luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods 

snapshot: fix saving of auth methods
This commit is contained in:
Daniel Nephin 2021-04-14 17:18:35 -04:00 committed by GitHub
parent 1ae772ff99 2a10f01bf5
commit e17c82306a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/10025.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method.
```

7
agent/consul/fsm/snapshot_oss.go
View File

@ -1,10 +1,11 @@
package fsm package fsm
import ( import (
"github.com/hashicorp/consul/agent/consul/state"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-msgpack/codec" "github.com/hashicorp/go-msgpack/codec"
"github.com/hashicorp/raft" "github.com/hashicorp/raft"
"github.com/hashicorp/consul/agent/consul/state"
"github.com/hashicorp/consul/agent/structs"
) )
func init() { func init() {
@ -247,7 +248,7 @@ func (s *snapshot) persistACLs(sink raft.SnapshotSink,
return err return err
} }
for method := methods.Next(); method != nil; method = rules.Next() { for method := methods.Next(); method != nil; method = methods.Next() {
if _, err := sink.Write([]byte{byte(structs.ACLAuthMethodSetRequestType)}); err != nil { if _, err := sink.Write([]byte{byte(structs.ACLAuthMethodSetRequestType)}); err != nil {
return err return err
} }

15
agent/consul/fsm/snapshot_oss_test.go
View File

@ -125,6 +125,13 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
} }
require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) require.NoError(t, fsm.state.ACLAuthMethodSet(1, method))
method = &structs.ACLAuthMethod{
Name: "some-method2",
Type: "testing",
Description: "test snapshot auth method",
}
require.NoError(t, fsm.state.ACLAuthMethodSet(1, method))
bindingRule := &structs.ACLBindingRule{ bindingRule := &structs.ACLBindingRule{
ID: "85184c52-5997-4a84-9817-5945f2632a17", ID: "85184c52-5997-4a84-9817-5945f2632a17",
Description: "test snapshot binding rule", Description: "test snapshot binding rule",
@ -549,10 +556,12 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, bindingRule, bindingRule2) require.Equal(t, bindingRule, bindingRule2)
// Verify ACL Auth Method is restored // Verify ACL Auth Methods are restored
_, method2, err := fsm2.state.ACLAuthMethodGetByName(nil, method.Name, nil) _, authMethods, err := fsm2.state.ACLAuthMethodList(nil, nil)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, method, method2) require.Len(t, authMethods, 2)
require.Equal(t, "some-method", authMethods[0].Name)
require.Equal(t, "some-method2", authMethods[1].Name)
// Verify ACL Token is restored // Verify ACL Token is restored
_, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil) _, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil)