OSS parts of sys/config/reload/license (#11695)

This commit is contained in:
Josh Black 2021-06-03 10:30:30 -07:00 committed by GitHub
parent 9db384e0f7
commit c6c0424a8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 77 additions and 5 deletions

View File

@ -228,6 +228,18 @@ func (b *SystemBackend) handleConfigStateSanitized(ctx context.Context, req *log
return resp, nil return resp, nil
} }
// handleConfigReload handles reloading specific pieces of the configuration.
func (b *SystemBackend) handleConfigReload(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
subsystem := data.Get("subsystem").(string)
switch subsystem {
case "license":
return handleLicenseReload(b)(ctx, req, data)
}
return nil, logical.ErrUnsupportedPath
}
// handleCORSRead returns the current CORS configuration // handleCORSRead returns the current CORS configuration
func (b *SystemBackend) handleCORSRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { func (b *SystemBackend) handleCORSRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
corsConf := b.Core.corsConfig corsConf := b.Core.corsConfig

View File

@ -78,7 +78,11 @@ var (
handleSetupPluginReload = func(*Core) error { handleSetupPluginReload = func(*Core) error {
return nil return nil
} }
handleLicenseReload = func(b *SystemBackend) framework.OperationFunc {
return func(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
return nil, nil
}
}
checkRaw = func(b *SystemBackend, path string) error { return nil } checkRaw = func(b *SystemBackend, path string) error { return nil }
) )

View File

@ -59,6 +59,23 @@ func (b *SystemBackend) configPaths() []*framework.Path {
}, },
}, },
{
Pattern: "config/reload/(?P<subsystem>.+)",
Fields: map[string]*framework.FieldSchema{
"subsystem": {
Type: framework.TypeString,
Description: strings.TrimSpace(sysHelp["config/reload"][0]),
},
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
Callback: b.handleConfigReload,
Summary: "Reload the given subsystem",
Description: "",
},
},
},
{ {
Pattern: "config/ui/headers/" + framework.GenericNameRegex("header"), Pattern: "config/ui/headers/" + framework.GenericNameRegex("header"),

View File

@ -1461,6 +1461,8 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
coreConfig.DisableSealWrap = base.DisableSealWrap coreConfig.DisableSealWrap = base.DisableSealWrap
coreConfig.DisableCache = base.DisableCache coreConfig.DisableCache = base.DisableCache
coreConfig.LicensingConfig = base.LicensingConfig coreConfig.LicensingConfig = base.LicensingConfig
coreConfig.License = base.License
coreConfig.LicensePath = base.LicensePath
coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby coreConfig.DisablePerformanceStandby = base.DisablePerformanceStandby
coreConfig.MetricsHelper = base.MetricsHelper coreConfig.MetricsHelper = base.MetricsHelper
coreConfig.MetricSink = base.MetricSink coreConfig.MetricSink = base.MetricSink
@ -1566,7 +1568,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
} }
if testCluster.LicensePublicKey == nil { if testCluster.LicensePublicKey == nil {
pubKey, priKey, err := testGenerateCoreKeys() pubKey, priKey, err := GenerateTestLicenseKeys()
if err != nil { if err != nil {
t.Fatalf("err: %v", err) t.Fatalf("err: %v", err)
} }

View File

@ -8,9 +8,9 @@ import (
testing "github.com/mitchellh/go-testing-interface" testing "github.com/mitchellh/go-testing-interface"
) )
func testGenerateCoreKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil } func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil }
func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} } func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} }
func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {} func testExtraTestCoreSetup(testing.T, ed25519.PrivateKey, *TestClusterCore) {}
func testAdjustUnderlyingStorage(tcc *TestClusterCore) { func testAdjustUnderlyingStorage(tcc *TestClusterCore) {
tcc.UnderlyingStorage = tcc.physical tcc.UnderlyingStorage = tcc.physical
} }

View File

@ -0,0 +1,33 @@
---
layout: api
page_title: /sys/config/reload - HTTP API
description: The '/sys/config/reload' endpoint is used to reload specific parts of Vault's configuration.
---
# `/sys/config/reload`
The `sys/config/reload` endpoint allows reloading specific parts of Vault's configuration.
Currently, it only supports reloading license information from files on disk.
| Method | Path |
| :----- | :---------------------------- |
| `PUT` | `/sys/config/reload/:subsystem` |
### Parameters
- `subsystem` `(string: <required>)` - Specifies the subsystem for Vault to reload. This is part of the request URL.
## Reload License File
When the `:subsystem` URL parameter is specified as `license`, Vault re-reads the license file pointed to by the `license_path` configuration option and applies the license
to Vault. Vault may enable or disable various features when this happens, depending on if the features of the given
license have changed from the license Vault is currently using.
### Sample Request
```shell-session
$ curl \
-X PUT \
--header "X-Vault-Token: ..." \
'http://127.0.0.1:8200/v1/sys/config/reload/license'
```

View File

@ -356,6 +356,10 @@
"title": "<code>/sys/config/cors</code>", "title": "<code>/sys/config/cors</code>",
"path": "system/config-cors" "path": "system/config-cors"
}, },
{
"title": "<code>/sys/config/reload</code>",
"path": "system/config-reload"
},
{ {
"title": "<code>/sys/config/state</code>", "title": "<code>/sys/config/state</code>",
"path": "system/config-state" "path": "system/config-state"