open-vault/vault/generate_root_recovery.go

package vault

import (
	"context"
	"github.com/hashicorp/errwrap"
	"github.com/hashicorp/vault/sdk/helper/base62"
	"go.uber.org/atomic"
)

// GenerateRecoveryTokenStrategy is the strategy used to generate a
// recovery token
func GenerateRecoveryTokenStrategy(token *atomic.String) GenerateRootStrategy {
	return &generateRecoveryToken{token: token}
}

// generateRecoveryToken implements the GenerateRootStrategy and is in
// charge of creating recovery tokens.
type generateRecoveryToken struct {
	token *atomic.String
}

func (g *generateRecoveryToken) authenticate(ctx context.Context, c *Core, combinedKey []byte) error {
	key, err := c.unsealKeyToMasterKey(ctx, combinedKey)
	if err != nil {
		return errwrap.Wrapf("unable to authenticate: {{err}}", err)
	}

	// Use the retrieved master key to unseal the barrier
	if err := c.barrier.Unseal(ctx, key); err != nil {
		return errwrap.Wrapf("recovery operation token generation failed, cannot unseal barrier: {{err}}", err)
	}

	for _, v := range c.postRecoveryUnsealFuncs {
		if err := v(); err != nil {
			return errwrap.Wrapf("failed to run post unseal func: {{err}}", err)
		}
	}
	return nil
}

func (g *generateRecoveryToken) generate(ctx context.Context, c *Core) (string, func(), error) {
	id, err := base62.Random(TokenLength)
	if err != nil {
		return "", nil, err
	}
	token := "r." + id
	g.token.Store(token)

	return token, func() { g.token.Store("") }, nil
}
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration 2019-10-15 04:55:31 +00:00			`package vault`

			`import (`
			`"context"`
Abstract generate-root authentication into the strategy interface (#7698) * Abstract generate-root authentication into the strategy interface * Generate root strategy ncabatoff (#7700) * Adapt to new shamir-as-kek reality. * Don't try to verify the master key when we might still be sealed (in recovery mode). Instead, verify it in the authenticate methods. 2019-10-23 16:52:28 +00:00			`"github.com/hashicorp/errwrap"`
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration 2019-10-15 04:55:31 +00:00			`"github.com/hashicorp/vault/sdk/helper/base62"`
			`"go.uber.org/atomic"`
			`)`

			`// GenerateRecoveryTokenStrategy is the strategy used to generate a`
			`// recovery token`
			`func GenerateRecoveryTokenStrategy(token *atomic.String) GenerateRootStrategy {`
			`return &generateRecoveryToken{token: token}`
			`}`

			`// generateRecoveryToken implements the GenerateRootStrategy and is in`
			`// charge of creating recovery tokens.`
			`type generateRecoveryToken struct {`
			`token *atomic.String`
			`}`

Abstract generate-root authentication into the strategy interface (#7698) * Abstract generate-root authentication into the strategy interface * Generate root strategy ncabatoff (#7700) * Adapt to new shamir-as-kek reality. * Don't try to verify the master key when we might still be sealed (in recovery mode). Instead, verify it in the authenticate methods. 2019-10-23 16:52:28 +00:00			`func (g generateRecoveryToken) authenticate(ctx context.Context, c Core, combinedKey []byte) error {`
			`key, err := c.unsealKeyToMasterKey(ctx, combinedKey)`
			`if err != nil {`
			`return errwrap.Wrapf("unable to authenticate: {{err}}", err)`
			`}`

			`// Use the retrieved master key to unseal the barrier`
			`if err := c.barrier.Unseal(ctx, key); err != nil {`
			`return errwrap.Wrapf("recovery operation token generation failed, cannot unseal barrier: {{err}}", err)`
			`}`

			`for _, v := range c.postRecoveryUnsealFuncs {`
			`if err := v(); err != nil {`
			`return errwrap.Wrapf("failed to run post unseal func: {{err}}", err)`
			`}`
			`}`
			`return nil`
			`}`

Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration 2019-10-15 04:55:31 +00:00			`func (g generateRecoveryToken) generate(ctx context.Context, c Core) (string, func(), error) {`
			`id, err := base62.Random(TokenLength)`
			`if err != nil {`
			`return "", nil, err`
			`}`
			`token := "r." + id`
			`g.token.Store(token)`

			`return token, func() { g.token.Store("") }, nil`
			`}`