diff --git a/command/agent/rpc.go b/command/agent/rpc.go index 288a97cf3..81beff662 100644 --- a/command/agent/rpc.go +++ b/command/agent/rpc.go @@ -109,7 +109,7 @@ type joinResponse struct { Num int32 } -type keyRequest struct { +type keyringRequest struct { Key string } @@ -136,7 +136,7 @@ type KeyringInfo struct { Error string } -type keyResponse struct { +type keyringResponse struct { Keys []KeyringEntry Messages []KeyringMessage Info []KeyringInfo @@ -626,9 +626,9 @@ func (i *AgentRPC) handleReload(client *rpcClient, seq uint64) error { } func (i *AgentRPC) handleKeyring(client *rpcClient, seq uint64, cmd string) error { - var req keyRequest + var req keyringRequest var queryResp *structs.KeyringResponses - var r keyResponse + var r keyringResponse var err error if cmd != listKeysCommand { diff --git a/command/agent/rpc_client.go b/command/agent/rpc_client.go index 454f427a8..7ba1907b2 100644 --- a/command/agent/rpc_client.go +++ b/command/agent/rpc_client.go @@ -176,45 +176,45 @@ func (c *RPCClient) WANMembers() ([]Member, error) { return resp.Members, err } -func (c *RPCClient) ListKeys() (keyResponse, error) { +func (c *RPCClient) ListKeys() (keyringResponse, error) { header := requestHeader{ Command: listKeysCommand, Seq: c.getSeq(), } - var resp keyResponse + var resp keyringResponse err := c.genericRPC(&header, nil, &resp) return resp, err } -func (c *RPCClient) InstallKey(key string) (keyResponse, error) { +func (c *RPCClient) InstallKey(key string) (keyringResponse, error) { header := requestHeader{ Command: installKeyCommand, Seq: c.getSeq(), } - req := keyRequest{key} - var resp keyResponse + req := keyringRequest{key} + var resp keyringResponse err := c.genericRPC(&header, &req, &resp) return resp, err } -func (c *RPCClient) UseKey(key string) (keyResponse, error) { +func (c *RPCClient) UseKey(key string) (keyringResponse, error) { header := requestHeader{ Command: useKeyCommand, Seq: c.getSeq(), } - req := keyRequest{key} - var resp keyResponse + req := keyringRequest{key} + var resp keyringResponse err := c.genericRPC(&header, &req, &resp) return resp, err } -func (c *RPCClient) RemoveKey(key string) (keyResponse, error) { +func (c *RPCClient) RemoveKey(key string) (keyringResponse, error) { header := requestHeader{ Command: removeKeyCommand, Seq: c.getSeq(), } - req := keyRequest{key} - var resp keyResponse + req := keyringRequest{key} + var resp keyringResponse err := c.genericRPC(&header, &req, &resp) return resp, err } diff --git a/command/agent/rpc_client_test.go b/command/agent/rpc_client_test.go index 3b08aa733..e5aed3898 100644 --- a/command/agent/rpc_client_test.go +++ b/command/agent/rpc_client_test.go @@ -403,7 +403,7 @@ func listKeys(t *testing.T, c *RPCClient) map[string]map[string]int { return out } -func keyringError(t *testing.T, r keyResponse) { +func keyringError(t *testing.T, r keyringResponse) { for _, i := range r.Info { if i.Error == "" { t.Fatalf("no error reported from %s (%s)", i.Datacenter, i.Pool) @@ -411,7 +411,7 @@ func keyringError(t *testing.T, r keyResponse) { } } -func keyringSuccess(t *testing.T, r keyResponse) { +func keyringSuccess(t *testing.T, r keyringResponse) { for _, i := range r.Info { if i.Error != "" { t.Fatalf("error from %s (%s): %s", i.Datacenter, i.Pool, i.Error) diff --git a/command/keyring.go b/command/keyring.go index 0e0bbc19b..e06248d42 100644 --- a/command/keyring.go +++ b/command/keyring.go @@ -28,7 +28,7 @@ type KeyringCommand struct { func (c *KeyringCommand) Run(args []string) int { var installKey, useKey, removeKey, init, dataDir string - var listKeys, wan bool + var listKeys bool cmdFlags := flag.NewFlagSet("keys", flag.ContinueOnError) cmdFlags.Usage = func() { c.Ui.Output(c.Help()) } @@ -39,7 +39,6 @@ func (c *KeyringCommand) Run(args []string) int { cmdFlags.BoolVar(&listKeys, "list", false, "list keys") cmdFlags.StringVar(&init, "init", "", "initialize keyring") cmdFlags.StringVar(&dataDir, "data-dir", "", "data directory") - cmdFlags.BoolVar(&wan, "wan", false, "operate on wan keyring") rpcAddr := RPCAddrFlag(cmdFlags) if err := cmdFlags.Parse(args); err != nil { @@ -281,8 +280,8 @@ Usage: consul keyring [options] without disrupting the cluster. With the exception of the -init argument, all operations performed by this - command can only be run against server nodes. All operations default to the - LAN gossip pool. + command can only be run against server nodes, and affect both the LAN and + WAN keyrings in lock-step. Options: @@ -298,8 +297,6 @@ Options: -init= Create the initial keyring files for Consul to use containing the provided key. The -data-dir argument is required with this option. - -wan Operate on the WAN keyring instead of the LAN - keyring (default). -rpc-addr=127.0.0.1:8400 RPC address of the Consul agent. ` return strings.TrimSpace(helpText) diff --git a/command/keyring_test.go b/command/keyring_test.go index c7c0847f4..98f8ba3dd 100644 --- a/command/keyring_test.go +++ b/command/keyring_test.go @@ -24,9 +24,12 @@ func TestKeyringCommandRun(t *testing.T) { a1 := testAgentWithConfig(&conf, t) defer a1.Shutdown() - // The keyring was initialized with only the provided key - out := listKeys(t, a1.addr, false) - if !strings.Contains(out, key1) { + // The LAN and WAN keyrings were initialized with key1 + out := listKeys(t, a1.addr) + if !strings.Contains(out, "dc1 (LAN):\n"+key1) { + t.Fatalf("bad: %#v", out) + } + if !strings.Contains(out, "WAN:\n"+key1) { t.Fatalf("bad: %#v", out) } if strings.Contains(out, key2) { @@ -34,51 +37,26 @@ func TestKeyringCommandRun(t *testing.T) { } // Install the second key onto the keyring - installKey(t, a1.addr, key2, false) + installKey(t, a1.addr, key2) // Both keys should be present - out = listKeys(t, a1.addr, false) + out = listKeys(t, a1.addr) for _, key := range []string{key1, key2} { if !strings.Contains(out, key) { t.Fatalf("bad: %#v", out) } } - // WAN keyring is untouched - out = listKeys(t, a1.addr, true) - if strings.Contains(out, key2) { + // Rotate to key2, remove key1 + useKey(t, a1.addr, key2) + removeKey(t, a1.addr, key1) + + // Only key2 is present now + out = listKeys(t, a1.addr) + if !strings.Contains(out, "dc1 (LAN):\n"+key2) { t.Fatalf("bad: %#v", out) } - - // Change out the primary key - useKey(t, a1.addr, key2, false) - - // Remove the original key - removeKey(t, a1.addr, key1, false) - - // Make sure only the new key is present - out = listKeys(t, a1.addr, false) - if strings.Contains(out, key1) { - t.Fatalf("bad: %#v", out) - } - if !strings.Contains(out, key2) { - t.Fatalf("bad: %#v", out) - } - - // WAN keyring is still untouched - out = listKeys(t, a1.addr, true) - if !strings.Contains(out, key1) { - t.Fatalf("bad: %#v", out) - } - - // Rotate out the WAN key - installKey(t, a1.addr, key2, true) - useKey(t, a1.addr, key2, true) - removeKey(t, a1.addr, key1, true) - - // WAN keyring now has only the proper key - out = listKeys(t, a1.addr, true) - if !strings.Contains(out, key2) { + if !strings.Contains(out, "WAN:\n"+key2) { t.Fatalf("bad: %#v", out) } if strings.Contains(out, key1) { @@ -179,15 +157,11 @@ func TestKeyringCommandRun_initKeyring(t *testing.T) { } } -func listKeys(t *testing.T, addr string, wan bool) string { +func listKeys(t *testing.T, addr string) string { ui := new(cli.MockUi) c := &KeyringCommand{Ui: ui} args := []string{"-list", "-rpc-addr=" + addr} - if wan { - args = append(args, "-wan") - } - code := c.Run(args) if code != 0 { t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String()) @@ -196,45 +170,33 @@ func listKeys(t *testing.T, addr string, wan bool) string { return ui.OutputWriter.String() } -func installKey(t *testing.T, addr string, key string, wan bool) { +func installKey(t *testing.T, addr string, key string) { ui := new(cli.MockUi) c := &KeyringCommand{Ui: ui} args := []string{"-install=" + key, "-rpc-addr=" + addr} - if wan { - args = append(args, "-wan") - } - code := c.Run(args) if code != 0 { t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String()) } } -func useKey(t *testing.T, addr string, key string, wan bool) { +func useKey(t *testing.T, addr string, key string) { ui := new(cli.MockUi) c := &KeyringCommand{Ui: ui} args := []string{"-use=" + key, "-rpc-addr=" + addr} - if wan { - args = append(args, "-wan") - } - code := c.Run(args) if code != 0 { t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String()) } } -func removeKey(t *testing.T, addr string, key string, wan bool) { +func removeKey(t *testing.T, addr string, key string) { ui := new(cli.MockUi) c := &KeyringCommand{Ui: ui} args := []string{"-remove=" + key, "-rpc-addr=" + addr} - if wan { - args = append(args, "-wan") - } - code := c.Run(args) if code != 0 { t.Fatalf("bad: %d. %#v", code, ui.ErrorWriter.String())