hashicorp · swayne275 · Jun 2, 2021 · May 13, 2021 · May 13, 2021 · May 13, 2021
diff --git a/changelog/11607.txt b/changelog/11607.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+core: add irrevocable lease list and count apis
+```
diff --git a/vault/expiration.go b/vault/expiration.go
@@ -73,6 +73,14 @@ const (
 	genericIrrevocableErrorMessage = "unknown"
 
 	outOfRetriesMessage = "out of retries"
+
+	// maximum number of irrevocable leases we return to the irrevocable lease
+	// list API **without** the `force` flag set
+	MaxIrrevocableLeasesToReturn = 10000
+)
+
+var (
+	errHitMaxIrrevocableLeases = errors.New("Command cancelled because many irrevocable leases were found. To emit the entire list, re-run the command with force set true.")
 )
 
 type pendingInfo struct {
@@ -261,18 +269,7 @@ func (r *revocationJob) OnFailure(err error) {
 func expireLeaseStrategyFairsharing(ctx context.Context, m *ExpirationManager, leaseID string, ns *namespace.Namespace) {
 	nsCtx := namespace.ContextWithNamespace(ctx, ns)
 
-	var mountAccessor string
-	m.coreStateLock.RLock()
-	mount := m.core.router.MatchingMountEntry(nsCtx, leaseID)
-	m.coreStateLock.RUnlock()
-
-	if mount == nil {
-		// figure out what this means - if we couldn't find the mount, can we automatically revoke
-		m.logger.Debug("could not find lease path", "lease_id", leaseID)
-		mountAccessor = "mount-accessor-not-found"
-	} else {
-		mountAccessor = mount.Accessor
-	}
+	mountAccessor := m.getLeaseMountAccessor(ctx, leaseID)
 
 	job, err := newRevocationJob(nsCtx, leaseID, ns, m)
 	if err != nil {
@@ -2418,6 +2415,142 @@ func (m *ExpirationManager) markLeaseIrrevocable(ctx context.Context, le *leaseE
 	m.nonexpiring.Delete(le.LeaseID)
 }
 
+func (m *ExpirationManager) getNamespaceFromLeaseID(ctx context.Context, leaseID string) (*namespace.Namespace, error) {
+	_, nsID := namespace.SplitIDFromString(leaseID)
+
+	// avoid re-declaring leaseNS and err with scope inside the if
+	leaseNS := namespace.RootNamespace
+	var err error
+	if nsID != "" {
+		leaseNS, err = NamespaceByID(ctx, nsID, m.core)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return leaseNS, nil
+}
+
+func (m *ExpirationManager) getLeaseMountAccessor(ctx context.Context, leaseID string) string {
+	m.coreStateLock.RLock()
+	mount := m.core.router.MatchingMountEntry(ctx, leaseID)
+	m.coreStateLock.RUnlock()
+
+	var mountAccessor string
+	if mount == nil {
+		mountAccessor = "mount-accessor-not-found"
+	} else {
+		mountAccessor = mount.Accessor
+	}
+
+	return mountAccessor
+}
+
+// TODO SW if keep counts as a map, should update the RFC
+func (m *ExpirationManager) getIrrevocableLeaseCounts(ctx context.Context, includeChildNamespaces bool) (map[string]interface{}, error) {
+	requestNS, err := namespace.FromContext(ctx)
+	if err != nil {
+		m.logger.Error("could not get namespace from context", "error", err)
+		return nil, err
+	}
+
+	numMatchingLeasesPerMount := make(map[string]int)
+	numMatchingLeases := 0
+	m.irrevocable.Range(func(k, v interface{}) bool {
+		leaseID := k.(string)
+		leaseNS, err := m.getNamespaceFromLeaseID(ctx, leaseID)
+		if err != nil {
+			// We should probably note that an error occured, but continue counting
+			m.logger.Warn("could not get lease namespace from ID", "error", err)
+			return true
+		}
+
+		leaseMatches := (leaseNS == requestNS) || (includeChildNamespaces && leaseNS.HasParent(requestNS))
+		if !leaseMatches {
+			// the lease doesn't meet our criteria, so keep looking
+			return true
+		}
+
+		mountAccessor := m.getLeaseMountAccessor(ctx, leaseID)
+
+		if _, ok := numMatchingLeasesPerMount[mountAccessor]; !ok {
+			numMatchingLeasesPerMount[mountAccessor] = 0
+		}
+
+		numMatchingLeases++
+		numMatchingLeasesPerMount[mountAccessor]++
+
+		return true
+	})
+
+	resp := make(map[string]interface{})
+	resp["lease_count"] = numMatchingLeases
+	resp["counts"] = numMatchingLeasesPerMount
+
+	return resp, nil
+}
+
+type leaseResponse struct {
+	LeaseID string `json:"lease_id"`
+	ErrMsg  string `json:"error"`
+}
+
+func (m *ExpirationManager) listIrrevocableLeases(ctx context.Context, includeChildNamespaces, force bool) (map[string]interface{}, error) {
+	requestNS, err := namespace.FromContext(ctx)
+	if err != nil {
+		m.logger.Error("could not get namespace from context", "error", err)
+		return nil, err
+	}
+
+	// map of mount point : lease info
+	matchingLeasesPerMount := make(map[string][]*leaseResponse)
+	numMatchingLeases := 0
+	var retErr error
+	m.irrevocable.Range(func(k, v interface{}) bool {
+		leaseID := k.(string)
+		leaseInfo := v.(*leaseEntry)
+
+		leaseNS, err := m.getNamespaceFromLeaseID(ctx, leaseID)
+		if err != nil {
+			// We probably want to track that an error occured, but continue counting
+			m.logger.Warn("could not get lease namespace from ID", "error", err)
+			return true
+		}
+
+		leaseMatches := (leaseNS == requestNS) || (includeChildNamespaces && leaseNS.HasParent(requestNS))
+		if !leaseMatches {
+			// the lease doesn't meet our criteria, so keep looking
+			return true
+		}
+
+		if !force && (numMatchingLeases >= MaxIrrevocableLeasesToReturn) {
+			m.logger.Warn("hit max irrevocable leases without force flag set")
+			retErr = errHitMaxIrrevocableLeases
+			return false
+		}
+
+		mountAccessor := m.getLeaseMountAccessor(ctx, leaseID)
+
+		numMatchingLeases++
+		matchingLeasesPerMount[mountAccessor] = append(matchingLeasesPerMount[mountAccessor], &leaseResponse{
+			LeaseID: leaseID,
+			ErrMsg:  leaseInfo.RevokeErr,
+		})
+
+		return true
+	})
+
+	if retErr != nil {
+		return nil, retErr
+	}
+
+	resp := make(map[string]interface{})
+	resp["lease_count"] = numMatchingLeases
+	resp["leases"] = matchingLeasesPerMount
+
+	return resp, nil
+}
+
 // leaseEntry is used to structure the values the expiration
 // manager stores. This is used to handle renew and revocation.
 type leaseEntry struct {

diff --git a/vault/expiration_test.go b/vault/expiration_test.go
@@ -3005,3 +3005,188 @@ func TestExpiration_unrecoverableErrorMakesIrrevocable(t *testing.T) {
 		}
 	}
 }
+
+// set up multiple mounts, and return a mapping of the path to the mount accessor
+func mountNoopBackends(t *testing.T, c *Core, paths []string) map[string]string {
+	t.Helper()
+
+	// enable the noop backend
+	c.logicalBackends["noop"] = func(ctx context.Context, config *logical.BackendConfig) (logical.Backend, error) {
+		return &NoopBackend{}, nil
+	}
+
+	pathToMount := make(map[string]string)
+	for _, path := range paths {
+		me := &MountEntry{
+			Table: mountTableType,
+			Path:  path,
+			Type:  "noop",
+		}
+		err := c.mount(namespace.RootContext(nil), me)
+		if err != nil {
+			t.Fatalf("err mounting backend %s: %v", path, err)
+		}
+
+		mount := c.router.MatchingMountEntry(namespace.RootContext(nil), path)
+		if mount == nil {
+			t.Fatalf("couldn't find mount for path %s", path)
+		}
+		pathToMount[path] = mount.Accessor
+	}
+
+	return pathToMount
+}
+
+func TestExpiration_getIrrevocableLeaseCounts(t *testing.T) {
+	c, _, _ := TestCoreUnsealed(t)
+
+	mountPrefixes := []string{"foo/bar/1/", "foo/bar/2/", "foo/bar/3/"}
+	pathToMount := mountNoopBackends(t, c, mountPrefixes)
+
+	exp := c.expiration
+
+	expectedPerMount := 10
+	for i := 0; i < expectedPerMount; i++ {
+		for _, mountPrefix := range mountPrefixes {
+			addIrrevocableLease(t, exp, mountPrefix, namespace.RootNamespace)
+		}
+	}
+
+	out, err := exp.getIrrevocableLeaseCounts(namespace.RootContext(nil), false)
+	if err != nil {
+		t.Fatalf("error getting irrevocable lease counts: %v", err)
+	}
+
+	countRaw, ok := out["lease_count"]
+	if !ok {
+		t.Fatal("no lease count")
+	}
+
+	countPerMountRaw, ok := out["counts"]
+	if !ok {
+		t.Fatal("no count per mount")
+	}
+
+	count := countRaw.(int)
+	countPerMount := countPerMountRaw.(map[string]int)
+
+	expectedCount := len(mountPrefixes) * expectedPerMount
+	if count != expectedCount {
+		t.Errorf("bad count. expected %d, got %d", expectedCount, count)
+	}
+
+	if len(countPerMount) != len(mountPrefixes) {
+		t.Fatalf("bad mounts. got %#v, expected %v", countPerMount, mountPrefixes)
+	}
+
+	for _, mountPrefix := range mountPrefixes {
+		mountCount := countPerMount[pathToMount[mountPrefix]]
+		if mountCount != expectedPerMount {
+			t.Errorf("bad count for prefix %q. expected %d, got %d", mountPrefix, expectedPerMount, mountCount)
+		}
+	}
+}
+
+func TestExpiration_listIrrevocableLeases(t *testing.T) {
+	c, _, _ := TestCoreUnsealed(t)
+
+	mountPrefixes := []string{"foo/bar/1/", "foo/bar/2/", "foo/bar/3/"}
+	pathToMount := mountNoopBackends(t, c, mountPrefixes)
+
+	exp := c.expiration
+
+	expectedLeasesPerMount := make(map[string][]string)
+	expectedPerMount := 10
+	for i := 0; i < expectedPerMount; i++ {
+		for _, mountPrefix := range mountPrefixes {
+			leaseID := addIrrevocableLease(t, exp, mountPrefix, namespace.RootNamespace)
+			expectedLeasesPerMount[mountPrefix] = append(expectedLeasesPerMount[mountPrefix], leaseID)
+		}
+	}
+
+	out, err := exp.listIrrevocableLeases(namespace.RootContext(nil), false, false)
+	if err != nil {
+		t.Fatalf("error listing irrevocable leases: %v", err)
+	}
+
+	countRaw, ok := out["lease_count"]
+	if !ok {
+		t.Fatal("no lease count")
+	}
+
+	leasesRaw, ok := out["leases"]
+	if !ok {
+		t.Fatal("no leases")
+	}
+
+	count := countRaw.(int)
+	leases := leasesRaw.(map[string][]*leaseResponse)
+
+	expectedCount := len(mountPrefixes) * expectedPerMount
+	if count != expectedCount {
+		t.Errorf("bad count. expected %d, got %d", expectedCount, count)
+	}
+
+	for _, mountPrefix := range mountPrefixes {
+		mount := pathToMount[mountPrefix]
+
+		// sort both sets of data for easy comparison
+		sort.Strings(expectedLeasesPerMount[mountPrefix])
+		sort.Slice(leases[mount], func(i, j int) bool {
+			return leases[mount][i].LeaseID < leases[mount][j].LeaseID
+		})
+
+		if len(leases[mount]) != expectedPerMount {
+			t.Fatalf("bad leases for mount prefix %q: expected %d, got %d", mountPrefix, expectedPerMount, len(leases[mount]))
+		}
+
+		for i, v := range expectedLeasesPerMount[mountPrefix] {
+			lease := leases[mount][i]
+			if lease.LeaseID != v {
+				t.Errorf("bad leaseID for mount prefix %q: expected %s, got %s", mountPrefix, v, lease.LeaseID)
+			}
+			if lease.ErrMsg == "" {
+				t.Errorf("no error message for irrevocable leaseID %q", lease.LeaseID)
+			}
+		}
+	}
+}
+
+func TestExpiration_listIrrevocableLeases_force(t *testing.T) {
+	c, _, _ := TestCoreUnsealed(t)
+	exp := c.expiration
+
+	expectedNumLeases := MaxIrrevocableLeasesToReturn + 10
+	for i := 0; i < expectedNumLeases; i++ {
+		addIrrevocableLease(t, exp, "foo/", namespace.RootNamespace)
+	}
+
+	dataRaw, err := exp.listIrrevocableLeases(namespace.RootContext(nil), false, false)
+	if err == nil {
+		t.Fatalf("expected error - more than max number of irrevocable leases")
+	}
+	if dataRaw != nil {
+		t.Fatalf("expected nil data, got %#v", dataRaw)
+	}
+
+	dataRaw, err = exp.listIrrevocableLeases(namespace.RootContext(nil), false, true)
+	if err != nil {
+		t.Fatalf("got error on force list leases: %v", err)
+	}
+	if dataRaw == nil {
+		t.Fatalf("got nil data on force list leases")
+	}
+
+	numLeasesRaw, ok := dataRaw["lease_count"]
+	if !ok {
+		t.Fatalf("lease count data not present")
+	}
+	if numLeasesRaw == nil {
+		t.Fatalf("nil lease count")
+	}
+
+	numLeases := numLeasesRaw.(int)
+	if numLeases != expectedNumLeases {
+		t.Errorf("bad lease count. expected %d, got %d", expectedNumLeases, numLeases)
+	}
+}