From afe599145dda0a3fa1ddce0bf2853c8d07a12bb5 Mon Sep 17 00:00:00 2001 From: miagilepner Date: Fri, 26 Jan 2024 12:01:19 +0100 Subject: [PATCH] VAULT-23516: Disable secret sync billing (#25091) --- vault/activity_log.go | 7 +++++++ vault/activity_log_test.go | 3 +++ 2 files changed, 10 insertions(+) diff --git a/vault/activity_log.go b/vault/activity_log.go index 5f855eab13..461daae920 100644 --- a/vault/activity_log.go +++ b/vault/activity_log.go @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/timeutil" + "github.com/hashicorp/vault/sdk/helper/license" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/activity" "go.uber.org/atomic" @@ -85,6 +86,9 @@ const ( nonEntityTokenActivityType = "non-entity-token" entityActivityType = "entity" secretSyncActivityType = "secret-sync" + + // FeatureSecretSyncBilling will always be false + FeatureSecretSyncBilling = license.FeatureNone ) type segmentInfo struct { @@ -1478,6 +1482,9 @@ func (a *ActivityLog) AddClientToFragment(clientID string, namespaceID string, t // fragment. The timestamp is a Unix timestamp *without* nanoseconds, // as that is what token.CreationTime uses. func (a *ActivityLog) AddActivityToFragment(clientID string, namespaceID string, timestamp int64, activityType string, mountAccessor string) { + if activityType == secretSyncActivityType && !a.core.HasFeature(FeatureSecretSyncBilling) { + return + } // Check whether entity ID already recorded var present bool diff --git a/vault/activity_log_test.go b/vault/activity_log_test.go index 3387f030b3..dc02fed1c8 100644 --- a/vault/activity_log_test.go +++ b/vault/activity_log_test.go @@ -4811,6 +4811,9 @@ func TestAddActivityToFragment(t *testing.T) { } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { + if tc.activityType == secretSyncActivityType && !core.HasFeature(FeatureSecretSyncBilling) { + t.Skip() + } a.fragmentLock.RLock() numClientsBefore := len(a.fragment.Clients) a.fragmentLock.RUnlock()