NoError(err)
@ -1627,17 +1572,6 @@ group by store_id, status;
 				assert.Nil(lookup)
 			}

-			// should not be in list
-			{
-				stores, err := repo.ListCredentialStores(ctx, []string{projectId})
-				assert.NoError(err)
-				var storeIds []string
-				for _, v := range stores {
-					storeIds = append(storeIds, v.GetPublicId())
-				}
-				assert.NotContains(storeIds, storeId)
-			}
-
 			// libraries should be empty
 			{
 				libs, _, err := repo.ListLibraries(ctx, storeId)