luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/vault/external_tests/misc/recover_from_panic_test.go

49 lines
1 KiB
Go
Raw Normal View History

Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration
2019-10-15 04:55:31 +00:00
package misc
Fix a deadlock if a panic happens during request handling (#6920) * Fix a deadlock if a panic happens during request handling During request handling, if a panic is created, deferred functions are run but otherwise execution stops. #5889 changed some locks to non-defers but had the side effect of causing the read lock to not be released if the request panicked. This fixes that and addresses a few other potential places where things could go wrong: 1) In sealInitCommon we always now defer a function that unlocks the read lock if it hasn't been unlocked already 2) In StepDown we defer the RUnlock but we also had two error cases that were calling it manually. These are unlikely to be hit but if they were I believe would cause a panic. * Add panic recovery test
2019-06-19 13:40:57 +00:00
import (
"testing"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/api"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault"
)
// Tests the regression in
// https://github.com/hashicorp/vault/pull/6920
func TestRecoverFromPanic(t *testing.T) {
logger := hclog.New(nil)
coreConfig := &vault.CoreConfig{
LogicalBackends: map[string]logical.Factory{
"noop": vault.NoopBackendFactory,
},
EnableRaw: true,
Logger: logger,
}
cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
HandlerFunc: vaulthttp.Handler,
})
cluster.Start()
defer cluster.Cleanup()
core := cluster.Cores[0]
vault.TestWaitActive(t, core.Core)
client := core.Client
err := client.Sys().Mount("noop", &api.MountInput{
Type: "noop",
})
if err != nil {
t.Fatal(err)
}
_, err = client.Logical().Read("noop/panic")
if err == nil {
t.Fatal("expected error")
}
// This will deadlock the test if we hit the condition
cluster.EnsureCoresSealed(t)
}
Reference in a new issue Copy permalink