-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't call LeaseExtend on login renewal paths when period is provided #3803
Changes from 3 commits
3e0ae3f
261cd10
e9e274b
7f053de
89baaf8
fe5b7a3
6cdf90f
a6812f6
1a85591
87bff1f
419c4a6
68784f1
8d6d7b1
34dfecd
6428ce4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,6 +29,11 @@ func mockExpiration(t testing.TB) *ExpirationManager { | |
return ts.expiration | ||
} | ||
|
||
func mockCoreExpiration(t testing.TB) (*Core, *ExpirationManager) { | ||
c, ts, _, _ := TestCoreWithTokenStore(t) | ||
return c, ts.expiration | ||
} | ||
|
||
func mockBackendExpiration(t testing.TB, backend physical.Backend) (*Core, *ExpirationManager) { | ||
c, ts, _, _ := TestCoreWithBackendTokenStore(t, backend) | ||
return c, ts.expiration | ||
|
@@ -790,8 +795,109 @@ func TestExpiration_RenewToken(t *testing.T) { | |
} | ||
|
||
if auth.ClientToken != out.Auth.ClientToken { | ||
t.Fatalf("Bad: %#v", out) | ||
t.Fatalf("bad: %#v", out) | ||
} | ||
} | ||
|
||
func TestExpiration_RenewToken_period(t *testing.T) { | ||
exp := mockExpiration(t) | ||
root, err := exp.tokenStore.rootToken() | ||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
// Register a token | ||
auth := &logical.Auth{ | ||
ClientToken: root.ID, | ||
LeaseOptions: logical.LeaseOptions{ | ||
TTL: time.Hour, | ||
Renewable: true, | ||
}, | ||
Period: time.Minute, | ||
} | ||
err = exp.RegisterAuth("auth/token/login", auth) | ||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
// Renew the token | ||
out, err := exp.RenewToken(&logical.Request{}, "auth/token/login", root.ID, 0) | ||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
if auth.ClientToken != out.Auth.ClientToken { | ||
t.Fatalf("bad: %#v", out) | ||
} | ||
|
||
if out.Auth.TTL > time.Minute { | ||
t.Fatalf("expected TTL to be less than 1 minute, got: %s", out.Auth.TTL) | ||
} | ||
} | ||
|
||
func TestExpiration_RenewToken_period_backend(t *testing.T) { | ||
exp := mockExpiration(t) | ||
root, err := exp.tokenStore.rootToken() | ||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
// Mount a noop backend | ||
noop := &NoopBackend{ | ||
Response: &logical.Response{ | ||
Auth: &logical.Auth{ | ||
LeaseOptions: logical.LeaseOptions{ | ||
TTL: 5 * time.Second, | ||
Renewable: true, | ||
}, | ||
}, | ||
}, | ||
DefaultLeaseTTL: 5 * time.Second, | ||
MaxLeaseTTL: 5 * time.Second, | ||
} | ||
|
||
_, barrier, _ := mockBarrier(t) | ||
view := NewBarrierView(barrier, credentialBarrierPrefix) | ||
meUUID, err := uuid.GenerateUUID() | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
err = exp.router.Mount(noop, "auth/foo/", &MountEntry{Path: "auth/foo/", Type: "noop", UUID: meUUID, Accessor: "noop-accessor"}, view) | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
|
||
// Register a token | ||
auth := &logical.Auth{ | ||
ClientToken: root.ID, | ||
LeaseOptions: logical.LeaseOptions{ | ||
TTL: 5 * time.Second, | ||
Renewable: true, | ||
}, | ||
// Period: 5 * time.Second, | ||
} | ||
|
||
err = exp.RegisterAuth("auth/foo/login", auth) | ||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
// Wait 3 seconds | ||
// time.Sleep(3 * time.Second) | ||
out, err := exp.RenewToken(&logical.Request{}, "auth/foo/login", root.ID, 0) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What is this supposed to be doing? |
||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
fmt.Println(out.Auth) | ||
|
||
// time.Sleep(3 * time.Second) | ||
out, err = exp.RenewToken(&logical.Request{}, "auth/foo/login", root.ID, 0) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same here. There's no sleep, I'm not sure what having this twice in a row is supposed to be doing. |
||
if err != nil { | ||
t.Fatalf("err: %v", err) | ||
} | ||
|
||
fmt.Println(out.Auth) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Normally we don't print out values on success |
||
} | ||
|
||
func TestExpiration_RenewToken_NotRenewable(t *testing.T) { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused what this test is supposed to be doing -- it has period in the name but this is commented out.