Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Census manual reporting : Always enable manual reporting CE changes #24847

Merged
merged 2 commits into from
Jan 12, 2024
Merged

Census manual reporting : Always enable manual reporting CE changes #24847

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0128efc
adding oss changes from ent
akshya96 Jan 12, 2024
4817907
Merge branch 'main' into vault-22877-oss
akshya96 Jan 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion vault/activity_log.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1105,7 +1105,7 @@ func (c *Core) setupActivityLogLocked(ctx context.Context, wg *sync.WaitGroup) e
c.AddLogger(logger)

if os.Getenv("VAULT_DISABLE_ACTIVITY_LOG") != "" {
if c.CensusLicensingEnabled() {
if c.ManualLicenseReportingEnabled() {
logger.Warn("activity log disabled via environment variable while reporting is enabled. " +
"Reporting will override, and the activity log will be enabled")
} else {
Expand Down
246 changes: 96 additions & 150 deletions vault/activity_log_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -846,155 +846,89 @@ func TestActivityLog_MultipleFragmentsAndSegments(t *testing.T) {
}
}

// TestActivityLog_API_ConfigCRUD performs various CRUD operations on internal/counters/config.
func TestActivityLog_API_ConfigCRUD(t *testing.T) {
// TestActivityLog_API_ConfigCRUD_Census performs various CRUD operations on internal/counters/config
// depending on license reporting
func TestActivityLog_API_ConfigCRUD_Census(t *testing.T) {
core, b, _ := testCoreSystemBackend(t)
view := core.systemBarrierView

// Test reading the defaults
{
req := logical.TestRequest(t, logical.ReadOperation, "internal/counters/config")
req.Storage = view
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
defaults := map[string]interface{}{
"default_report_months": 12,
"retention_months": 24,
"enabled": activityLogEnabledDefaultValue,
"queries_available": false,
"reporting_enabled": core.CensusLicensingEnabled(),
"billing_start_timestamp": core.BillingStart(),
"minimum_retention_months": core.activityLog.configOverrides.MinimumRetentionMonths,
}

if diff := deep.Equal(resp.Data, defaults); len(diff) > 0 {
t.Fatalf("diff: %v", diff)
}
}

// Check Error Cases
{
req := logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["default_report_months"] = 0
_, err := b.HandleRequest(namespace.RootContext(nil), req)
if err == nil {
t.Fatal("expected error")
}

req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["enabled"] = "bad-value"
_, err = b.HandleRequest(namespace.RootContext(nil), req)
req := logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["retention_months"] = 2
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if core.ManualLicenseReportingEnabled() {
if err == nil {
t.Fatal("expected error")
}

req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["retention_months"] = 0
req.Data["enabled"] = "enable"
_, err = b.HandleRequest(namespace.RootContext(nil), req)
if err == nil {
t.Fatal("expected error")
if resp.Data["error"] != `retention_months must be at least 24 while Reporting is enabled` {
t.Fatalf("bad: %v", resp)
}
}

// Test single key updates
{
req := logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["default_report_months"] = 1
resp, err := b.HandleRequest(namespace.RootContext(nil), req)
} else {
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
}

req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["retention_months"] = 2
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["retention_months"] = 26
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}

req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["enabled"] = "disable"
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if core.ManualLicenseReportingEnabled() {
if err == nil {
t.Fatal("expected error")
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
if resp.Data["error"] != `cannot disable the activity log while Reporting is enabled` {
t.Fatalf("bad: %v", resp)
}

req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["enabled"] = "enable"
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
} else {
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}

req = logical.TestRequest(t, logical.ReadOperation, "internal/counters/config")
req.Storage = view
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
expected := map[string]interface{}{
"default_report_months": 1,
"retention_months": 2,
"enabled": "enable",
"queries_available": false,
"reporting_enabled": core.CensusLicensingEnabled(),
"billing_start_timestamp": core.BillingStart(),
"minimum_retention_months": core.activityLog.configOverrides.MinimumRetentionMonths,
}

if diff := deep.Equal(resp.Data, expected); len(diff) > 0 {
t.Fatalf("diff: %v", diff)
}
}

// Test updating all keys
{
req := logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["enabled"] = "default"
req.Data["retention_months"] = 24
req.Data["default_report_months"] = 12

originalEnabled := core.activityLog.GetEnabled()
newEnabled := activityLogEnabledDefault

resp, err := b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
checkAPIWarnings(t, originalEnabled, newEnabled, resp)

req = logical.TestRequest(t, logical.ReadOperation, "internal/counters/config")
req.Storage = view
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
req.Storage = view
req.Data["enabled"] = "enable"
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}

defaults := map[string]interface{}{
"default_report_months": 12,
"retention_months": 24,
"enabled": activityLogEnabledDefaultValue,
"queries_available": false,
"reporting_enabled": core.CensusLicensingEnabled(),
"billing_start_timestamp": core.BillingStart(),
"minimum_retention_months": core.activityLog.configOverrides.MinimumRetentionMonths,
}
req = logical.TestRequest(t, logical.ReadOperation, "internal/counters/config")
req.Storage = view
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
if err != nil {
t.Fatalf("err: %v", err)
}
expected := map[string]interface{}{
"default_report_months": 12,
"retention_months": 26,
"enabled": "enable",
"queries_available": false,
"reporting_enabled": core.AutomatedLicenseReportingEnabled(),
"billing_start_timestamp": core.BillingStart(),
"minimum_retention_months": core.activityLog.configOverrides.MinimumRetentionMonths,
}

if diff := deep.Equal(resp.Data, defaults); len(diff) > 0 {
t.Fatalf("diff: %v", diff)
}
if diff := deep.Equal(resp.Data, expected); len(diff) > 0 {
t.Fatalf("diff: %v", diff)
}
}

Expand Down Expand Up @@ -2172,7 +2106,8 @@ func checkAPIWarnings(t *testing.T, originalEnabled, newEnabled bool, resp *logi
}

// TestActivityLog_EnableDisable writes a segment, adds an entity to the in-memory fragment, then disables the activity
// log. The test verifies that the segment doesn't exist. The activity log is enabled, then verified that an empty
// log. The test verifies that activity log cannot be disabled if manual reporting is enabled and no segment data is lost.
// If manual reporting is not enabled(OSS), The test verifies that the segment doesn't exist. The activity log is enabled, then verified that an empty
// segment is written and new clients can be added and written to segments.
func TestActivityLog_EnableDisable(t *testing.T) {
timeutil.SkipAtEndOfMonth(t)
Expand Down Expand Up @@ -2204,10 +2139,19 @@ func TestActivityLog_EnableDisable(t *testing.T) {
req.Storage = view
req.Data["enabled"] = "disable"
resp, err := b.HandleRequest(ctx, req)
if err != nil {
t.Fatalf("err: %v", err)
if a.core.ManualLicenseReportingEnabled() {
if err == nil {
t.Fatal("expected error")
}
if resp.Data["error"] != `cannot disable the activity log while Reporting is enabled` {
t.Fatalf("bad: %v", resp)
}
} else {
if err != nil {
t.Fatalf("err: %v", err)
}
checkAPIWarnings(t, originalEnabled, false, resp)
}
checkAPIWarnings(t, originalEnabled, false, resp)
}

// enable (if not already) and write a segment
Expand All @@ -2233,33 +2177,35 @@ func TestActivityLog_EnableDisable(t *testing.T) {
// Add in-memory fragment
a.AddEntityToFragment(id3, "root", time.Now().Unix())

// disable and verify segment no longer exists
// disable and verify segment exists
disableRequest()

timeout := time.After(20 * time.Second)
select {
case <-a.deleteDone:
break
case <-timeout:
t.Fatalf("timed out")
}
if !a.core.ManualLicenseReportingEnabled() {
timeout := time.After(20 * time.Second)
select {
case <-a.deleteDone:
break
case <-timeout:
t.Fatalf("timed out")
}

expectMissingSegment(t, core, path)
a.ExpectCurrentSegmentRefreshed(t, 0, false)
expectMissingSegment(t, core, path)
a.ExpectCurrentSegmentRefreshed(t, 0, false)

// enable (if not already) which force-writes an empty segment
enableRequest()
// enable (if not already) which force-writes an empty segment
enableRequest()

seg2 := a.GetStartTimestamp()
if seg1 >= seg2 {
t.Errorf("bad second segment timestamp, %v >= %v", seg1, seg2)
}
seg2 := a.GetStartTimestamp()
if seg1 >= seg2 {
t.Errorf("bad second segment timestamp, %v >= %v", seg1, seg2)
}

// Verify empty segments are present
path = fmt.Sprintf("%ventity/%v/0", ActivityLogPrefix, seg2)
readSegmentFromStorage(t, core, path)
// Verify empty segments are present
path = fmt.Sprintf("%ventity/%v/0", ActivityLogPrefix, seg2)
readSegmentFromStorage(t, core, path)

path = fmt.Sprintf("%vdirecttokens/%v/0", ActivityLogPrefix, seg2)
path = fmt.Sprintf("%vdirecttokens/%v/0", ActivityLogPrefix, seg2)
}
readSegmentFromStorage(t, core, path)
}

Expand Down
13 changes: 7 additions & 6 deletions vault/census.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,10 @@ import "time"
type CensusReporter interface{}

// setupCensusAgent is a stub for OSS.
func (c *Core) setupCensusAgent() error { return nil }
func (c *Core) BillingStart() time.Time { return time.Time{} }
func (c *Core) CensusLicensingEnabled() bool { return false }
func (c *Core) CensusAgent() CensusReporter { return nil }
func (c *Core) ReloadCensus() error { return nil }
func (c *Core) teardownCensusAgent() error { return nil }
func (c *Core) setupCensusAgent() error { return nil }
func (c *Core) BillingStart() time.Time { return time.Time{} }
func (c *Core) AutomatedLicenseReportingEnabled() bool { return false }
func (c *Core) CensusAgent() CensusReporter { return nil }
func (c *Core) ReloadCensus() error { return nil }
func (c *Core) teardownCensusAgent() error { return nil }
func (c *Core) ManualLicenseReportingEnabled() bool { return false }
9 changes: 5 additions & 4 deletions vault/logical_system_activity.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,7 +328,7 @@ func (b *SystemBackend) handleActivityConfigRead(ctx context.Context, req *logic
"retention_months": config.RetentionMonths,
"enabled": config.Enabled,
"queries_available": qa,
"reporting_enabled": b.Core.CensusLicensingEnabled(),
"reporting_enabled": b.Core.AutomatedLicenseReportingEnabled(),
"billing_start_timestamp": b.Core.BillingStart(),
"minimum_retention_months": a.configOverrides.MinimumRetentionMonths,
},
Expand Down Expand Up @@ -388,8 +388,8 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
!activityLogEnabledDefault && config.Enabled == "enable" && enabledStr == "default" ||
activityLogEnabledDefault && config.Enabled == "default" && enabledStr == "disable" {

// if census is enabled, the activity log cannot be disabled
if a.core.CensusLicensingEnabled() {
// if reporting is enabled, the activity log cannot be disabled. Manual Reporting is always enabled on ent.
if a.core.ManualLicenseReportingEnabled() {
return logical.ErrorResponse("cannot disable the activity log while Reporting is enabled"), logical.ErrInvalidRequest
}
warnings = append(warnings, "the current monthly segment will be deleted because the activity log was disabled")
Expand All @@ -416,7 +416,8 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
return logical.ErrorResponse("retention_months cannot be 0 while enabled"), logical.ErrInvalidRequest
}

if a.core.CensusLicensingEnabled() && config.RetentionMonths < minimumRetentionMonths {
// if manual license reporting is enabled, retention months must at least be 24 months
if a.core.ManualLicenseReportingEnabled() && config.RetentionMonths < minimumRetentionMonths {
return logical.ErrorResponse("retention_months must be at least %d while Reporting is enabled", minimumRetentionMonths), logical.ErrInvalidRequest
}

Expand Down
Loading