scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 19:47:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup some duplication in the PKI tidy response field definitions (#28614)

Browse Source
This commit is contained in:
Steven Clark
2024-10-07 16:20:57 -04:00
committed by GitHub
parent 9808006be9
commit 0687353788
1 changed files with 178 additions and 344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

318
builtin/logical/pki/path_tidy.go
View File

@@ -156,247 +156,7 @@ var defaultTidyConfig = tidyConfig{
CMPV2NonceStore: false, CMPV2NonceStore: false,
} }
func pathTidy(b *backend) *framework.Path { var tidyStatusResponseFields = map[string]*framework.FieldSchema{
return &framework.Path{
Pattern: "tidy$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
},
Fields: addTidyFields(map[string]*framework.FieldSchema{}),
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidyWrite,
Responses: map[int][]framework.Response{
http.StatusAccepted: {{
Description: "Accepted",
Fields: map[string]*framework.FieldSchema{},
}},
},
ForwardPerformanceStandby: true,
},
},
HelpSynopsis: pathTidyHelpSyn,
HelpDescription: pathTidyHelpDesc,
}
}
func pathTidyCancel(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy-cancel$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
OperationSuffix: "cancel",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidyCancelWrite,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"safety_buffer": {
Type: framework.TypeInt,
Description: `Safety buffer time duration`,
Required: false,
},
"issuer_safety_buffer": {
Type: framework.TypeInt,
Description: `Issuer safety buffer`,
Required: false,
},
"revocation_queue_safety_buffer": {
Type: framework.TypeInt,
Description: `Revocation queue safety buffer`,
Required: true,
},
"tidy_cert_store": {
Type: framework.TypeBool,
Description: `Tidy certificate store`,
Required: false,
},
"tidy_revoked_certs": {
Type: framework.TypeBool,
Description: `Tidy revoked certificates`,
Required: false,
},
"tidy_revoked_cert_issuer_associations": {
Type: framework.TypeBool,
Description: `Tidy revoked certificate issuer associations`,
Required: false,
},
"tidy_acme": {
Type: framework.TypeBool,
Description: `Tidy Unused Acme Accounts, and Orders`,
Required: false,
},
"acme_account_safety_buffer": {
Type: framework.TypeInt,
Description: `Safety buffer after creation after which accounts lacking orders are revoked`,
Required: false,
},
"tidy_expired_issuers": {
Type: framework.TypeBool,
Description: `Tidy expired issuers`,
Required: false,
},
"tidy_cert_metadata": {
Type: framework.TypeBool,
Description: `Tidy cert metadata`,
Required: false,
},
"tidy_cmpv2_nonce_store": {
Type: framework.TypeBool,
Description: `Tidy CMPv2 nonce store`,
Required: false,
},
"pause_duration": {
Type: framework.TypeString,
Description: `Duration to pause between tidying certificates`,
Required: false,
},
"state": {
Type: framework.TypeString,
Description: `One of Inactive, Running, Finished, or Error`,
Required: false,
},
"error": {
Type: framework.TypeString,
Description: `The error message`,
Required: false,
},
"time_started": {
Type: framework.TypeString,
Description: `Time the operation started`,
Required: false,
},
"time_finished": {
Type: framework.TypeString,
Description: `Time the operation finished`,
Required: false,
},
"last_auto_tidy_finished": {
Type: framework.TypeString,
Description: `Time the last auto-tidy operation finished`,
Required: true,
},
"message": {
Type: framework.TypeString,
Description: `Message of the operation`,
Required: false,
},
"cert_store_deleted_count": {
Type: framework.TypeInt,
Description: `The number of certificate storage entries deleted`,
Required: false,
},
"revoked_cert_deleted_count": {
Type: framework.TypeInt,
Description: `The number of revoked certificate entries deleted`,
Required: false,
},
"current_cert_store_count": {
Type: framework.TypeInt,
Description: `The number of revoked certificate entries deleted`,
Required: false,
},
"current_revoked_cert_count": {
Type: framework.TypeInt,
Description: `The number of revoked certificate entries deleted`,
Required: false,
},
"missing_issuer_cert_count": {
Type: framework.TypeInt,
Required: false,
},
"tidy_move_legacy_ca_bundle": {
Type: framework.TypeBool,
Required: false,
},
"tidy_cross_cluster_revoked_certs": {
Type: framework.TypeBool,
Description: `Tidy the cross-cluster revoked certificate store`,
Required: false,
},
"tidy_revocation_queue": {
Type: framework.TypeBool,
Required: false,
},
"revocation_queue_deleted_count": {
Type: framework.TypeInt,
Required: false,
},
"cross_revoked_cert_deleted_count": {
Type: framework.TypeInt,
Required: false,
},
"internal_backend_uuid": {
Type: framework.TypeString,
Required: false,
},
"total_acme_account_count": {
Type: framework.TypeInt,
Description: `Total number of acme accounts iterated over`,
Required: false,
},
"acme_account_deleted_count": {
Type: framework.TypeInt,
Description: `The number of revoked acme accounts removed`,
Required: false,
},
"acme_account_revoked_count": {
Type: framework.TypeInt,
Description: `The number of unused acme accounts revoked`,
Required: false,
},
"acme_orders_deleted_count": {
Type: framework.TypeInt,
Description: `The number of expired, unused acme orders removed`,
Required: false,
},
"cert_metadata_deleted_count": {
Type: framework.TypeInt,
Description: `The number of metadata entries removed`,
Required: false,
},
"cmpv2_nonce_deleted_count": {
Type: framework.TypeInt,
Description: `The number of CMPv2 nonces removed`,
Required: false,
},
},
}},
},
ForwardPerformanceStandby: true,
},
},
HelpSynopsis: pathTidyCancelHelpSyn,
HelpDescription: pathTidyCancelHelpDesc,
}
}
func pathTidyStatus(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy-status$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
OperationSuffix: "status",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathTidyStatusRead,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
Fields: map[string]*framework.FieldSchema{
"safety_buffer": { "safety_buffer": {
Type: framework.TypeInt, Type: framework.TypeInt,
Description: `Safety buffer time duration`, Description: `Safety buffer time duration`,
@@ -567,7 +327,79 @@ func pathTidyStatus(b *backend) *framework.Path {
Description: `The number of CMPv2 nonces removed`, Description: `The number of CMPv2 nonces removed`,
Required: false, Required: false,
}, },
}
func pathTidy(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
}, },
Fields: addTidyFields(map[string]*framework.FieldSchema{}),
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidyWrite,
Responses: map[int][]framework.Response{
http.StatusAccepted: {{
Description: "Accepted",
Fields: map[string]*framework.FieldSchema{},
}},
},
ForwardPerformanceStandby: true,
},
},
HelpSynopsis: pathTidyHelpSyn,
HelpDescription: pathTidyHelpDesc,
}
}
func pathTidyCancel(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy-cancel$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
OperationSuffix: "cancel",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathTidyCancelWrite,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
Fields: tidyStatusResponseFields,
}},
},
ForwardPerformanceStandby: true,
},
},
HelpSynopsis: pathTidyCancelHelpSyn,
HelpDescription: pathTidyCancelHelpDesc,
}
}
func pathTidyStatus(b *backend) *framework.Path {
return &framework.Path{
Pattern: "tidy-status$",
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixPKI,
OperationVerb: "tidy",
OperationSuffix: "status",
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathTidyStatusRead,
Responses: map[int][]framework.Response{
http.StatusOK: {{
Description: "OK",
Fields: tidyStatusResponseFields,
}}, }},
}, },
ForwardPerformanceStandby: true, ForwardPerformanceStandby: true,
@@ -1778,6 +1610,8 @@ func (b *backend) pathTidyStatusRead(_ context.Context, _ *logical.Request, _ *f
resp.Data["cmpv2_nonce_deleted_count"] = b.tidyStatus.cmpv2NonceDeletedCount resp.Data["cmpv2_nonce_deleted_count"] = b.tidyStatus.cmpv2NonceDeletedCount
switch b.tidyStatus.state { switch b.tidyStatus.state {
case tidyStatusInactive:
resp.Data["state"] = "Inactive"
case tidyStatusStarted: case tidyStatusStarted:
resp.Data["state"] = "Running" resp.Data["state"] = "Running"
case tidyStatusFinished: case tidyStatusFinished:
@@ -2012,7 +1846,7 @@ func (b *backend) tidyStatusStop(err error) {
b.tidyStatus.err = err b.tidyStatus.err = err
if err == nil { if err == nil {
b.tidyStatus.state = tidyStatusFinished b.tidyStatus.state = tidyStatusFinished
} else if err == tidyCancelledError { } else if errors.Is(err, tidyCancelledError) {
b.tidyStatus.state = tidyStatusCancelled b.tidyStatus.state = tidyStatusCancelled
} else { } else {
b.tidyStatus.state = tidyStatusError b.tidyStatus.state = tidyStatusError