add OSS noop check for valid ent storage (#15894)
This commit is contained in:
Chris Capurso
GitHub
parent
934989809b
commit
75aa55eb57
|
|
@ -42,6 +42,7 @@ import (
|
|||
"github.com/hashicorp/vault/internalshared/listenerutil"
|
||||
"github.com/hashicorp/vault/sdk/helper/jsonutil"
|
||||
"github.com/hashicorp/vault/sdk/helper/logging"
|
||||
"github.com/hashicorp/vault/sdk/helper/strutil"
|
||||
"github.com/hashicorp/vault/sdk/helper/useragent"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
"github.com/hashicorp/vault/sdk/physical"
|
||||
|
|
@ -75,8 +76,9 @@ const (
|
|||
|
||||
// Even though there are more types than the ones below, the following consts
|
||||
// are declared internally for value comparison and reusability.
|
||||
storageTypeRaft = "raft"
|
||||
storageTypeConsul = "consul"
|
||||
storageTypeRaft = "raft"
|
||||
storageTypeConsul = "consul"
|
||||
disableStorageTypeCheckEnv = "VAULT_DISABLE_SUPPORTED_STORAGE_CHECK"
|
||||
)
|
||||
|
||||
type ServerCommand struct {
|
||||
|
|
@ -1324,6 +1326,24 @@ func (c *ServerCommand) Run(args []string) int {
|
|||
// Apply any enterprise configuration onto the coreConfig.
|
||||
adjustCoreConfigForEnt(config, &coreConfig)
|
||||
|
||||
if !c.flagDev && os.Getenv(disableStorageTypeCheckEnv) == "" {
|
||||
inMemStorageTypes := []string{
|
||||
"inmem", "inmem_ha", "inmem_transactional", "inmem_transactional_ha",
|
||||
}
|
||||
|
||||
if strutil.StrListContains(inMemStorageTypes, coreConfig.StorageType) {
|
||||
c.UI.Warn("")
|
||||
c.UI.Warn(wrapAtLength(fmt.Sprintf("WARNING: storage configured to use %q which should NOT be used in production", coreConfig.StorageType)))
|
||||
c.UI.Warn("")
|
||||
} else {
|
||||
err = checkStorageTypeForEnt(&coreConfig)
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Invalid storage type: %s", err))
|
||||
return 1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize the core
|
||||
core, newCoreError := vault.NewCore(&coreConfig)
|
||||
if newCoreError != nil {
|
||||
|
|
@ -2061,7 +2081,8 @@ func (c *ServerCommand) addPlugin(path, token string, core *vault.Core) error {
|
|||
|
||||
// detectRedirect is used to attempt redirect address detection
|
||||
func (c *ServerCommand) detectRedirect(detect physical.RedirectDetect,
|
||||
config *server.Config) (string, error) {
|
||||
config *server.Config,
|
||||
) (string, error) {
|
||||
// Get the hostname
|
||||
host, err := detect.DetectHostAddr()
|
||||
if err != nil {
|
||||
|
|
@ -2506,7 +2527,8 @@ func runUnseal(c *ServerCommand, core *vault.Core, ctx context.Context) {
|
|||
}
|
||||
|
||||
func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.Backend, configSR sr.ServiceRegistration, barrierSeal, unwrapSeal vault.Seal,
|
||||
metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader) vault.CoreConfig {
|
||||
metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader,
|
||||
) vault.CoreConfig {
|
||||
coreConfig := &vault.CoreConfig{
|
||||
RawConfig: config,
|
||||
Physical: backend,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,10 @@ import (
|
|||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
var adjustCoreConfigForEnt = adjustCoreConfigForEntNoop
|
||||
var (
|
||||
adjustCoreConfigForEnt = adjustCoreConfigForEntNoop
|
||||
checkStorageTypeForEnt = checkStorageTypeForEntNoop
|
||||
)
|
||||
|
||||
func adjustCoreConfigForEntNoop(config *server.Config, coreConfig *vault.CoreConfig) {
|
||||
}
|
||||
|
|
@ -15,3 +18,7 @@ var getFIPSInfoKey = getFIPSInfoKeyNoop
|
|||
func getFIPSInfoKeyNoop() string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func checkStorageTypeForEntNoop(coreConfig *vault.CoreConfig) error {
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue