Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add expiry Predicate to SecretLeaseContainer to determine whether a Lease is expired #809

Closed
yuandongjian opened this issue Aug 17, 2023 · 3 comments
Closed

Add expiry Predicate to SecretLeaseContainer to determine whether a Lease is expired #809

yuandongjian opened this issue Aug 17, 2023 · 3 comments
Labels
type: enhancement A general enhancement
Milestone
3.2.0-M1

Comments

@yuandongjian
Copy link

expiryThreshold is shared by minRenewal, It is difficult to assess how much minRenewal should be set

renewed.getLeaseDuration().getSeconds() < this.minRenewal.getSeconds()

https://github.com/spring-projects/spring-vault/blob/afdbdd67f1018634a536fa4e0f60a52d37b1860c/spring-vault-core/src/main/java/org/springframework/vault/core/lease/SecretLeaseContainer.java#L594C5-L594C5
@mp911de
Copy link
Member

mp911de commented Aug 17, 2023

Care to elaborate on what you're planning to achieve? Please provide more detail and context so that we can understand what you're up to.

@yuandongjian
Copy link
Author

Here is my code.

    class VaultForJdbc {
        private static SecretLeaseContainer secretLeaseContainer;

        static {
            VaultTemplate vaultTemplate = new VaultTemplate(VaultEndpoint.create("http://127.0.0.1", 1234));
            SecretLeaseContainer secretLeaseContainer = new SecretLeaseContainer(vaultTemplate);
            secretLeaseContainer.afterPropertiesSet();
            secretLeaseContainer.start();
            VaultForJdbc.secretLeaseContainer = secretLeaseContainer;
        }
        
        private static Map<RequestedSecret, LeaseAwareVaultPropertySource> map = new ConcurrentHashMap<>();
        
        public static LeaseAwareVaultPropertySource requestSecret(RequestedSecret requestedSecret) {
            return map.computeIfAbsent(requestedSecret, k -> new LeaseAwareVaultPropertySource(secretLeaseContainer, requestedSecret));
        }
    }

    public static void main(String[] args) {
        LeaseAwareVaultPropertySource propertySource = VaultForJdbc.requestSecret(RequestedSecret.rotating("/database/readwrite"));
        Object username = propertySource.getProperty("username");
        Object password = propertySource.getProperty("password");
    }

minRenewal is used in two pieces of code.

  1. Sets the amount of seconds that is at least required before renewing a lease.
  2. Ttl threshold of the valid lease

SecretLeaseContainer whether can like LifecycleAwareSessionManagerSupport. RefreshTrigger, Open for users to configure nextExecutionTime and getValidTtlThreshold?

@yuandongjian
Copy link
Author

If a sockettimeout is displayed, The default leaseStrategy is drop, but onLeaseExpired(requestedSecret, lease) is not executed after drop. Note Rescheduling can only be triggered by the user rotate, which affects the execution time of the user. if leaseStrategy is retainOnIoError, doRenewLease will return the original lease with no change in leaseDuration, resulting in a high probability that the calculation for the next execution cycle is wrong.

spring-vault/spring-vault-core/src/main/java/org/springframework/vault/core/lease/SecretLeaseContainer.java

Line 680 in 61ca991

if (expired || this.leaseStrategy.shouldDrop(exceptionToUse)) {

@mp911de mp911de changed the title SecretLeaseContainer has no expiryThreshold parameter Introduce interface to calculate remaining validity and renewal for a Lease using SecretLeaseContainer Nov 1, 2023
@mp911de mp911de added the type: enhancement A general enhancement label Nov 1, 2023
@mp911de mp911de changed the title Introduce interface to calculate remaining validity and renewal for a Lease using SecretLeaseContainer Add expiry Predicate to SecretLeaseContainer to determine whether a Lease is expired Jun 6, 2024
@mp911de mp911de added this to the 3.2.0 milestone Jun 6, 2024
@mp911de mp911de closed this as completed in 867c56c Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
3.2.0-M1
Development

No branches or pull requests
2 participants
@mp911de @yuandongjian