Add Delete support

hdecarne-github · Jan 3, 2024 · e7b0170 · e7b0170
1 parent 7f50da1
commit e7b0170
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 12 deletions.
diff --git a/storage/fs.go b/storage/fs.go
@@ -92,6 +92,20 @@ func (backend *fsBackend) Update(name string, data []byte) (Version, error) {
 	return nextVersion, nil
 }
 
+func (backend *fsBackend) Delete(name string) error {
+	backend.logger.Debug().Msgf("deleting entry '%s'...", name)
+	entryPath, err := backend.checkEntryPath(name, false)
+	if err != nil {
+		return err
+	}
+	err = os.RemoveAll(entryPath)
+	if err != nil {
+		return fmt.Errorf("failed to delete entry '%s' (cause: %w)", name, err)
+	}
+	backend.logger.Debug().Msgf("entry '%s' deleted", name)
+	return nil
+}
+
 func (backend *fsBackend) List() (Names, error) {
 	dirEntries, err := os.ReadDir(backend.path)
 	if err != nil {

diff --git a/storage/memory.go b/storage/memory.go
@@ -112,10 +112,23 @@ func (backend *memoryBackend) Update(name string, data []byte) (Version, error)
 	}
 	heap.Push(&versions, entry)
 	backend.entries[name] = versions
-	backend.logger.Debug().Msgf("entry '%s' updated to version %d", name, entry.version)
+	backend.logger.Debug().Msgf("updated entry '%s' to version %d", name, entry.version)
 	return entry.version, nil
 }
 
+func (backend *memoryBackend) Delete(name string) error {
+	backend.lock.Lock()
+	defer backend.lock.Unlock()
+	backend.logger.Debug().Msgf("deleting entry '%s'...", name)
+	_, exists := backend.entries[name]
+	if !exists {
+		return ErrNotExist
+	}
+	delete(backend.entries, name)
+	backend.logger.Debug().Msgf("entry '%s' deleted", name)
+	return nil
+}
+
 func (backend *memoryBackend) List() (Names, error) {
 	backend.lock.RLock()
 	defer backend.lock.RUnlock()

diff --git a/storage/storage.go b/storage/storage.go
@@ -29,6 +29,7 @@ type Backend interface {
 	URI() string
 	Create(name string, data []byte) (string, error)
 	Update(name string, data []byte) (Version, error)
+	Delete(name string) error
 	List() (Names, error)
 	Get(name string) ([]byte, error)
 	GetVersions(name string) ([]Version, error)

diff --git a/storage/storage_test.go b/storage/storage_test.go
@@ -19,8 +19,8 @@ const testVersionLimit storage.VersionLimit = 2
 func TestMemoryStorageNew(t *testing.T) {
 	checkNew(t, storage.NewMemoryStorage(testVersionLimit))
 }
-func TestMemoryStorageCreateUpdate(t *testing.T) {
-	checkCreateUpdate(t, storage.NewMemoryStorage(testVersionLimit))
+func TestMemoryStorageCreateUpdateDelete(t *testing.T) {
+	checkCreateUpdateDelete(t, storage.NewMemoryStorage(testVersionLimit))
 }
 
 func TestMemoryStorageGetX(t *testing.T) {
@@ -39,13 +39,13 @@ func TestFSStorageNew(t *testing.T) {
 	require.NoError(t, err)
 	checkNew(t, backend)
 }
-func TestFSStorageCreateUpdate(t *testing.T) {
-	path, err := os.MkdirTemp("", "TestFSStoragePut*")
+func TestFSStorageCreateUpdateDelete(t *testing.T) {
+	path, err := os.MkdirTemp("", "TestFSStorageCreateUpdateDelete*")
 	require.NoError(t, err)
 	defer os.RemoveAll(path)
 	backend, err := storage.NewFSStorage(path, testVersionLimit)
 	require.NoError(t, err)
-	checkCreateUpdate(t, backend)
+	checkCreateUpdateDelete(t, backend)
 }
 func TestFSStorageGetX(t *testing.T) {
 	path, err := os.MkdirTemp("", "TestFSStorageGetX*")
@@ -70,9 +70,9 @@ func checkNew(t *testing.T, backend storage.Backend) {
 	require.NotEqual(t, "", backend.URI())
 }
 
-func checkCreateUpdate(t *testing.T, backend storage.Backend) {
-	// checkCreateUpdate
+func checkCreateUpdateDelete(t *testing.T, backend storage.Backend) {
 	name := "checkCreateUpdate"
+	// Create
 	data1 := []byte{byte(1)}
 	version0, err := backend.Update(name, data1)
 	require.Equal(t, storage.ErrNotExist, err)
@@ -83,16 +83,22 @@ func checkCreateUpdate(t *testing.T, backend storage.Backend) {
 	data, err := backend.Get(createdName1)
 	require.NoError(t, err)
 	require.Equal(t, data1, data)
-	// checkCreateUpdate
+	// Create (same name)
 	data2 := []byte{byte(2)}
 	createdName2, err := backend.Create(name, data2)
 	require.NoError(t, err)
 	require.Equal(t, name+" (2)", createdName2)
 	data, err = backend.Get(createdName2)
 	require.NoError(t, err)
 	require.Equal(t, data2, data)
-	// list
+	// List
 	checkList(t, backend, []string{createdName1, createdName2})
+	// Delete
+	err = backend.Delete(createdName1)
+	require.NoError(t, err)
+	_, err = backend.Get(createdName1)
+	require.Equal(t, storage.ErrNotExist, err)
+	checkList(t, backend, []string{createdName2})
 }
 
 func checkList(t *testing.T, backend storage.Backend, expected []string) {

diff --git a/store.go b/store.go
@@ -324,6 +324,16 @@ func (registry *Registry) Entry(name string) (*RegistryEntry, error) {
 	return entry, nil
 }
 
+func (registry *Registry) Delete(name string, user string) error {
+	err := registry.backend.Delete(name)
+	if err != nil {
+		return err
+	}
+	registry.entryCache.Delete(name)
+	registry.audit(auditDelete, name, user)
+	return nil
+}
+
 func (registry *Registry) CertPools() (*x509.CertPool, *x509.CertPool, error) {
 	roots := x509.NewCertPool()
 	intermediates := x509.NewCertPool()
@@ -429,6 +439,7 @@ const (
 	auditMergeCertificateRequest  auditPattern = "%d;Merge;CertificateRequest;%s;%s"
 	auditMergeKey                 auditPattern = "%d;Merge;Key;%s;%s"
 	auditMergeRevocationList      auditPattern = "%d;Merge;RevocationList;%s;%s"
+	auditDelete                   auditPattern = "%d;Delete;-;%s;%s"
 )
 
 func (pattern auditPattern) sprintf(name string, user string) string {

diff --git a/store_test.go b/store_test.go
@@ -153,6 +153,31 @@ func TestEntries(t *testing.T) {
 	checkStoreEntries(t, registry, 1120, 10)
 }
 
+func TestDelete(t *testing.T) {
+	path, err := os.MkdirTemp("", "TestDelete*")
+	require.NoError(t, err)
+	defer os.RemoveAll(path)
+	backend, err := storage.NewFSStorage(path, testVersionLimit)
+	require.NoError(t, err)
+	registry, err := certstore.NewStore(backend, testCacheTTL)
+	require.NoError(t, err)
+	user := "TestDeleteUser"
+	populateTestStore(t, registry, user, 1)
+	checkStoreEntries(t, registry, 4, 1)
+	err = registry.Delete("request1", user)
+	require.NoError(t, err)
+	checkStoreEntries(t, registry, 3, 1)
+	err = registry.Delete("root1_intermediate1_leaf1", user)
+	require.NoError(t, err)
+	checkStoreEntries(t, registry, 2, 1)
+	err = registry.Delete("root1_intermediate1", user)
+	require.NoError(t, err)
+	checkStoreEntries(t, registry, 1, 1)
+	err = registry.Delete("root1", user)
+	require.NoError(t, err)
+	checkStoreEntries(t, registry, 0, 0)
+}
+
 func TestCertPools(t *testing.T) {
 	registry, err := certstore.NewStore(storage.NewMemoryStorage(testVersionLimit), 0)
 	require.NoError(t, err)
@@ -241,7 +266,7 @@ func createTestIntermediateEntries(t *testing.T, registry *certstore.Registry, i
 	issuerCert := issuerEntry.Certificate()
 	issuerKey := issuerEntry.Key(user)
 	for i := 0; i < count; i++ {
-		name := fmt.Sprintf("%s:intermediate%d", issuerName, i+1)
+		name := fmt.Sprintf("%s_intermediate%d", issuerName, i+1)
 		factory := newTestIntermediateCertificateFactory(name, issuerCert, issuerKey)
 		createdName, err := registry.CreateCertificate(name, factory, user)
 		require.NoError(t, err)
@@ -256,7 +281,7 @@ func createTestLeafEntries(t *testing.T, registry *certstore.Registry, issuerNam
 	issuerCert := issuerEntry.Certificate()
 	issuerKey := issuerEntry.Key(user)
 	for i := 0; i < count; i++ {
-		name := fmt.Sprintf("%s:leaf%d", issuerName, i+1)
+		name := fmt.Sprintf("%s_leaf%d", issuerName, i+1)
 		factory := newTestLeafCertificateFactory(name, issuerCert, issuerKey)
 		createdName, err := registry.CreateCertificate(name, factory, user)
 		require.NoError(t, err)