forked from UKHomeOffice/vault-sidekick
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwatched_resource.go
80 lines (70 loc) · 2.63 KB
/
watched_resource.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/*
Copyright 2015 Home Office All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"time"
"github.com/golang/glog"
"github.com/hashicorp/vault/api"
)
const (
renewalMinimum = 0.8
renewalMaximum = 0.95
)
// watchedResource is a resource which is being watched - i.e. when the item is coming up for renewal
// lets grab it and renew the lease
type watchedResource struct {
// the resource itself
resource *VaultResource
// the last time the resource was retrieved
lastUpdated time.Time
// the time which the lease expires
leaseExpireTime time.Time
// the duration until we next time to renew lease
renewalTime time.Duration
// the secret
secret *api.Secret
}
// notifyOnRenewal creates a trigger and notifies when a resource is up for renewal
func (r *watchedResource) notifyOnRenewal(ch chan *watchedResource) {
go func() {
// step: check if the resource has a pre-configured renewal time
r.renewalTime = r.resource.update
// step: if the answer is no, we set the notification between 80-95% of the lease time of the secret
if r.renewalTime <= 0 {
// if there is no lease time, we canout set a renewal, just fade into the background
if r.secret.LeaseDuration <= 0 {
glog.Warningf("resource: %s has no lease duration, no custom update set, so item will not be updated", r.resource.path)
return
}
r.renewalTime = r.calculateRenewal()
}
if r.resource.maxJitter != 0 {
glog.V(4).Infof("using maxJitter (%s) to calculate renewal time", r.resource.maxJitter)
r.renewalTime = time.Duration(getDurationWithin(
int((r.renewalTime-r.resource.maxJitter)/time.Second),
int(r.renewalTime/time.Second),
))
}
glog.V(3).Infof("setting a renewal notification on resource: %s, time: %s", r.resource, r.renewalTime)
// step: wait for the duration
<-time.After(r.renewalTime)
// step: send the notification on the renewal channel
ch <- r
}()
}
// calculateRenewal calculate the renewal between
func (r watchedResource) calculateRenewal() time.Duration {
return time.Duration(getDurationWithin(
int(float64(r.secret.LeaseDuration)*renewalMinimum),
int(float64(r.secret.LeaseDuration)*renewalMaximum)))
}