scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

vault: Adding start/stop to expiration manager

Browse Source
This commit is contained in:
Armon Dadgar
2015-03-13 11:31:43 -07:00
parent 2ae7992a98
commit ec99c1514b
2 changed files with 58 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
vault/expiration.go
View File

@@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"path" "path"
"sync"
"time" "time"
) )
@@ -18,8 +19,11 @@ const (
// If a secret is not renewed in timely manner, it may be expired, and // If a secret is not renewed in timely manner, it may be expired, and
// the ExpirationManager will handle doing automatic revocation. // the ExpirationManager will handle doing automatic revocation.
type ExpirationManager struct { type ExpirationManager struct {
router *Router router *Router
view *BarrierView view *BarrierView
doneCh chan struct{}
stopCh chan struct{}
stopLock sync.Mutex
} }
// NewExpirationManager creates a new ExpirationManager that is backed // NewExpirationManager creates a new ExpirationManager that is backed
@@ -67,21 +71,55 @@ func (c *Core) stopExpiration() error {
// Restore is used to recover the lease states when starting. // Restore is used to recover the lease states when starting.
// This is used after starting the vault. // This is used after starting the vault.
func (m *ExpirationManager) Restore() error { func (m *ExpirationManager) Restore() error {
m.stopLock.Lock()
defer m.stopLock.Unlock()
if m.stopCh != nil {
return fmt.Errorf("cannot restore while running")
}
// TODO: Restore...
return nil return nil
} }
// Start is used to continue automatic revocation. This // Start is used to continue automatic revocation. This
// should only be called when the Vault is unsealed. // should only be called when the Vault is unsealed.
func (m *ExpirationManager) Start() error { func (m *ExpirationManager) Start() error {
m.stopLock.Lock()
defer m.stopLock.Unlock()
if m.stopCh == nil {
m.doneCh = make(chan struct{})
m.stopCh = make(chan struct{})
go m.run(m.doneCh, m.stopCh)
}
return nil return nil
} }
// Stop is used to prevent further automatic revocations. // Stop is used to prevent further automatic revocations.
// This must be called before sealing the view. // This must be called before sealing the view.
func (m *ExpirationManager) Stop() error { func (m *ExpirationManager) Stop() error {
m.stopLock.Lock()
defer m.stopLock.Unlock()
if m.stopCh != nil {
doneCh := m.doneCh
close(m.stopCh)
m.stopCh = nil
m.doneCh = nil
<-doneCh // Wait for completion
}
return nil return nil
} }
// run is a long running goroutine that manages background expiration
func (m *ExpirationManager) run(doneCh, stopCh chan struct{}) {
defer close(doneCh)
for {
select {
case <-stopCh:
return
}
}
}
// Revoke is used to revoke a secret named by the given vaultID // Revoke is used to revoke a secret named by the given vaultID
func (m *ExpirationManager) Revoke(vaultID string) error { func (m *ExpirationManager) Revoke(vaultID string) error {
return nil return nil

18
vault/expiration_test.go
View File

@@ -14,6 +14,24 @@ func mockExpiration(t *testing.T) *ExpirationManager {
return NewExpirationManager(router, view) return NewExpirationManager(router, view)
} }
func TestExpiration_StartStop(t *testing.T) {
exp := mockExpiration(t)
err := exp.Start()
if err != nil {
t.Fatalf("err: %v", err)
}
err = exp.Restore()
if err.Error() != "cannot restore while running" {
t.Fatalf("err: %v", err)
}
err = exp.Stop()
if err != nil {
t.Fatalf("err: %v", err)
}
}
func TestExpiration_Register(t *testing.T) { func TestExpiration_Register(t *testing.T) {
exp := mockExpiration(t) exp := mockExpiration(t)
req := &Request{ req := &Request{