From aec9a689a07f3a03f9545c7b65cdc604a469a255 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 24 Aug 2018 12:09:03 -0400 Subject: [PATCH] Sync over some stuff --- api/sys_health.go | 1 + command/namespace_create.go | 4 ++-- command/namespace_delete.go | 4 ++-- command/namespace_lookup.go | 2 +- command/server/config.go | 14 ++++++++++++++ command/server/config_test.go | 10 ++++++++++ command/server/test-fixtures/config.hcl | 1 + command/server/test-fixtures/config.hcl.json | 3 ++- command/server/test-fixtures/config2.hcl | 1 + command/server/test-fixtures/config2.hcl.json | 1 + command/server_test.go | 6 +++++- helper/consts/replication.go | 5 +++++ 12 files changed, 45 insertions(+), 7 deletions(-) diff --git a/api/sys_health.go b/api/sys_health.go index f49d05b67..bd74e8269 100644 --- a/api/sys_health.go +++ b/api/sys_health.go @@ -11,6 +11,7 @@ func (c *Sys) Health() (*HealthResponse, error) { r.Params.Add("sealedcode", "299") r.Params.Add("standbycode", "299") r.Params.Add("drsecondarycode", "299") + r.Params.Add("performancestandbycode", "299") ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() diff --git a/command/namespace_create.go b/command/namespace_create.go index b17b4a38b..22a42cc16 100644 --- a/command/namespace_create.go +++ b/command/namespace_create.go @@ -24,8 +24,8 @@ func (c *NamespaceCreateCommand) Help() string { helpText := ` Usage: vault namespace create [options] PATH - Create a child namespace. The namespace created will be relative to the - namespace provided in either VAULT_NAMESPACE environemnt variable or + Create a child namespace. The namespace created will be relative to the + namespace provided in either the VAULT_NAMESPACE environment variable or -namespace CLI flag. Create a child namespace (e.g. ns1/): diff --git a/command/namespace_delete.go b/command/namespace_delete.go index 58a0b484f..b244af3c1 100644 --- a/command/namespace_delete.go +++ b/command/namespace_delete.go @@ -24,8 +24,8 @@ func (c *NamespaceDeleteCommand) Help() string { helpText := ` Usage: vault namespace delete [options] PATH - Delete an existing namespace. The namespace deleted will be relative to the - namespace provided in either VAULT_NAMESPACE environemnt variable or + Delete an existing namespace. The namespace deleted will be relative to the + namespace provided in either the VAULT_NAMESPACE environment variable or -namespace CLI flag. Delete a namespace (e.g. ns1/): diff --git a/command/namespace_lookup.go b/command/namespace_lookup.go index c025a4e8f..73f3ddc8d 100644 --- a/command/namespace_lookup.go +++ b/command/namespace_lookup.go @@ -24,7 +24,7 @@ func (c *NamespaceLookupCommand) Help() string { Usage: vault namespace create [options] PATH Create a child namespace. The namespace created will be relative to the - namespace provided in either VAULT_NAMESPACE environemnt variable or + namespace provided in either the VAULT_NAMESPACE environment variable or -namespace CLI flag. Get information about the namespace of the locally authenticated token: diff --git a/command/server/config.go b/command/server/config.go index f2644a34d..eb7ff3d6d 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -62,6 +62,9 @@ type Config struct { DisableClustering bool `hcl:"-"` DisableClusteringRaw interface{} `hcl:"disable_clustering"` + DisablePerformanceStandby bool `hcl:"-"` + DisablePerformanceStandbyRaw interface{} `hcl:"disable_performance_standby"` + DisableSealWrap bool `hcl:"-"` DisableSealWrapRaw interface{} `hcl:"disable_sealwrap"` } @@ -326,6 +329,11 @@ func (c *Config) Merge(c2 *Config) *Config { result.PidFile = c2.PidFile } + result.DisablePerformanceStandby = c.DisablePerformanceStandby + if c2.DisablePerformanceStandby { + result.DisablePerformanceStandby = c2.DisablePerformanceStandby + } + result.DisableSealWrap = c.DisableSealWrap if c2.DisableSealWrap { result.DisableSealWrap = c2.DisableSealWrap @@ -424,6 +432,12 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) { } } + if result.DisablePerformanceStandbyRaw != nil { + if result.DisablePerformanceStandby, err = parseutil.ParseBool(result.DisablePerformanceStandbyRaw); err != nil { + return nil, err + } + } + if result.DisableSealWrapRaw != nil { if result.DisableSealWrap, err = parseutil.ParseBool(result.DisableSealWrapRaw); err != nil { return nil, err diff --git a/command/server/config_test.go b/command/server/config_test.go index 9feba4038..1e1e13d93 100644 --- a/command/server/config_test.go +++ b/command/server/config_test.go @@ -67,6 +67,9 @@ func TestLoadConfigFile(t *testing.T) { EnableRawEndpoint: true, EnableRawEndpointRaw: true, + DisableSealWrap: true, + DisableSealWrapRaw: true, + MaxLeaseTTL: 10 * time.Hour, MaxLeaseTTLRaw: "10h", DefaultLeaseTTL: 10 * time.Hour, @@ -135,6 +138,9 @@ func TestLoadConfigFile_topLevel(t *testing.T) { EnableRawEndpoint: true, EnableRawEndpointRaw: true, + DisableSealWrap: true, + DisableSealWrapRaw: true, + MaxLeaseTTL: 10 * time.Hour, MaxLeaseTTLRaw: "10h", DefaultLeaseTTL: 10 * time.Hour, @@ -210,6 +216,8 @@ func TestLoadConfigFile_json(t *testing.T) { PidFile: "./pidfile", EnableRawEndpoint: true, EnableRawEndpointRaw: true, + DisableSealWrap: true, + DisableSealWrapRaw: true, } if !reflect.DeepEqual(config, expected) { t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, expected) @@ -261,6 +269,8 @@ func TestLoadConfigFile_json2(t *testing.T) { EnableRawEndpoint: true, + DisableSealWrap: true, + Telemetry: &Telemetry{ StatsiteAddr: "foo", StatsdAddr: "bar", diff --git a/command/server/test-fixtures/config.hcl b/command/server/test-fixtures/config.hcl index dd2227b96..bd45bcfc2 100644 --- a/command/server/test-fixtures/config.hcl +++ b/command/server/test-fixtures/config.hcl @@ -30,4 +30,5 @@ default_lease_ttl = "10h" cluster_name = "testcluster" pid_file = "./pidfile" raw_storage_endpoint = true +disable_sealwrap = true disable_printable_check = true diff --git a/command/server/test-fixtures/config.hcl.json b/command/server/test-fixtures/config.hcl.json index 918af5680..9f81018a0 100644 --- a/command/server/test-fixtures/config.hcl.json +++ b/command/server/test-fixtures/config.hcl.json @@ -19,5 +19,6 @@ "cluster_name":"testcluster", "ui":true, "pid_file":"./pidfile", - "raw_storage_endpoint":true + "raw_storage_endpoint":true, + "disable_sealwrap":true } diff --git a/command/server/test-fixtures/config2.hcl b/command/server/test-fixtures/config2.hcl index d225e54ba..c757d1f62 100644 --- a/command/server/test-fixtures/config2.hcl +++ b/command/server/test-fixtures/config2.hcl @@ -33,3 +33,4 @@ default_lease_ttl = "10h" cluster_name = "testcluster" pid_file = "./pidfile" raw_storage_endpoint = true +disable_sealwrap = true diff --git a/command/server/test-fixtures/config2.hcl.json b/command/server/test-fixtures/config2.hcl.json index e1eb73e5e..749be58fd 100644 --- a/command/server/test-fixtures/config2.hcl.json +++ b/command/server/test-fixtures/config2.hcl.json @@ -1,6 +1,7 @@ { "ui":true, "raw_storage_endpoint":true, + "disable_sealwrap":true, "listener":[ { "tcp":{ diff --git a/command/server_test.go b/command/server_test.go index 2e2e18011..283de1286 100644 --- a/command/server_test.go +++ b/command/server_test.go @@ -1,4 +1,8 @@ -// +build !race +// +build !race,!hsm + +// NOTE: we can't use this with HSM. We can't set testing mode on and it's not +// safe to use env vars since that provides an attack vector in the real world. +// // The server tests have a go-metrics/exp manager race condition :(. package command diff --git a/helper/consts/replication.go b/helper/consts/replication.go index c109977c5..bdad15522 100644 --- a/helper/consts/replication.go +++ b/helper/consts/replication.go @@ -1,7 +1,11 @@ package consts +import "time" + type ReplicationState uint32 +var ReplicationStaleReadTimeout = 2 * time.Second + const ( _ ReplicationState = iota OldReplicationPrimary @@ -21,6 +25,7 @@ const ( ReplicationDRBootstrapping ReplicationPerformanceDisabled ReplicationDRDisabled + ReplicationPerformanceStandby ) func (r ReplicationState) string() string {