OSS parts of sys/config/reload/license (#11695)
This commit is contained in:
parent
9db384e0f7
commit
c6c0424a8e
|
@ -228,6 +228,18 @@ func (b *SystemBackend) handleConfigStateSanitized(ctx context.Context, req *log
|
||||||
return resp, nil
|
return resp, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// handleConfigReload handles reloading specific pieces of the configuration.
|
||||||
|
func (b *SystemBackend) handleConfigReload(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
||||||
|
subsystem := data.Get("subsystem").(string)
|
||||||
|
|
||||||
|
switch subsystem {
|
||||||
|
case "license":
|
||||||
|
return handleLicenseReload(b)(ctx, req, data)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, logical.ErrUnsupportedPath
|
||||||
|
}
|
||||||
|
|
||||||
// handleCORSRead returns the current CORS configuration
|
// handleCORSRead returns the current CORS configuration
|
||||||
func (b *SystemBackend) handleCORSRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
func (b *SystemBackend) handleCORSRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||||
corsConf := b.Core.corsConfig
|
corsConf := b.Core.corsConfig
|
||||||
|
|
|
@ -78,7 +78,11 @@ var (
|
||||||
handleSetupPluginReload = func(*Core) error {
|
handleSetupPluginReload = func(*Core) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
handleLicenseReload = func(b *SystemBackend) framework.OperationFunc {
|
||||||
|
return func(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
checkRaw = func(b *SystemBackend, path string) error { return nil }
|
checkRaw = func(b *SystemBackend, path string) error { return nil }
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -59,6 +59,23 @@ func (b *SystemBackend) configPaths() []*framework.Path {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
{
|
||||||
|
Pattern: "config/reload/(?P<subsystem>.+)",
|
||||||
|
Fields: map[string]*framework.FieldSchema{
|
||||||
|
"subsystem": {
|
||||||
|
Type: framework.TypeString,
|
||||||
|
Description: strings.TrimSpace(sysHelp["config/reload"][0]),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Operations: map[logical.Operation]framework.OperationHandler{
|
||||||
|
logical.UpdateOperation: &framework.PathOperation{
|
||||||
|
Callback: b.handleConfigReload,
|
||||||
|
Summary: "Reload the given subsystem",
|
||||||
|
Description: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
Pattern: "config/ui/headers/" + framework.GenericNameRegex("header"),
|
Pattern: "config/ui/headers/" + framework.GenericNameRegex("header"),
|
||||||
|
|
||||||
|
|
|
@ -1461,6 +1461,8 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
|
||||||
coreConfig.DisableSealWrap = base.DisableSealWrap
|
coreConfig.DisableSealWrap = base.DisableSealWrap
|
||||||
coreConfig.DisableCache = base.DisableCache
|
coreConfig.DisableCache = base.DisableCache
|
||||||
coreConfig.LicensingConfig = base.LicensingConfig
|
coreConfig.LicensingConfig = base.LicensingConfig
|
||||||
|
coreConfig.License = base.License
|
||||||
|
coreConfig.LicensePath = base.LicensePath
|
||||||
coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby
|
coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby
|
||||||
coreConfig.MetricsHelper = base.MetricsHelper
|
coreConfig.MetricsHelper = base.MetricsHelper
|
||||||
coreConfig.MetricSink = base.MetricSink
|
coreConfig.MetricSink = base.MetricSink
|
||||||
|
@ -1566,7 +1568,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
|
||||||
}
|
}
|
||||||
|
|
||||||
if testCluster.LicensePublicKey == nil {
|
if testCluster.LicensePublicKey == nil {
|
||||||
pubKey, priKey, err := testGenerateCoreKeys()
|
pubKey, priKey, err := GenerateTestLicenseKeys()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,9 +8,9 @@ import (
|
||||||
testing "github.com/mitchellh/go-testing-interface"
|
testing "github.com/mitchellh/go-testing-interface"
|
||||||
)
|
)
|
||||||
|
|
||||||
func testGenerateCoreKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
|
func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
|
||||||
func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} }
|
func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} }
|
||||||
func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {}
|
func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {}
|
||||||
func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
|
func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
|
||||||
tcc.UnderlyingStorage = tcc.physical
|
tcc.UnderlyingStorage = tcc.physical
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
layout: api
|
||||||
|
page_title: /sys/config/reload - HTTP API
|
||||||
|
description: The '/sys/config/reload' endpoint is used to reload specific parts of Vault's configuration.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `/sys/config/reload`
|
||||||
|
|
||||||
|
The `sys/config/reload` endpoint allows reloading specific parts of Vault's configuration.
|
||||||
|
Currently, it only supports reloading license information from files on disk.
|
||||||
|
|
||||||
|
| Method | Path |
|
||||||
|
| :----- | :---------------------------- |
|
||||||
|
| `PUT` | `/sys/config/reload/:subsystem` |
|
||||||
|
|
||||||
|
### Parameters
|
||||||
|
|
||||||
|
- `subsystem` `(string: <required>)` - Specifies the subsystem for Vault to reload. This is part of the request URL.
|
||||||
|
|
||||||
|
## Reload License File
|
||||||
|
|
||||||
|
When the `:subsystem` URL parameter is specified as `license`, Vault re-reads the license file pointed to by the `license_path` configuration option and applies the license
|
||||||
|
to Vault. Vault may enable or disable various features when this happens, depending on if the features of the given
|
||||||
|
license have changed from the license Vault is currently using.
|
||||||
|
|
||||||
|
### Sample Request
|
||||||
|
|
||||||
|
```shell-session
|
||||||
|
$ curl \
|
||||||
|
-X PUT \
|
||||||
|
--header "X-Vault-Token: ..." \
|
||||||
|
'http://127.0.0.1:8200/v1/sys/config/reload/license'
|
||||||
|
```
|
|
@ -356,6 +356,10 @@
|
||||||
"title": "<code>/sys/config/cors</code>",
|
"title": "<code>/sys/config/cors</code>",
|
||||||
"path": "system/config-cors"
|
"path": "system/config-cors"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"title": "<code>/sys/config/reload</code>",
|
||||||
|
"path": "system/config-reload"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "<code>/sys/config/state</code>",
|
"title": "<code>/sys/config/state</code>",
|
||||||
"path": "system/config-state"
|
"path": "system/config-state"
|
||||||
|
|
Loading…
Reference in New Issue