fix for dynamically reloading vault
This commit is contained in:
Chelsea Holland Komlo
parent
334325e624
commit
282f37b1ee
|
|
@ -740,7 +740,17 @@ func (c *Command) handleReload() {
|
|||
}
|
||||
}
|
||||
|
||||
if shouldReloadRPC {
|
||||
var shouldReloadVault bool
|
||||
switch {
|
||||
case c.agent.config.Vault == nil && newConf.Vault != nil:
|
||||
fallthrough
|
||||
case c.agent.config.Vault != nil && newConf.Vault == nil:
|
||||
fallthrough
|
||||
case c.agent.config.Vault != nil && !c.agent.config.Vault.IsEqual(newConf.Vault):
|
||||
shouldReloadVault = true
|
||||
}
|
||||
|
||||
if shouldReloadRPC || shouldReloadVault {
|
||||
if s := c.agent.Server(); s != nil {
|
||||
sconf, err := convertServerConfig(newConf, c.logOutput)
|
||||
c.agent.logger.Printf("[DEBUG] agent: starting reload of server config")
|
||||
|
|
@ -754,6 +764,9 @@ func (c *Command) handleReload() {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if shouldReloadRPC {
|
||||
|
||||
if s := c.agent.Client(); s != nil {
|
||||
clientConfig, err := c.agent.clientConfig()
|
||||
|
|
|
|||
|
|
@ -181,3 +181,55 @@ func (c *VaultConfig) Copy() *VaultConfig {
|
|||
*nc = *c
|
||||
return nc
|
||||
}
|
||||
|
||||
// IsEqual compares two Vault configurations and returns a boolean indicating
|
||||
// if they are equal.
|
||||
func (a *VaultConfig) IsEqual(b *VaultConfig) bool {
|
||||
if a == nil && b != nil {
|
||||
return false
|
||||
}
|
||||
if a != nil && b == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if a.Token != b.Token {
|
||||
return false
|
||||
}
|
||||
if a.Role != b.Role {
|
||||
return false
|
||||
}
|
||||
if a.TaskTokenTTL != b.TaskTokenTTL {
|
||||
return false
|
||||
}
|
||||
if a.Addr != b.Addr {
|
||||
return false
|
||||
}
|
||||
if a.ConnectionRetryIntv.Nanoseconds() != b.ConnectionRetryIntv.Nanoseconds() {
|
||||
return false
|
||||
}
|
||||
if a.TLSCaFile != b.TLSCaFile {
|
||||
return false
|
||||
}
|
||||
if a.TLSCaPath != b.TLSCaPath {
|
||||
return false
|
||||
}
|
||||
if a.TLSCertFile != b.TLSCertFile {
|
||||
return false
|
||||
}
|
||||
if a.TLSKeyFile != b.TLSKeyFile {
|
||||
return false
|
||||
}
|
||||
if a.TLSServerName != b.TLSServerName {
|
||||
return false
|
||||
}
|
||||
if a.AllowUnauthenticated != b.AllowUnauthenticated {
|
||||
return false
|
||||
}
|
||||
if a.TLSSkipVerify != b.TLSSkipVerify {
|
||||
return false
|
||||
}
|
||||
if a.Enabled != b.Enabled {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ package config
|
|||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestVaultConfig_Merge(t *testing.T) {
|
||||
|
|
@ -57,3 +59,71 @@ func TestVaultConfig_Merge(t *testing.T) {
|
|||
t.Fatalf("bad:\n%#v\n%#v", result, e)
|
||||
}
|
||||
}
|
||||
|
||||
func TestVaultConfig_IsEqual(t *testing.T) {
|
||||
require := require.New(t)
|
||||
|
||||
trueValue, falseValue := true, false
|
||||
c1 := &VaultConfig{
|
||||
Enabled: &falseValue,
|
||||
Token: "1",
|
||||
Role: "1",
|
||||
AllowUnauthenticated: &trueValue,
|
||||
TaskTokenTTL: "1",
|
||||
Addr: "1",
|
||||
TLSCaFile: "1",
|
||||
TLSCaPath: "1",
|
||||
TLSCertFile: "1",
|
||||
TLSKeyFile: "1",
|
||||
TLSSkipVerify: &trueValue,
|
||||
TLSServerName: "1",
|
||||
}
|
||||
|
||||
c2 := &VaultConfig{
|
||||
Enabled: &falseValue,
|
||||
Token: "1",
|
||||
Role: "1",
|
||||
AllowUnauthenticated: &trueValue,
|
||||
TaskTokenTTL: "1",
|
||||
Addr: "1",
|
||||
TLSCaFile: "1",
|
||||
TLSCaPath: "1",
|
||||
TLSCertFile: "1",
|
||||
TLSKeyFile: "1",
|
||||
TLSSkipVerify: &trueValue,
|
||||
TLSServerName: "1",
|
||||
}
|
||||
|
||||
require.True(c1.IsEqual(c2))
|
||||
|
||||
c3 := &VaultConfig{
|
||||
Enabled: &trueValue,
|
||||
Token: "1",
|
||||
Role: "1",
|
||||
AllowUnauthenticated: &trueValue,
|
||||
TaskTokenTTL: "1",
|
||||
Addr: "1",
|
||||
TLSCaFile: "1",
|
||||
TLSCaPath: "1",
|
||||
TLSCertFile: "1",
|
||||
TLSKeyFile: "1",
|
||||
TLSSkipVerify: &trueValue,
|
||||
TLSServerName: "1",
|
||||
}
|
||||
|
||||
c4 := &VaultConfig{
|
||||
Enabled: &falseValue,
|
||||
Token: "1",
|
||||
Role: "1",
|
||||
AllowUnauthenticated: &trueValue,
|
||||
TaskTokenTTL: "1",
|
||||
Addr: "1",
|
||||
TLSCaFile: "1",
|
||||
TLSCaPath: "1",
|
||||
TLSCertFile: "1",
|
||||
TLSKeyFile: "1",
|
||||
TLSSkipVerify: &trueValue,
|
||||
TLSServerName: "1",
|
||||
}
|
||||
require.False(c3.IsEqual(c4))
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue