From 7efb43ac03682ba11e514fc09f8f530f3fc0889a Mon Sep 17 00:00:00 2001 From: Johan Brandhorst-Satzkorn Date: Tue, 5 Dec 2023 14:06:46 -0800 Subject: [PATCH] internal/credential/vault: add store pagination logic --- internal/credential/vault/register.go | 47 +++++++++++++ .../vault/repository_credential_store.go | 25 ------- .../vault/repository_credential_store_test.go | 66 ------------------- 3 files changed, 47 insertions(+), 91 deletions(-) create mode 100644 internal/credential/vault/register.go diff --git a/internal/credential/vault/register.go b/internal/credential/vault/register.go new file mode 100644 index 0000000000..8efc190a7c --- /dev/null +++ b/internal/credential/vault/register.go @@ -0,0 +1,47 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package vault + +import ( + "context" + + "github.com/hashicorp/boundary/internal/credential" +) + +func init() { + credential.RegisterStoreSubtype("vault", &credentialHooks{}) +} + +type credentialHooks struct{} + +// NewStore creates a new Vault credential store from the result +func (credentialHooks) NewStore(ctx context.Context, result *credential.StoreListQueryResult) (credential.Store, error) { + s := allocCredentialStore() + s.PublicId = result.PublicId + s.ProjectId = result.ProjectId + s.CreateTime = result.CreateTime + s.UpdateTime = result.UpdateTime + s.Name = result.Name + s.Description = result.Description + s.ProjectId = result.ProjectId + s.Version = result.Version + s.VaultAddress = result.VaultAddress + s.Namespace = result.Namespace + s.CaCert = result.CaCert + s.TlsServerName = result.TlsServerName + s.TlsSkipVerify = result.TlsSkipVerify + s.WorkerFilter = result.WorkerFilter + + s.outputToken = allocToken() + s.outputToken.Status = result.TokenStatus + s.outputToken.TokenHmac = result.TokenHmac + + if len(result.ClientCert) > 0 { + s.clientCert = allocClientCertificate() + s.clientCert.Certificate = result.ClientCert + s.clientCert.CertificateKeyHmac = result.ClientCertKeyHmac + } + + return s, nil +} diff --git a/internal/credential/vault/repository_credential_store.go b/internal/credential/vault/repository_credential_store.go index 592982696a..f963f0df8d 100644 --- a/internal/credential/vault/repository_credential_store.go +++ b/internal/credential/vault/repository_credential_store.go @@ -646,31 +646,6 @@ func (r *Repository) UpdateCredentialStore(ctx context.Context, cs *CredentialSt return returnedCredentialStore, rowsUpdated, nil } -// ListCredentialStores returns a slice of CredentialStores for the -// projectIds. WithLimit is the only option supported. -func (r *Repository) ListCredentialStores(ctx context.Context, projectIds []string, opt ...Option) ([]*CredentialStore, error) { - const op = "vault.(Repository).ListCredentialStores" - if len(projectIds) == 0 { - return nil, errors.New(ctx, errors.InvalidParameter, op, "no projectIds") - } - opts := getOpts(opt...) - limit := r.defaultLimit - if opts.withLimit != 0 { - // non-zero signals an override of the default limit for the repo. - limit = opts.withLimit - } - var credentialStores []*listLookupStore - err := r.reader.SearchWhere(ctx, &credentialStores, "project_id in (?)", []any{projectIds}, db.WithLimit(limit)) - if err != nil { - return nil, errors.Wrap(ctx, err, op) - } - var out []*CredentialStore - for _, ca := range credentialStores { - out = append(out, ca.toCredentialStore()) - } - return out, nil -} - // DeleteCredentialStore deletes publicId from the repository and returns // the number of records deleted. All options are ignored. func (r *Repository) DeleteCredentialStore(ctx context.Context, publicId string, _ ...Option) (int, error) { diff --git a/internal/credential/vault/repository_credential_store_test.go b/internal/credential/vault/repository_credential_store_test.go index 643233f1e9..fc270379ae 100644 --- a/internal/credential/vault/repository_credential_store_test.go +++ b/internal/credential/vault/repository_credential_store_test.go @@ -1285,50 +1285,6 @@ func TestRepository_UpdateCredentialStore_ClientCert(t *testing.T) { } } -func TestRepository_ListCredentialStores_Multiple_Scopes(t *testing.T) { - t.Parallel() - conn, _ := db.TestSetup(t, "postgres") - rw := db.New(conn) - wrapper := db.TestWrapper(t) - kms := kms.TestKms(t, conn, wrapper) - - assert, require := assert.New(t), require.New(t) - sche := scheduler.TestScheduler(t, conn, wrapper) - repo, err := NewRepository(context.Background(), rw, rw, kms, sche) - assert.NoError(err) - require.NotNil(repo) - err = RegisterJobs(context.Background(), sche, rw, rw, kms) - require.NoError(err) - - const numPerScope = 10 - var prjs []string - var total int - for i := 0; i < numPerScope; i++ { - _, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper)) - prjs = append(prjs, prj.GetPublicId()) - TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), numPerScope) - total += numPerScope - } - - // Add some credential stores with expired tokens - _, prj := iam.TestScopes(t, iam.TestRepo(t, conn, wrapper)) - prjs = append(prjs, prj.GetPublicId()) - - stores := TestCredentialStores(t, conn, wrapper, prj.GetPublicId(), numPerScope) - for _, cs := range stores { - rows, err := rw.Exec(context.Background(), - "update credential_vault_token set status = ? where token_hmac = ?", - []any{ExpiredToken, cs.Token().TokenHmac}) - require.NoError(err) - require.Equal(1, rows) - } - total += numPerScope - - got, err := repo.ListCredentialStores(context.Background(), prjs) - require.NoError(err) - assert.Equal(total, len(got)) -} - func TestRepository_DeleteCredentialStore(t *testing.T) { type tokenCount struct { current, maintaining int @@ -1568,17 +1524,6 @@ group by store_id, status; credStore = lookup } - { - stores, err := repo.ListCredentialStores(ctx, []string{projectId}) - assert.NoError(err) - assert.NotEmpty(stores) - var storeIds []string - for _, v := range stores { - storeIds = append(storeIds, v.GetPublicId()) - } - assert.Contains(storeIds, storeId) - } - { libs, _, err := repo.ListLibraries(ctx, storeId) assert.NoError(err) @@ -1627,17 +1572,6 @@ group by store_id, status; assert.Nil(lookup) } - // should not be in list - { - stores, err := repo.ListCredentialStores(ctx, []string{projectId}) - assert.NoError(err) - var storeIds []string - for _, v := range stores { - storeIds = append(storeIds, v.GetPublicId()) - } - assert.NotContains(storeIds, storeId) - } - // libraries should be empty { libs, _, err := repo.ListLibraries(ctx, storeId)