From 21be98ee7af663c05801bbb86cbef38834ebec26 Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Wed, 19 Jan 2022 10:56:04 -0500 Subject: [PATCH] Support go-sockaddr templates in top-level cluster_addr config (#13678) In doing some testing I found that the listener clusteraddr isn't really used, or at least isn't as important as the top-level clusteraddr setting. As such, go-sockaddr templating needs to be implemented for the top-level `cluster_addr` setting or it's unusable for HA. Also fix a nil pointer panic I discovered at the same time. --- changelog/13678.txt | 3 +++ command/server.go | 6 +++++- vault/core.go | 9 ++++++--- 3 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 changelog/13678.txt diff --git a/changelog/13678.txt b/changelog/13678.txt new file mode 100644 index 000000000..f8cbbf306 --- /dev/null +++ b/changelog/13678.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: add support for go-sockaddr templates in the top-level cluster_addr field +``` \ No newline at end of file diff --git a/command/server.go b/command/server.go index 5b8eb634a..5cbe9ffc4 100644 --- a/command/server.go +++ b/command/server.go @@ -724,7 +724,6 @@ func (c *ServerCommand) runRecoveryMode() int { c.logger.Info("goroutine trace", "stack", string(buf[:n])) } } - } func logProxyEnvironmentVariables(logger hclog.Logger) { @@ -2410,6 +2409,11 @@ CLUSTER_SYNTHESIS_COMPLETE: } if coreConfig.ClusterAddr != "" { + rendered, err := configutil.ParseSingleIPTemplate(coreConfig.ClusterAddr) + if err != nil { + return fmt.Errorf("Error parsing cluster address %s: %v", coreConfig.ClusterAddr, err) + } + coreConfig.ClusterAddr = rendered // Force https as we'll always be TLS-secured u, err := url.ParseRequestURI(coreConfig.ClusterAddr) if err != nil { diff --git a/vault/core.go b/vault/core.go index c6b563121..51c24c450 100644 --- a/vault/core.go +++ b/vault/core.go @@ -1390,6 +1390,9 @@ func (c *Core) getUnsealKey(ctx context.Context, seal Seal) ([]byte, error) { if err != nil { return nil, err } + if config == nil { + return nil, fmt.Errorf("failed to obtain seal/recovery configuration") + } // Check if we don't have enough keys to unlock, proceed through the rest of // the call only if we have met the threshold @@ -2045,7 +2048,7 @@ func (s standardUnsealStrategy) unseal(ctx context.Context, logger log.Logger, c } if err := c.setupManagedKeyRegistry(); err != nil { return err - } + } if err := c.loadCORSConfig(ctx); err != nil { return err } @@ -3041,7 +3044,7 @@ func (c *Core) LogCompletedRequests(reqID string, statusCode int) { // there is only one writer to this map, so skip checking for errors reqData := v.(InFlightReqData) - c.logger.Log(logLevel, "completed_request","client_id", reqData.ClientID, "client_address", reqData.ClientRemoteAddr, "status_code", statusCode, "request_path", reqData.ReqPath, "request_method", reqData.Method) + c.logger.Log(logLevel, "completed_request", "client_id", reqData.ClientID, "client_address", reqData.ClientRemoteAddr, "status_code", statusCode, "request_path", reqData.ReqPath, "request_method", reqData.Method) } func (c *Core) ReloadLogRequestsLevel() { @@ -3079,4 +3082,4 @@ func (c *Core) GetHAPeerNodesCached() []PeerNode { }) } return nodes -} \ No newline at end of file +}