Vault 32676 add vault build date to system view plugin env

changelog/29082.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+sdk: Add Vault build date to system view plugin environment response
+```

sdk/logical/plugin.proto

@@ -5,6 +5,8 @@ syntax = "proto3";
 
 package logical;
 
+import "google/protobuf/timestamp.proto";
+
 option go_package = "github.com/hashicorp/vault/sdk/logical";
 
 message PluginEnvironment {
@@ -16,4 +18,7 @@ message PluginEnvironment {
 
   // VaultVersionMetadata is the version metadata of the Vault server
   string vault_version_metadata = 3;
+
+  // VaultBuildDate is the build date of the Vault server
+  google.protobuf.Timestamp vault_build_date = 4;
 }

vault/dynamic_system_view.go

@@ -18,6 +18,7 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/vault/plugincatalog"
 	"github.com/hashicorp/vault/version"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 type ctxKeyForwardedRequestMountAccessor struct{}
@@ -407,10 +408,17 @@ func (d dynamicSystemView) GroupsForEntity(entityID string) ([]*logical.Group, e
 
 func (d dynamicSystemView) PluginEnv(_ context.Context) (*logical.PluginEnvironment, error) {
 	v := version.GetVersion()
+
+	buildDate, err := version.GetVaultBuildDate()
+	if err != nil {
+		return nil, err
+	}
+
 	return &logical.PluginEnvironment{
 		VaultVersion:           v.Version,
 		VaultVersionPrerelease: v.VersionPrerelease,
 		VaultVersionMetadata:   v.VersionMetadata,
+		VaultBuildDate:         timestamppb.New(buildDate),
 	}, nil
 }
 

vault/dynamic_system_view_test.go

@@ -16,6 +16,8 @@ import (
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
+	"github.com/hashicorp/vault/version"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 var (
@@ -286,6 +288,50 @@ func TestDynamicSystemView_GeneratePasswordFromPolicy_failed(t *testing.T) {
 	}
 }
 
+// TestDynamicSystemView_PluginEnv_successful checks that the PluginEnv method returns the expected values in a successful case.
+func TestDynamicSystemView_PluginEnv_successful(t *testing.T) {
+	coreConfig := &CoreConfig{
+		CredentialBackends: map[string]logical.Factory{},
+	}
+
+	cluster := NewTestCluster(t, coreConfig, &TestClusterOptions{})
+
+	cluster.Start()
+	defer cluster.Cleanup()
+
+	core := cluster.Cores[0].Core
+	TestWaitActive(t, core)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+	defer cancel()
+
+	ctx = namespace.RootContext(ctx)
+	dsv := TestDynamicSystemView(cluster.Cores[0].Core, nil)
+
+	pluginEnv, err := dsv.PluginEnv(ctx)
+	if err != nil {
+		t.Fatalf("no error expected, but got: %s", err)
+	}
+
+	expectedVersionInfo := version.GetVersion()
+
+	expectedBuildDate, err := version.GetVaultBuildDate()
+	if err != nil {
+		t.Fatalf("failed to set up expectedBuildDate: %v", err)
+	}
+
+	expectedPluginEnv := &logical.PluginEnvironment{
+		VaultVersion:           expectedVersionInfo.Version,
+		VaultVersionPrerelease: expectedVersionInfo.VersionPrerelease,
+		VaultVersionMetadata:   expectedVersionInfo.VersionMetadata,
+		VaultBuildDate:         timestamppb.New(expectedBuildDate),
+	}
+
+	if !reflect.DeepEqual(pluginEnv, expectedPluginEnv) {
+		t.Fatalf("got %q, expected %q", pluginEnv, expectedPluginEnv)
+	}
+}
+
 type runes []rune
 
 func (r runes) Len() int           { return len(r) }

vault/testing_util.go

@@ -1,19 +1,20 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-//go:build !enterprise
-
 package vault
 
 import (
-	"crypto/ed25519"
-	"testing"
+	"time"
+
+	"github.com/hashicorp/vault/version"
 )
 
-func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
-func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig           { return &LicensingConfig{} }
-func testExtraTestCoreSetup(testing.TB, ed25519.PrivateKey, *TestClusterCore) {}
-func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
-	tcc.UnderlyingStorage = tcc.physical
+func init() {
+	// The BuildDate is set as part of the build process in CI so we need to
+	// initialize it for testing. By setting it to now minus one year we
+	// provide some headroom to ensure that test license expiration (for enterprise)
+	// does not exceed the BuildDate as that is invalid.
+	if version.BuildDate == "" {
+		version.BuildDate = time.Now().UTC().AddDate(-1, 0, 0).Format(time.RFC3339)
+	}
 }
-func testApplyEntBaseConfig(coreConfig, base *CoreConfig) {}

vault/testing_util_stubs_oss.go

@@ -0,0 +1,21 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !enterprise
+
+package vault
+
+import (
+	"crypto/ed25519"
+	"testing"
+)
+
+//go:generate go run github.com/hashicorp/vault/tools/stubmaker
+
+func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
+func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig           { return &LicensingConfig{} }
+func testExtraTestCoreSetup(testing.TB, ed25519.PrivateKey, *TestClusterCore) {}
+func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
+	tcc.UnderlyingStorage = tcc.physical
+}
+func testApplyEntBaseConfig(coreConfig, base *CoreConfig) {}

version/version.go

@@ -6,6 +6,7 @@ package version
 import (
 	"bytes"
 	"fmt"
+	"time"
 )
 
 type VersionInfo struct {
@@ -33,6 +34,14 @@ func GetVersion() *VersionInfo {
 	}
 }
 
+func GetVaultBuildDate() (time.Time, error) {
+	buildDate, err := time.Parse(time.RFC3339, BuildDate)
+	if err != nil {
+		return time.Time{}, fmt.Errorf("failed to parse build date based on RFC3339: %w", err)
+	}
+	return buildDate, nil
+}
+
 func (c *VersionInfo) VersionNumber() string {
 	if Version == "unknown" && VersionPrerelease == "unknown" {
 		return "(version unknown)"