From b60d15a07c3e33f68f069710de303b7789ce2fbe Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Fri, 13 Feb 2026 10:14:36 -0500 Subject: [PATCH 1/2] Add experiment to enable the KMIP client API (#11981) (#12017) * Make VAULT_EXPERIMENTS work as feature flags. Make method IsFlagEnabled treat experiments as feature flags so that they are accessible to plugins. * Add experiment kmip.client_api.alpha1. This experiment enables the KMIP client and template API endpoints. * Use IsExperimentEnabled rather than ValidExperiments. * Document TestCore_IsFlagEnabled. Co-authored-by: Victor Rodriguez --- helper/experiments/experiments.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/helper/experiments/experiments.go b/helper/experiments/experiments.go index 97746b15da..4f5247249c 100644 --- a/helper/experiments/experiments.go +++ b/helper/experiments/experiments.go @@ -9,8 +9,10 @@ const ( VaultExperimentCoreAuditEventsAlpha1 = "core.audit.events.alpha1" VaultExperimentSecretsImport = "secrets.import.alpha1" - // Unused experiments. We keep them so that we don't break users who include them in their - // flags or configs, but they no longer have any effect. + // VaultExperimentKmipClientApi enables the experimental KMIP client + // and template API endpoints. See VAULT-41117. + VaultExperimentKmipClientApi = "kmip.client_api.alpha1" + VaultExperimentEventsAlpha1 = "events.alpha1" ) @@ -18,8 +20,11 @@ var validExperiments = []string{ VaultExperimentEventsAlpha1, VaultExperimentCoreAuditEventsAlpha1, VaultExperimentSecretsImport, + VaultExperimentKmipClientApi, } +// Unused experiments. We keep them so that we don't break users who include them in their +// flags or configs, but they no longer have any effect. var unusedExperiments = []string{ VaultExperimentEventsAlpha1, } From 65597dd37ce0078db1285824253e908aac675e5c Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Fri, 13 Feb 2026 11:00:48 -0500 Subject: [PATCH 2/2] Backport Renaming to generalize pki certificate counts into ce/main (#12327) * no-op commit * Renaming to generalize pki certificate counts (#12304) * renaming to generalize pki certificate counts # Conflicts: # vault/replication_rpc_ent.go # vault/testing_util.go * Update vault/testing_util.go Co-authored-by: Victor Rodriguez Rizo * Remove "PKI" from a few more names related to certificate count code. --------- Co-authored-by: Victor Rodriguez Rizo # Conflicts: # builtin/logical/pki/backend_cmpv2_ent_test.go # vault/activity_log_product_usage_util_ent.go # vault/activity_log_util_ent.go # vault/cert_count/cert_count_manager.go # vault/cert_count/cert_count_manager_test.go # vault/external_tests/activity_testonly/activity_testonly_ent_test.go # vault/logical_system_helpers_ent.go # vault/logical_system_pki_certificate_count_ent.go # vault/logical_system_pki_certificate_count_ent_test.go # vault/replication_paths_ent.go # vault/replication_rpc_ent.go # vault/testing_util.go * add ce changes --------- Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com> Co-authored-by: Victor Rodriguez Rizo Co-authored-by: rculpepper --- builtin/logical/pki/backend.go | 6 +- sdk/logical/cert_count_system_view.go | 23 +++++++ sdk/logical/pki_cert_count_system_view.go | 23 ------- vault/acme_billing_system_view.go | 28 ++++----- .../cert_count_manager.go} | 60 +++++++++---------- .../cert_count_manager_test.go} | 10 ++-- .../cert_count_storage.go} | 2 +- .../cert_count_storage_test.go} | 2 +- vault/core.go | 10 ++-- vault/core_util_common.go | 4 +- vault/logical_system_helpers.go | 22 +++---- vault/logical_system_helpers_stubs_oss.go | 2 +- vault/testing_util.go | 9 ++- 13 files changed, 100 insertions(+), 101 deletions(-) create mode 100644 sdk/logical/cert_count_system_view.go delete mode 100644 sdk/logical/pki_cert_count_system_view.go rename vault/{pki_cert_count/pki_cert_count_manager.go => cert_count/cert_count_manager.go} (60%) rename vault/{pki_cert_count/pki_cert_count_manager_test.go => cert_count/cert_count_manager_test.go} (91%) rename vault/{pki_cert_count/pki_cert_count_storage.go => cert_count/cert_count_storage.go} (99%) rename vault/{pki_cert_count/pki_cert_count_storage_test.go => cert_count/cert_count_storage_test.go} (99%) diff --git a/builtin/logical/pki/backend.go b/builtin/logical/pki/backend.go index bb34998e19..3aeaca032a 100644 --- a/builtin/logical/pki/backend.go +++ b/builtin/logical/pki/backend.go @@ -312,10 +312,10 @@ func Backend(conf *logical.BackendConfig) *backend { b.acmeState = NewACMEState() b.certificateCounter = NewCertificateCounter(b.backendUUID) - if pkiCertCounterSysView, ok := conf.System.(logical.PkiCertificateCountSystemView); ok { - b.pkiCertificateCounter = pkiCertCounterSysView.GetPkiCertificateCounter() + if pkiCertCounterSysView, ok := conf.System.(logical.CertificateCountSystemView); ok { + b.pkiCertificateCounter = pkiCertCounterSysView.GetCertificateCounter() } else { - b.pkiCertificateCounter = logical.NewNullPkiCertificateCounter() + b.pkiCertificateCounter = logical.NewNullCertificateCounter() } b.pkiObserver = observe.NewPkiCeObserver(b.Logger(), b) diff --git a/sdk/logical/cert_count_system_view.go b/sdk/logical/cert_count_system_view.go new file mode 100644 index 0000000000..abe609eca0 --- /dev/null +++ b/sdk/logical/cert_count_system_view.go @@ -0,0 +1,23 @@ +// Copyright IBM Corp. 2016, 2025 +// SPDX-License-Identifier: MPL-2.0 + +package logical + +type CertificateCountSystemView interface { + GetCertificateCounter() CertificateCounter +} + +type nullCertificateCounter struct{} + +func (n *nullCertificateCounter) AddCount(_ CertCount) { +} + +func (n *nullCertificateCounter) Increment() CertCountIncrementer { + return NewCertCountIncrementer(n) +} + +var _ CertificateCounter = (*nullCertificateCounter)(nil) + +func NewNullCertificateCounter() CertificateCounter { + return &nullCertificateCounter{} +} diff --git a/sdk/logical/pki_cert_count_system_view.go b/sdk/logical/pki_cert_count_system_view.go deleted file mode 100644 index 429a1329bc..0000000000 --- a/sdk/logical/pki_cert_count_system_view.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright IBM Corp. 2016, 2025 -// SPDX-License-Identifier: MPL-2.0 - -package logical - -type PkiCertificateCountSystemView interface { - GetPkiCertificateCounter() CertificateCounter -} - -type nullPkiCertificateCounter struct{} - -func (n *nullPkiCertificateCounter) AddCount(_ CertCount) { -} - -func (n *nullPkiCertificateCounter) Increment() CertCountIncrementer { - return NewCertCountIncrementer(n) -} - -var _ CertificateCounter = (*nullPkiCertificateCounter)(nil) - -func NewNullPkiCertificateCounter() CertificateCounter { - return &nullPkiCertificateCounter{} -} diff --git a/vault/acme_billing_system_view.go b/vault/acme_billing_system_view.go index 5a19c2ba5c..f539b1d5ff 100644 --- a/vault/acme_billing_system_view.go +++ b/vault/acme_billing_system_view.go @@ -69,11 +69,11 @@ type acmeBillingSystemViewImpl struct { } var ( - _ logical.ACMEBillingSystemView = (*acmeBillingSystemViewImpl)(nil) - _ extendedSystemView = (*acmeBillingSystemViewImpl)(nil) - _ logical.ManagedKeySystemView = (*acmeBillingSystemViewImpl)(nil) - _ entropy.Sourcer = (*acmeBillingSystemViewImpl)(nil) - _ logical.PkiCertificateCountSystemView = (*acmeBillingSystemViewImpl)(nil) + _ logical.ACMEBillingSystemView = (*acmeBillingSystemViewImpl)(nil) + _ extendedSystemView = (*acmeBillingSystemViewImpl)(nil) + _ logical.ManagedKeySystemView = (*acmeBillingSystemViewImpl)(nil) + _ entropy.Sourcer = (*acmeBillingSystemViewImpl)(nil) + _ logical.CertificateCountSystemView = (*acmeBillingSystemViewImpl)(nil) ) // Scenario 2 above. @@ -84,10 +84,10 @@ type acmeBillingSystemViewImplNoSourcer struct { } var ( - _ logical.ACMEBillingSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) - _ extendedSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) - _ logical.ManagedKeySystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) - _ logical.PkiCertificateCountSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) + _ logical.ACMEBillingSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) + _ extendedSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) + _ logical.ManagedKeySystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) + _ logical.CertificateCountSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil) ) // Scenario 3 above. @@ -97,9 +97,9 @@ type acmeBillingSystemViewImplNoManagedKeys struct { } var ( - _ logical.ACMEBillingSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil) - _ extendedSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil) - _ logical.PkiCertificateCountSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil) + _ logical.ACMEBillingSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil) + _ extendedSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil) + _ logical.CertificateCountSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil) ) // NewAcmeBillingSystemView creates the appropriate implementation based on @@ -144,6 +144,6 @@ func (a *acmeBillingImpl) CreateActivityCountEventForIdentifiers(ctx context.Con return nil } -func (a *acmeBillingImpl) GetPkiCertificateCounter() logical.CertificateCounter { - return a.core.GetPkiCertificateCounter() +func (a *acmeBillingImpl) GetCertificateCounter() logical.CertificateCounter { + return a.core.GetCertificateCounter() } diff --git a/vault/pki_cert_count/pki_cert_count_manager.go b/vault/cert_count/cert_count_manager.go similarity index 60% rename from vault/pki_cert_count/pki_cert_count_manager.go rename to vault/cert_count/cert_count_manager.go index 8926d7c64d..66fd6b9e4a 100644 --- a/vault/pki_cert_count/pki_cert_count_manager.go +++ b/vault/cert_count/cert_count_manager.go @@ -1,7 +1,7 @@ // Copyright IBM Corp. 2016, 2025 // SPDX-License-Identifier: MPL-2.0 -package pki_cert_count +package cert_count import ( "crypto/x509" @@ -17,19 +17,19 @@ import ( // all certificate counting. const envVaultDisableCertCount = "VAULT_DISABLE_CERT_COUNT" -// consumerJobInterval is the interval the PkiCertificateCountManager uses +// consumerJobInterval is the interval the CertificateCountManager uses // for StartConsumerJob. It is a variable so that unit tests can override it. var consumerJobInterval = 1 * time.Minute -// PkiCertificateCountConsumer is a callback for consumers of the PKI certificate counts. -type PkiCertificateCountConsumer func(logical.CertCount) +// CertificateCountConsumer is a callback for consumers of the certificate counts. +type CertificateCountConsumer func(logical.CertCount) -// PkiCertificateCountManager keeps track of issued and stored PKI certificate counts. -type PkiCertificateCountManager interface { +// CertificateCountManager keeps track of issued and stored certificate counts. +type CertificateCountManager interface { logical.CertificateCounter // StartConsumerJob starts a background job that periodically reports the counts to the // given consumer. If a job is already running, it will be stopped and replaced. - StartConsumerJob(consumer PkiCertificateCountConsumer) + StartConsumerJob(consumer CertificateCountConsumer) // StopConsumerJob stops the background job for the certificate count consumer, if one // is running. @@ -40,7 +40,7 @@ type PkiCertificateCountManager interface { GetCounts() logical.CertCount } -// certCountManager is an implementation of PkiCertificateCountManager. +// certCountManager is an implementation of CertificateCountManager. type certCountManager struct { count logical.CertCount countLock sync.RWMutex @@ -51,20 +51,20 @@ type certCountManager struct { logger hclog.Logger } -var _ PkiCertificateCountManager = (*certCountManager)(nil) +var _ CertificateCountManager = (*certCountManager)(nil) -// InitPkiCertificateCountManager creates a new PkiCertificateCountManager, or a null +// InitCertificateCountManager creates a new CertificateCountManager, or a null // implementation if certificate counting is disabled via the presence of the // VAULT_DISABLE_CERT_COUNT environment variable (with any value). -func InitPkiCertificateCountManager(logger hclog.Logger) PkiCertificateCountManager { +func InitCertificateCountManager(logger hclog.Logger) CertificateCountManager { if os.Getenv(envVaultDisableCertCount) != "" { - logger.Warn("PKI certificate counting disabled via environment variable") - return newNullPkiCertificateCountManager() + logger.Warn("certificate counting disabled via environment variable") + return newNullCertificateCountManager() } - return newPkiCertificateCountManager(logger) + return newCertificateCountManager(logger) } -func newPkiCertificateCountManager(logger hclog.Logger) PkiCertificateCountManager { +func newCertificateCountManager(logger hclog.Logger) CertificateCountManager { ret := &certCountManager{ count: logical.CertCount{}, reportTimerStop: nil, @@ -73,7 +73,7 @@ func newPkiCertificateCountManager(logger hclog.Logger) PkiCertificateCountManag return ret } -func (m *certCountManager) StartConsumerJob(consumer PkiCertificateCountConsumer) { +func (m *certCountManager) StartConsumerJob(consumer CertificateCountConsumer) { m.reportTimerStopLock.Lock() defer m.reportTimerStopLock.Unlock() @@ -83,7 +83,7 @@ func (m *certCountManager) StartConsumerJob(consumer PkiCertificateCountConsumer go m.reportLoop(m.reportTimerStop, consumer) } -func (m *certCountManager) reportLoop(stop chan struct{}, consumer PkiCertificateCountConsumer) { +func (m *certCountManager) reportLoop(stop chan struct{}, consumer CertificateCountConsumer) { reportTicker := time.NewTicker(consumerJobInterval) defer reportTicker.Stop() @@ -100,7 +100,7 @@ func (m *certCountManager) reportLoop(stop chan struct{}, consumer PkiCertificat } } -func (m *certCountManager) consumeCount(consumer PkiCertificateCountConsumer) { +func (m *certCountManager) consumeCount(consumer CertificateCountConsumer) { m.countLock.Lock() defer m.countLock.Unlock() @@ -133,7 +133,7 @@ func (m *certCountManager) AddCount(params logical.CertCount) { m.count.Add(params) - m.logger.Trace("incremented in-memory PKI certificate counts", "issuedCerts", m.count.IssuedCerts, "storedCerts", m.count.StoredCerts) + m.logger.Trace("incremented in-memory certificate counts", "issuedCerts", m.count.IssuedCerts, "storedCerts", m.count.StoredCerts) } func (m *certCountManager) Increment() logical.CertCountIncrementer { @@ -149,36 +149,36 @@ func (m *certCountManager) GetCounts() (issuedCount logical.CertCount) { } //////////////////////////////////////////////////////////////////////////////////////////////////// -// nullPkiCertificateCountManager +// nullCertificateCountManager -type nullPkiCertificateCountManager struct{} +type nullCertificateCountManager struct{} -var _ PkiCertificateCountManager = (*nullPkiCertificateCountManager)(nil) +var _ CertificateCountManager = (*nullCertificateCountManager)(nil) -func newNullPkiCertificateCountManager() PkiCertificateCountManager { - return &nullPkiCertificateCountManager{} +func newNullCertificateCountManager() CertificateCountManager { + return &nullCertificateCountManager{} } -func (n *nullPkiCertificateCountManager) AddCount(_ logical.CertCount) { +func (n *nullCertificateCountManager) AddCount(_ logical.CertCount) { // nothing to do } -func (n *nullPkiCertificateCountManager) Increment() logical.CertCountIncrementer { +func (n *nullCertificateCountManager) Increment() logical.CertCountIncrementer { return logical.NewCertCountIncrementer(n) } -func (n *nullPkiCertificateCountManager) AddIssuedCertificate(_ bool, _ *x509.Certificate) { +func (n *nullCertificateCountManager) AddIssuedCertificate(_ bool, _ *x509.Certificate) { // nothing to do } -func (n *nullPkiCertificateCountManager) StartConsumerJob(_ PkiCertificateCountConsumer) { +func (n *nullCertificateCountManager) StartConsumerJob(_ CertificateCountConsumer) { // nothing to do } -func (n *nullPkiCertificateCountManager) StopConsumerJob() { +func (n *nullCertificateCountManager) StopConsumerJob() { // nothing to do } -func (n *nullPkiCertificateCountManager) GetCounts() (issuedCount logical.CertCount) { +func (n *nullCertificateCountManager) GetCounts() (issuedCount logical.CertCount) { return logical.CertCount{} } diff --git a/vault/pki_cert_count/pki_cert_count_manager_test.go b/vault/cert_count/cert_count_manager_test.go similarity index 91% rename from vault/pki_cert_count/pki_cert_count_manager_test.go rename to vault/cert_count/cert_count_manager_test.go index 6aee5f74d8..ff0f7f7ac3 100644 --- a/vault/pki_cert_count/pki_cert_count_manager_test.go +++ b/vault/cert_count/cert_count_manager_test.go @@ -1,7 +1,7 @@ // Copyright IBM Corp. 2016, 2025 // SPDX-License-Identifier: BUSL-1.1 -package pki_cert_count +package cert_count import ( "crypto/rand" @@ -47,10 +47,10 @@ func createTestCertificate(t *testing.T, validity time.Duration) *x509.Certifica return cert } -// TestPkiCertificateCountManager_IncrementAndConsume tests the behaviour of -// PkiCertificateCountManager. -func TestPkiCertificateCountManager_IncrementAndConsume(t *testing.T) { - manager := newPkiCertificateCountManager(hclog.NewNullLogger()) +// TestCertificateCountManager_IncrementAndConsume tests the behaviour of +// CertificateCountManager. +func TestCertificateCountManager_IncrementAndConsume(t *testing.T) { + manager := newCertificateCountManager(hclog.NewNullLogger()) consumerJobInterval = 10 * time.Millisecond firstConsumerTotalCount := &atomic.Uint64{} diff --git a/vault/pki_cert_count/pki_cert_count_storage.go b/vault/cert_count/cert_count_storage.go similarity index 99% rename from vault/pki_cert_count/pki_cert_count_storage.go rename to vault/cert_count/cert_count_storage.go index db367888a6..8624ed3dca 100644 --- a/vault/pki_cert_count/pki_cert_count_storage.go +++ b/vault/cert_count/cert_count_storage.go @@ -1,7 +1,7 @@ // Copyright IBM Corp. 2016, 2025 // SPDX-License-Identifier: MPL-2.0 -package pki_cert_count +package cert_count import ( "context" diff --git a/vault/pki_cert_count/pki_cert_count_storage_test.go b/vault/cert_count/cert_count_storage_test.go similarity index 99% rename from vault/pki_cert_count/pki_cert_count_storage_test.go rename to vault/cert_count/cert_count_storage_test.go index 8a5770ef01..f65a26850c 100644 --- a/vault/pki_cert_count/pki_cert_count_storage_test.go +++ b/vault/cert_count/cert_count_storage_test.go @@ -1,7 +1,7 @@ // Copyright IBM Corp. 2016, 2025 // SPDX-License-Identifier: MPL-2.0 -package pki_cert_count +package cert_count import ( "context" diff --git a/vault/core.go b/vault/core.go index cd152e185a..ced1a765e5 100644 --- a/vault/core.go +++ b/vault/core.go @@ -63,10 +63,10 @@ import ( sr "github.com/hashicorp/vault/serviceregistration" "github.com/hashicorp/vault/shamir" "github.com/hashicorp/vault/vault/billing" + "github.com/hashicorp/vault/vault/cert_count" "github.com/hashicorp/vault/vault/cluster" "github.com/hashicorp/vault/vault/eventbus" "github.com/hashicorp/vault/vault/observations" - "github.com/hashicorp/vault/vault/pki_cert_count" "github.com/hashicorp/vault/vault/plugincatalog" "github.com/hashicorp/vault/vault/quotas" vaultseal "github.com/hashicorp/vault/vault/seal" @@ -768,9 +768,9 @@ type Core struct { // reportingScanDirectory is where the files emitted by /sys/reporting/scan go. reportingScanDirectory string - // pkiCertCountManager keeps track of issued and stored PKI certificate counts for - // PKI-only billing purposes. - pkiCertCountManager pki_cert_count.PkiCertificateCountManager + // certCountManager keeps track of issued and stored PKI certificate counts for + // billing purposes. + certCountManager cert_count.CertificateCountManager } func (c *Core) ActiveNodeClockSkewMillis() int64 { @@ -1152,7 +1152,7 @@ func CreateCore(conf *CoreConfig) (*Core, error) { reportingScanDirectory: conf.ReportingScanDirectory, } - c.pkiCertCountManager = pki_cert_count.InitPkiCertificateCountManager(c.logger) + c.certCountManager = cert_count.InitCertificateCountManager(c.logger) c.standbyStopCh.Store(make(chan struct{})) atomic.StoreUint32(c.sealed, 1) diff --git a/vault/core_util_common.go b/vault/core_util_common.go index 879ad4cf70..34cb9b3363 100644 --- a/vault/core_util_common.go +++ b/vault/core_util_common.go @@ -81,8 +81,8 @@ func (c *Core) setupHeaderHMACKey(ctx context.Context, isPerfStandby bool) error return nil } -func (c *Core) GetPkiCertificateCounter() logical.CertificateCounter { - return c.pkiCertCountManager +func (c *Core) GetCertificateCounter() logical.CertificateCounter { + return c.certCountManager } func (c *Core) GetConsumptionBillingManager() logical.ConsumptionBillingManager { diff --git a/vault/logical_system_helpers.go b/vault/logical_system_helpers.go index 7c1945cabc..60c1a7075e 100644 --- a/vault/logical_system_helpers.go +++ b/vault/logical_system_helpers.go @@ -15,7 +15,7 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/logical" - "github.com/hashicorp/vault/vault/pki_cert_count" + "github.com/hashicorp/vault/vault/cert_count" ) type enterprisePathStub struct { @@ -291,16 +291,16 @@ func ceSysInitialize(b *SystemBackend) func(context.Context, *logical.Initializa return fmt.Errorf("failed to initialize activation flags: %w", err) } - b.Core.pkiCertCountManager.StartConsumerJob(func(increment logical.CertCount) { - b.Core.consumePkiCertCounts(increment) + b.Core.certCountManager.StartConsumerJob(func(increment logical.CertCount) { + b.Core.consumeCertCounts(increment) }) return nil } } -// consumePkiCertCounts updates the PKI certificate counts in storage if we are +// consumeCertCounts updates the certificate counts in storage if we are // running on the active node; otherwise it forwards them to the active node. -func (c *Core) consumePkiCertCounts(inc logical.CertCount) { +func (c *Core) consumeCertCounts(inc logical.CertCount) { var consumed bool haState := c.HAStateWithLock() if inc.IsZero() { @@ -311,20 +311,20 @@ func (c *Core) consumePkiCertCounts(inc logical.CertCount) { case consts.Standby: consumed = true case consts.PerfStandby: - consumed = forwardPkiCertCounts(c, inc) + consumed = forwardCertCounts(c, inc) case consts.Active: - c.logger.Info("storing PKI certificate counts", "issuedCerts", inc.IssuedCerts, "storedCerts", inc.StoredCerts) - err := pki_cert_count.IncrementStoredCounts(c.activeContext, c.barrier, inc) + c.logger.Info("storing certificate counts", "issuedCerts", inc.IssuedCerts, "storedCerts", inc.StoredCerts) + err := cert_count.IncrementStoredCounts(c.activeContext, c.barrier, inc) if err != nil { - c.logger.Error("error storing PKI certificate counts", "error", err) + c.logger.Error("error storing certificate counts", "error", err) } else { consumed = true } default: - c.logger.Error("Unexpected HA state when consuming PKI certificate counts", "ha_state", haState) + c.logger.Error("Unexpected HA state when consuming certificate counts", "ha_state", haState) } if !consumed { - c.pkiCertCountManager.AddCount(inc) + c.certCountManager.AddCount(inc) } } diff --git a/vault/logical_system_helpers_stubs_oss.go b/vault/logical_system_helpers_stubs_oss.go index a229ed13e2..50fb07e23f 100644 --- a/vault/logical_system_helpers_stubs_oss.go +++ b/vault/logical_system_helpers_stubs_oss.go @@ -7,6 +7,6 @@ package vault import "github.com/hashicorp/vault/sdk/logical" -func forwardPkiCertCounts(c *Core, inc logical.CertCount) bool { +func forwardCertCounts(c *Core, inc logical.CertCount) bool { return false } diff --git a/vault/testing_util.go b/vault/testing_util.go index 1a1352eb9f..893f49c0d2 100644 --- a/vault/testing_util.go +++ b/vault/testing_util.go @@ -7,7 +7,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/vault/pki_cert_count" + "github.com/hashicorp/vault/vault/cert_count" "github.com/hashicorp/vault/version" "github.com/stretchr/testify/require" ) @@ -23,19 +23,18 @@ func init() { } func (c *TestClusterCore) StopPkiCertificateCountConsumerJob() { - mgr := c.Core.pkiCertCountManager.(pki_cert_count.PkiCertificateCountManager) + mgr := c.Core.certCountManager.(cert_count.CertificateCountManager) mgr.StopConsumerJob() } func (c *TestClusterCore) ResetPkiCertificateCounts() { - mgr := c.Core.pkiCertCountManager.(pki_cert_count.PkiCertificateCountManager) - + mgr := c.Core.certCountManager.(cert_count.CertificateCountManager) c.pkiCertificateCountData = mgr.GetCounts() } func (c *TestClusterCore) RequirePkiCertificateCounts(t testing.TB, expectedIssuedCount, expectedStoredCount int) { t.Helper() - mgr := c.Core.pkiCertCountManager.(pki_cert_count.PkiCertificateCountManager) + mgr := c.Core.certCountManager.(cert_count.CertificateCountManager) actualCount := mgr.GetCounts() actualCount.IssuedCerts -= c.pkiCertificateCountData.IssuedCerts