luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

VAULT-15668: fix windows issues with -dev-tls flag (#20257) 

* fix -dev-tls flag on windows

* changelog

* fix only hcl config

* fix import

* fmt
This commit is contained in:
miagilepner 2023-04-21 10:54:38 +02:00 committed by GitHub
parent d308c31cbf
commit 564a7227e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/20257.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
command/server: Fix incorrect paths in generated config for `-dev-tls` flag on Windows
```

7
command/server/config.go
View File

@ -196,7 +196,10 @@ func DevTLSConfig(storageType, certDir string) (*Config, error) {
if err := os.WriteFile(fmt.Sprintf("%s/%s", certDir, VaultDevKeyFilename), []byte(key), 0o400); err != nil { if err := os.WriteFile(fmt.Sprintf("%s/%s", certDir, VaultDevKeyFilename), []byte(key), 0o400); err != nil {
return nil, err return nil, err
} }
return parseDevTLSConfig(storageType, certDir)
}
func parseDevTLSConfig(storageType, certDir string) (*Config, error) {
hclStr := ` hclStr := `
disable_mlock = true disable_mlock = true
@ -219,8 +222,8 @@ storage "%s" {
ui = true ui = true
` `
certDirEscaped := strings.Replace(certDir, "\\", "\\\\", -1)
hclStr = fmt.Sprintf(hclStr, certDir, certDir, storageType) hclStr = fmt.Sprintf(hclStr, certDirEscaped, certDirEscaped, storageType)
parsed, err := ParseConfig(hclStr, "") parsed, err := ParseConfig(hclStr, "")
if err != nil { if err != nil {
return nil, err return nil, err

28
command/server/config_test.go
View File

@ -8,6 +8,8 @@ import (
"reflect" "reflect"
"strings" "strings"
"testing" "testing"
"github.com/stretchr/testify/require"
) )
func TestLoadConfigFile(t *testing.T) { func TestLoadConfigFile(t *testing.T) {
@ -186,3 +188,29 @@ func TestMerge(t *testing.T) {
}) })
} }
} }
// Test_parseDevTLSConfig verifies that both Windows and Unix directories are correctly escaped when creating a dev TLS
// configuration in HCL
func Test_parseDevTLSConfig(t *testing.T) {
tests := []struct {
name string
certDirectory string
}{
{
name: "windows path",
certDirectory: `C:\Users\ADMINI~1\AppData\Local\Temp\2\vault-tls4169358130`,
},
{
name: "unix path",
certDirectory: "/tmp/vault-tls4169358130",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
cfg, err := parseDevTLSConfig("file", tt.certDirectory)
require.NoError(t, err)
require.Equal(t, fmt.Sprintf("%s/%s", tt.certDirectory, VaultDevCertFilename), cfg.Listeners[0].TLSCertFile)
require.Equal(t, fmt.Sprintf("%s/%s", tt.certDirectory, VaultDevKeyFilename), cfg.Listeners[0].TLSKeyFile)
})
}
}

11
command/server_test.go
View File

@ -24,6 +24,7 @@ import (
"github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/sdk/physical"
physInmem "github.com/hashicorp/vault/sdk/physical/inmem" physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
"github.com/mitchellh/cli" "github.com/mitchellh/cli"
"github.com/stretchr/testify/require"
) )
func init() { func init() {
@ -317,3 +318,13 @@ func TestServer(t *testing.T) {
}) })
} }
} }
// TestServer_DevTLS verifies that a vault server starts up correctly with the -dev-tls flag
func TestServer_DevTLS(t *testing.T) {
ui, cmd := testServerCommand(t)
args := []string{"-dev-tls", "-dev-listen-address=127.0.0.1:0", "-test-server-config"}
retCode := cmd.Run(args)
output := ui.ErrorWriter.String() + ui.OutputWriter.String()
require.Equal(t, 0, retCode, output)
require.Contains(t, output, `tls: "enabled"`)
}