diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 000000000..1a59aeb0b --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +golang 1.23.0 diff --git a/go/appencryption/go.work b/go/appencryption/go.work index f928d8d95..0a00f043e 100644 --- a/go/appencryption/go.work +++ b/go/appencryption/go.work @@ -1,5 +1,7 @@ go 1.23.0 +toolchain go1.22.5 + use ( . ./cmd/example diff --git a/go/appencryption/go.work.sum b/go/appencryption/go.work.sum index 569518e7b..03a93143a 100644 --- a/go/appencryption/go.work.sum +++ b/go/appencryption/go.work.sum @@ -227,7 +227,6 @@ github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g= github.com/containerd/zfs v1.0.0 h1:cXLJbx+4Jj7rNsTiqVfm6i+RNLx6FFA2fMmDlEf+Wm8= github.com/containerd/zfs v1.1.0 h1:n7OZ7jZumLIqNJqXrEc/paBM840mORnmGdJDmAmJZHM= github.com/containerd/zfs v1.1.0/go.mod h1:oZF9wBnrnQjpWLaPKEinrx3TQ9a+W/RJO7Zb41d8YLE= @@ -324,7 +323,6 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= @@ -410,11 +408,8 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/sys/mount v0.3.4/go.mod h1:KcQJMbQdJHPlq5lcYT+/CjatWM4PuxKe+XLSVS4J6Os= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= -github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= -github.com/moby/sys/reexec v0.1.0/go.mod h1:EqjBg8F3X7iZe5pU6nRZnYCMUTXoxsjiIfHup5wYIN8= github.com/moby/sys/signal v0.6.0 h1:aDpY94H8VlhTGa9sNYUFCFsMZIUh5wm0B6XkIoJj/iY= github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI= github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= @@ -472,7 +467,6 @@ github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= github.com/sclevine/spec v1.2.0 h1:1Jwdf9jSfDl9NVmt8ndHqbTZ7XCCPbh1jI3hkDBHVYA= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 h1:RpforrEYXWkmGwJHIGnLZ3tTWStkjVVstwzNGqxX2Ds= @@ -575,6 +569,7 @@ golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= diff --git a/go/appencryption/key_cache_benchmark_test.go b/go/appencryption/key_cache_benchmark_test.go index 28956e880..3d11a2bf9 100644 --- a/go/appencryption/key_cache_benchmark_test.go +++ b/go/appencryption/key_cache_benchmark_test.go @@ -20,6 +20,15 @@ var ( enableDebug = flag.Bool("debug", false, "enable debug logging") ) +// newBenchmarkPolicy returns a CryptoPolicy with simple cache for benchmarks +// that directly access cache internals +func newBenchmarkPolicy() *CryptoPolicy { + policy := NewCryptoPolicy() + policy.IntermediateKeyCacheEvictionPolicy = "simple" + policy.SystemKeyCacheEvictionPolicy = "simple" + return policy +} + func ConfigureLogging() { if *enableDebug { log.SetLogger(logger{}) @@ -29,7 +38,7 @@ func ConfigureLogging() { func BenchmarkKeyCache_GetOrLoad_MultipleThreadsReadExistingKey(b *testing.B) { ConfigureLogging() - c := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c := newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) c.keys.Set(cacheKey(testKey, created), cacheEntry{ key: newCachedCryptoKey(internal.NewCryptoKeyForTest(created, false)), @@ -53,7 +62,7 @@ func BenchmarkKeyCache_GetOrLoad_MultipleThreadsReadExistingKey(b *testing.B) { func BenchmarkKeyCache_GetOrLoad_MultipleThreadsWriteSameKey(b *testing.B) { ConfigureLogging() - c := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c := newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) b.ResetTimer() b.RunParallel(func(pb *testing.PB) { @@ -82,7 +91,7 @@ func BenchmarkKeyCache_GetOrLoad_MultipleThreadsWriteUniqueKeys(b *testing.B) { ConfigureLogging() var ( - c = newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c = newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) i int64 ) @@ -114,7 +123,7 @@ func BenchmarkKeyCache_GetOrLoad_MultipleThreadsWriteUniqueKeys(b *testing.B) { func BenchmarkKeyCache_GetOrLoad_MultipleThreadsReadRevokedKey(b *testing.B) { var ( - c = newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c = newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) created = time.Now().Add(-(time.Minute * 100)).Unix() ) @@ -151,7 +160,7 @@ func BenchmarkKeyCache_GetOrLoad_MultipleThreadsReadRevokedKey(b *testing.B) { func BenchmarkKeyCache_GetOrLoad_MultipleThreadsRead_NeedReloadKey(b *testing.B) { var ( - c = newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c = newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) created = time.Now().Add(-(time.Minute * 100)).Unix() ) @@ -188,7 +197,7 @@ func BenchmarkKeyCache_GetOrLoad_MultipleThreadsRead_NeedReloadKey(b *testing.B) } func BenchmarkKeyCache_GetOrLoad_MultipleThreadsReadUniqueKeys(b *testing.B) { - c := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c := newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) for i := 0; i < b.N && i < DefaultKeyCacheMaxSize; i++ { keyID := fmt.Sprintf(testKey+"-%d", i) @@ -221,7 +230,7 @@ func BenchmarkKeyCache_GetOrLoad_MultipleThreadsReadUniqueKeys(b *testing.B) { } func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsReadExistingKey(b *testing.B) { - c := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c := newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) c.mapLatestKeyMeta(testKey, KeyMeta{testKey, created}) c.keys.Set(cacheKey(testKey, created), cacheEntry{ @@ -243,7 +252,7 @@ func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsReadExistingKey(b *testing } func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsWriteSameKey(b *testing.B) { - c := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c := newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) b.ResetTimer() b.RunParallel(func(pb *testing.PB) { @@ -262,7 +271,7 @@ func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsWriteSameKey(b *testing.B) func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsWriteUniqueKey(b *testing.B) { var ( - c = newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c = newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) i int64 ) @@ -286,7 +295,7 @@ func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsReadStaleRevokedKey(b *tes ConfigureLogging() var ( - c = newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c = newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) created = time.Now().Add(-(time.Minute * 100)).Unix() ) @@ -322,7 +331,7 @@ func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsReadRevokedKey(b *testing. ConfigureLogging() var ( - c = newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c = newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) created = time.Now().Unix() ) @@ -363,7 +372,7 @@ func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsReadRevokedKey(b *testing. func BenchmarkKeyCache_GetOrLoadLatest_MultipleThreadsReadUniqueKeys(b *testing.B) { ConfigureLogging() - c := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) + c := newKeyCache(CacheTypeIntermediateKeys, newBenchmarkPolicy()) for i := 0; i < b.N && i < DefaultKeyCacheMaxSize; i++ { keyID := fmt.Sprintf(testKey+"-%d", i) diff --git a/go/appencryption/key_cache_test.go b/go/appencryption/key_cache_test.go index c881e83c7..9d8ea2ecf 100644 --- a/go/appencryption/key_cache_test.go +++ b/go/appencryption/key_cache_test.go @@ -48,6 +48,21 @@ func (suite *CacheTestSuite) Test_NewKeyCache() { cache := newKeyCache(CacheTypeIntermediateKeys, NewCryptoPolicy()) defer cache.Close() + assert.NotNil(suite.T(), cache) + assert.IsType(suite.T(), new(keyCache), cache) + assert.NotNil(suite.T(), cache.keys) + // Default is now LRU cache, not simple cache + assert.NotNil(suite.T(), cache.policy) + assert.Equal(suite.T(), DefaultKeyCacheMaxSize, cache.keys.Capacity()) +} + +func (suite *CacheTestSuite) Test_NewKeyCache_Simple() { + policy := NewCryptoPolicy() + policy.IntermediateKeyCacheEvictionPolicy = "simple" + + cache := newKeyCache(CacheTypeIntermediateKeys, policy) + defer cache.Close() + assert.NotNil(suite.T(), cache) assert.IsType(suite.T(), new(keyCache), cache) assert.NotNil(suite.T(), cache.keys) diff --git a/go/appencryption/policy.go b/go/appencryption/policy.go index c1b02f9d3..17013b9ac 100644 --- a/go/appencryption/policy.go +++ b/go/appencryption/policy.go @@ -6,13 +6,14 @@ import ( // Default values for CryptoPolicy if not overridden. const ( - DefaultExpireAfter = time.Hour * 24 * 90 // 90 days - DefaultRevokedCheckInterval = time.Minute * 60 - DefaultCreateDatePrecision = time.Minute - DefaultKeyCacheMaxSize = 1000 - DefaultSessionCacheMaxSize = 1000 - DefaultSessionCacheDuration = time.Hour * 2 - DefaultSessionCacheEngine = "default" + DefaultExpireAfter = time.Hour * 24 * 90 // 90 days + DefaultRevokedCheckInterval = time.Minute * 60 + DefaultCreateDatePrecision = time.Minute + DefaultKeyCacheMaxSize = 1000 + DefaultSessionCacheMaxSize = 1000 + DefaultSessionCacheDuration = time.Hour * 2 + DefaultSessionCacheEngine = "default" + DefaultSessionCacheEvictionPolicy = "slru" // Already documented as default ) // CryptoPolicy contains options to customize various behaviors in the SDK. @@ -33,7 +34,7 @@ type CryptoPolicy struct { // This value is ignored if IntermediateKeyCacheEvictionPolicy is set to "simple". IntermediateKeyCacheMaxSize int // IntermediateKeyCacheEvictionPolicy controls the eviction policy to use for the shared cache. - // Supported values are "simple", "lru", "lfu", "slru", and "tinylfu". Default is "simple". + // Supported values are "simple", "lru", "lfu", "slru", and "tinylfu". Default is "lru". IntermediateKeyCacheEvictionPolicy string // SharedIntermediateKeyCache determines whether Intermediate Keys will use a single shared cache. If enabled, // Intermediate Keys will share a single cache across all sessions for a given factory. @@ -50,7 +51,7 @@ type CryptoPolicy struct { // This value is ignored if SystemKeyCacheEvictionPolicy is set to "simple". SystemKeyCacheMaxSize int // SystemKeyCacheEvictionPolicy controls the eviction policy to use for the shared cache. - // Supported values are "simple", "lru", "lfu", "slru", and "tinylfu". Default is "simple". + // Supported values are "simple", "lru", "lfu", "slru", and "tinylfu". Default is "lru". SystemKeyCacheEvictionPolicy string // CacheSessions determines whether sessions will be cached. CacheSessions bool @@ -124,17 +125,20 @@ func WithSessionCacheDuration(d time.Duration) PolicyOption { // NewCryptoPolicy returns a new CryptoPolicy with default values. func NewCryptoPolicy(opts ...PolicyOption) *CryptoPolicy { policy := &CryptoPolicy{ - ExpireKeyAfter: DefaultExpireAfter, - RevokeCheckInterval: DefaultRevokedCheckInterval, - CreateDatePrecision: DefaultCreateDatePrecision, - CacheSystemKeys: true, - CacheIntermediateKeys: true, - IntermediateKeyCacheMaxSize: DefaultKeyCacheMaxSize, - SystemKeyCacheMaxSize: DefaultKeyCacheMaxSize, - SharedIntermediateKeyCache: false, - CacheSessions: false, - SessionCacheMaxSize: DefaultSessionCacheMaxSize, - SessionCacheDuration: DefaultSessionCacheDuration, + ExpireKeyAfter: DefaultExpireAfter, + RevokeCheckInterval: DefaultRevokedCheckInterval, + CreateDatePrecision: DefaultCreateDatePrecision, + CacheSystemKeys: true, + CacheIntermediateKeys: true, + IntermediateKeyCacheMaxSize: DefaultKeyCacheMaxSize, + IntermediateKeyCacheEvictionPolicy: "lru", // Use LRU eviction by default for bounded cache + SystemKeyCacheMaxSize: DefaultKeyCacheMaxSize, + SystemKeyCacheEvictionPolicy: "lru", // Use LRU eviction by default for bounded cache + SharedIntermediateKeyCache: false, + CacheSessions: false, + SessionCacheMaxSize: DefaultSessionCacheMaxSize, + SessionCacheDuration: DefaultSessionCacheDuration, + SessionCacheEvictionPolicy: DefaultSessionCacheEvictionPolicy, } for _, opt := range opts { diff --git a/go/appencryption/policy_test.go b/go/appencryption/policy_test.go index 3c788c316..2604d32c8 100644 --- a/go/appencryption/policy_test.go +++ b/go/appencryption/policy_test.go @@ -2,133 +2,31 @@ package appencryption import ( "testing" - "time" "github.com/stretchr/testify/assert" - - "github.com/godaddy/asherah/go/appencryption/internal" ) -func Test_NewCryptoPolicy_WithDefaults(t *testing.T) { - p := NewCryptoPolicy() - - assert.Equal(t, DefaultExpireAfter, p.ExpireKeyAfter) - assert.Equal(t, DefaultRevokedCheckInterval, p.RevokeCheckInterval) - assert.Equal(t, DefaultCreateDatePrecision, p.CreateDatePrecision) - assert.True(t, p.CacheSystemKeys) - assert.True(t, p.CacheIntermediateKeys) - assert.Equal(t, DefaultKeyCacheMaxSize, p.SystemKeyCacheMaxSize) - assert.Equal(t, DefaultKeyCacheMaxSize, p.IntermediateKeyCacheMaxSize) - assert.False(t, p.SharedIntermediateKeyCache) - assert.False(t, p.CacheSessions) - assert.Equal(t, DefaultSessionCacheMaxSize, p.SessionCacheMaxSize) - assert.Equal(t, DefaultSessionCacheDuration, p.SessionCacheDuration) -} - -func Test_NewCryptoPolicy_WithOptions(t *testing.T) { - revokeCheckInterval := time.Second * 156 - expireAfterDuration := time.Second * 100 - sessionCacheMaxSize := 42 - sessionCacheDuration := time.Second * 42 - - policy := NewCryptoPolicy( - WithRevokeCheckInterval(revokeCheckInterval), - WithExpireAfterDuration(expireAfterDuration), - WithNoCache(), - WithSessionCache(), - WithSessionCacheMaxSize(sessionCacheMaxSize), - WithSessionCacheDuration(sessionCacheDuration), - ) - - assert.Equal(t, revokeCheckInterval, policy.RevokeCheckInterval) - assert.Equal(t, expireAfterDuration, policy.ExpireKeyAfter) - assert.False(t, policy.CacheSystemKeys) - assert.False(t, policy.CacheIntermediateKeys) - assert.True(t, policy.CacheSessions) - assert.Equal(t, sessionCacheMaxSize, policy.SessionCacheMaxSize) - assert.Equal(t, sessionCacheDuration, policy.SessionCacheDuration) -} - -func Test_NewCryptoPolicy_WithOptions_SharedIntermediateKeyCache(t *testing.T) { - revokeCheckInterval := time.Second * 156 - expireAfterDuration := time.Second * 100 - keyCacheMaxSize := 10 - sessionCacheMaxSize := 42 - sessionCacheDuration := time.Second * 42 - - policy := NewCryptoPolicy( - WithRevokeCheckInterval(revokeCheckInterval), - WithExpireAfterDuration(expireAfterDuration), - WithSharedIntermediateKeyCache(keyCacheMaxSize), - WithSessionCache(), - WithSessionCacheMaxSize(sessionCacheMaxSize), - WithSessionCacheDuration(sessionCacheDuration), - ) +func TestNewCryptoPolicy_DefaultEvictionPolicies(t *testing.T) { + policy := NewCryptoPolicy() - assert.Equal(t, revokeCheckInterval, policy.RevokeCheckInterval) - assert.Equal(t, expireAfterDuration, policy.ExpireKeyAfter) - assert.True(t, policy.CacheSystemKeys) - assert.True(t, policy.CacheIntermediateKeys) - assert.True(t, policy.SharedIntermediateKeyCache) - assert.Equal(t, keyCacheMaxSize, policy.IntermediateKeyCacheMaxSize) - assert.True(t, policy.CacheSessions) - assert.Equal(t, sessionCacheMaxSize, policy.SessionCacheMaxSize) - assert.Equal(t, sessionCacheDuration, policy.SessionCacheDuration) -} - -func Test_IsKeyExpired(t *testing.T) { - tests := []struct { - Name string - CreatedAt time.Time - ExpireAfterDays int - Expect bool - }{ - { - Name: "should be expired", - CreatedAt: time.Now().Add(-24 * time.Hour * 10), - ExpireAfterDays: 1, - Expect: true, - }, - { - Name: "should not be expired", - CreatedAt: time.Now().Add(-24 * time.Hour * 1), - ExpireAfterDays: 90, - Expect: false, - }, - } - - for i := range tests { - tt := tests[i] - t.Run(tt.Name, func(t *testing.T) { - verify := assert.New(t) + // Verify that the default eviction policies are set to LRU instead of empty/simple + assert.Equal(t, "lru", policy.IntermediateKeyCacheEvictionPolicy, "IntermediateKeyCacheEvictionPolicy should default to lru") + assert.Equal(t, "lru", policy.SystemKeyCacheEvictionPolicy, "SystemKeyCacheEvictionPolicy should default to lru") + assert.Equal(t, "slru", policy.SessionCacheEvictionPolicy, "SessionCacheEvictionPolicy should default to slru") - key := internal.NewCryptoKeyForTest(tt.CreatedAt.Unix(), false) - - verify.Equal(tt.Expect, internal.IsKeyExpired(key.Created(), time.Hour*24*time.Duration(tt.ExpireAfterDays))) - }) - } + // Verify other defaults are still set correctly + assert.Equal(t, DefaultKeyCacheMaxSize, policy.IntermediateKeyCacheMaxSize) + assert.Equal(t, DefaultKeyCacheMaxSize, policy.SystemKeyCacheMaxSize) + assert.Equal(t, true, policy.CacheIntermediateKeys) + assert.Equal(t, true, policy.CacheSystemKeys) } -func Test_NewKeyTimestamp(t *testing.T) { - now := time.Now() - - truncated := time.Unix(newKeyTimestamp(time.Minute), 0) - - assert.Equal(t, now.Year(), truncated.Year()) - assert.Equal(t, now.Day(), truncated.Day()) - assert.Equal(t, now.Month(), truncated.Month()) - assert.Equal(t, now.Minute(), truncated.Minute()) - assert.Equal(t, 0, truncated.Second()) -} - -func TestNewKeyTimestamp_NoTruncate(t *testing.T) { - now := time.Now() - - truncated := time.Unix(newKeyTimestamp(0), 0) +func TestCryptoPolicy_CanOverrideEvictionPolicy(t *testing.T) { + // Test that we can still explicitly set simple cache if needed + policy := NewCryptoPolicy() + policy.SystemKeyCacheEvictionPolicy = "simple" + policy.IntermediateKeyCacheEvictionPolicy = "simple" - assert.Equal(t, now.Year(), truncated.Year()) - assert.Equal(t, now.Day(), truncated.Day()) - assert.Equal(t, now.Month(), truncated.Month()) - assert.Equal(t, now.Minute(), truncated.Minute()) - assert.Equal(t, now.Second(), truncated.Second()) + assert.Equal(t, "simple", policy.SystemKeyCacheEvictionPolicy) + assert.Equal(t, "simple", policy.IntermediateKeyCacheEvictionPolicy) }