aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

internal/listtoken: remove validation depending on application time

Browse Source 
All times in the list tokens are sourced from the database,
and any comparisons to times in the application can
cause false positive validation errors. We've observed
this from multiple users of the pagination logic, and
the value of this validation is very little compared
to the cost of a single false positive error like this
happening to a real world customer. Therefore, remove
any list token validation using the application time,
except the one monitoring for token expiry, which
should not suffer from the issue to a degree
that matters to our users.

Also refactor validation such that the list token subtype
constructors only perform sanity checks on the values
while punting business logic validation to the validate
method on the new token. This means we avoid
duplicating logic.
pull/4202/head
Johan Brandhorst-Satzkorn 2 years ago
parent f89e53d5f0
commit a237157b91
2 changed files with 139 additions and 295 deletions
Show Stats Download Patch File Download Diff File

92
internal/listtoken/list_token.go
Unescape View File

@ -135,16 +135,16 @@ func NewPagination(
const op = "listtoken.NewPagination"
switch {
case createTime.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing create time")
case typ == resource.Unknown:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing resource type")
case len(grantsHash) == 0:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
case createTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "create time is in the future")
case createTime.Before(time.Now().AddDate(0, 0, -30)):
return nil, errors.New(ctx, errors.InvalidParameter, op, "create time is too old")
case lastItemId == "":
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing last item ID")
case lastItemCreateTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "last item create time is in the future")
case lastItemCreateTime.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing last item create time")
}
return &Token{
@ -170,16 +170,16 @@ func NewStartRefresh(
const op = "listtoken.NewStartRefresh"
switch {
case createTime.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing create time")
case typ == resource.Unknown:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing resource type")
case len(grantsHash) == 0:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
case createTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "create time is in the future")
case createTime.Before(time.Now().AddDate(0, 0, -30)):
return nil, errors.New(ctx, errors.InvalidParameter, op, "create time is too old")
case previousDeletedIdsTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "previous deleted ids time is in the future")
case previousPhaseUpperBound.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "previous phase upper bound is in the future")
case previousDeletedIdsTime.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing previous deleted ids time")
case previousPhaseUpperBound.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing previous phase upper bound time")
}
return &Token{
@ -208,24 +208,20 @@ func NewRefresh(
const op = "listtoken.NewRefresh"
switch {
case createTime.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing create time")
case typ == resource.Unknown:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing resource type")
case len(grantsHash) == 0:
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
case createTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "create time is in the future")
case createTime.Before(time.Now().AddDate(0, 0, -30)):
return nil, errors.New(ctx, errors.InvalidParameter, op, "create time is too old")
case previousDeletedIdsTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "previous deleted ids time is in the future")
case phaseUpperBound.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "phase upper bound is in the future")
case phaseLowerBound.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "phase lower bound is in the future")
case phaseLowerBound.After(phaseUpperBound):
return nil, errors.New(ctx, errors.InvalidParameter, op, "phase lower bound is after phase upper bound")
case previousDeletedIdsTime.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing previous deleted ids time")
case phaseUpperBound.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing phase upper bound")
case phaseLowerBound.IsZero():
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing phase lower bound")
case lastItemId == "":
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing last item ID")
case lastItemUpdateTime.After(time.Now()):
return nil, errors.New(ctx, errors.InvalidParameter, op, "last item update time is in the future")
}
return &Token{
@ -358,10 +354,8 @@ func (tk *Token) Validate(
return errors.New(ctx, errors.InvalidListToken, op, "list token was missing its grants hash")
case !bytes.Equal(tk.GrantsHash, expectedGrantsHash):
return errors.New(ctx, errors.InvalidListToken, op, "grants have changed since list token was issued")
case tk.CreateTime.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token was created in the future")
// Tokens older than 30 days have expired
case tk.CreateTime.Before(time.Now().AddDate(0, 0, -30)):
// Tokens older than 30 days have expired
return errors.New(ctx, errors.InvalidListToken, op, "list token was expired")
case tk.ResourceType != expectedResourceType:
return errors.New(ctx, errors.InvalidListToken, op, "list token resource type does not match expected resource type")
@ -370,41 +364,47 @@ func (tk *Token) Validate(
case *RefreshToken:
switch {
case st.PhaseUpperBound.Before(tk.CreateTime):
// The phase upper bound time should always be equal to or after
// the create time of the token, as it is the start time of the refresh phase,
// which is always preceded by a pagination phase.
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component's phase upper bound was before its creation time")
case st.PhaseUpperBound.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component's phase upper bound was in the future")
case st.PhaseLowerBound.Before(tk.CreateTime):
// The phase lower bound time should always be equal to or after
// the create time of the token, as for the first refresh phase it is the create time,
// and for subsequent refresh phases it is the upper bound of the previous refresh phase.
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component's phase lower bound was before its creation time")
case st.PhaseLowerBound.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component's phase lower bound was in the future")
case st.PhaseUpperBound.Before(st.PhaseLowerBound):
case st.PhaseLowerBound.After(st.PhaseUpperBound):
// The lower bound should always be before the upper bound.
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component's phase upper bound was before the phase lower bound")
case st.PreviousDeletedIdsTime.Before(tk.CreateTime):
// The previous deleted ids time should always be equal to or after
// the create time of the token.
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component previous deleted ids time was before its creation time")
case st.PreviousDeletedIdsTime.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component previous deleted ids time was in the future")
case st.LastItemId == "":
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component missing last item ID")
case st.LastItemUpdateTime.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's refresh component's last item was updated in the future")
}
case *PaginationToken:
switch {
case st.LastItemId == "":
return errors.New(ctx, errors.InvalidListToken, op, "list tokens's pagination component missing last item ID")
case st.LastItemCreateTime.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's pagination component's last item was created in the future")
case st.LastItemCreateTime.After(tk.CreateTime):
// A resource created in the same instant that we did the intial listing
// would have a timestamp equal to the create time. If it's after the
// create time, something weird is going on.
return errors.New(ctx, errors.InvalidListToken, op, "list token's pagination component's last item was created after the token")
}
case *StartRefreshToken:
switch {
case st.PreviousPhaseUpperBound.Before(tk.CreateTime):
// The previous phase upper bound time should always be equal to or after
// the create time of the token, as it is set relative to the upper bound
// of the previous phase, which for the first refresh phase is the create time,
// and subsequent refresh phases is the upper bound of the previous refresh phase.
return errors.New(ctx, errors.InvalidListToken, op, "list token's start refresh component's previous phase upper bound was before its creation time")
case st.PreviousPhaseUpperBound.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's start refresh component's previous phase upper bound was in the future")
case st.PreviousDeletedIdsTime.Before(tk.CreateTime):
// The previous deleted ids time should always be equal to or after
// the create time of the token.
return errors.New(ctx, errors.InvalidListToken, op, "list token's start refresh component previous deleted ids time was before its creation time")
case st.PreviousDeletedIdsTime.After(time.Now()):
return errors.New(ctx, errors.InvalidListToken, op, "list token's start refresh component previous deleted ids time was in the future")
}
}

342
internal/listtoken/list_token_test.go
Unescape View File

@ -50,43 +50,33 @@ func Test_NewPaginationToken(t *testing.T) {
},
},
{
name: "missing grants hash",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: nil,
lastItemId: "some id",
lastItemCreateTime: fiveDaysAgo,
wantErrString: "missing grants hash",
wantErrCode: errors.InvalidParameter,
},
{
name: "new created time",
createdTime: fiveDaysAgo.AddDate(1, 0, 0),
name: "missing create time",
createdTime: time.Time{},
typ: resource.Target,
grantsHash: []byte("some hash"),
lastItemId: "some id",
lastItemCreateTime: fiveDaysAgo,
wantErrString: "create time is in the future",
wantErrString: "missing create time",
wantErrCode: errors.InvalidParameter,
},
{
name: "old created time",
createdTime: fiveDaysAgo.AddDate(-1, 0, 0),
typ: resource.Target,
name: "missing resource type",
createdTime: fiveDaysAgo,
typ: resource.Unknown,
grantsHash: []byte("some hash"),
lastItemId: "some id",
lastItemCreateTime: fiveDaysAgo,
wantErrString: "create time is too old",
wantErrString: "missing resource type",
wantErrCode: errors.InvalidParameter,
},
{
name: "new updated time",
name: "missing grants hash",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
grantsHash: nil,
lastItemId: "some id",
lastItemCreateTime: fiveDaysAgo.AddDate(1, 0, 0),
wantErrString: "last item create time is in the future",
lastItemCreateTime: fiveDaysAgo,
wantErrString: "missing grants hash",
wantErrCode: errors.InvalidParameter,
},
{
@ -100,13 +90,13 @@ func Test_NewPaginationToken(t *testing.T) {
wantErrCode: errors.InvalidParameter,
},
{
name: "new last item updated time",
name: "missing last item create time",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
lastItemId: "some id",
lastItemCreateTime: fiveDaysAgo.AddDate(1, 0, 0),
wantErrString: "last item create time is in the future",
lastItemCreateTime: time.Time{},
wantErrString: "missing last item create time",
wantErrCode: errors.InvalidParameter,
},
}
@ -130,23 +120,23 @@ func Test_NewStartRefreshToken(t *testing.T) {
t.Parallel()
fiveDaysAgo := time.Now().AddDate(0, 0, -5)
tests := []struct {
name string
createdTime time.Time
typ resource.Type
grantsHash []byte
previousDeletedIdsTime time.Time
phaseLowerBound time.Time
want *listtoken.Token
wantErrString string
wantErrCode errors.Code
name string
createdTime time.Time
typ resource.Type
grantsHash []byte
previousDeletedIdsTime time.Time
previousPhaseUpperBound time.Time
want *listtoken.Token
wantErrString string
wantErrCode errors.Code
}{
{
name: "valid list+start-refresh token",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
phaseLowerBound: fiveDaysAgo,
name: "valid list+start-refresh token",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
previousPhaseUpperBound: fiveDaysAgo,
want: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
@ -158,61 +148,61 @@ func Test_NewStartRefreshToken(t *testing.T) {
},
},
{
name: "missing grants hash",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: nil,
previousDeletedIdsTime: fiveDaysAgo,
phaseLowerBound: fiveDaysAgo,
wantErrString: "missing grants hash",
wantErrCode: errors.InvalidParameter,
name: "missing create time",
createdTime: time.Time{},
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
previousPhaseUpperBound: fiveDaysAgo,
wantErrString: "missing create time",
wantErrCode: errors.InvalidParameter,
},
{
name: "new created time",
createdTime: fiveDaysAgo.AddDate(1, 0, 0),
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
phaseLowerBound: fiveDaysAgo,
wantErrString: "create time is in the future",
wantErrCode: errors.InvalidParameter,
name: "missing resource type",
createdTime: fiveDaysAgo,
typ: resource.Unknown,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
previousPhaseUpperBound: fiveDaysAgo,
wantErrString: "missing resource type",
wantErrCode: errors.InvalidParameter,
},
{
name: "old created time",
createdTime: fiveDaysAgo.AddDate(-1, 0, 0),
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
phaseLowerBound: fiveDaysAgo,
wantErrString: "create time is too old",
wantErrCode: errors.InvalidParameter,
name: "missing grants hash",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: nil,
previousDeletedIdsTime: fiveDaysAgo,
previousPhaseUpperBound: fiveDaysAgo,
wantErrString: "missing grants hash",
wantErrCode: errors.InvalidParameter,
},
{
name: "new previous deleted ids time",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo.AddDate(1, 0, 0),
phaseLowerBound: fiveDaysAgo,
wantErrString: "previous deleted ids time is in the future",
wantErrCode: errors.InvalidParameter,
name: "missing previous deleted ids time",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: time.Time{},
previousPhaseUpperBound: fiveDaysAgo,
wantErrString: "missing previous deleted ids time",
wantErrCode: errors.InvalidParameter,
},
{
name: "new previous phase upper bound",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
phaseLowerBound: fiveDaysAgo.AddDate(1, 0, 0),
wantErrString: "previous phase upper bound is in the future",
wantErrCode: errors.InvalidParameter,
name: "missing previous phase upper bound",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
previousDeletedIdsTime: fiveDaysAgo,
previousPhaseUpperBound: time.Time{},
wantErrString: "missing previous phase upper bound",
wantErrCode: errors.InvalidParameter,
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
got, err := listtoken.NewStartRefresh(context.Background(), tt.createdTime, tt.typ, tt.grantsHash, tt.previousDeletedIdsTime, tt.phaseLowerBound)
got, err := listtoken.NewStartRefresh(context.Background(), tt.createdTime, tt.typ, tt.grantsHash, tt.previousDeletedIdsTime, tt.previousPhaseUpperBound)
if tt.wantErrString != "" {
require.ErrorContains(t, err, tt.wantErrString)
require.Equal(t, errors.Convert(err).Code, tt.wantErrCode)
@ -267,98 +257,85 @@ func Test_NewRefreshToken(t *testing.T) {
},
},
{
name: "missing grants hash",
createdTime: fiveDaysAgo,
name: "missing create time",
createdTime: time.Time{},
typ: resource.Target,
grantsHash: nil,
grantsHash: []byte("some hash"),
phaseUpperBound: timeNow,
phaseLowerBound: fiveDaysAgo,
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "missing grants hash",
wantErrString: "missing create time",
wantErrCode: errors.InvalidParameter,
},
{
name: "new created time",
createdTime: fiveDaysAgo.AddDate(1, 0, 0),
typ: resource.Target,
name: "missing resource type",
createdTime: fiveDaysAgo,
typ: resource.Unknown,
grantsHash: []byte("some hash"),
phaseUpperBound: timeNow,
phaseLowerBound: fiveDaysAgo,
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "create time is in the future",
wantErrString: "missing resource type",
wantErrCode: errors.InvalidParameter,
},
{
name: "old created time",
createdTime: fiveDaysAgo.AddDate(-1, 0, 0),
name: "missing grants hash",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
grantsHash: nil,
phaseUpperBound: timeNow,
phaseLowerBound: fiveDaysAgo,
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "create time is too old",
wantErrString: "missing grants hash",
wantErrCode: errors.InvalidParameter,
},
{
name: "new previous deleted ids time",
name: "missing previous deleted ids time",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
phaseUpperBound: timeNow,
phaseLowerBound: fiveDaysAgo,
previousDeleteIdsTime: fiveDaysAgo.AddDate(1, 0, 0),
previousDeleteIdsTime: time.Time{},
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "previous deleted ids time is in the future",
wantErrString: "missing previous deleted ids time",
wantErrCode: errors.InvalidParameter,
},
{
name: "phase upper bound in future",
name: "missing phase upper bound",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
phaseUpperBound: timeNow.AddDate(1, 0, 0),
phaseUpperBound: time.Time{},
phaseLowerBound: fiveDaysAgo,
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "phase upper bound is in the future",
wantErrString: "missing phase upper bound",
wantErrCode: errors.InvalidParameter,
},
{
name: "phase lower bound in future",
name: "missing phase lower bound",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
phaseUpperBound: timeNow,
phaseLowerBound: fiveDaysAgo.AddDate(1, 0, 0),
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "phase lower bound is in the future",
wantErrCode: errors.InvalidParameter,
},
{
name: "phase lower bound newer than upper bound",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
phaseUpperBound: fiveDaysAgo,
phaseLowerBound: timeNow,
phaseLowerBound: time.Time{},
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo,
wantErrString: "phase lower bound is after phase upper bound",
wantErrString: "missing phase lower bound",
wantErrCode: errors.InvalidParameter,
},
{
name: "missing last item ID",
name: "missing last item id",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
@ -370,19 +347,6 @@ func Test_NewRefreshToken(t *testing.T) {
wantErrString: "missing last item ID",
wantErrCode: errors.InvalidParameter,
},
{
name: "last item update time in future",
createdTime: fiveDaysAgo,
typ: resource.Target,
grantsHash: []byte("some hash"),
phaseUpperBound: timeNow,
phaseLowerBound: fiveDaysAgo,
previousDeleteIdsTime: fiveDaysAgo,
lastItemId: "some id",
lastItemUpdateTime: fourDaysAgo.AddDate(1, 0, 0),
wantErrString: "last item update time is in the future",
wantErrCode: errors.InvalidParameter,
},
}
for _, tt := range tests {
tt := tt
@ -463,18 +427,6 @@ func Test_ValidateListToken(t *testing.T) {
wantErrString: "grants have changed since list token was issued",
wantErrCode: errors.InvalidListToken,
},
{
name: "created in the future",
token: &listtoken.Token{
CreateTime: time.Now().AddDate(1, 0, 0),
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token was created in the future",
wantErrCode: errors.InvalidListToken,
},
{
name: "expired",
token: &listtoken.Token{
@ -569,7 +521,7 @@ func Test_ValidatePaginationToken(t *testing.T) {
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's pagination component's last item was created in the future",
wantErrString: "list token's pagination component's last item was created after the token",
wantErrCode: errors.InvalidListToken,
},
}
@ -629,22 +581,6 @@ func Test_ValidateStartRefreshToken(t *testing.T) {
wantErrString: "list token's start refresh component's previous phase upper bound was before its creation time",
wantErrCode: errors.InvalidListToken,
},
{
name: "previous phase upper bound in future",
token: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
Subtype: &listtoken.StartRefreshToken{
PreviousDeletedIdsTime: fiveDaysAgo,
PreviousPhaseUpperBound: fiveDaysAgo.AddDate(1, 0, 0),
},
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's start refresh component's previous phase upper bound was in the future",
wantErrCode: errors.InvalidListToken,
},
{
name: "previous deleted ids time before create time",
token: &listtoken.Token{
@ -661,22 +597,6 @@ func Test_ValidateStartRefreshToken(t *testing.T) {
wantErrString: "list token's start refresh component previous deleted ids time was before its creation time",
wantErrCode: errors.InvalidListToken,
},
{
name: "previous deleted ids time in future",
token: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
Subtype: &listtoken.StartRefreshToken{
PreviousDeletedIdsTime: fiveDaysAgo.AddDate(1, 0, 0),
PreviousPhaseUpperBound: fiveDaysAgo,
},
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's start refresh component previous deleted ids time was in the future",
wantErrCode: errors.InvalidListToken,
},
}
for _, tt := range tests {
tt := tt
@ -759,25 +679,6 @@ func Test_ValidateRefreshToken(t *testing.T) {
wantErrString: "list token's refresh component's phase upper bound was before the phase lower bound",
wantErrCode: errors.InvalidListToken,
},
{
name: "phase upper bound in future",
token: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
Subtype: &listtoken.RefreshToken{
PhaseUpperBound: fiveDaysAgo.AddDate(1, 0, 0),
PreviousDeletedIdsTime: fiveDaysAgo,
PhaseLowerBound: fiveDaysAgo,
LastItemId: "some id",
LastItemUpdateTime: fiveDaysAgo,
},
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's refresh component's phase upper bound was in the future",
wantErrCode: errors.InvalidListToken,
},
{
name: "phase lower bound before create time",
token: &listtoken.Token{
@ -797,25 +698,6 @@ func Test_ValidateRefreshToken(t *testing.T) {
wantErrString: "list token's refresh component's phase lower bound was before its creation time",
wantErrCode: errors.InvalidListToken,
},
{
name: "phase lower bound in future",
token: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
Subtype: &listtoken.RefreshToken{
PhaseUpperBound: fiveDaysAgo,
PreviousDeletedIdsTime: fiveDaysAgo,
PhaseLowerBound: fiveDaysAgo.AddDate(1, 0, 0),
LastItemId: "some id",
LastItemUpdateTime: fiveDaysAgo,
},
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's refresh component's phase lower bound was in the future",
wantErrCode: errors.InvalidListToken,
},
{
name: "previous deleted ids time before create time",
token: &listtoken.Token{
@ -835,25 +717,6 @@ func Test_ValidateRefreshToken(t *testing.T) {
wantErrString: "list token's refresh component previous deleted ids time was before its creation time",
wantErrCode: errors.InvalidListToken,
},
{
name: "previous deleted ids time in future",
token: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
Subtype: &listtoken.RefreshToken{
PhaseUpperBound: fiveDaysAgo,
PreviousDeletedIdsTime: fiveDaysAgo.AddDate(1, 0, 0),
PhaseLowerBound: fiveDaysAgo,
LastItemId: "some id",
LastItemUpdateTime: fiveDaysAgo,
},
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's refresh component previous deleted ids time was in the future",
wantErrCode: errors.InvalidListToken,
},
{
name: "emtpy last item id",
token: &listtoken.Token{
@ -873,25 +736,6 @@ func Test_ValidateRefreshToken(t *testing.T) {
wantErrString: "list token's refresh component missing last item ID",
wantErrCode: errors.InvalidListToken,
},
{
name: "last item update in future",
token: &listtoken.Token{
CreateTime: fiveDaysAgo,
ResourceType: resource.Target,
GrantsHash: []byte("some hash"),
Subtype: &listtoken.RefreshToken{
PhaseUpperBound: fiveDaysAgo,
PreviousDeletedIdsTime: fiveDaysAgo,
PhaseLowerBound: fiveDaysAgo,
LastItemId: "some id",
LastItemUpdateTime: fiveDaysAgo.AddDate(1, 0, 0),
},
},
grantsHash: []byte("some hash"),
resourceType: resource.Target,
wantErrString: "list token's refresh component's last item was updated in the future",
wantErrCode: errors.InvalidListToken,
},
}
for _, tt := range tests {
tt := tt

Write Preview
Loading…
Cancel
Save