Backport Renaming to generalize pki certificate counts into ce/main (#12327)

* no-op commit

* Renaming to generalize pki certificate counts (#12304)

* renaming to generalize pki certificate counts

# Conflicts:
#	vault/replication_rpc_ent.go
#	vault/testing_util.go

* Update vault/testing_util.go

Co-authored-by: Victor Rodriguez Rizo <vrizo@hashicorp.com>

* Remove "PKI" from a few more names related to certificate count code.

---------

Co-authored-by: Victor Rodriguez Rizo <vrizo@hashicorp.com>
# Conflicts:
#	builtin/logical/pki/backend_cmpv2_ent_test.go
#	vault/activity_log_product_usage_util_ent.go
#	vault/activity_log_util_ent.go
#	vault/cert_count/cert_count_manager.go
#	vault/cert_count/cert_count_manager_test.go
#	vault/external_tests/activity_testonly/activity_testonly_ent_test.go
#	vault/logical_system_helpers_ent.go
#	vault/logical_system_pki_certificate_count_ent.go
#	vault/logical_system_pki_certificate_count_ent_test.go
#	vault/replication_paths_ent.go
#	vault/replication_rpc_ent.go
#	vault/testing_util.go

* add ce changes

---------

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Co-authored-by: Victor Rodriguez Rizo <vrizo@hashicorp.com>
Co-authored-by: rculpepper <rculpepper@hashicorp.com>

builtin/logical/pki/backend.go

@@ -312,10 +312,10 @@ func Backend(conf *logical.BackendConfig) *backend {
 	b.acmeState = NewACMEState()
 	b.certificateCounter = NewCertificateCounter(b.backendUUID)
 
-	if pkiCertCounterSysView, ok := conf.System.(logical.PkiCertificateCountSystemView); ok {
-		b.pkiCertificateCounter = pkiCertCounterSysView.GetPkiCertificateCounter()
+	if pkiCertCounterSysView, ok := conf.System.(logical.CertificateCountSystemView); ok {
+		b.pkiCertificateCounter = pkiCertCounterSysView.GetCertificateCounter()
 	} else {
-		b.pkiCertificateCounter = logical.NewNullPkiCertificateCounter()
+		b.pkiCertificateCounter = logical.NewNullCertificateCounter()
 	}
 
 	b.pkiObserver = observe.NewPkiCeObserver(b.Logger(), b)

sdk/logical/cert_count_system_view.go

@@ -0,0 +1,23 @@
+// Copyright IBM Corp. 2016, 2025
+// SPDX-License-Identifier: MPL-2.0
+
+package logical
+
+type CertificateCountSystemView interface {
+	GetCertificateCounter() CertificateCounter
+}
+
+type nullCertificateCounter struct{}
+
+func (n *nullCertificateCounter) AddCount(_ CertCount) {
+}
+
+func (n *nullCertificateCounter) Increment() CertCountIncrementer {
+	return NewCertCountIncrementer(n)
+}
+
+var _ CertificateCounter = (*nullCertificateCounter)(nil)
+
+func NewNullCertificateCounter() CertificateCounter {
+	return &nullCertificateCounter{}
+}

sdk/logical/pki_cert_count_system_view.go

@@ -1,23 +0,0 @@
-// Copyright IBM Corp. 2016, 2025
-// SPDX-License-Identifier: MPL-2.0
-
-package logical
-
-type PkiCertificateCountSystemView interface {
-	GetPkiCertificateCounter() CertificateCounter
-}
-
-type nullPkiCertificateCounter struct{}
-
-func (n *nullPkiCertificateCounter) AddCount(_ CertCount) {
-}
-
-func (n *nullPkiCertificateCounter) Increment() CertCountIncrementer {
-	return NewCertCountIncrementer(n)
-}
-
-var _ CertificateCounter = (*nullPkiCertificateCounter)(nil)
-
-func NewNullPkiCertificateCounter() CertificateCounter {
-	return &nullPkiCertificateCounter{}
-}

vault/acme_billing_system_view.go

@@ -69,11 +69,11 @@ type acmeBillingSystemViewImpl struct {
 }
 
 var (
-	_ logical.ACMEBillingSystemView         = (*acmeBillingSystemViewImpl)(nil)
-	_ extendedSystemView                    = (*acmeBillingSystemViewImpl)(nil)
-	_ logical.ManagedKeySystemView          = (*acmeBillingSystemViewImpl)(nil)
-	_ entropy.Sourcer                       = (*acmeBillingSystemViewImpl)(nil)
-	_ logical.PkiCertificateCountSystemView = (*acmeBillingSystemViewImpl)(nil)
+	_ logical.ACMEBillingSystemView      = (*acmeBillingSystemViewImpl)(nil)
+	_ extendedSystemView                 = (*acmeBillingSystemViewImpl)(nil)
+	_ logical.ManagedKeySystemView       = (*acmeBillingSystemViewImpl)(nil)
+	_ entropy.Sourcer                    = (*acmeBillingSystemViewImpl)(nil)
+	_ logical.CertificateCountSystemView = (*acmeBillingSystemViewImpl)(nil)
 )
 
 // Scenario 2 above.
@@ -84,10 +84,10 @@ type acmeBillingSystemViewImplNoSourcer struct {
 }
 
 var (
-	_ logical.ACMEBillingSystemView         = (*acmeBillingSystemViewImplNoSourcer)(nil)
-	_ extendedSystemView                    = (*acmeBillingSystemViewImplNoSourcer)(nil)
-	_ logical.ManagedKeySystemView          = (*acmeBillingSystemViewImplNoSourcer)(nil)
-	_ logical.PkiCertificateCountSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil)
+	_ logical.ACMEBillingSystemView      = (*acmeBillingSystemViewImplNoSourcer)(nil)
+	_ extendedSystemView                 = (*acmeBillingSystemViewImplNoSourcer)(nil)
+	_ logical.ManagedKeySystemView       = (*acmeBillingSystemViewImplNoSourcer)(nil)
+	_ logical.CertificateCountSystemView = (*acmeBillingSystemViewImplNoSourcer)(nil)
 )
 
 // Scenario 3 above.
@@ -97,9 +97,9 @@ type acmeBillingSystemViewImplNoManagedKeys struct {
 }
 
 var (
-	_ logical.ACMEBillingSystemView         = (*acmeBillingSystemViewImplNoManagedKeys)(nil)
-	_ extendedSystemView                    = (*acmeBillingSystemViewImplNoManagedKeys)(nil)
-	_ logical.PkiCertificateCountSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil)
+	_ logical.ACMEBillingSystemView      = (*acmeBillingSystemViewImplNoManagedKeys)(nil)
+	_ extendedSystemView                 = (*acmeBillingSystemViewImplNoManagedKeys)(nil)
+	_ logical.CertificateCountSystemView = (*acmeBillingSystemViewImplNoManagedKeys)(nil)
 )
 
 // NewAcmeBillingSystemView creates the appropriate implementation based on
@@ -144,6 +144,6 @@ func (a *acmeBillingImpl) CreateActivityCountEventForIdentifiers(ctx context.Con
 	return nil
 }
 
-func (a *acmeBillingImpl) GetPkiCertificateCounter() logical.CertificateCounter {
-	return a.core.GetPkiCertificateCounter()
+func (a *acmeBillingImpl) GetCertificateCounter() logical.CertificateCounter {
+	return a.core.GetCertificateCounter()
 }

vault/cert_count/cert_count_manager.go

@@ -1,7 +1,7 @@
 // Copyright IBM Corp. 2016, 2025
 // SPDX-License-Identifier: MPL-2.0
 
-package pki_cert_count
+package cert_count
 
 import (
 	"crypto/x509"
@@ -17,19 +17,19 @@ import (
 // all certificate counting.
 const envVaultDisableCertCount = "VAULT_DISABLE_CERT_COUNT"
 
-// consumerJobInterval is the interval the PkiCertificateCountManager uses
+// consumerJobInterval is the interval the CertificateCountManager uses
 // for StartConsumerJob. It is a variable so that unit tests can override it.
 var consumerJobInterval = 1 * time.Minute
 
-// PkiCertificateCountConsumer is a callback for consumers of the PKI certificate counts.
-type PkiCertificateCountConsumer func(logical.CertCount)
+// CertificateCountConsumer is a callback for consumers of the certificate counts.
+type CertificateCountConsumer func(logical.CertCount)
 
-// PkiCertificateCountManager keeps track of issued and stored PKI certificate counts.
-type PkiCertificateCountManager interface {
+// CertificateCountManager keeps track of issued and stored certificate counts.
+type CertificateCountManager interface {
 	logical.CertificateCounter
 	// StartConsumerJob starts a background job that periodically reports the counts to the
 	// given consumer. If a job is already running, it will be stopped and replaced.
-	StartConsumerJob(consumer PkiCertificateCountConsumer)
+	StartConsumerJob(consumer CertificateCountConsumer)
 
 	// StopConsumerJob stops the background job for the certificate count consumer, if one
 	// is running.
@@ -40,7 +40,7 @@ type PkiCertificateCountManager interface {
 	GetCounts() logical.CertCount
 }
 
-// certCountManager is an implementation of PkiCertificateCountManager.
+// certCountManager is an implementation of CertificateCountManager.
 type certCountManager struct {
 	count     logical.CertCount
 	countLock sync.RWMutex
@@ -51,20 +51,20 @@ type certCountManager struct {
 	logger hclog.Logger
 }
 
-var _ PkiCertificateCountManager = (*certCountManager)(nil)
+var _ CertificateCountManager = (*certCountManager)(nil)
 
-// InitPkiCertificateCountManager creates a new PkiCertificateCountManager, or a null
+// InitCertificateCountManager creates a new CertificateCountManager, or a null
 // implementation if certificate counting is disabled via the presence of the
 // VAULT_DISABLE_CERT_COUNT environment variable (with any value).
-func InitPkiCertificateCountManager(logger hclog.Logger) PkiCertificateCountManager {
+func InitCertificateCountManager(logger hclog.Logger) CertificateCountManager {
 	if os.Getenv(envVaultDisableCertCount) != "" {
-		logger.Warn("PKI certificate counting disabled via environment variable")
-		return newNullPkiCertificateCountManager()
+		logger.Warn("certificate counting disabled via environment variable")
+		return newNullCertificateCountManager()
 	}
-	return newPkiCertificateCountManager(logger)
+	return newCertificateCountManager(logger)
 }
 
-func newPkiCertificateCountManager(logger hclog.Logger) PkiCertificateCountManager {
+func newCertificateCountManager(logger hclog.Logger) CertificateCountManager {
 	ret := &certCountManager{
 		count:           logical.CertCount{},
 		reportTimerStop: nil,
@@ -73,7 +73,7 @@ func newPkiCertificateCountManager(logger hclog.Logger) PkiCertificateCountManag
 	return ret
 }
 
-func (m *certCountManager) StartConsumerJob(consumer PkiCertificateCountConsumer) {
+func (m *certCountManager) StartConsumerJob(consumer CertificateCountConsumer) {
 	m.reportTimerStopLock.Lock()
 	defer m.reportTimerStopLock.Unlock()
 
@@ -83,7 +83,7 @@ func (m *certCountManager) StartConsumerJob(consumer PkiCertificateCountConsumer
 	go m.reportLoop(m.reportTimerStop, consumer)
 }
 
-func (m *certCountManager) reportLoop(stop chan struct{}, consumer PkiCertificateCountConsumer) {
+func (m *certCountManager) reportLoop(stop chan struct{}, consumer CertificateCountConsumer) {
 	reportTicker := time.NewTicker(consumerJobInterval)
 	defer reportTicker.Stop()
 
@@ -100,7 +100,7 @@ func (m *certCountManager) reportLoop(stop chan struct{}, consumer PkiCertificat
 	}
 }
 
-func (m *certCountManager) consumeCount(consumer PkiCertificateCountConsumer) {
+func (m *certCountManager) consumeCount(consumer CertificateCountConsumer) {
 	m.countLock.Lock()
 	defer m.countLock.Unlock()
 
@@ -133,7 +133,7 @@ func (m *certCountManager) AddCount(params logical.CertCount) {
 
 	m.count.Add(params)
 
-	m.logger.Trace("incremented in-memory PKI certificate counts", "issuedCerts", m.count.IssuedCerts, "storedCerts", m.count.StoredCerts)
+	m.logger.Trace("incremented in-memory certificate counts", "issuedCerts", m.count.IssuedCerts, "storedCerts", m.count.StoredCerts)
 }
 
 func (m *certCountManager) Increment() logical.CertCountIncrementer {
@@ -149,36 +149,36 @@ func (m *certCountManager) GetCounts() (issuedCount logical.CertCount) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////
-// nullPkiCertificateCountManager
+// nullCertificateCountManager
 
-type nullPkiCertificateCountManager struct{}
+type nullCertificateCountManager struct{}
 
-var _ PkiCertificateCountManager = (*nullPkiCertificateCountManager)(nil)
+var _ CertificateCountManager = (*nullCertificateCountManager)(nil)
 
-func newNullPkiCertificateCountManager() PkiCertificateCountManager {
-	return &nullPkiCertificateCountManager{}
+func newNullCertificateCountManager() CertificateCountManager {
+	return &nullCertificateCountManager{}
 }
 
-func (n *nullPkiCertificateCountManager) AddCount(_ logical.CertCount) {
+func (n *nullCertificateCountManager) AddCount(_ logical.CertCount) {
 	// nothing to do
 }
 
-func (n *nullPkiCertificateCountManager) Increment() logical.CertCountIncrementer {
+func (n *nullCertificateCountManager) Increment() logical.CertCountIncrementer {
 	return logical.NewCertCountIncrementer(n)
 }
 
-func (n *nullPkiCertificateCountManager) AddIssuedCertificate(_ bool, _ *x509.Certificate) {
+func (n *nullCertificateCountManager) AddIssuedCertificate(_ bool, _ *x509.Certificate) {
 	// nothing to do
 }
 
-func (n *nullPkiCertificateCountManager) StartConsumerJob(_ PkiCertificateCountConsumer) {
+func (n *nullCertificateCountManager) StartConsumerJob(_ CertificateCountConsumer) {
 	// nothing to do
 }
 
-func (n *nullPkiCertificateCountManager) StopConsumerJob() {
+func (n *nullCertificateCountManager) StopConsumerJob() {
 	// nothing to do
 }
 
-func (n *nullPkiCertificateCountManager) GetCounts() (issuedCount logical.CertCount) {
+func (n *nullCertificateCountManager) GetCounts() (issuedCount logical.CertCount) {
 	return logical.CertCount{}
 }

vault/cert_count/cert_count_manager_test.go

@@ -1,7 +1,7 @@
 // Copyright IBM Corp. 2016, 2025
 // SPDX-License-Identifier: BUSL-1.1
 
-package pki_cert_count
+package cert_count
 
 import (
 	"crypto/rand"
@@ -47,10 +47,10 @@ func createTestCertificate(t *testing.T, validity time.Duration) *x509.Certifica
 	return cert
 }
 
-// TestPkiCertificateCountManager_IncrementAndConsume tests the behaviour of
-// PkiCertificateCountManager.
-func TestPkiCertificateCountManager_IncrementAndConsume(t *testing.T) {
-	manager := newPkiCertificateCountManager(hclog.NewNullLogger())
+// TestCertificateCountManager_IncrementAndConsume tests the behaviour of
+// CertificateCountManager.
+func TestCertificateCountManager_IncrementAndConsume(t *testing.T) {
+	manager := newCertificateCountManager(hclog.NewNullLogger())
 	consumerJobInterval = 10 * time.Millisecond
 
 	firstConsumerTotalCount := &atomic.Uint64{}

vault/cert_count/cert_count_storage.go

@@ -1,7 +1,7 @@
 // Copyright IBM Corp. 2016, 2025
 // SPDX-License-Identifier: MPL-2.0
 
-package pki_cert_count
+package cert_count
 
 import (
 	"context"

vault/cert_count/cert_count_storage_test.go

@@ -1,7 +1,7 @@
 // Copyright IBM Corp. 2016, 2025
 // SPDX-License-Identifier: MPL-2.0
 
-package pki_cert_count
+package cert_count
 
 import (
 	"context"

vault/core.go

@@ -63,10 +63,10 @@ import (
 	sr "github.com/hashicorp/vault/serviceregistration"
 	"github.com/hashicorp/vault/shamir"
 	"github.com/hashicorp/vault/vault/billing"
+	"github.com/hashicorp/vault/vault/cert_count"
 	"github.com/hashicorp/vault/vault/cluster"
 	"github.com/hashicorp/vault/vault/eventbus"
 	"github.com/hashicorp/vault/vault/observations"
-	"github.com/hashicorp/vault/vault/pki_cert_count"
 	"github.com/hashicorp/vault/vault/plugincatalog"
 	"github.com/hashicorp/vault/vault/quotas"
 	vaultseal "github.com/hashicorp/vault/vault/seal"
@@ -768,9 +768,9 @@ type Core struct {
 	// reportingScanDirectory is where the files emitted by /sys/reporting/scan go.
 	reportingScanDirectory string
 
-	// pkiCertCountManager keeps track of issued and stored PKI certificate counts for
-	// PKI-only billing purposes.
-	pkiCertCountManager pki_cert_count.PkiCertificateCountManager
+	// certCountManager keeps track of issued and stored PKI certificate counts for
+	// billing purposes.
+	certCountManager cert_count.CertificateCountManager
 }
 
 func (c *Core) ActiveNodeClockSkewMillis() int64 {
@@ -1152,7 +1152,7 @@ func CreateCore(conf *CoreConfig) (*Core, error) {
 		reportingScanDirectory:         conf.ReportingScanDirectory,
 	}
 
-	c.pkiCertCountManager = pki_cert_count.InitPkiCertificateCountManager(c.logger)
+	c.certCountManager = cert_count.InitCertificateCountManager(c.logger)
 
 	c.standbyStopCh.Store(make(chan struct{}))
 	atomic.StoreUint32(c.sealed, 1)

vault/core_util_common.go

@@ -81,8 +81,8 @@ func (c *Core) setupHeaderHMACKey(ctx context.Context, isPerfStandby bool) error
 	return nil
 }
 
-func (c *Core) GetPkiCertificateCounter() logical.CertificateCounter {
-	return c.pkiCertCountManager
+func (c *Core) GetCertificateCounter() logical.CertificateCounter {
+	return c.certCountManager
 }
 
 func (c *Core) GetConsumptionBillingManager() logical.ConsumptionBillingManager {

vault/logical_system_helpers.go

@@ -15,7 +15,7 @@ import (
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/logical"
-	"github.com/hashicorp/vault/vault/pki_cert_count"
+	"github.com/hashicorp/vault/vault/cert_count"
 )
 
 type enterprisePathStub struct {
@@ -291,16 +291,16 @@ func ceSysInitialize(b *SystemBackend) func(context.Context, *logical.Initializa
 			return fmt.Errorf("failed to initialize activation flags: %w", err)
 		}
 
-		b.Core.pkiCertCountManager.StartConsumerJob(func(increment logical.CertCount) {
-			b.Core.consumePkiCertCounts(increment)
+		b.Core.certCountManager.StartConsumerJob(func(increment logical.CertCount) {
+			b.Core.consumeCertCounts(increment)
 		})
 		return nil
 	}
 }
 
-// consumePkiCertCounts updates the PKI certificate counts in storage if we are
+// consumeCertCounts updates the certificate counts in storage if we are
 // running on the active node; otherwise it forwards them to the active node.
-func (c *Core) consumePkiCertCounts(inc logical.CertCount) {
+func (c *Core) consumeCertCounts(inc logical.CertCount) {
 	var consumed bool
 	haState := c.HAStateWithLock()
 	if inc.IsZero() {
@@ -311,20 +311,20 @@ func (c *Core) consumePkiCertCounts(inc logical.CertCount) {
 	case consts.Standby:
 		consumed = true
 	case consts.PerfStandby:
-		consumed = forwardPkiCertCounts(c, inc)
+		consumed = forwardCertCounts(c, inc)
 	case consts.Active:
-		c.logger.Info("storing PKI certificate counts", "issuedCerts", inc.IssuedCerts, "storedCerts", inc.StoredCerts)
-		err := pki_cert_count.IncrementStoredCounts(c.activeContext, c.barrier, inc)
+		c.logger.Info("storing certificate counts", "issuedCerts", inc.IssuedCerts, "storedCerts", inc.StoredCerts)
+		err := cert_count.IncrementStoredCounts(c.activeContext, c.barrier, inc)
 		if err != nil {
-			c.logger.Error("error storing PKI certificate counts", "error", err)
+			c.logger.Error("error storing certificate counts", "error", err)
 		} else {
 			consumed = true
 		}
 	default:
-		c.logger.Error("Unexpected HA state when consuming PKI certificate counts", "ha_state", haState)
+		c.logger.Error("Unexpected HA state when consuming certificate counts", "ha_state", haState)
 	}
 	if !consumed {
-		c.pkiCertCountManager.AddCount(inc)
+		c.certCountManager.AddCount(inc)
 	}
 }
 

vault/logical_system_helpers_stubs_oss.go

@@ -7,6 +7,6 @@ package vault
 
 import "github.com/hashicorp/vault/sdk/logical"
 
-func forwardPkiCertCounts(c *Core, inc logical.CertCount) bool {
+func forwardCertCounts(c *Core, inc logical.CertCount) bool {
 	return false
 }

vault/testing_util.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/vault/vault/pki_cert_count"
+	"github.com/hashicorp/vault/vault/cert_count"
 	"github.com/hashicorp/vault/version"
 	"github.com/stretchr/testify/require"
 )
@@ -23,19 +23,18 @@ func init() {
 }
 
 func (c *TestClusterCore) StopPkiCertificateCountConsumerJob() {
-	mgr := c.Core.pkiCertCountManager.(pki_cert_count.PkiCertificateCountManager)
+	mgr := c.Core.certCountManager.(cert_count.CertificateCountManager)
 	mgr.StopConsumerJob()
 }
 
 func (c *TestClusterCore) ResetPkiCertificateCounts() {
-	mgr := c.Core.pkiCertCountManager.(pki_cert_count.PkiCertificateCountManager)
-
+	mgr := c.Core.certCountManager.(cert_count.CertificateCountManager)
 	c.pkiCertificateCountData = mgr.GetCounts()
 }
 
 func (c *TestClusterCore) RequirePkiCertificateCounts(t testing.TB, expectedIssuedCount, expectedStoredCount int) {
 	t.Helper()
-	mgr := c.Core.pkiCertCountManager.(pki_cert_count.PkiCertificateCountManager)
+	mgr := c.Core.certCountManager.(cert_count.CertificateCountManager)
 	actualCount := mgr.GetCounts()
 
 	actualCount.IssuedCerts -= c.pkiCertificateCountData.IssuedCerts